another audit improovements

This commit is contained in:
Jan F 2011-02-21 20:24:29 +01:00
parent 9cefae06b0
commit c2b0098c73
10 changed files with 452 additions and 1260 deletions

View File

@ -1,18 +1,31 @@
diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-16 23:26:59.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-21 20:01:00.000000000 +0100
@@ -39,8 +39,8 @@ @@ -35,13 +35,20 @@
#include "log.h"
#include "audit.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "servconf.h"
#include "canohost.h"
+extern ServerOptions options;
+extern Authctxt *the_authctxt;
+extern u_int utmp_len;
const char* audit_username(void); const char* audit_username(void);
-int -int
-linux_audit_record_event(int uid, const char *username, -linux_audit_record_event(int uid, const char *username,
- const char *hostname, const char *ip, const char *ttyn, int success)
+static void +static void
+linux_audit_user_login(int uid, const char *username, +linux_audit_user_logxxx(int uid, const char *username,
const char *hostname, const char *ip, const char *ttyn, int success) + const char *hostname, const char *ip, const char *ttyn, int success, int event)
{ {
int audit_fd, rc, saved_errno; int audit_fd, rc, saved_errno;
@@ -49,9 +49,9 @@ linux_audit_record_event(int uid, const
@@ -49,11 +56,11 @@ linux_audit_record_event(int uid, const
if (audit_fd < 0) { if (audit_fd < 0) {
if (errno == EINVAL || errno == EPROTONOSUPPORT || if (errno == EINVAL || errno == EPROTONOSUPPORT ||
errno == EAFNOSUPPORT) errno == EAFNOSUPPORT)
@ -22,9 +35,12 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
- return 0; /* Must prevent login */ - return 0; /* Must prevent login */
+ goto fatal_report; /* Must prevent login */ + goto fatal_report; /* Must prevent login */
} }
rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, - rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+ rc = audit_log_acct_message(audit_fd, event,
NULL, "login", username ? username : "(unknown)", NULL, "login", username ? username : "(unknown)",
@@ -65,7 +65,62 @@ linux_audit_record_event(int uid, const username == NULL ? uid : -1, hostname, ip, ttyn, success);
saved_errno = errno;
@@ -65,35 +72,102 @@ linux_audit_record_event(int uid, const
if ((rc == -EPERM) && (geteuid() != 0)) if ((rc == -EPERM) && (geteuid() != 0))
rc = 0; rc = 0;
errno = saved_errno; errno = saved_errno;
@ -41,19 +57,19 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
+{ +{
+ int audit_fd, rc, saved_errno; + int audit_fd, rc, saved_errno;
+ static const char *event_name[] = { + static const char *event_name[] = {
+ "exceed maxtries", + "maxtries exceeded",
+ "root denied", + "root denied",
+ "success", + "success",
+ "none", + "none",
+ "pasword", + "password",
+ "chalenge-response", + "challenge-response",
+ "pubkey", + "pubkey",
+ "hostbased", + "hostbased",
+ "gssapi", + "gssapi",
+ "invalid user", + "invalid user",
+ "nologin", + "nologin",
+ "connection close", + "connection closed",
+ "connection abandon", + "connection abandoned",
+ "unknown" + "unknown"
+ }; + };
+ +
@ -87,8 +103,10 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
+ } + }
} }
+static int user_login_count = 0;
+
/* Below is the sshd audit API code */ /* Below is the sshd audit API code */
@@ -73,8 +128,8 @@ linux_audit_record_event(int uid, const
void void
audit_connection_from(const char *host, int port) audit_connection_from(const char *host, int port)
{ {
@ -98,19 +116,41 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
void void
audit_run_command(const char *command) audit_run_command(const char *command)
@@ -85,9 +140,8 @@ audit_run_command(const char *command) {
- /* not implemented */
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_START);
+ if (!user_login_count++)
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_LOGIN);
}
void void
audit_session_open(struct logininfo *li) audit_session_open(struct logininfo *li)
{ {
- if (linux_audit_record_event(li->uid, NULL, li->hostname, - if (linux_audit_record_event(li->uid, NULL, li->hostname,
- NULL, li->line, 1) == 0) - NULL, li->line, 1) == 0)
- fatal("linux_audit_write_entry failed: %s", strerror(errno)); - fatal("linux_audit_write_entry failed: %s", strerror(errno));
+ linux_audit_user_login(li->uid, NULL, li->hostname, + linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1); + NULL, li->line, 1, AUDIT_USER_START);
+ if (!user_login_count++)
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_LOGIN);
} }
void void
@@ -101,20 +155,33 @@ audit_event(ssh_audit_event_t event) audit_session_close(struct logininfo *li)
{
- /* not implemented */
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_END);
+ if (!--user_login_count)
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_LOGOUT);
}
void
@@ -101,21 +175,34 @@ audit_event(ssh_audit_event_t event)
{ {
switch(event) { switch(event) {
case SSH_AUTH_SUCCESS: case SSH_AUTH_SUCCESS:
@ -124,8 +164,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
case SSH_LOGIN_ROOT_DENIED: case SSH_LOGIN_ROOT_DENIED:
+ linux_audit_user_auth(-1, audit_username(), NULL, + linux_audit_user_auth(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0, event); + get_remote_ipaddr(), "sshd", 0, event);
+ linux_audit_user_login(-1, audit_username(), NULL, + linux_audit_user_logxxx(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0); + get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
break; break;
+ case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_EXCEED_MAXTRIES:
@ -143,7 +183,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
+ case SSH_CONNECTION_ABANDON: + case SSH_CONNECTION_ABANDON:
case SSH_INVALID_USER: case SSH_INVALID_USER:
- linux_audit_record_event(-1, audit_username(), NULL, - linux_audit_record_event(-1, audit_username(), NULL,
+ linux_audit_user_login(-1, audit_username(), NULL, - get_remote_ipaddr(), "sshd", 0);
get_remote_ipaddr(), "sshd", 0); + linux_audit_user_logxxx(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
break; break;
default:

View File

@ -1,127 +0,0 @@
diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-21 18:14:37.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:17:33.000000000 +0100
@@ -35,13 +35,20 @@
#include "log.h"
#include "audit.h"
+#include "key.h"
+#include "hostfile.h"
+#include "auth.h"
+#include "servconf.h"
#include "canohost.h"
+extern ServerOptions options;
+extern Authctxt *the_authctxt;
+extern u_int utmp_len;
const char* audit_username(void);
static void
-linux_audit_user_login(int uid, const char *username,
- const char *hostname, const char *ip, const char *ttyn, int success)
+linux_audit_user_logxxx(int uid, const char *username,
+ const char *hostname, const char *ip, const char *ttyn, int success, int event)
{
int audit_fd, rc, saved_errno;
@@ -53,7 +60,7 @@ linux_audit_user_login(int uid, const ch
else
goto fatal_report; /* Must prevent login */
}
- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+ rc = audit_log_acct_message(audit_fd, event,
NULL, "login", username ? username : "(unknown)",
username == NULL ? uid : -1, hostname, ip, ttyn, success);
saved_errno = errno;
@@ -77,19 +84,19 @@ linux_audit_user_auth(int uid, const cha
{
int audit_fd, rc, saved_errno;
static const char *event_name[] = {
- "exceed maxtries",
+ "maxtries exceeded",
"root denied",
"success",
"none",
- "pasword",
- "chalenge-response",
+ "password",
+ "challenge-response",
"pubkey",
"hostbased",
"gssapi",
"invalid user",
"nologin",
- "connection close",
- "connection abandon",
+ "connection closed",
+ "connection abandoned",
"unknown"
};
@@ -123,6 +130,8 @@ fatal_report:
}
}
+static int user_login_count = 0;
+
/* Below is the sshd audit API code */
void
@@ -134,20 +143,31 @@ audit_connection_from(const char *host,
void
audit_run_command(const char *command)
{
- /* not implemented */
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_START);
+ if (!user_login_count++)
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_LOGIN);
}
void
audit_session_open(struct logininfo *li)
{
- linux_audit_user_login(li->uid, NULL, li->hostname,
- NULL, li->line, 1);
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_START);
+ if (!user_login_count++)
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_LOGIN);
}
void
audit_session_close(struct logininfo *li)
{
- /* not implemented */
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_END);
+ if (!--user_login_count)
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
+ NULL, li->line, 1, AUDIT_USER_LOGOUT);
}
void
@@ -163,8 +183,8 @@ audit_event(ssh_audit_event_t event)
case SSH_LOGIN_ROOT_DENIED:
linux_audit_user_auth(-1, audit_username(), NULL,
get_remote_ipaddr(), "sshd", 0, event);
- linux_audit_user_login(-1, audit_username(), NULL,
- get_remote_ipaddr(), "sshd", 0);
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
break;
case SSH_LOGIN_EXCEED_MAXTRIES:
@@ -181,8 +201,8 @@ audit_event(ssh_audit_event_t event)
case SSH_CONNECTION_CLOSE:
case SSH_CONNECTION_ABANDON:
case SSH_INVALID_USER:
- linux_audit_user_login(-1, audit_username(), NULL,
- get_remote_ipaddr(), "sshd", 0);
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);
break;
default:

View File

@ -1,12 +1,12 @@
diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit2 2011-01-17 11:15:29.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:21:20.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:04:37.000000000 +0100
@@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li
/* not implemented */ /* not implemented */
} }
+int +int
+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
+{ +{
+ /* not implemented */ + /* not implemented */
+} +}
@ -16,34 +16,31 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
{ {
diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit.c.audit2 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-21 20:04:37.000000000 +0100
@@ -111,6 +111,33 @@ audit_event_lookup(ssh_audit_event_t ev) @@ -36,6 +36,7 @@
#include "key.h"
#include "hostfile.h"
#include "auth.h"
+#include "xmalloc.h"
/*
* Care must be taken when using this since it WILL NOT be initialized when
@@ -111,6 +112,22 @@ audit_event_lookup(ssh_audit_event_t ev)
return(event_lookup[i].name); return(event_lookup[i].name);
} }
+int +void
+audit_key(int type, int *rv, const Key *key) +audit_key(int host_user, int *rv, const Key *key)
+{ +{
+ char *fp; + char *fp;
+ unsigned size = 0; + const char *crypto_name;
+ const char *crypto_name[] = {
+ "ssh-rsa1",
+ "ssh-rsa",
+ "ssh-dsa",
+ "unknown" };
+ +
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ switch(key->type) { + if (key->type == KEY_RSA1)
+ case KEY_RSA1: + crypto_name = "ssh-rsa1";
+ case KEY_RSA: + else
+ size = RSA_size(key->rsa); + crypto_name = key_ssh_name(key);
+ break; + if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0)
+ case KEY_DSA:
+ size = DSA_size(key->dsa);
+ break;
+ }
+
+ if (audit_keyusage(0, crypto_name[key->type], size, fp, *rv) == 0)
+ *rv = 0; + *rv = 0;
+ xfree(fp); + xfree(fp);
+} +}
@ -51,7 +48,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -182,5 +209,17 @@ audit_run_command(const char *command) @@ -182,5 +199,17 @@ audit_run_command(const char *command)
debug("audit run command euid %d user %s command '%.200s'", geteuid(), debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command); audit_username(), command);
} }
@ -62,16 +59,16 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
+ * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key. + * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key.
+ */ + */
+int +int
+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
+{ +{
+ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", + debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d",
+ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv); + host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv);
+} +}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit.h.audit2 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-21 20:04:37.000000000 +0100
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
# define _SSH_AUDIT_H # define _SSH_AUDIT_H
@ -85,12 +82,12 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
void audit_run_command(const char *); void audit_run_command(const char *);
ssh_audit_event_t audit_classify_auth(const char *); ssh_audit_event_t audit_classify_auth(const char *);
+int audit_keyusage(int, const char *, unsigned, char *, int); +int audit_keyusage(int, const char *, unsigned, char *, int);
+int audit_key(int, int *, const Key *); +void audit_key(int, int *, const Key *);
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 18:21:20.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit2 2011-02-21 20:04:37.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:21:56.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-21 20:04:37.000000000 +0100
@@ -41,6 +41,8 @@ @@ -41,6 +41,8 @@
#include "servconf.h" #include "servconf.h"
#include "canohost.h" #include "canohost.h"
@ -105,7 +102,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
} }
+int +int
+audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv) +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
+{ +{
+ char buf[AUDIT_LOG_SIZE]; + char buf[AUDIT_LOG_SIZE];
+ int audit_fd, rc, saved_errno; + int audit_fd, rc, saved_errno;
@ -124,7 +121,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
+ if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
+ goto out; + goto out;
+ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", + snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d",
+ type, 8 * len, fp, get_remote_port()); + type, bits, fp, get_remote_port());
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
+ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
+out: +out:
@ -140,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
/* Below is the sshd audit API code */ /* Below is the sshd audit API code */
diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
--- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 --- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200
+++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/auth2-hostbased.c 2011-02-21 20:04:37.000000000 +0100
@@ -136,6 +136,18 @@ done: @@ -136,6 +136,18 @@ done:
return authenticated; return authenticated;
} }
@ -162,7 +159,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
--- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 --- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 20:04:37.000000000 +0100
@@ -177,6 +177,18 @@ done: @@ -177,6 +177,18 @@ done:
return authenticated; return authenticated;
} }
@ -184,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
{ {
diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
--- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200
+++ openssh-5.8p1/auth.h 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/auth.h 2011-02-21 20:04:37.000000000 +0100
@@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt
char *authorized_keys_file(struct passwd *); char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *); char *authorized_keys_file2(struct passwd *);
@ -203,7 +200,7 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
--- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 --- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/auth-rsa.c 2011-02-21 20:04:37.000000000 +0100
@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{ {
u_char buf[32], mdbuf[16]; u_char buf[32], mdbuf[16];
@ -227,7 +224,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
+ +
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) { + if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
+ debug("unsuccessful audit"); + debug("unsuccessful audit");
+ rv = 0; + rv = 0;
} }
@ -242,7 +239,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
/* /*
diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200 --- openssh-5.8p1/monitor.c.audit2 2010-09-10 03:23:34.000000000 +0200
+++ openssh-5.8p1/monitor.c 2011-02-21 18:21:21.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-21 20:04:37.000000000 +0100
@@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m) @@ -1235,7 +1235,17 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data) if (!valid_data)
fatal("%s: bad signature data blob", __func__); fatal("%s: bad signature data blob", __func__);

View File

@ -1,318 +0,0 @@
diff -up openssh-5.8p1/acss.c.audit2a openssh-5.8p1/acss.c
diff -up openssh-5.8p1/acss.h.audit2a openssh-5.8p1/acss.h
diff -up openssh-5.8p1/addrmatch.c.audit2a openssh-5.8p1/addrmatch.c
diff -up openssh-5.8p1/atomicio.c.audit2a openssh-5.8p1/atomicio.c
diff -up openssh-5.8p1/atomicio.h.audit2a openssh-5.8p1/atomicio.h
diff -up openssh-5.8p1/audit-bsm.c.audit2a openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit2a 2011-02-21 16:17:09.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 16:20:57.000000000 +0100
@@ -317,7 +317,7 @@ audit_session_close(struct logininfo *li
}
int
-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv)
+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
{
/* not implemented */
}
diff -up openssh-5.8p1/audit.c.audit2a openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit2a 2011-02-21 16:17:09.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 16:23:39.000000000 +0100
@@ -36,6 +36,7 @@
#include "key.h"
#include "hostfile.h"
#include "auth.h"
+#include "xmalloc.h"
/*
* Care must be taken when using this since it WILL NOT be initialized when
@@ -111,29 +112,18 @@ audit_event_lookup(ssh_audit_event_t ev)
return(event_lookup[i].name);
}
-int
-audit_key(int type, int *rv, const Key *key)
+void
+audit_key(int host_user, int *rv, const Key *key)
{
char *fp;
- unsigned size = 0;
- const char *crypto_name[] = {
- "ssh-rsa1",
- "ssh-rsa",
- "ssh-dsa",
- "unknown" };
+ const char *crypto_name;
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- switch(key->type) {
- case KEY_RSA1:
- case KEY_RSA:
- size = RSA_size(key->rsa);
- break;
- case KEY_DSA:
- size = DSA_size(key->dsa);
- break;
- }
-
- if (audit_keyusage(0, crypto_name[key->type], size, fp, *rv) == 0)
+ if (key->type == KEY_RSA1)
+ crypto_name = "ssh-rsa1";
+ else
+ crypto_name = key_ssh_name(key);
+ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0)
*rv = 0;
xfree(fp);
}
@@ -216,10 +206,10 @@ audit_run_command(const char *command)
* Type is the key type, len is the key length(byte) and fp is the fingerprint of the key.
*/
int
-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv)
+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
{
debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d",
- host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, len, fp, rv);
+ host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv);
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit2a openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit2a 2011-02-21 16:17:09.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 16:24:27.000000000 +0100
@@ -55,6 +55,6 @@ void audit_session_close(struct logininf
void audit_run_command(const char *);
ssh_audit_event_t audit_classify_auth(const char *);
int audit_keyusage(int, const char *, unsigned, char *, int);
-int audit_key(int, int *, const Key *);
+void audit_key(int, int *, const Key *);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit2a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit2a 2011-02-21 16:17:09.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 16:21:19.000000000 +0100
@@ -129,7 +129,7 @@ fatal_report:
}
int
-audit_keyusage(int host_user, const char *type, unsigned len, char *fp, int rv)
+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
{
char buf[AUDIT_LOG_SIZE];
int audit_fd, rc, saved_errno;
@@ -148,7 +148,7 @@ audit_keyusage(int host_user, const char
if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
goto out;
snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d",
- type, 8 * len, fp, get_remote_port());
+ type, bits, fp, get_remote_port());
rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
out:
diff -up openssh-5.8p1/auth1.c.audit2a openssh-5.8p1/auth1.c
diff -up openssh-5.8p1/auth2.c.audit2a openssh-5.8p1/auth2.c
diff -up openssh-5.8p1/auth2-chall.c.audit2a openssh-5.8p1/auth2-chall.c
diff -up openssh-5.8p1/auth2-gss.c.audit2a openssh-5.8p1/auth2-gss.c
diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c
diff -up openssh-5.8p1/auth2-jpake.c.audit2a openssh-5.8p1/auth2-jpake.c
diff -up openssh-5.8p1/auth2-kbdint.c.audit2a openssh-5.8p1/auth2-kbdint.c
diff -up openssh-5.8p1/auth2-none.c.audit2a openssh-5.8p1/auth2-none.c
diff -up openssh-5.8p1/auth2-passwd.c.audit2a openssh-5.8p1/auth2-passwd.c
diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c
diff -up openssh-5.8p1/auth-bsdauth.c.audit2a openssh-5.8p1/auth-bsdauth.c
diff -up openssh-5.8p1/auth.c.audit2a openssh-5.8p1/auth.c
diff -up openssh-5.8p1/auth-chall.c.audit2a openssh-5.8p1/auth-chall.c
diff -up openssh-5.8p1/authfd.c.audit2a openssh-5.8p1/authfd.c
diff -up openssh-5.8p1/authfd.h.audit2a openssh-5.8p1/authfd.h
diff -up openssh-5.8p1/authfile.c.audit2a openssh-5.8p1/authfile.c
diff -up openssh-5.8p1/authfile.h.audit2a openssh-5.8p1/authfile.h
diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h
diff -up openssh-5.8p1/auth-krb5.c.audit2a openssh-5.8p1/auth-krb5.c
diff -up openssh-5.8p1/auth-options.c.audit2a openssh-5.8p1/auth-options.c
diff -up openssh-5.8p1/auth-options.h.audit2a openssh-5.8p1/auth-options.h
diff -up openssh-5.8p1/auth-pam.c.audit2a openssh-5.8p1/auth-pam.c
diff -up openssh-5.8p1/auth-pam.h.audit2a openssh-5.8p1/auth-pam.h
diff -up openssh-5.8p1/auth-passwd.c.audit2a openssh-5.8p1/auth-passwd.c
diff -up openssh-5.8p1/auth-rhosts.c.audit2a openssh-5.8p1/auth-rhosts.c
diff -up openssh-5.8p1/auth-rh-rsa.c.audit2a openssh-5.8p1/auth-rh-rsa.c
diff -up openssh-5.8p1/auth-rsa.c.audit2a openssh-5.8p1/auth-rsa.c
--- openssh-5.8p1/auth-rsa.c.audit2a 2011-02-21 16:17:09.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-21 16:25:17.000000000 +0100
@@ -120,7 +120,7 @@ auth_rsa_verify_response(Key *key, BIGNU
#ifdef SSH_AUDIT_EVENTS
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa), fp, rv) == 0) {
+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
debug("unsuccessful audit");
rv = 0;
}
diff -up openssh-5.8p1/auth-shadow.c.audit2a openssh-5.8p1/auth-shadow.c
diff -up openssh-5.8p1/auth-sia.c.audit2a openssh-5.8p1/auth-sia.c
diff -up openssh-5.8p1/auth-sia.h.audit2a openssh-5.8p1/auth-sia.h
diff -up openssh-5.8p1/auth-skey.c.audit2a openssh-5.8p1/auth-skey.c
diff -up openssh-5.8p1/bufaux.c.audit2a openssh-5.8p1/bufaux.c
diff -up openssh-5.8p1/bufbn.c.audit2a openssh-5.8p1/bufbn.c
diff -up openssh-5.8p1/bufec.c.audit2a openssh-5.8p1/bufec.c
diff -up openssh-5.8p1/buffer.c.audit2a openssh-5.8p1/buffer.c
diff -up openssh-5.8p1/buffer.h.audit2a openssh-5.8p1/buffer.h
diff -up openssh-5.8p1/canohost.c.audit2a openssh-5.8p1/canohost.c
diff -up openssh-5.8p1/canohost.h.audit2a openssh-5.8p1/canohost.h
diff -up openssh-5.8p1/channels.c.audit2a openssh-5.8p1/channels.c
diff -up openssh-5.8p1/channels.h.audit2a openssh-5.8p1/channels.h
diff -up openssh-5.8p1/cipher-3des1.c.audit2a openssh-5.8p1/cipher-3des1.c
diff -up openssh-5.8p1/cipher-acss.c.audit2a openssh-5.8p1/cipher-acss.c
diff -up openssh-5.8p1/cipher-aes.c.audit2a openssh-5.8p1/cipher-aes.c
diff -up openssh-5.8p1/cipher-bf1.c.audit2a openssh-5.8p1/cipher-bf1.c
diff -up openssh-5.8p1/cipher.c.audit2a openssh-5.8p1/cipher.c
diff -up openssh-5.8p1/cipher-ctr.c.audit2a openssh-5.8p1/cipher-ctr.c
diff -up openssh-5.8p1/cipher.h.audit2a openssh-5.8p1/cipher.h
diff -up openssh-5.8p1/cleanup.c.audit2a openssh-5.8p1/cleanup.c
diff -up openssh-5.8p1/clientloop.c.audit2a openssh-5.8p1/clientloop.c
diff -up openssh-5.8p1/clientloop.h.audit2a openssh-5.8p1/clientloop.h
diff -up openssh-5.8p1/compat.c.audit2a openssh-5.8p1/compat.c
diff -up openssh-5.8p1/compat.h.audit2a openssh-5.8p1/compat.h
diff -up openssh-5.8p1/compress.c.audit2a openssh-5.8p1/compress.c
diff -up openssh-5.8p1/compress.h.audit2a openssh-5.8p1/compress.h
diff -up openssh-5.8p1/crc32.c.audit2a openssh-5.8p1/crc32.c
diff -up openssh-5.8p1/crc32.h.audit2a openssh-5.8p1/crc32.h
diff -up openssh-5.8p1/deattack.c.audit2a openssh-5.8p1/deattack.c
diff -up openssh-5.8p1/deattack.h.audit2a openssh-5.8p1/deattack.h
diff -up openssh-5.8p1/defines.h.audit2a openssh-5.8p1/defines.h
diff -up openssh-5.8p1/dh.c.audit2a openssh-5.8p1/dh.c
diff -up openssh-5.8p1/dh.h.audit2a openssh-5.8p1/dh.h
diff -up openssh-5.8p1/dispatch.c.audit2a openssh-5.8p1/dispatch.c
diff -up openssh-5.8p1/dispatch.h.audit2a openssh-5.8p1/dispatch.h
diff -up openssh-5.8p1/dns.c.audit2a openssh-5.8p1/dns.c
diff -up openssh-5.8p1/dns.h.audit2a openssh-5.8p1/dns.h
diff -up openssh-5.8p1/entropy.c.audit2a openssh-5.8p1/entropy.c
diff -up openssh-5.8p1/entropy.h.audit2a openssh-5.8p1/entropy.h
diff -up openssh-5.8p1/fatal.c.audit2a openssh-5.8p1/fatal.c
diff -up openssh-5.8p1/groupaccess.c.audit2a openssh-5.8p1/groupaccess.c
diff -up openssh-5.8p1/groupaccess.h.audit2a openssh-5.8p1/groupaccess.h
diff -up openssh-5.8p1/gss-genr.c.audit2a openssh-5.8p1/gss-genr.c
diff -up openssh-5.8p1/gss-serv.c.audit2a openssh-5.8p1/gss-serv.c
diff -up openssh-5.8p1/gss-serv-krb5.c.audit2a openssh-5.8p1/gss-serv-krb5.c
diff -up openssh-5.8p1/hostfile.c.audit2a openssh-5.8p1/hostfile.c
diff -up openssh-5.8p1/hostfile.h.audit2a openssh-5.8p1/hostfile.h
diff -up openssh-5.8p1/includes.h.audit2a openssh-5.8p1/includes.h
diff -up openssh-5.8p1/jpake.c.audit2a openssh-5.8p1/jpake.c
diff -up openssh-5.8p1/jpake.h.audit2a openssh-5.8p1/jpake.h
diff -up openssh-5.8p1/kex.c.audit2a openssh-5.8p1/kex.c
diff -up openssh-5.8p1/kexdh.c.audit2a openssh-5.8p1/kexdh.c
diff -up openssh-5.8p1/kexdhc.c.audit2a openssh-5.8p1/kexdhc.c
diff -up openssh-5.8p1/kexdhs.c.audit2a openssh-5.8p1/kexdhs.c
diff -up openssh-5.8p1/kexecdh.c.audit2a openssh-5.8p1/kexecdh.c
diff -up openssh-5.8p1/kexecdhc.c.audit2a openssh-5.8p1/kexecdhc.c
diff -up openssh-5.8p1/kexecdhs.c.audit2a openssh-5.8p1/kexecdhs.c
diff -up openssh-5.8p1/kexgex.c.audit2a openssh-5.8p1/kexgex.c
diff -up openssh-5.8p1/kexgexc.c.audit2a openssh-5.8p1/kexgexc.c
diff -up openssh-5.8p1/kexgexs.c.audit2a openssh-5.8p1/kexgexs.c
diff -up openssh-5.8p1/kex.h.audit2a openssh-5.8p1/kex.h
diff -up openssh-5.8p1/key.c.audit2a openssh-5.8p1/key.c
diff -up openssh-5.8p1/key.h.audit2a openssh-5.8p1/key.h
diff -up openssh-5.8p1/log.c.audit2a openssh-5.8p1/log.c
diff -up openssh-5.8p1/log.h.audit2a openssh-5.8p1/log.h
diff -up openssh-5.8p1/loginrec.c.audit2a openssh-5.8p1/loginrec.c
diff -up openssh-5.8p1/loginrec.h.audit2a openssh-5.8p1/loginrec.h
diff -up openssh-5.8p1/logintest.c.audit2a openssh-5.8p1/logintest.c
diff -up openssh-5.8p1/mac.c.audit2a openssh-5.8p1/mac.c
diff -up openssh-5.8p1/mac.h.audit2a openssh-5.8p1/mac.h
diff -up openssh-5.8p1/match.c.audit2a openssh-5.8p1/match.c
diff -up openssh-5.8p1/match.h.audit2a openssh-5.8p1/match.h
diff -up openssh-5.8p1/md5crypt.c.audit2a openssh-5.8p1/md5crypt.c
diff -up openssh-5.8p1/md5crypt.h.audit2a openssh-5.8p1/md5crypt.h
diff -up openssh-5.8p1/md-sha256.c.audit2a openssh-5.8p1/md-sha256.c
diff -up openssh-5.8p1/misc.c.audit2a openssh-5.8p1/misc.c
diff -up openssh-5.8p1/misc.h.audit2a openssh-5.8p1/misc.h
diff -up openssh-5.8p1/moduli.c.audit2a openssh-5.8p1/moduli.c
diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c
diff -up openssh-5.8p1/monitor_fdpass.c.audit2a openssh-5.8p1/monitor_fdpass.c
diff -up openssh-5.8p1/monitor_fdpass.h.audit2a openssh-5.8p1/monitor_fdpass.h
diff -up openssh-5.8p1/monitor.h.audit2a openssh-5.8p1/monitor.h
diff -up openssh-5.8p1/monitor_mm.c.audit2a openssh-5.8p1/monitor_mm.c
diff -up openssh-5.8p1/monitor_mm.h.audit2a openssh-5.8p1/monitor_mm.h
diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c
diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h
diff -up openssh-5.8p1/msg.c.audit2a openssh-5.8p1/msg.c
diff -up openssh-5.8p1/msg.h.audit2a openssh-5.8p1/msg.h
diff -up openssh-5.8p1/mux.c.audit2a openssh-5.8p1/mux.c
diff -up openssh-5.8p1/myproposal.h.audit2a openssh-5.8p1/myproposal.h
diff -up openssh-5.8p1/nchan.c.audit2a openssh-5.8p1/nchan.c
diff -up openssh-5.8p1/packet.c.audit2a openssh-5.8p1/packet.c
diff -up openssh-5.8p1/packet.h.audit2a openssh-5.8p1/packet.h
diff -up openssh-5.8p1/pathnames.h.audit2a openssh-5.8p1/pathnames.h
diff -up openssh-5.8p1/pkcs11.h.audit2a openssh-5.8p1/pkcs11.h
diff -up openssh-5.8p1/platform.c.audit2a openssh-5.8p1/platform.c
diff -up openssh-5.8p1/platform.h.audit2a openssh-5.8p1/platform.h
diff -up openssh-5.8p1/progressmeter.c.audit2a openssh-5.8p1/progressmeter.c
diff -up openssh-5.8p1/progressmeter.h.audit2a openssh-5.8p1/progressmeter.h
diff -up openssh-5.8p1/readconf.c.audit2a openssh-5.8p1/readconf.c
diff -up openssh-5.8p1/readconf.h.audit2a openssh-5.8p1/readconf.h
diff -up openssh-5.8p1/readpass.c.audit2a openssh-5.8p1/readpass.c
diff -up openssh-5.8p1/rijndael.c.audit2a openssh-5.8p1/rijndael.c
diff -up openssh-5.8p1/rijndael.h.audit2a openssh-5.8p1/rijndael.h
diff -up openssh-5.8p1/roaming_client.c.audit2a openssh-5.8p1/roaming_client.c
diff -up openssh-5.8p1/roaming_common.c.audit2a openssh-5.8p1/roaming_common.c
diff -up openssh-5.8p1/roaming_dummy.c.audit2a openssh-5.8p1/roaming_dummy.c
diff -up openssh-5.8p1/roaming.h.audit2a openssh-5.8p1/roaming.h
diff -up openssh-5.8p1/roaming_serv.c.audit2a openssh-5.8p1/roaming_serv.c
diff -up openssh-5.8p1/rsa.c.audit2a openssh-5.8p1/rsa.c
diff -up openssh-5.8p1/rsa.h.audit2a openssh-5.8p1/rsa.h
diff -up openssh-5.8p1/schnorr.c.audit2a openssh-5.8p1/schnorr.c
diff -up openssh-5.8p1/schnorr.h.audit2a openssh-5.8p1/schnorr.h
diff -up openssh-5.8p1/scp.c.audit2a openssh-5.8p1/scp.c
diff -up openssh-5.8p1/servconf.c.audit2a openssh-5.8p1/servconf.c
diff -up openssh-5.8p1/servconf.h.audit2a openssh-5.8p1/servconf.h
diff -up openssh-5.8p1/serverloop.c.audit2a openssh-5.8p1/serverloop.c
diff -up openssh-5.8p1/serverloop.h.audit2a openssh-5.8p1/serverloop.h
diff -up openssh-5.8p1/session.c.audit2a openssh-5.8p1/session.c
diff -up openssh-5.8p1/session.h.audit2a openssh-5.8p1/session.h
diff -up openssh-5.8p1/sftp.c.audit2a openssh-5.8p1/sftp.c
diff -up openssh-5.8p1/sftp-client.c.audit2a openssh-5.8p1/sftp-client.c
diff -up openssh-5.8p1/sftp-client.h.audit2a openssh-5.8p1/sftp-client.h
diff -up openssh-5.8p1/sftp-common.c.audit2a openssh-5.8p1/sftp-common.c
diff -up openssh-5.8p1/sftp-common.h.audit2a openssh-5.8p1/sftp-common.h
diff -up openssh-5.8p1/sftp-glob.c.audit2a openssh-5.8p1/sftp-glob.c
diff -up openssh-5.8p1/sftp.h.audit2a openssh-5.8p1/sftp.h
diff -up openssh-5.8p1/sftp-server.c.audit2a openssh-5.8p1/sftp-server.c
diff -up openssh-5.8p1/sftp-server-main.c.audit2a openssh-5.8p1/sftp-server-main.c
diff -up openssh-5.8p1/ssh1.h.audit2a openssh-5.8p1/ssh1.h
diff -up openssh-5.8p1/ssh2.h.audit2a openssh-5.8p1/ssh2.h
diff -up openssh-5.8p1/ssh-add.c.audit2a openssh-5.8p1/ssh-add.c
diff -up openssh-5.8p1/ssh-agent.c.audit2a openssh-5.8p1/ssh-agent.c
diff -up openssh-5.8p1/ssh.c.audit2a openssh-5.8p1/ssh.c
diff -up openssh-5.8p1/sshconnect1.c.audit2a openssh-5.8p1/sshconnect1.c
diff -up openssh-5.8p1/sshconnect2.c.audit2a openssh-5.8p1/sshconnect2.c
diff -up openssh-5.8p1/sshconnect.c.audit2a openssh-5.8p1/sshconnect.c
diff -up openssh-5.8p1/sshconnect.h.audit2a openssh-5.8p1/sshconnect.h
diff -up openssh-5.8p1/sshd.c.audit2a openssh-5.8p1/sshd.c
diff -up openssh-5.8p1/ssh-dss.c.audit2a openssh-5.8p1/ssh-dss.c
diff -up openssh-5.8p1/ssh-ecdsa.c.audit2a openssh-5.8p1/ssh-ecdsa.c
diff -up openssh-5.8p1/ssh-gss.h.audit2a openssh-5.8p1/ssh-gss.h
diff -up openssh-5.8p1/ssh.h.audit2a openssh-5.8p1/ssh.h
diff -up openssh-5.8p1/ssh-keygen.c.audit2a openssh-5.8p1/ssh-keygen.c
diff -up openssh-5.8p1/ssh-keyscan.c.audit2a openssh-5.8p1/ssh-keyscan.c
diff -up openssh-5.8p1/ssh-keysign.c.audit2a openssh-5.8p1/ssh-keysign.c
diff -up openssh-5.8p1/sshlogin.c.audit2a openssh-5.8p1/sshlogin.c
diff -up openssh-5.8p1/sshlogin.h.audit2a openssh-5.8p1/sshlogin.h
diff -up openssh-5.8p1/ssh-pkcs11.c.audit2a openssh-5.8p1/ssh-pkcs11.c
diff -up openssh-5.8p1/ssh-pkcs11-client.c.audit2a openssh-5.8p1/ssh-pkcs11-client.c
diff -up openssh-5.8p1/ssh-pkcs11.h.audit2a openssh-5.8p1/ssh-pkcs11.h
diff -up openssh-5.8p1/ssh-pkcs11-helper.c.audit2a openssh-5.8p1/ssh-pkcs11-helper.c
diff -up openssh-5.8p1/sshpty.c.audit2a openssh-5.8p1/sshpty.c
diff -up openssh-5.8p1/sshpty.h.audit2a openssh-5.8p1/sshpty.h
diff -up openssh-5.8p1/ssh-rand-helper.c.audit2a openssh-5.8p1/ssh-rand-helper.c
diff -up openssh-5.8p1/ssh-rsa.c.audit2a openssh-5.8p1/ssh-rsa.c
diff -up openssh-5.8p1/sshtty.c.audit2a openssh-5.8p1/sshtty.c
diff -up openssh-5.8p1/ttymodes.c.audit2a openssh-5.8p1/ttymodes.c
diff -up openssh-5.8p1/ttymodes.h.audit2a openssh-5.8p1/ttymodes.h
diff -up openssh-5.8p1/uidswap.c.audit2a openssh-5.8p1/uidswap.c
diff -up openssh-5.8p1/uidswap.h.audit2a openssh-5.8p1/uidswap.h
diff -up openssh-5.8p1/umac.c.audit2a openssh-5.8p1/umac.c
diff -up openssh-5.8p1/umac.h.audit2a openssh-5.8p1/umac.h
diff -up openssh-5.8p1/uuencode.c.audit2a openssh-5.8p1/uuencode.c
diff -up openssh-5.8p1/uuencode.h.audit2a openssh-5.8p1/uuencode.h
diff -up openssh-5.8p1/version.h.audit2a openssh-5.8p1/version.h
diff -up openssh-5.8p1/xmalloc.c.audit2a openssh-5.8p1/xmalloc.c
diff -up openssh-5.8p1/xmalloc.h.audit2a openssh-5.8p1/xmalloc.h

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:09:33.000000000 +0100
@@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event) @@ -383,4 +383,16 @@ audit_event(ssh_audit_event_t event)
debug("%s: unhandled event %d", __func__, event); debug("%s: unhandled event %d", __func__, event);
} }
@ -13,15 +13,23 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
+} +}
+ +
+void +void
+audit_kex_body(int ctos, char *enc, char *mac, char *compress) +audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid)
+{ +{
+ /* not implemented */ + /* not implemented */
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/audit.c.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-21 20:09:33.000000000 +0100
@@ -36,6 +36,8 @@ @@ -28,6 +28,7 @@
#include <stdarg.h>
#include <string.h>
+#include <unistd.h>
#ifdef SSH_AUDIT_EVENTS
@@ -36,6 +37,8 @@
#include "key.h" #include "key.h"
#include "hostfile.h" #include "hostfile.h"
#include "auth.h" #include "auth.h"
@ -30,7 +38,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
#include "xmalloc.h" #include "xmalloc.h"
/* /*
@@ -128,6 +130,18 @@ audit_key(int host_user, int *rv, const @@ -128,6 +131,18 @@ audit_key(int host_user, int *rv, const
xfree(fp); xfree(fp);
} }
@ -43,13 +51,13 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
+void +void
+audit_kex(int ctos, char *enc, char *mac, char *comp) +audit_kex(int ctos, char *enc, char *mac, char *comp)
+{ +{
+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp)); + PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
+} +}
+ +
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -211,5 +225,24 @@ audit_keyusage(int host_user, const char @@ -211,5 +226,26 @@ audit_keyusage(int host_user, const char
debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d",
host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv); host_user ? "hostbased" : "pubkey", geteuid(), audit_username(), type, bits, fp, rv);
} }
@ -67,16 +75,18 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
+ * This will be called on succesfull protocol negotiation. + * This will be called on succesfull protocol negotiation.
+ */ + */
+void +void
+audit_kex_body(int ctos, char *enc, char *mac, char *compress) +audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
+ uid_t uid)
+{ +{
+ debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s", + debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
+ geteuid(), ctos, enc, mac, compress); + (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
+ (unsigned)uid);
+} +}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/audit.h.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-21 20:09:33.000000000 +0100
@@ -56,5 +56,9 @@ void audit_run_command(const char *); @@ -56,5 +56,9 @@ void audit_run_command(const char *);
ssh_audit_event_t audit_classify_auth(const char *); ssh_audit_event_t audit_classify_auth(const char *);
int audit_keyusage(int, const char *, unsigned, char *, int); int audit_keyusage(int, const char *, unsigned, char *, int);
@ -84,12 +94,12 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
+void audit_unsupported(int); +void audit_unsupported(int);
+void audit_kex(int, char *, char *, char *); +void audit_kex(int, char *, char *, char *);
+void audit_unsupported_body(int); +void audit_unsupported_body(int);
+void audit_kex_body(int, char *, char *, char *); +void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:28:59.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-21 20:09:33.000000000 +0100
@@ -40,6 +40,8 @@ @@ -40,6 +40,8 @@
#include "auth.h" #include "auth.h"
#include "servconf.h" #include "servconf.h"
@ -99,7 +109,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
#define AUDIT_LOG_SIZE 128 #define AUDIT_LOG_SIZE 128
@@ -243,4 +245,54 @@ audit_event(ssh_audit_event_t event) @@ -243,4 +245,56 @@ audit_event(ssh_audit_event_t event)
} }
} }
@ -125,7 +135,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
+} +}
+ +
+void +void
+audit_kex_body(int ctos, char *enc, char *mac, char *compress) +audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
+ uid_t uid)
+{ +{
+#ifdef AUDIT_CRYPTO_SESSION +#ifdef AUDIT_CRYPTO_SESSION
+ char buf[AUDIT_LOG_SIZE]; + char buf[AUDIT_LOG_SIZE];
@ -133,8 +144,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
+ const static char *direction[] = { "from-server", "from-client", "both" }; + const static char *direction[] = { "from-server", "from-client", "both" };
+ Cipher *cipher = cipher_by_name(enc); + Cipher *cipher = cipher_by_name(enc);
+ +
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d", + snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, + direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
+ (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port()); + get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
+ audit_fd = audit_open(); + audit_fd = audit_open();
+ if (audit_fd < 0) { + if (audit_fd < 0) {
@ -155,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
+ +
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/auditstub.c.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/auditstub.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/auditstub.c 2011-02-21 20:09:33.000000000 +0100
@@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */
+ +
@ -199,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
+ +
diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
--- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100
+++ openssh-5.8p1/cipher.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/cipher.c 2011-02-21 20:09:33.000000000 +0100
@@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
extern const EVP_CIPHER *evp_aes_128_ctr(void); extern const EVP_CIPHER *evp_aes_128_ctr(void);
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
@ -219,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
--- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
+++ openssh-5.8p1/cipher.h 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/cipher.h 2011-02-21 20:09:33.000000000 +0100
@@ -61,7 +61,16 @@ @@ -61,7 +61,16 @@
typedef struct Cipher Cipher; typedef struct Cipher Cipher;
typedef struct CipherContext CipherContext; typedef struct CipherContext CipherContext;
@ -240,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
EVP_CIPHER_CTX evp; EVP_CIPHER_CTX evp;
diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
--- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.8p1/kex.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/kex.c 2011-02-21 20:09:33.000000000 +0100
@@ -49,6 +49,7 @@ @@ -49,6 +49,7 @@
#include "dispatch.h" #include "dispatch.h"
#include "monitor.h" #include "monitor.h"
@ -305,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/Makefile.in 2011-02-21 20:09:33.000000000 +0100
@@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
@ -316,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit3 2011-02-21 18:28:25.000000000 +0100 --- openssh-5.8p1/monitor.c.audit3 2011-02-21 20:09:33.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-21 20:09:33.000000000 +0100
@@ -89,6 +89,7 @@ @@ -89,6 +89,7 @@
#include "ssh2.h" #include "ssh2.h"
#include "jpake.h" #include "jpake.h"
@ -371,7 +383,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
#endif #endif
{0, 0, NULL} {0, 0, NULL}
}; };
@@ -2206,3 +2217,40 @@ mm_answer_jpake_check_confirm(int sock, @@ -2206,3 +2217,44 @@ mm_answer_jpake_check_confirm(int sock,
} }
#endif /* JPAKE */ #endif /* JPAKE */
@ -397,13 +409,17 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
+{ +{
+ int ctos, len; + int ctos, len;
+ char *cipher, *mac, *compress; + char *cipher, *mac, *compress;
+ pid_t pid;
+ uid_t uid;
+ +
+ ctos = buffer_get_int(m); + ctos = buffer_get_int(m);
+ cipher = buffer_get_string(m, &len); + cipher = buffer_get_string(m, &len);
+ mac = buffer_get_string(m, &len); + mac = buffer_get_string(m, &len);
+ compress = buffer_get_string(m, &len); + compress = buffer_get_string(m, &len);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
+ +
+ audit_kex_body(ctos, cipher, mac, compress); + audit_kex_body(ctos, cipher, mac, compress, pid, uid);
+ +
+ buffer_clear(m); + buffer_clear(m);
+ +
@ -414,7 +430,7 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
+#endif /* SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100 --- openssh-5.8p1/monitor.h.audit3 2008-11-05 06:20:46.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-21 20:09:33.000000000 +0100
@@ -66,6 +66,8 @@ enum monitor_reqtype { @@ -66,6 +66,8 @@ enum monitor_reqtype {
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
@ -426,8 +442,8 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200 --- openssh-5.8p1/monitor_wrap.c.audit3 2010-08-31 14:41:14.000000000 +0200
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:09:33.000000000 +0100
@@ -1412,3 +1412,38 @@ mm_jpake_check_confirm(const BIGNUM *k, @@ -1412,3 +1412,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
return success; return success;
} }
#endif /* JPAKE */ #endif /* JPAKE */
@ -449,7 +465,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
+} +}
+ +
+void +void
+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress) +mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid,
+ uid_t uid)
+{ +{
+ Buffer m; + Buffer m;
+ +
@ -458,6 +475,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
+ buffer_put_cstring(&m, cipher); + buffer_put_cstring(&m, cipher);
+ buffer_put_cstring(&m, mac); + buffer_put_cstring(&m, mac);
+ buffer_put_cstring(&m, compress); + buffer_put_cstring(&m, compress);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
@ -468,19 +487,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
+#endif /* SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit3 2009-03-05 14:58:22.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:09:33.000000000 +0100
@@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *); @@ -74,6 +74,8 @@ void mm_sshpam_free_ctx(void *);
#include "audit.h" #include "audit.h"
void mm_audit_event(ssh_audit_event_t); void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *); void mm_audit_run_command(const char *);
+void mm_audit_unsupported_body(int); +void mm_audit_unsupported_body(int);
+void mm_audit_kex_body(int, char *, char *, char *); +void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
#endif #endif
struct Session; struct Session;
diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 18:28:25.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-21 20:09:33.000000000 +0100
@@ -118,6 +118,7 @@ @@ -118,6 +118,7 @@
#endif #endif
#include "monitor_wrap.h" #include "monitor_wrap.h"

View File

@ -1,139 +0,0 @@
diff -up openssh-5.8p1/audit-bsm.c.audit3a openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:29:45.000000000 +0100
@@ -391,7 +391,7 @@ audit_unsupported_body(int what)
}
void
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid)
{
/* not implemented */
}
diff -up openssh-5.8p1/audit.c.audit3a openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:29:45.000000000 +0100
@@ -28,6 +28,7 @@
#include <stdarg.h>
#include <string.h>
+#include <unistd.h>
#ifdef SSH_AUDIT_EVENTS
@@ -139,7 +140,7 @@ audit_unsupported(int what)
void
audit_kex(int ctos, char *enc, char *mac, char *comp)
{
- PRIVSEP(audit_kex_body(ctos, enc, mac, comp));
+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
}
# ifndef CUSTOM_SSH_AUDIT_EVENTS
@@ -239,10 +240,12 @@ audit_unsupported_body(int what)
* This will be called on succesfull protocol negotiation.
*/
void
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
+ uid_t uid)
{
- debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s",
- geteuid(), ctos, enc, mac, compress);
+ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
+ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
+ (unsigned)uid);
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit3a openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:29:45.000000000 +0100
@@ -59,6 +59,6 @@ void audit_key(int, int *, const Key *);
void audit_unsupported(int);
void audit_kex(int, char *, char *, char *);
void audit_unsupported_body(int);
-void audit_kex_body(int, char *, char *, char *);
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit3a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:29:45.000000000 +0100
@@ -267,7 +267,8 @@ audit_unsupported_body(int what)
}
void
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
+ uid_t uid)
{
#ifdef AUDIT_CRYPTO_SESSION
char buf[AUDIT_LOG_SIZE];
@@ -275,8 +276,9 @@ audit_kex_body(int ctos, char *enc, char
const static char *direction[] = { "from-server", "from-client", "both" };
Cipher *cipher = cipher_by_name(enc);
- snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
+ (intmax_t)pid, (intmax_t)uid,
get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
audit_fd = audit_open();
if (audit_fd < 0) {
diff -up openssh-5.8p1/monitor.c.audit3a openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 18:29:45.000000000 +0100
@@ -2239,13 +2239,17 @@ mm_answer_audit_kex_body(int sock, Buffe
{
int ctos, len;
char *cipher, *mac, *compress;
+ pid_t pid;
+ uid_t uid;
ctos = buffer_get_int(m);
cipher = buffer_get_string(m, &len);
mac = buffer_get_string(m, &len);
compress = buffer_get_string(m, &len);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
- audit_kex_body(ctos, cipher, mac, compress);
+ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
buffer_clear(m);
diff -up openssh-5.8p1/monitor_wrap.c.audit3a openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit3a 2011-02-21 18:29:45.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:29:45.000000000 +0100
@@ -1430,7 +1430,8 @@ mm_audit_unsupported_body(int what)
}
void
-mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress)
+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid,
+ uid_t uid)
{
Buffer m;
@@ -1439,6 +1440,8 @@ mm_audit_kex_body(int ctos, char *cipher
buffer_put_cstring(&m, cipher);
buffer_put_cstring(&m, mac);
buffer_put_cstring(&m, compress);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
diff -up openssh-5.8p1/monitor_wrap.h.audit3a openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit3a 2011-02-21 18:33:57.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:34:18.000000000 +0100
@@ -75,7 +75,7 @@ void mm_sshpam_free_ctx(void *);
void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *);
void mm_audit_unsupported_body(int);
-void mm_audit_kex_body(int, char *, char *, char *);
+void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
#endif
struct Session;

View File

@ -1,20 +1,20 @@
diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:14:10.000000000 +0100
@@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char @@ -395,4 +395,10 @@ audit_kex_body(int ctos, char *enc, char
{ {
/* not implemented */ /* not implemented */
} }
+ +
+void +void
+audit_session_key_free_body(int ctos) +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{ +{
+ /* not implemented */ + /* not implemented */
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/audit.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-21 20:14:10.000000000 +0100
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
} }
@ -22,13 +22,13 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
+void +void
+audit_session_key_free(int ctos) +audit_session_key_free(int ctos)
+{ +{
+ PRIVSEP(audit_session_key_free_body(ctos)); + PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid()));
+} +}
+ +
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -247,5 +253,14 @@ audit_kex_body(int ctos, char *enc, char @@ -247,5 +253,15 @@ audit_kex_body(int ctos, char *enc, char
(unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
(unsigned)uid); (unsigned)uid);
} }
@ -37,26 +37,27 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
+ * This will be called on succesfull session key discard + * This will be called on succesfull session key discard
+ */ + */
+void +void
+audit_session_key_free_body(int ctos) +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{ +{
+ debug("audit session key discard euid %d direction %d", geteuid(), ctos); + debug("audit session key discard euid %u direction %d from pid %ld uid %u",
+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
+} +}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/audit.h.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-21 20:14:10.000000000 +0100
@@ -60,5 +60,7 @@ void audit_unsupported(int); @@ -60,5 +60,7 @@ void audit_unsupported(int);
void audit_kex(int, char *, char *, char *); void audit_kex(int, char *, char *, char *);
void audit_unsupported_body(int); void audit_unsupported_body(int);
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
+void audit_session_key_free(int ctos); +void audit_session_key_free(int ctos);
+void audit_session_key_free_body(int ctos); +void audit_session_key_free_body(int ctos, pid_t, uid_t);
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-21 20:14:10.000000000 +0100
@@ -266,6 +266,8 @@ audit_unsupported_body(int what) @@ -266,6 +266,8 @@ audit_unsupported_body(int what)
#endif #endif
} }
@ -74,18 +75,19 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
Cipher *cipher = cipher_by_name(enc); Cipher *cipher = cipher_by_name(enc);
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
@@ -297,4 +298,29 @@ audit_kex_body(int ctos, char *enc, char @@ -297,4 +298,30 @@ audit_kex_body(int ctos, char *enc, char
#endif #endif
} }
+void +void
+audit_session_key_free_body(int ctos) +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{ +{
+ char buf[AUDIT_LOG_SIZE]; + char buf[AUDIT_LOG_SIZE];
+ int audit_fd, audit_ok; + int audit_fd, audit_ok;
+ +
+ snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d", + snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
+ direction[ctos], get_remote_port(), + direction[ctos], (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(),
+ get_local_ipaddr(packet_get_connection_in()), + get_local_ipaddr(packet_get_connection_in()),
+ get_local_port()); + get_local_port());
+ audit_fd = audit_open(); + audit_fd = audit_open();
@ -105,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
+ +
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/auditstub.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/auditstub.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/auditstub.c 2011-02-21 20:14:10.000000000 +0100
@@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac @@ -37,3 +37,7 @@ audit_kex(int ctos, char *enc, char *mac
{ {
} }
@ -116,8 +118,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
+{ +{
+} +}
diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
--- openssh-5.8p1/kex.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/kex.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/kex.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/kex.c 2011-02-21 20:14:10.000000000 +0100
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }
@ -155,7 +157,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
+ +
diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.8p1/kex.h 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/kex.h 2011-02-21 20:14:10.000000000 +0100
@@ -156,6 +156,8 @@ void kexgex_server(Kex *); @@ -156,6 +156,8 @@ void kexgex_server(Kex *);
void kexecdh_client(Kex *); void kexecdh_client(Kex *);
void kexecdh_server(Kex *); void kexecdh_server(Kex *);
@ -167,7 +169,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200
+++ openssh-5.8p1/mac.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/mac.c 2011-02-21 20:14:10.000000000 +0100
@@ -162,6 +162,20 @@ mac_clear(Mac *mac) @@ -162,6 +162,20 @@ mac_clear(Mac *mac)
mac->umac_ctx = NULL; mac->umac_ctx = NULL;
} }
@ -191,15 +193,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
int int
diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
+++ openssh-5.8p1/mac.h 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/mac.h 2011-02-21 20:14:10.000000000 +0100
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
int mac_init(Mac *); int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int); u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
void mac_clear(Mac *); void mac_clear(Mac *);
+void mac_destroy(Mac *); +void mac_destroy(Mac *);
diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/monitor.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-21 20:14:10.000000000 +0100
@@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *) @@ -180,6 +180,7 @@ int mm_answer_audit_event(int, Buffer *)
int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_command(int, Buffer *);
int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *);
@ -240,7 +242,7 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
#endif #endif
{0, 0, NULL} {0, 0, NULL}
}; };
@@ -2257,4 +2262,18 @@ mm_answer_audit_kex_body(int sock, Buffe @@ -2257,4 +2262,22 @@ mm_answer_audit_kex_body(int sock, Buffe
return 0; return 0;
} }
@ -248,10 +250,14 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
+mm_answer_audit_session_key_free_body(int sock, Buffer *m) +mm_answer_audit_session_key_free_body(int sock, Buffer *m)
+{ +{
+ int ctos; + int ctos;
+ pid_t pid;
+ uid_t uid;
+ +
+ ctos = buffer_get_int(m); + ctos = buffer_get_int(m);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
+ +
+ audit_session_key_free_body(ctos); + audit_session_key_free_body(ctos, pid, uid);
+ +
+ buffer_clear(m); + buffer_clear(m);
+ +
@ -260,8 +266,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/monitor.h.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-21 20:14:10.000000000 +0100
@@ -68,6 +68,7 @@ enum monitor_reqtype { @@ -68,6 +68,7 @@ enum monitor_reqtype {
MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -271,20 +277,22 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:14:10.000000000 +0100
@@ -1449,4 +1449,17 @@ mm_audit_kex_body(int ctos, char *cipher @@ -1449,4 +1449,19 @@ mm_audit_kex_body(int ctos, char *cipher
buffer_free(&m); buffer_free(&m);
} }
+ +
+void +void
+mm_audit_session_key_free_body(int ctos) +mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
+{ +{
+ Buffer m; + Buffer m;
+ +
+ buffer_init(&m); + buffer_init(&m);
+ buffer_put_int(&m, ctos); + buffer_put_int(&m, ctos);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
+ &m); + &m);
@ -292,19 +300,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:39:26.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:14:10.000000000 +0100
@@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t); @@ -76,6 +76,7 @@ void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *); void mm_audit_run_command(const char *);
void mm_audit_unsupported_body(int); void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
+void mm_audit_session_key_free_body(int); +void mm_audit_session_key_free_body(int, pid_t, uid_t);
#endif #endif
struct Session; struct Session;
diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100
+++ openssh-5.8p1/packet.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/packet.c 2011-02-21 20:14:10.000000000 +0100
@@ -497,6 +497,7 @@ packet_close(void) @@ -497,6 +497,7 @@ packet_close(void)
} }
cipher_cleanup(&active_state->send_context); cipher_cleanup(&active_state->send_context);
@ -399,7 +407,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
+ +
diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100
+++ openssh-5.8p1/packet.h 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/packet.h 2011-02-21 20:14:10.000000000 +0100
@@ -125,4 +125,5 @@ void packet_restore_state(void); @@ -125,4 +125,5 @@ void packet_restore_state(void);
void *packet_get_input(void); void *packet_get_input(void);
void *packet_get_output(void); void *packet_get_output(void);
@ -407,8 +415,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
+void packet_destroy_all(void); +void packet_destroy_all(void);
#endif /* PACKET_H */ #endif /* PACKET_H */
diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit4 2011-02-21 18:38:45.000000000 +0100 --- openssh-5.8p1/sshd.c.audit4 2011-02-21 20:14:09.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 18:38:45.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-21 20:14:10.000000000 +0100
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
return (0); return (0);
} }
@ -425,7 +433,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
+ newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_OUT]);
+ newkeys_destroy(current_keys[MODE_IN]); + newkeys_destroy(current_keys[MODE_IN]);
+ packet_destroy_all(); + packet_destroy_all();
+ audit_session_key_free_body(2); + audit_session_key_free_body(2, getpid(), getuid());
monitor_child_postauth(pmonitor); monitor_child_postauth(pmonitor);
/* NEVERREACHED */ /* NEVERREACHED */

View File

@ -1,131 +0,0 @@
diff -up openssh-5.8p1/audit-bsm.c.audit4a openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:42:14.000000000 +0100
@@ -397,7 +397,7 @@ audit_kex_body(int ctos, char *enc, char
}
void
-audit_session_key_free_body(int ctos)
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
{
/* not implemented */
}
diff -up openssh-5.8p1/audit.c.audit4a openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:42:14.000000000 +0100
@@ -146,7 +146,7 @@ audit_kex(int ctos, char *enc, char *mac
void
audit_session_key_free(int ctos)
{
- PRIVSEP(audit_session_key_free_body(ctos));
+ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid()));
}
# ifndef CUSTOM_SSH_AUDIT_EVENTS
@@ -258,9 +258,10 @@ audit_kex_body(int ctos, char *enc, char
* This will be called on succesfull session key discard
*/
void
-audit_session_key_free_body(int ctos)
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
{
- debug("audit session key discard euid %d direction %d", geteuid(), ctos);
+ debug("audit session key discard euid %u direction %d from pid %ld uid %u",
+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit4a openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:42:14.000000000 +0100
@@ -61,6 +61,6 @@ void audit_kex(int, char *, char *, char
void audit_unsupported_body(int);
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
void audit_session_key_free(int ctos);
-void audit_session_key_free_body(int ctos);
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit4a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:42:14.000000000 +0100
@@ -299,13 +299,14 @@ audit_kex_body(int ctos, char *enc, char
}
void
-audit_session_key_free_body(int ctos)
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
{
char buf[AUDIT_LOG_SIZE];
int audit_fd, audit_ok;
- snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d",
- direction[ctos], get_remote_port(),
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
+ get_remote_port(),
get_local_ipaddr(packet_get_connection_in()),
get_local_port());
audit_fd = audit_open();
diff -up openssh-5.8p1/monitor.c.audit4a openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 18:42:14.000000000 +0100
@@ -2266,10 +2266,14 @@ int
mm_answer_audit_session_key_free_body(int sock, Buffer *m)
{
int ctos;
+ pid_t pid;
+ uid_t uid;
ctos = buffer_get_int(m);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
- audit_session_key_free_body(ctos);
+ audit_session_key_free_body(ctos, pid, uid);
buffer_clear(m);
diff -up openssh-5.8p1/monitor_wrap.c.audit4a openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:42:14.000000000 +0100
@@ -1451,12 +1451,14 @@ mm_audit_kex_body(int ctos, char *cipher
}
void
-mm_audit_session_key_free_body(int ctos)
+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
{
Buffer m;
buffer_init(&m);
buffer_put_int(&m, ctos);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
&m);
diff -up openssh-5.8p1/monitor_wrap.h.audit4a openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit4a 2011-02-21 18:42:14.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:42:14.000000000 +0100
@@ -76,7 +76,7 @@ void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *);
void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
-void mm_audit_session_key_free_body(int);
+void mm_audit_session_key_free_body(int, pid_t, uid_t);
#endif
struct Session;
diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit4a 2011-02-21 18:48:30.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 18:48:41.000000000 +0100
@@ -693,7 +693,7 @@ privsep_postauth(Authctxt *authctxt)
newkeys_destroy(current_keys[MODE_OUT]);
newkeys_destroy(current_keys[MODE_IN]);
packet_destroy_all();
- audit_session_key_free_body(2);
+ audit_session_key_free_body(2, getpid(), getuid());
monitor_child_postauth(pmonitor);
/* NEVERREACHED */

View File

@ -1,7 +1,7 @@
diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-21 20:16:34.000000000 +0100
@@ -401,4 +401,10 @@ audit_session_key_free_body(int ctos, pi @@ -401,4 +401,22 @@ audit_session_key_free_body(int ctos, pi
{ {
/* not implemented */ /* not implemented */
} }
@ -10,12 +10,24 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
+audit_destroy_sensitive_data(const char *fp) +audit_destroy_sensitive_data(const char *fp)
+{ +{
+ /* not implemented */ + /* not implemented */
+}
+
+void
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{
+ /* not implemented */
+}
+
+void
+audit_generate_ephemeral_server_key(const char *fp)
+{
+ /* not implemented */
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/audit.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-21 20:16:34.000000000 +0100
@@ -263,5 +263,14 @@ audit_session_key_free_body(int ctos, pi @@ -263,5 +263,24 @@ audit_session_key_free_body(int ctos, pi
debug("audit session key discard euid %u direction %d from pid %ld uid %u", debug("audit session key discard euid %u direction %d from pid %ld uid %u",
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
} }
@ -24,36 +36,66 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
+ * This will be called on destroy private part of the server key + * This will be called on destroy private part of the server key
+ */ + */
+void +void
+audit_destroy_sensitive_data(const char *fp) +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{ +{
+ debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp); + debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
+ geteuid(), fp, (long)pid, (unsigned)uid);
+}
+
+/*
+ * This will be called on generation of the ephemeral server key
+ */
+void
+audit_generate_ephemeral_server_key(const char *)
+{
+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
+} +}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/audit.h.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-21 20:16:34.000000000 +0100
@@ -62,5 +62,6 @@ void audit_unsupported_body(int); @@ -48,6 +48,8 @@ enum ssh_audit_event_type {
};
typedef enum ssh_audit_event_type ssh_audit_event_t;
+int listening_for_clients(void);
+
void audit_connection_from(const char *, int);
void audit_event(ssh_audit_event_t);
void audit_session_open(struct logininfo *);
@@ -62,5 +64,7 @@ void audit_unsupported_body(int);
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
void audit_session_key_free(int ctos); void audit_session_key_free(int ctos);
void audit_session_key_free_body(int ctos, pid_t, uid_t); void audit_session_key_free_body(int ctos, pid_t, uid_t);
+void audit_destroy_sensitive_data(const char *); +void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
+void audit_generate_ephemeral_server_key(const char *);
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-21 20:16:34.000000000 +0100
@@ -324,4 +324,26 @@ audit_session_key_free_body(int ctos, pi @@ -317,6 +317,31 @@ audit_session_key_free_body(int ctos, pi
error("cannot write into audit"); return;
} }
audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+ buf, NULL,
+ listening_for_clients() ? NULL : get_remote_ipaddr(),
+ NULL, 1);
+ audit_close(audit_fd);
+ /* do not abort if the error is EPERM and sshd is run as non root user */
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
+ error("cannot write into audit");
+}
+
+void +void
+audit_destroy_sensitive_data(const char *fp) +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{ +{
+ char buf[AUDIT_LOG_SIZE]; + char buf[AUDIT_LOG_SIZE];
+ int audit_fd, audit_ok; + int audit_fd, audit_ok;
+ +
+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp); + snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd",
+ fp, (intmax_t)pid, (intmax_t)uid);
+ audit_fd = audit_open(); + audit_fd = audit_open();
+ if (audit_fd < 0) { + if (audit_fd < 0) {
+ if (errno != EINVAL && errno != EPROTONOSUPPORT && + if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@ -62,17 +104,83 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
+ return; + return;
+ } + }
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, + audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+ buf, NULL, get_remote_ipaddr(), NULL, 1); buf, NULL, get_remote_ipaddr(), NULL, 1);
audit_close(audit_fd);
/* do not abort if the error is EPERM and sshd is run as non root user */
@@ -324,4 +349,25 @@ audit_session_key_free_body(int ctos, pi
error("cannot write into audit");
}
+void
+audit_generate_ephemeral_server_key(const char *fp)
+{
+ char buf[AUDIT_LOG_SIZE];
+ int audit_fd, audit_ok;
+
+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp);
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
+ errno != EAFNOSUPPORT)
+ error("cannot open audit");
+ return;
+ }
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+ buf, NULL, 0, NULL, 1);
+ audit_close(audit_fd); + audit_close(audit_fd);
+ /* do not abort if the error is EPERM and sshd is run as non root user */ + /* do not abort if the error is EPERM and sshd is run as non root user */
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) + if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
+ error("cannot write into audit"); + error("cannot write into audit");
+} +}
+
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
--- openssh-5.8p1/key.c.audit5 2011-02-04 01:48:34.000000000 +0100
+++ openssh-5.8p1/key.c 2011-02-21 20:16:34.000000000 +0100
@@ -1769,6 +1769,30 @@ key_demote(const Key *k)
}
int
+key_is_private(const Key *k)
+{
+ switch (k->type) {
+ case KEY_RSA_CERT_V00:
+ case KEY_RSA_CERT:
+ case KEY_RSA1:
+ case KEY_RSA:
+ return k->rsa->d != NULL;
+ case KEY_DSA_CERT_V00:
+ case KEY_DSA_CERT:
+ case KEY_DSA:
+ return k->dsa->priv_key != NULL;
+#ifdef OPENSSL_HAS_ECC
+ case KEY_ECDSA_CERT:
+ case KEY_ECDSA:
+ return EC_KEY_get0_private_key(k->ecdsa) != NULL;
+#endif
+ default:
+ fatal("key_is_private: bad key type %d", k->type);
+ return 1;
+ }
+}
+
+int
key_is_cert(const Key *k)
{
if (k == NULL)
diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
--- openssh-5.8p1/key.h.audit5 2010-11-05 00:19:49.000000000 +0100
+++ openssh-5.8p1/key.h 2011-02-21 20:16:34.000000000 +0100
@@ -106,6 +106,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(const Key *);
int key_type_from_name(char *);
int key_is_cert(const Key *);
+int key_is_private(const Key *k);
int key_type_plain(int);
int key_to_certified(Key *, int);
int key_drop_cert(Key *);
diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/monitor.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-21 20:16:34.000000000 +0100
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer
int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *);
int mm_answer_audit_kex_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *);
@ -113,7 +221,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
#endif #endif
{0, 0, NULL} {0, 0, NULL}
}; };
@@ -2280,4 +2285,20 @@ mm_answer_audit_session_key_free_body(in @@ -2280,4 +2285,24 @@ mm_answer_audit_session_key_free_body(in
mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
return 0; return 0;
} }
@ -123,10 +231,14 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
+{ +{
+ int len; + int len;
+ char *fp; + char *fp;
+ pid_t pid;
+ uid_t uid;
+ +
+ fp = buffer_get_string(m, &len); + fp = buffer_get_string(m, &len);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
+ +
+ audit_destroy_sensitive_data(fp); + audit_destroy_sensitive_data(fp, pid, uid);
+ +
+ buffer_clear(m); + buffer_clear(m);
+ +
@ -135,8 +247,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/monitor.h.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-21 20:16:34.000000000 +0100
@@ -69,6 +69,7 @@ enum monitor_reqtype { @@ -69,6 +69,7 @@ enum monitor_reqtype {
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -146,20 +258,22 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-21 20:16:34.000000000 +0100
@@ -1464,4 +1464,18 @@ mm_audit_session_key_free_body(int ctos, @@ -1464,4 +1464,20 @@ mm_audit_session_key_free_body(int ctos,
&m); &m);
buffer_free(&m); buffer_free(&m);
} }
+ +
+void +void
+mm_audit_destroy_sensitive_data(const char *fp) +mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{ +{
+ Buffer m; + Buffer m;
+ +
+ buffer_init(&m); + buffer_init(&m);
+ buffer_put_cstring(&m, fp); + buffer_put_cstring(&m, fp);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
+ +
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
@ -168,19 +282,19 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:54:56.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-21 20:16:34.000000000 +0100
@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
void mm_audit_unsupported_body(int); void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
void mm_audit_session_key_free_body(int, pid_t, uid_t); void mm_audit_session_key_free_body(int, pid_t, uid_t);
+void mm_audit_destroy_sensitive_data(const char *); +void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t);
#endif #endif
struct Session; struct Session;
diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100 --- openssh-5.8p1/session.c.audit5 2010-12-01 02:02:59.000000000 +0100
+++ openssh-5.8p1/session.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/session.c 2011-02-21 20:16:34.000000000 +0100
@@ -132,7 +132,7 @@ extern int log_stderr; @@ -132,7 +132,7 @@ extern int log_stderr;
extern int debug_flag; extern int debug_flag;
extern u_int utmp_len; extern u_int utmp_len;
@ -200,8 +314,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
/* Force a password change */ /* Force a password change */
if (s->authctxt->force_pwchange) { if (s->authctxt->force_pwchange) {
diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit5 2011-02-21 18:54:03.000000000 +0100 --- openssh-5.8p1/sshd.c.audit5 2011-02-21 20:16:34.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 18:54:03.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-21 20:16:34.000000000 +0100
@@ -253,7 +253,7 @@ Buffer loginmsg; @@ -253,7 +253,7 @@ Buffer loginmsg;
struct passwd *privsep_pw = NULL; struct passwd *privsep_pw = NULL;
@ -211,51 +325,119 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
void demote_sensitive_data(void); void demote_sensitive_data(void);
static void do_ssh1_kex(void); static void do_ssh1_kex(void);
@@ -534,7 +534,7 @@ sshd_exchange_identification(int sock_in @@ -272,6 +272,15 @@ close_listen_socks(void)
num_listen_socks = -1;
}
/* Destroy the host and server keys. They will no longer be needed. */ +/*
+ * Is this process listening for clients (i.e. not specific to any specific
+ * client connection?)
+ */
+int listening_for_clients(void)
+{
+ return num_listen_socks > 0;
+}
+
static void
close_startup_pipes(void)
{
@@ -532,22 +541,47 @@ sshd_exchange_identification(int sock_in
}
}
-/* Destroy the host and server keys. They will no longer be needed. */
+/*
+ * Destroy the host and server keys. They will no longer be needed. Careful,
+ * this can be called from cleanup_exit() - i.e. from just about anywhere.
+ */
void void
-destroy_sensitive_data(void) -destroy_sensitive_data(void)
+destroy_sensitive_data(int privsep) +destroy_sensitive_data(int privsep)
{ {
int i; int i;
+ pid_t pid;
+ uid_t uid;
@@ -544,8 +544,16 @@ destroy_sensitive_data(void) if (sensitive_data.server_key) {
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
} }
+ pid = getpid();
+ uid = getuid();
for (i = 0; i < options.num_host_key_files; i++) { for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) { if (sensitive_data.host_keys[i]) {
+ char *fp; + char *fp;
+ +
+ fp = key_fingerprint(sensitive_data.host_keys[i], + if (key_is_private(sensitive_data.host_keys[i]))
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(sensitive_data.host_keys[i],
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
+ SSH_FP_HEX);
+ else
+ fp = NULL;
key_free(sensitive_data.host_keys[i]); key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL; sensitive_data.host_keys[i] = NULL;
+ if (privsep) + if (fp != NULL) {
+ PRIVSEP(audit_destroy_sensitive_data(fp)); + if (privsep)
+ else + PRIVSEP(audit_destroy_sensitive_data(fp,
+ audit_destroy_sensitive_data(fp); + pid, uid));
+ else
+ audit_destroy_sensitive_data(fp,
+ pid, uid);
+ xfree(fp);
+ }
} }
if (sensitive_data.host_certificates[i]) { - if (sensitive_data.host_certificates[i]) {
+ if (sensitive_data.host_certificates
+ && sensitive_data.host_certificates[i]) {
key_free(sensitive_data.host_certificates[i]); key_free(sensitive_data.host_certificates[i]);
@@ -571,11 +579,17 @@ demote_sensitive_data(void) sensitive_data.host_certificates[i] = NULL;
}
@@ -561,6 +595,8 @@ void
demote_sensitive_data(void)
{
Key *tmp;
+ pid_t pid;
+ uid_t uid;
int i;
if (sensitive_data.server_key) {
@@ -569,13 +605,27 @@ demote_sensitive_data(void)
sensitive_data.server_key = tmp;
}
+ pid = getpid();
+ uid = getuid();
for (i = 0; i < options.num_host_key_files; i++) { for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) { if (sensitive_data.host_keys[i]) {
+ char *fp; + char *fp;
+ +
+ fp = key_fingerprint(sensitive_data.host_keys[i], + if (key_is_private(sensitive_data.host_keys[i]))
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); + fp = key_fingerprint(sensitive_data.host_keys[i],
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
+ SSH_FP_HEX);
+ else
+ fp = NULL;
tmp = key_demote(sensitive_data.host_keys[i]); tmp = key_demote(sensitive_data.host_keys[i]);
key_free(sensitive_data.host_keys[i]); key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp; sensitive_data.host_keys[i] = tmp;
if (tmp->type == KEY_RSA1) if (tmp->type == KEY_RSA1)
sensitive_data.ssh1_host_key = tmp; sensitive_data.ssh1_host_key = tmp;
+ audit_destroy_sensitive_data(fp); + if (fp != NULL) {
+ xfree(fp); + audit_destroy_sensitive_data(fp, pid, uid);
+ xfree(fp);
+ }
} }
/* Certs do not need demotion */ /* Certs do not need demotion */
} }
@@ -2024,7 +2038,7 @@ main(int ac, char **av) @@ -1120,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
+ destroy_sensitive_data(0);
close_listen_socks();
unlink(options.pid_file);
exit(255);
@@ -2024,7 +2075,7 @@ main(int ac, char **av)
privsep_postauth(authctxt); privsep_postauth(authctxt);
/* the monitor process [priv] will not return */ /* the monitor process [priv] will not return */
if (!compat20) if (!compat20)
@ -264,7 +446,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
} }
packet_set_timeout(options.client_alive_interval, packet_set_timeout(options.client_alive_interval,
@@ -2264,7 +2278,7 @@ do_ssh1_kex(void) @@ -2264,7 +2315,7 @@ do_ssh1_kex(void)
session_id[i] = session_key[i] ^ session_key[i + 16]; session_id[i] = session_key[i] ^ session_key[i + 16];
} }
/* Destroy the private and public keys. No longer. */ /* Destroy the private and public keys. No longer. */
@ -273,3 +455,13 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
if (use_privsep) if (use_privsep)
mm_ssh1_session_id(session_id); mm_ssh1_session_id(session_id);
@@ -2356,6 +2407,9 @@ cleanup_exit(int i)
{
if (the_authctxt)
do_cleanup(the_authctxt);
+ if (sensitive_data.host_keys != NULL)
+ destroy_sensitive_data(use_privsep && pmonitor != NULL &&
+ !mm_is_monitor());
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor())

View File

@ -1,351 +0,0 @@
diff -up openssh-5.8p1/audit-bsm.c.audit5a openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 19:11:32.000000000 +0100
@@ -407,4 +407,16 @@ audit_destroy_sensitive_data(const char
{
/* not implemented */
}
+
+void
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
+{
+ /* not implemented */
+}
+
+void
+audit_generate_ephemeral_server_key(const char *fp)
+{
+ /* not implemented */
+}
#endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit5a openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 19:11:32.000000000 +0100
@@ -268,9 +268,19 @@ audit_session_key_free_body(int ctos, pi
* This will be called on destroy private part of the server key
*/
void
-audit_destroy_sensitive_data(const char *fp)
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
{
- debug("audit destroy sensitive data euid %d fingerprint %s", geteuid(), fp);
+ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
+ geteuid(), fp, (long)pid, (unsigned)uid);
+}
+
+/*
+ * This will be called on generation of the ephemeral server key
+ */
+void
+audit_generate_ephemeral_server_key(const char *)
+{
+ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit5a openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-21 19:11:32.000000000 +0100
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
};
typedef enum ssh_audit_event_type ssh_audit_event_t;
+int listening_for_clients(void);
+
void audit_connection_from(const char *, int);
void audit_event(ssh_audit_event_t);
void audit_session_open(struct logininfo *);
@@ -62,6 +64,7 @@ void audit_unsupported_body(int);
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
void audit_session_key_free(int ctos);
void audit_session_key_free_body(int ctos, pid_t, uid_t);
-void audit_destroy_sensitive_data(const char *);
+void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
+void audit_generate_ephemeral_server_key(const char *);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit5a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-21 19:11:32.000000000 +0100
@@ -317,7 +317,9 @@ audit_session_key_free_body(int ctos, pi
return;
}
audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
- buf, NULL, get_remote_ipaddr(), NULL, 1);
+ buf, NULL,
+ listening_for_clients() ? NULL : get_remote_ipaddr(),
+ NULL, 1);
audit_close(audit_fd);
/* do not abort if the error is EPERM and sshd is run as non root user */
if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
@@ -325,12 +327,13 @@ audit_session_key_free_body(int ctos, pi
}
void
-audit_destroy_sensitive_data(const char *fp)
+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
{
char buf[AUDIT_LOG_SIZE];
int audit_fd, audit_ok;
- snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=?", fp);
+ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd",
+ fp, (intmax_t)pid, (intmax_t)uid);
audit_fd = audit_open();
if (audit_fd < 0) {
if (errno != EINVAL && errno != EPROTONOSUPPORT &&
@@ -346,4 +349,25 @@ audit_destroy_sensitive_data(const char
error("cannot write into audit");
}
+void
+audit_generate_ephemeral_server_key(const char *fp)
+{
+ char buf[AUDIT_LOG_SIZE];
+ int audit_fd, audit_ok;
+
+ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=?", fp);
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
+ errno != EAFNOSUPPORT)
+ error("cannot open audit");
+ return;
+ }
+ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
+ buf, NULL, 0, NULL, 1);
+ audit_close(audit_fd);
+ /* do not abort if the error is EPERM and sshd is run as non root user */
+ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
+ error("cannot write into audit");
+}
#endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/key.c.audit5a openssh-5.8p1/key.c
--- openssh-5.8p1/key.c.audit5a 2011-02-04 01:48:34.000000000 +0100
+++ openssh-5.8p1/key.c 2011-02-21 19:15:28.000000000 +0100
@@ -1769,6 +1769,30 @@ key_demote(const Key *k)
}
int
+key_is_private(const Key *k)
+{
+ switch (k->type) {
+ case KEY_RSA_CERT_V00:
+ case KEY_RSA_CERT:
+ case KEY_RSA1:
+ case KEY_RSA:
+ return k->rsa->d != NULL;
+ case KEY_DSA_CERT_V00:
+ case KEY_DSA_CERT:
+ case KEY_DSA:
+ return k->dsa->priv_key != NULL;
+#ifdef OPENSSL_HAS_ECC
+ case KEY_ECDSA_CERT:
+ case KEY_ECDSA:
+ return EC_KEY_get0_private_key(k->ecdsa) != NULL;
+#endif
+ default:
+ fatal("key_is_private: bad key type %d", k->type);
+ return 1;
+ }
+}
+
+int
key_is_cert(const Key *k)
{
if (k == NULL)
diff -up openssh-5.8p1/key.h.audit5a openssh-5.8p1/key.h
--- openssh-5.8p1/key.h.audit5a 2010-11-05 00:19:49.000000000 +0100
+++ openssh-5.8p1/key.h 2011-02-21 19:15:34.000000000 +0100
@@ -106,6 +106,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(const Key *);
int key_type_from_name(char *);
int key_is_cert(const Key *);
+int key_is_private(const Key *k);
int key_type_plain(int);
int key_to_certified(Key *, int);
int key_drop_cert(Key *);
diff -up openssh-5.8p1/monitor.c.audit5a openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-21 19:11:32.000000000 +0100
@@ -2291,10 +2291,14 @@ mm_answer_audit_server_key_free(int sock
{
int len;
char *fp;
+ pid_t pid;
+ uid_t uid;
fp = buffer_get_string(m, &len);
+ pid = buffer_get_int64(m);
+ uid = buffer_get_int64(m);
- audit_destroy_sensitive_data(fp);
+ audit_destroy_sensitive_data(fp, pid, uid);
buffer_clear(m);
diff -up openssh-5.8p1/monitor_wrap.c.audit5a openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 19:11:32.000000000 +0100
@@ -1466,12 +1466,14 @@ mm_audit_session_key_free_body(int ctos,
}
void
-mm_audit_destroy_sensitive_data(const char *fp)
+mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
{
Buffer m;
buffer_init(&m);
buffer_put_cstring(&m, fp);
+ buffer_put_int64(&m, pid);
+ buffer_put_int64(&m, uid);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
diff -up openssh-5.8p1/monitor_wrap.h.audit5a openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 19:11:32.000000000 +0100
@@ -77,7 +77,7 @@ void mm_audit_run_command(const char *);
void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
void mm_audit_session_key_free_body(int, pid_t, uid_t);
-void mm_audit_destroy_sensitive_data(const char *);
+void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t);
#endif
struct Session;
diff -up openssh-5.8p1/sshd.c.audit5a openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit5a 2011-02-21 19:11:32.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 19:11:32.000000000 +0100
@@ -272,6 +272,15 @@ close_listen_socks(void)
num_listen_socks = -1;
}
+/*
+ * Is this process listening for clients (i.e. not specific to any specific
+ * client connection?)
+ */
+int listening_for_clients(void)
+{
+ return num_listen_socks > 0;
+}
+
static void
close_startup_pipes(void)
{
@@ -532,30 +541,47 @@ sshd_exchange_identification(int sock_in
}
}
-/* Destroy the host and server keys. They will no longer be needed. */
+/*
+ * Destroy the host and server keys. They will no longer be needed. Careful,
+ * this can be called from cleanup_exit() - i.e. from just about anywhere.
+ */
void
destroy_sensitive_data(int privsep)
{
int i;
+ pid_t pid;
+ uid_t uid;
if (sensitive_data.server_key) {
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
}
+ pid = getpid();
+ uid = getuid();
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
char *fp;
- fp = key_fingerprint(sensitive_data.host_keys[i],
- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ if (key_is_private(sensitive_data.host_keys[i]))
+ fp = key_fingerprint(sensitive_data.host_keys[i],
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
+ SSH_FP_HEX);
+ else
+ fp = NULL;
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
- if (privsep)
- PRIVSEP(audit_destroy_sensitive_data(fp));
- else
- audit_destroy_sensitive_data(fp);
+ if (fp != NULL) {
+ if (privsep)
+ PRIVSEP(audit_destroy_sensitive_data(fp,
+ pid, uid));
+ else
+ audit_destroy_sensitive_data(fp,
+ pid, uid);
+ xfree(fp);
+ }
}
- if (sensitive_data.host_certificates[i]) {
+ if (sensitive_data.host_certificates
+ && sensitive_data.host_certificates[i]) {
key_free(sensitive_data.host_certificates[i]);
sensitive_data.host_certificates[i] = NULL;
}
@@ -569,6 +595,8 @@ void
demote_sensitive_data(void)
{
Key *tmp;
+ pid_t pid;
+ uid_t uid;
int i;
if (sensitive_data.server_key) {
@@ -577,19 +605,27 @@ demote_sensitive_data(void)
sensitive_data.server_key = tmp;
}
+ pid = getpid();
+ uid = getuid();
for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
char *fp;
- fp = key_fingerprint(sensitive_data.host_keys[i],
- FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ if (key_is_private(sensitive_data.host_keys[i]))
+ fp = key_fingerprint(sensitive_data.host_keys[i],
+ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
+ SSH_FP_HEX);
+ else
+ fp = NULL;
tmp = key_demote(sensitive_data.host_keys[i]);
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = tmp;
if (tmp->type == KEY_RSA1)
sensitive_data.ssh1_host_key = tmp;
- audit_destroy_sensitive_data(fp);
- xfree(fp);
+ if (fp != NULL) {
+ audit_destroy_sensitive_data(fp, pid, uid);
+ xfree(fp);
+ }
}
/* Certs do not need demotion */
}
@@ -1134,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so
if (received_sigterm) {
logit("Received signal %d; terminating.",
(int) received_sigterm);
+ destroy_sensitive_data(0);
close_listen_socks();
unlink(options.pid_file);
exit(255);
@@ -2370,6 +2407,9 @@ cleanup_exit(int i)
{
if (the_authctxt)
do_cleanup(the_authctxt);
+ if (sensitive_data.host_keys != NULL)
+ destroy_sensitive_data(use_privsep && pmonitor != NULL &&
+ !mm_is_monitor());
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor())