rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- add auditing the key ussage

Browse Source
This commit is contained in:
Jan F 2010-11-02 21:10:16 +01:00
parent b7b582b70e
commit f8f722ebad
2 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
openssh-5.6p1-audit2.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.6p1/audit-bsm.c.audit2 openssh-5.6p1/audit-bsm.c diff -up openssh-5.6p1/audit-bsm.c.audit2 openssh-5.6p1/audit-bsm.c
--- openssh-5.6p1/audit-bsm.c.audit2 2010-11-02 11:38:30.000000000 +0100 --- openssh-5.6p1/audit-bsm.c.audit2 2010-11-02 21:04:27.000000000 +0100
+++ openssh-5.6p1/audit-bsm.c 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/audit-bsm.c 2010-11-02 21:04:28.000000000 +0100
@@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li @@ -316,6 +316,12 @@ audit_session_close(struct logininfo *li
/* not implemented */ /* not implemented */
} }
@ -15,8 +15,8 @@ diff -up openssh-5.6p1/audit-bsm.c.audit2 openssh-5.6p1/audit-bsm.c
audit_event(ssh_audit_event_t event) audit_event(ssh_audit_event_t event)
{ {
diff -up openssh-5.6p1/audit.c.audit2 openssh-5.6p1/audit.c diff -up openssh-5.6p1/audit.c.audit2 openssh-5.6p1/audit.c
--- openssh-5.6p1/audit.c.audit2 2010-11-02 11:38:30.000000000 +0100 --- openssh-5.6p1/audit.c.audit2 2010-11-02 21:04:27.000000000 +0100
+++ openssh-5.6p1/audit.c 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/audit.c 2010-11-02 21:04:28.000000000 +0100
@@ -182,5 +182,17 @@ audit_run_command(const char *command) @@ -182,5 +182,17 @@ audit_run_command(const char *command)
debug("audit run command euid %d user %s command '%.200s'", geteuid(), debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command); audit_username(), command);
@ -36,8 +36,8 @@ diff -up openssh-5.6p1/audit.c.audit2 openssh-5.6p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.6p1/audit.h.audit2 openssh-5.6p1/audit.h diff -up openssh-5.6p1/audit.h.audit2 openssh-5.6p1/audit.h
--- openssh-5.6p1/audit.h.audit2 2010-11-02 11:38:30.000000000 +0100 --- openssh-5.6p1/audit.h.audit2 2010-11-02 21:04:27.000000000 +0100
+++ openssh-5.6p1/audit.h 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/audit.h 2010-11-02 21:04:28.000000000 +0100
@@ -53,5 +53,6 @@ void audit_session_open(struct logininfo @@ -53,5 +53,6 @@ void audit_session_open(struct logininfo
void audit_session_close(struct logininfo *); void audit_session_close(struct logininfo *);
void audit_run_command(const char *); void audit_run_command(const char *);
@ -46,8 +46,8 @@ diff -up openssh-5.6p1/audit.h.audit2 openssh-5.6p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c
--- openssh-5.6p1/audit-linux.c.audit2 2010-11-02 11:38:30.000000000 +0100 --- openssh-5.6p1/audit-linux.c.audit2 2010-11-02 21:04:27.000000000 +0100
+++ openssh-5.6p1/audit-linux.c 2010-11-02 11:43:56.000000000 +0100 +++ openssh-5.6p1/audit-linux.c 2010-11-02 21:04:28.000000000 +0100
@@ -37,6 +37,8 @@ @@ -37,6 +37,8 @@
#include "audit.h" #include "audit.h"
#include "canohost.h" #include "canohost.h"
@ -96,7 +96,7 @@ diff -up openssh-5.6p1/audit-linux.c.audit2 openssh-5.6p1/audit-linux.c
void void
diff -up openssh-5.6p1/auth2-pubkey.c.audit2 openssh-5.6p1/auth2-pubkey.c diff -up openssh-5.6p1/auth2-pubkey.c.audit2 openssh-5.6p1/auth2-pubkey.c
--- openssh-5.6p1/auth2-pubkey.c.audit2 2010-07-02 05:35:19.000000000 +0200 --- openssh-5.6p1/auth2-pubkey.c.audit2 2010-07-02 05:35:19.000000000 +0200
+++ openssh-5.6p1/auth2-pubkey.c 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/auth2-pubkey.c 2010-11-02 21:04:28.000000000 +0100
@@ -177,6 +177,40 @@ done: @@ -177,6 +177,40 @@ done:
return authenticated; return authenticated;
} }
@ -138,9 +138,20 @@ diff -up openssh-5.6p1/auth2-pubkey.c.audit2 openssh-5.6p1/auth2-pubkey.c
static int static int
match_principals_option(const char *principal_list, struct KeyCert *cert) match_principals_option(const char *principal_list, struct KeyCert *cert)
{ {
diff -up openssh-5.6p1/auth.h.audit2 openssh-5.6p1/auth.h
--- openssh-5.6p1/auth.h.audit2 2010-11-02 21:06:05.000000000 +0100
+++ openssh-5.6p1/auth.h 2010-11-02 21:07:32.000000000 +0100
@@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
char *authorized_principals_file(struct passwd *);
+int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
FILE *auth_openkeyfile(const char *, struct passwd *, int);
FILE *auth_openprincipals(const char *, struct passwd *, int);
diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c
--- openssh-5.6p1/auth-rsa.c.audit2 2010-07-16 05:58:37.000000000 +0200 --- openssh-5.6p1/auth-rsa.c.audit2 2010-07-16 05:58:37.000000000 +0200
+++ openssh-5.6p1/auth-rsa.c 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/auth-rsa.c 2010-11-02 21:04:28.000000000 +0100
@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{ {
u_char buf[32], mdbuf[16]; u_char buf[32], mdbuf[16];
@ -179,7 +190,7 @@ diff -up openssh-5.6p1/auth-rsa.c.audit2 openssh-5.6p1/auth-rsa.c
/* /*
diff -up openssh-5.6p1/monitor.c.audit2 openssh-5.6p1/monitor.c diff -up openssh-5.6p1/monitor.c.audit2 openssh-5.6p1/monitor.c
--- openssh-5.6p1/monitor.c.audit2 2010-08-03 07:50:16.000000000 +0200 --- openssh-5.6p1/monitor.c.audit2 2010-08-03 07:50:16.000000000 +0200
+++ openssh-5.6p1/monitor.c 2010-11-02 11:38:30.000000000 +0100 +++ openssh-5.6p1/monitor.c 2010-11-02 21:04:28.000000000 +0100
@@ -1235,7 +1235,19 @@ mm_answer_keyverify(int sock, Buffer *m) @@ -1235,7 +1235,19 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data) if (!valid_data)
fatal("%s: bad signature data blob", __func__); fatal("%s: bad signature data blob", __func__);

4
openssh.spec
View File

@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.6p1 %define openssh_ver 5.6p1
%define openssh_rel 13 %define openssh_rel 14
%define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 27 %define pam_ssh_agent_rel 27
@ -587,7 +587,7 @@ fi
%endif %endif
%changelog %changelog
* Fri Nov 2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-13 + 0.9.2-27 * Fri Nov 2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
- add auditing the key ussage - add auditing the key ussage
* Fri Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27 * Fri Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27