another audit improovements

This commit is contained in:
Jan F 2011-02-24 14:17:34 +01:00
parent 1732b09b93
commit f9ff105e58
10 changed files with 297 additions and 421 deletions

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:49:49.000000000 +0100
@@ -305,6 +305,12 @@ audit_run_command(const char *command) @@ -305,6 +305,12 @@ audit_run_command(const char *command)
} }
@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c
/* not implemented */ /* not implemented */
diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-24 13:49:49.000000000 +0100
@@ -182,5 +182,18 @@ audit_run_command(const char *command) @@ -182,5 +182,18 @@ audit_run_command(const char *command)
debug("audit run command euid %d user %s command '%.200s'", geteuid(), debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command); audit_username(), command);
@ -38,7 +38,7 @@ diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-24 13:49:49.000000000 +0100
@@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t); @@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t);
void audit_session_open(struct logininfo *); void audit_session_open(struct logininfo *);
void audit_session_close(struct logininfo *); void audit_session_close(struct logininfo *);
@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:46:43.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-24 13:49:49.000000000 +0100
@@ -35,13 +35,20 @@ @@ -35,13 +35,20 @@
#include "log.h" #include "log.h"
@ -259,7 +259,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
default: default:
diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200 --- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200
+++ openssh-5.8p1/monitor.c 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-24 13:49:49.000000000 +0100
@@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer * @@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer *
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_event(int, Buffer *);
@ -307,7 +307,7 @@ diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c
void void
diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100 --- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-24 13:49:49.000000000 +0100
@@ -60,6 +60,7 @@ enum monitor_reqtype { @@ -60,6 +60,7 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
@ -318,7 +318,7 @@ diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200 --- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200
+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:49:49.000000000 +0100
@@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command @@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
buffer_free(&m); buffer_free(&m);
@ -342,7 +342,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c
#ifdef GSSAPI #ifdef GSSAPI
diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:49:49.000000000 +0100
@@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *); @@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *);
#include "audit.h" #include "audit.h"
void mm_audit_event(ssh_audit_event_t); void mm_audit_event(ssh_audit_event_t);
@ -353,7 +353,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h
struct Session; struct Session;
diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100 --- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100
+++ openssh-5.8p1/session.c 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/session.c 2011-02-24 13:49:49.000000000 +0100
@@ -809,14 +809,16 @@ do_exec(Session *s, const char *command) @@ -809,14 +809,16 @@ do_exec(Session *s, const char *command)
} }
@ -362,14 +362,14 @@ diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c
+ if (command != NULL) { + if (command != NULL) {
PRIVSEP(audit_run_command(command)); PRIVSEP(audit_run_command(command));
- else if (s->ttyfd == -1) { - else if (s->ttyfd == -1) {
+ command = xstrdup(command); + s->command = xstrdup(command);
+ } else if (s->ttyfd == -1) { + } else if (s->ttyfd == -1) {
char *shell = s->pw->pw_shell; char *shell = s->pw->pw_shell;
if (shell[0] == '\0') /* empty shell means /bin/sh */ if (shell[0] == '\0') /* empty shell means /bin/sh */
shell =_PATH_BSHELL; shell =_PATH_BSHELL;
PRIVSEP(audit_run_command(shell)); PRIVSEP(audit_run_command(shell));
+ command = xstrdup(shell); + s->command = xstrdup(shell);
} }
#endif #endif
if (s->ttyfd != -1) if (s->ttyfd != -1)
@ -388,7 +388,7 @@ diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c
if (s->display) if (s->display)
diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h
--- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200 --- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
+++ openssh-5.8p1/session.h 2011-02-23 09:45:05.000000000 +0100 +++ openssh-5.8p1/session.h 2011-02-24 13:49:49.000000000 +0100
@@ -60,6 +60,11 @@ struct Session { @@ -60,6 +60,11 @@ struct Session {
char *name; char *name;
char *val; char *val;
@ -401,3 +401,16 @@ diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h
}; };
void do_authenticated(Authctxt *); void do_authenticated(Authctxt *);
diff -up openssh-5.8p1/sshd.c.audit1 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit1 2011-02-24 13:50:29.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-24 13:50:47.000000000 +0100
@@ -2342,7 +2342,8 @@ cleanup_exit(int i)
do_cleanup(the_authctxt);
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
- if (!use_privsep || mm_is_monitor())
+ if ((the_authctxt == NULL || !the_authctxt->authenticated) &&
+ (!use_privsep || mm_is_monitor()))
audit_event(SSH_CONNECTION_ABANDON);
#endif
_exit(i);

View File

@ -0,0 +1,39 @@
diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-24 13:16:51.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-24 13:17:17.000000000 +0100
@@ -143,7 +143,7 @@ audit_connection_from(const char *host,
void
audit_run_command(const char *command)
{
- if (!user_login_count++)
+ if (!user_login_count++ && !options.use_pam)
linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
NULL, "ssh", 1, AUDIT_USER_LOGIN);
linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
@@ -155,7 +155,7 @@ audit_end_command(const char *command)
{
linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
NULL, "ssh", 1, AUDIT_USER_END);
- if (!--user_login_count)
+ if (!--user_login_count && !options.use_pam)
linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
NULL, "ssh", 1, AUDIT_USER_LOGOUT);
}
@@ -163,7 +163,7 @@ audit_end_command(const char *command)
void
audit_session_open(struct logininfo *li)
{
- if (!user_login_count++)
+ if (!user_login_count++ && !options.use_pam)
linux_audit_user_logxxx(li->uid, NULL, li->hostname,
NULL, li->line, 1, AUDIT_USER_LOGIN);
linux_audit_user_logxxx(li->uid, NULL, li->hostname,
@@ -175,7 +175,7 @@ audit_session_close(struct logininfo *li
{
linux_audit_user_logxxx(li->uid, NULL, li->hostname,
NULL, li->line, 1, AUDIT_USER_END);
- if (!--user_login_count)
+ if (!--user_login_count && !options.use_pam)
linux_audit_user_logxxx(li->uid, NULL, li->hostname,
NULL, li->line, 1, AUDIT_USER_LOGOUT);
}

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit2 2011-02-23 07:46:37.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:38:06.000000000 +0100
@@ -322,6 +322,12 @@ audit_session_close(struct logininfo *li @@ -322,6 +322,12 @@ audit_session_close(struct logininfo *li
/* not implemented */ /* not implemented */
} }
@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
audit_event(ssh_audit_event_t event) audit_event(ssh_audit_event_t event)
{ {
diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit2 2011-02-23 07:46:37.000000000 +0100 --- openssh-5.8p1/audit.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-23 07:47:32.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-24 09:46:00.000000000 +0100
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
#include "key.h" #include "key.h"
#include "hostfile.h" #include "hostfile.h"
@ -35,7 +35,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
+ char *fp; + char *fp;
+ const char *crypto_name; + const char *crypto_name;
+ +
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_selected_fingerprint(key, SSH_FP_HEX);
+ if (key->type == KEY_RSA1) + if (key->type == KEY_RSA1)
+ crypto_name = "ssh-rsa1"; + crypto_name = "ssh-rsa1";
+ else + else
@ -48,7 +48,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -195,5 +212,16 @@ audit_end_command(const char *command) @@ -195,5 +212,17 @@ audit_end_command(const char *command)
audit_username(), command); audit_username(), command);
} }
@ -60,14 +60,15 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
+int +int
+audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
+{ +{
+ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", + debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d",
+ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); + host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
+ key_fingerprint_prefix(), fp, rv);
+} +}
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit2 2011-02-23 07:46:37.000000000 +0100 --- openssh-5.8p1/audit.h.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-23 07:48:16.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-24 09:38:06.000000000 +0100
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
# define _SSH_AUDIT_H # define _SSH_AUDIT_H
@ -85,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit2 2011-02-23 07:46:37.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-24 09:47:31.000000000 +0100
@@ -41,6 +41,8 @@ @@ -41,6 +41,8 @@
#include "servconf.h" #include "servconf.h"
#include "canohost.h" #include "canohost.h"
@ -119,8 +120,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
+ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
+ if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
+ goto out; + goto out;
+ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", + snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s%s rport=%d",
+ type, bits, fp, get_remote_port()); + type, bits, key_fingerprint_prefix(), fp, get_remote_port());
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
+ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
+out: +out:
@ -135,8 +136,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
/* Below is the sshd audit API code */ /* Below is the sshd audit API code */
diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
--- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 --- openssh-5.8p1/auth2-hostbased.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/auth2-hostbased.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/auth2-hostbased.c 2011-02-24 09:38:06.000000000 +0100
@@ -136,6 +136,18 @@ done: @@ -136,6 +136,18 @@ done:
return authenticated; return authenticated;
} }
@ -157,8 +158,8 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
int int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
--- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 --- openssh-5.8p1/auth2-pubkey.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/auth2-pubkey.c 2011-02-24 09:38:06.000000000 +0100
@@ -177,6 +177,18 @@ done: @@ -177,6 +177,18 @@ done:
return authenticated; return authenticated;
} }
@ -180,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
{ {
diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
--- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200
+++ openssh-5.8p1/auth.h 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/auth.h 2011-02-24 09:38:06.000000000 +0100
@@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt
char *authorized_keys_file(struct passwd *); char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *); char *authorized_keys_file2(struct passwd *);
@ -198,8 +199,8 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
/* debug messages during authentication */ /* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
--- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 --- openssh-5.8p1/auth-rsa.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/auth-rsa.c 2011-02-24 09:48:39.000000000 +0100
@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{ {
u_char buf[32], mdbuf[16]; u_char buf[32], mdbuf[16];
@ -222,7 +223,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
+ rv = timingsafe_bcmp(response, mdbuf, 16) == 0; + rv = timingsafe_bcmp(response, mdbuf, 16) == 0;
+ +
+#ifdef SSH_AUDIT_EVENTS +#ifdef SSH_AUDIT_EVENTS
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + fp = key_selected_fingerprint(key, SSH_FP_HEX);
+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { + if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
+ debug("unsuccessful audit"); + debug("unsuccessful audit");
+ rv = 0; + rv = 0;
@ -237,8 +238,8 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
/* /*
diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit2 2011-02-23 07:46:37.000000000 +0100 --- openssh-5.8p1/monitor.c.audit2 2011-02-24 09:38:06.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-23 07:46:37.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-24 09:38:06.000000000 +0100
@@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m) @@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data) if (!valid_data)
fatal("%s: bad signature data blob", __func__); fatal("%s: bad signature data blob", __func__);

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:54:32.000000000 +0100
@@ -389,4 +389,16 @@ audit_event(ssh_audit_event_t event) @@ -389,4 +389,16 @@ audit_event(ssh_audit_event_t event)
debug("%s: unhandled event %d", __func__, event); debug("%s: unhandled event %d", __func__, event);
} }
@ -19,8 +19,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/audit.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-23 10:07:53.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-24 09:56:03.000000000 +0100
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
#include <stdarg.h> #include <stdarg.h>
@ -57,9 +57,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -223,5 +238,26 @@ audit_keyusage(int host_user, const char @@ -224,5 +239,26 @@ audit_keyusage(int host_user, const char
debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); key_fingerprint_prefix(), fp, rv);
} }
+ +
+/* +/*
@ -68,7 +68,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
+void +void
+audit_unsupported_body(int what) +audit_unsupported_body(int what)
+{ +{
+ debug("audit unsupported protocol ieuid %d type %d", geteuid(), what); + debug("audit unsupported protocol euid %d type %d", geteuid(), what);
+} +}
+ +
+/* +/*
@ -85,8 +85,8 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/audit.h.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-24 09:54:32.000000000 +0100
@@ -57,5 +57,9 @@ void audit_end_command(const char *); @@ -57,5 +57,9 @@ void audit_end_command(const char *);
ssh_audit_event_t audit_classify_auth(const char *); ssh_audit_event_t audit_classify_auth(const char *);
int audit_keyusage(int, const char *, unsigned, char *, int); int audit_keyusage(int, const char *, unsigned, char *, int);
@ -98,8 +98,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-24 09:54:32.000000000 +0100
@@ -40,6 +40,8 @@ @@ -40,6 +40,8 @@
#include "auth.h" #include "auth.h"
#include "servconf.h" #include "servconf.h"
@ -167,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c
+ +
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/auditstub.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/auditstub.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/auditstub.c 2011-02-24 09:54:32.000000000 +0100
@@ -0,0 +1,39 @@ @@ -0,0 +1,39 @@
+/* $Id: auditstub.c,v 1.1 jfch Exp $ */ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */
+ +
@ -211,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c
+ +
diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
--- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100
+++ openssh-5.8p1/cipher.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/cipher.c 2011-02-24 09:54:32.000000000 +0100
@@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX
extern const EVP_CIPHER *evp_aes_128_ctr(void); extern const EVP_CIPHER *evp_aes_128_ctr(void);
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
@ -231,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
--- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100
+++ openssh-5.8p1/cipher.h 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/cipher.h 2011-02-24 09:54:32.000000000 +0100
@@ -61,7 +61,16 @@ @@ -61,7 +61,16 @@
typedef struct Cipher Cipher; typedef struct Cipher Cipher;
typedef struct CipherContext CipherContext; typedef struct CipherContext CipherContext;
@ -252,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h
EVP_CIPHER_CTX evp; EVP_CIPHER_CTX evp;
diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
--- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.8p1/kex.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/kex.c 2011-02-24 09:54:32.000000000 +0100
@@ -49,6 +49,7 @@ @@ -49,6 +49,7 @@
#include "dispatch.h" #include "dispatch.h"
#include "monitor.h" #include "monitor.h"
@ -317,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/Makefile.in 2011-02-24 09:54:32.000000000 +0100
@@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
@ -328,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o mux.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/monitor.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-24 09:54:32.000000000 +0100
@@ -89,6 +89,7 @@ @@ -89,6 +89,7 @@
#include "ssh2.h" #include "ssh2.h"
#include "jpake.h" #include "jpake.h"
@ -429,8 +429,8 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c
+ +
+#endif /* SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/monitor.h.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-24 09:54:32.000000000 +0100
@@ -67,6 +67,8 @@ enum monitor_reqtype { @@ -67,6 +67,8 @@ enum monitor_reqtype {
MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2,
MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM,
@ -441,8 +441,8 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-24 09:54:32.000000000 +0100
@@ -1426,3 +1426,41 @@ mm_jpake_check_confirm(const BIGNUM *k, @@ -1426,3 +1426,41 @@ mm_jpake_check_confirm(const BIGNUM *k,
return success; return success;
} }
@ -486,8 +486,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c
+} +}
+#endif /* SSH_AUDIT_EVENTS */ +#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-23 10:05:33.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-24 09:54:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-24 09:54:32.000000000 +0100
@@ -75,6 +75,8 @@ void mm_sshpam_free_ctx(void *); @@ -75,6 +75,8 @@ void mm_sshpam_free_ctx(void *);
void mm_audit_event(ssh_audit_event_t); void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *); void mm_audit_run_command(const char *);
@ -499,7 +499,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h
struct Session; struct Session;
diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-23 10:05:33.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-24 09:54:32.000000000 +0100
@@ -118,6 +118,7 @@ @@ -118,6 +118,7 @@
#endif #endif
#include "monitor_wrap.h" #include "monitor_wrap.h"

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:54:02.000000000 +0100
@@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char @@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char
{ {
/* not implemented */ /* not implemented */
@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/audit.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-24 13:54:02.000000000 +0100
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
} }
@ -28,7 +28,7 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
# ifndef CUSTOM_SSH_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
@@ -259,5 +265,15 @@ audit_kex_body(int ctos, char *enc, char @@ -260,5 +266,15 @@ audit_kex_body(int ctos, char *enc, char
(unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
(unsigned)uid); (unsigned)uid);
} }
@ -45,8 +45,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/audit.h.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-24 13:54:02.000000000 +0100
@@ -61,5 +61,7 @@ void audit_unsupported(int); @@ -61,5 +61,7 @@ void audit_unsupported(int);
void audit_kex(int, char *, char *, char *); void audit_kex(int, char *, char *, char *);
void audit_unsupported_body(int); void audit_unsupported_body(int);
@ -56,9 +56,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-24 13:54:02.000000000 +0100
@@ -281,6 +281,8 @@ audit_unsupported_body(int what) @@ -285,6 +285,8 @@ audit_unsupported_body(int what)
#endif #endif
} }
@ -67,7 +67,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
void void
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
uid_t uid) uid_t uid)
@@ -288,7 +290,6 @@ audit_kex_body(int ctos, char *enc, char @@ -292,7 +294,6 @@ audit_kex_body(int ctos, char *enc, char
#ifdef AUDIT_CRYPTO_SESSION #ifdef AUDIT_CRYPTO_SESSION
char buf[AUDIT_LOG_SIZE]; char buf[AUDIT_LOG_SIZE];
int audit_fd, audit_ok; int audit_fd, audit_ok;
@ -75,7 +75,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
Cipher *cipher = cipher_by_name(enc); Cipher *cipher = cipher_by_name(enc);
snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
@@ -312,4 +313,30 @@ audit_kex_body(int ctos, char *enc, char @@ -316,4 +317,30 @@ audit_kex_body(int ctos, char *enc, char
#endif #endif
} }
@ -107,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c
+ +
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
--- openssh-5.8p1/auditstub.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/auditstub.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/auditstub.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/auditstub.c 2011-02-24 13:54:02.000000000 +0100
@@ -27,6 +27,8 @@ @@ -27,6 +27,8 @@
* Red Hat author: Jan F. Chadima <jchadima@redhat.com> * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
*/ */
@ -132,8 +132,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c
+{ +{
+} +}
diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
--- openssh-5.8p1/kex.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/kex.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/kex.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/kex.c 2011-02-24 13:54:02.000000000 +0100
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }
@ -171,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c
+ +
diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
--- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200
+++ openssh-5.8p1/kex.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/kex.h 2011-02-24 13:54:02.000000000 +0100
@@ -156,6 +156,8 @@ void kexgex_server(Kex *); @@ -156,6 +156,8 @@ void kexgex_server(Kex *);
void kexecdh_client(Kex *); void kexecdh_client(Kex *);
void kexecdh_server(Kex *); void kexecdh_server(Kex *);
@ -183,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
--- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200
+++ openssh-5.8p1/mac.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/mac.c 2011-02-24 13:54:02.000000000 +0100
@@ -162,6 +162,20 @@ mac_clear(Mac *mac) @@ -162,6 +162,20 @@ mac_clear(Mac *mac)
mac->umac_ctx = NULL; mac->umac_ctx = NULL;
} }
@ -207,15 +207,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c
int int
diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h
--- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200
+++ openssh-5.8p1/mac.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/mac.h 2011-02-24 13:54:02.000000000 +0100
@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
int mac_init(Mac *); int mac_init(Mac *);
u_char *mac_compute(Mac *, u_int32_t, u_char *, int); u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
void mac_clear(Mac *); void mac_clear(Mac *);
+void mac_destroy(Mac *); +void mac_destroy(Mac *);
diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/monitor.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-24 13:54:02.000000000 +0100
@@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer
int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_end_command(int, Buffer *);
int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *);
@ -311,8 +311,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/monitor.h.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-24 13:54:02.000000000 +0100
@@ -69,6 +69,7 @@ enum monitor_reqtype { @@ -69,6 +69,7 @@ enum monitor_reqtype {
MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM,
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -322,8 +322,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:54:02.000000000 +0100
@@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor @@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor
fatal("%s: conversion of newkeys failed", __func__); fatal("%s: conversion of newkeys failed", __func__);
@ -360,8 +360,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:54:02.000000000 +0100
@@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *);
void mm_audit_end_command(const char *); void mm_audit_end_command(const char *);
void mm_audit_unsupported_body(int); void mm_audit_unsupported_body(int);
@ -372,7 +372,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h
struct Session; struct Session;
diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
--- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100
+++ openssh-5.8p1/packet.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/packet.c 2011-02-24 13:54:02.000000000 +0100
@@ -60,6 +60,7 @@ @@ -60,6 +60,7 @@
#include <signal.h> #include <signal.h>
@ -434,7 +434,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
} }
active_state->newkeys[mode] = kex_get_newkeys(mode); active_state->newkeys[mode] = kex_get_newkeys(mode);
if (active_state->newkeys[mode] == NULL) if (active_state->newkeys[mode] == NULL)
@@ -1912,6 +1922,55 @@ packet_get_newkeys(int mode) @@ -1912,6 +1922,54 @@ packet_get_newkeys(int mode)
return (void *)active_state->newkeys[mode]; return (void *)active_state->newkeys[mode];
} }
@ -469,12 +469,11 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
+} +}
+ +
+void +void
+packet_destroy_all(int privsep) +packet_destroy_all(int audit_it, int privsep)
+{ +{
+ int audit_it; + if (audit_it)
+ + audit_it = packet_state_has_keys (active_state) ||
+ audit_it = packet_state_has_keys (active_state) || + packet_state_has_keys (backup_state);
+ packet_state_has_keys (backup_state);
+ packet_destroy_state(active_state); + packet_destroy_state(active_state);
+ packet_destroy_state(backup_state); + packet_destroy_state(backup_state);
+ if (audit_it) { + if (audit_it) {
@ -490,7 +489,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
/* /*
* Save the state for the real connection, and use a separate state when * Save the state for the real connection, and use a separate state when
* resuming a suspended connection. * resuming a suspended connection.
@@ -1919,18 +1978,12 @@ packet_get_newkeys(int mode) @@ -1919,18 +1977,12 @@ packet_get_newkeys(int mode)
void void
packet_backup_state(void) packet_backup_state(void)
{ {
@ -510,7 +509,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
} }
/* /*
@@ -1947,9 +2000,7 @@ packet_restore_state(void) @@ -1947,9 +1999,7 @@ packet_restore_state(void)
backup_state = active_state; backup_state = active_state;
active_state = tmp; active_state = tmp;
active_state->connection_in = backup_state->connection_in; active_state->connection_in = backup_state->connection_in;
@ -520,7 +519,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
len = buffer_len(&backup_state->input); len = buffer_len(&backup_state->input);
if (len > 0) { if (len > 0) {
buf = buffer_ptr(&backup_state->input); buf = buffer_ptr(&backup_state->input);
@@ -1957,4 +2008,10 @@ packet_restore_state(void) @@ -1957,4 +2007,10 @@ packet_restore_state(void)
buffer_clear(&backup_state->input); buffer_clear(&backup_state->input);
add_recv_bytes(len); add_recv_bytes(len);
} }
@ -533,16 +532,29 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c
+ +
diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h
--- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100
+++ openssh-5.8p1/packet.h 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/packet.h 2011-02-24 13:54:02.000000000 +0100
@@ -125,4 +125,5 @@ void packet_restore_state(void); @@ -125,4 +125,5 @@ void packet_restore_state(void);
void *packet_get_input(void); void *packet_get_input(void);
void *packet_get_output(void); void *packet_get_output(void);
+void packet_destroy_all(int); +void packet_destroy_all(int, int);
#endif /* PACKET_H */ #endif /* PACKET_H */
diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.audit4 2011-02-24 13:54:01.000000000 +0100
+++ openssh-5.8p1/session.c 2011-02-24 13:54:02.000000000 +0100
@@ -1617,6 +1617,9 @@ do_child(Session *s, const char *command
/* remove hostkey from the child's memory */
destroy_sensitive_data();
+ /* Don't audit this - both us and the parent would be talking to the
+ monitor over a single socket, with no synchronization. */
+ packet_destroy_all(0, 1);
/* Force a password change */
if (s->authctxt->force_pwchange) {
diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit4 2011-02-23 09:23:30.000000000 +0100 --- openssh-5.8p1/sshd.c.audit4 2011-02-24 13:54:02.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-23 09:23:30.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-24 13:55:09.000000000 +0100
@@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt)
return (0); return (0);
} }
@ -558,7 +570,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
buffer_clear(&loginmsg); buffer_clear(&loginmsg);
+ newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_OUT]);
+ newkeys_destroy(current_keys[MODE_IN]); + newkeys_destroy(current_keys[MODE_IN]);
+ packet_destroy_all(0); + packet_destroy_all(1, 0);
monitor_child_postauth(pmonitor); monitor_child_postauth(pmonitor);
/* NEVERREACHED */ /* NEVERREACHED */
@ -566,7 +578,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
*/ */
if (use_privsep) { if (use_privsep) {
mm_send_keystate(pmonitor); mm_send_keystate(pmonitor);
+ packet_destroy_all(1); + packet_destroy_all(1, 1);
exit(0); exit(0);
} }
@ -574,8 +586,16 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c
do_authenticated(authctxt); do_authenticated(authctxt);
/* The connection has been terminated. */ /* The connection has been terminated. */
+ packet_destroy_all(0); + packet_destroy_all(1, 0);
+ +
packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
verbose("Transferred: sent %llu, received %llu bytes", verbose("Transferred: sent %llu, received %llu bytes",
@@ -2345,6 +2353,7 @@ cleanup_exit(int i)
{
if (the_authctxt)
do_cleanup(the_authctxt);
+ packet_destroy_all(1, is_privsep_child);
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if ((the_authctxt == NULL || !the_authctxt->authenticated) &&

View File

@ -0,0 +1,13 @@
diff -ur openssh/sshd.c openssh-5.8p1/sshd.c
--- openssh/sshd.c 2011-02-23 16:23:05.720096223 +0100
+++ openssh-5.8p1/sshd.c 2011-02-23 17:04:24.206612620 +0100
@@ -748,7 +748,8 @@
buffer_clear(&loginmsg);
newkeys_destroy(current_keys[MODE_OUT]);
newkeys_destroy(current_keys[MODE_IN]);
- packet_destroy_all(1, 0);
+ audit_session_key_free_body(2, getpid(), getuid());
+ packet_destroy_all(0, 0);
monitor_child_postauth(pmonitor);
/* NEVERREACHED */

View File

@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/audit-bsm.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:39:32.000000000 +0100
@@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi @@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi
{ {
/* not implemented */ /* not implemented */
@ -25,9 +25,9 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c
+} +}
#endif /* BSM */ #endif /* BSM */
diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/audit.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/audit.c 2011-02-24 13:39:32.000000000 +0100
@@ -275,5 +275,24 @@ audit_session_key_free_body(int ctos, pi @@ -276,5 +276,24 @@ audit_session_key_free_body(int ctos, pi
debug("audit session key discard euid %u direction %d from pid %ld uid %u", debug("audit session key discard euid %u direction %d from pid %ld uid %u",
(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
} }
@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/audit.h.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/audit.h 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/audit.h 2011-02-24 13:39:32.000000000 +0100
@@ -48,6 +48,8 @@ enum ssh_audit_event_type { @@ -48,6 +48,8 @@ enum ssh_audit_event_type {
}; };
typedef enum ssh_audit_event_type ssh_audit_event_t; typedef enum ssh_audit_event_type ssh_audit_event_t;
@ -73,9 +73,9 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */ #endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/audit-linux.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/audit-linux.c 2011-02-24 13:39:32.000000000 +0100
@@ -339,4 +339,50 @@ audit_session_key_free_body(int ctos, pi @@ -343,4 +343,50 @@ audit_session_key_free_body(int ctos, pi
error("cannot write into audit"); error("cannot write into audit");
} }
@ -127,9 +127,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c
+} +}
#endif /* USE_LINUX_AUDIT */ #endif /* USE_LINUX_AUDIT */
diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
--- openssh-5.8p1/key.c.audit5 2011-02-04 01:48:34.000000000 +0100 --- openssh-5.8p1/key.c.audit5 2011-02-24 13:39:31.000000000 +0100
+++ openssh-5.8p1/key.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/key.c 2011-02-24 13:39:32.000000000 +0100
@@ -1769,6 +1769,30 @@ key_demote(const Key *k) @@ -1795,6 +1795,30 @@ key_demote(const Key *k)
} }
int int
@ -161,9 +161,9 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c
{ {
if (k == NULL) if (k == NULL)
diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
--- openssh-5.8p1/key.h.audit5 2010-11-05 00:19:49.000000000 +0100 --- openssh-5.8p1/key.h.audit5 2011-02-24 13:39:31.000000000 +0100
+++ openssh-5.8p1/key.h 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/key.h 2011-02-24 13:39:32.000000000 +0100
@@ -106,6 +106,7 @@ Key *key_generate(int, u_int); @@ -109,6 +109,7 @@ Key *key_generate(int, u_int);
Key *key_from_private(const Key *); Key *key_from_private(const Key *);
int key_type_from_name(char *); int key_type_from_name(char *);
int key_is_cert(const Key *); int key_is_cert(const Key *);
@ -172,8 +172,8 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h
int key_to_certified(Key *, int); int key_to_certified(Key *, int);
int key_drop_cert(Key *); int key_drop_cert(Key *);
diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/monitor.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/monitor.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/monitor.c 2011-02-24 13:39:32.000000000 +0100
@@ -182,6 +182,7 @@ int mm_answer_audit_end_command(int, Buf @@ -182,6 +182,7 @@ int mm_answer_audit_end_command(int, Buf
int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *);
int mm_answer_audit_kex_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *);
@ -240,8 +240,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/monitor.h.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/monitor.h 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/monitor.h 2011-02-24 13:39:32.000000000 +0100
@@ -70,6 +70,7 @@ enum monitor_reqtype { @@ -70,6 +70,7 @@ enum monitor_reqtype {
MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -251,8 +251,8 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h
struct mm_master; struct mm_master;
diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:39:32.000000000 +0100
@@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos, @@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos,
&m); &m);
buffer_free(&m); buffer_free(&m);
@ -275,8 +275,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c
+} +}
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:39:32.000000000 +0100
@@ -78,6 +78,7 @@ void mm_audit_end_command(const char *); @@ -78,6 +78,7 @@ void mm_audit_end_command(const char *);
void mm_audit_unsupported_body(int); void mm_audit_unsupported_body(int);
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
@ -286,8 +286,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h
struct Session; struct Session;
diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/session.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/session.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/session.c 2011-02-24 13:43:35.000000000 +0100
@@ -132,7 +132,7 @@ extern int log_stderr; @@ -132,7 +132,7 @@ extern int log_stderr;
extern int debug_flag; extern int debug_flag;
extern u_int utmp_len; extern u_int utmp_len;
@ -303,12 +303,12 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c
/* remove hostkey from the child's memory */ /* remove hostkey from the child's memory */
- destroy_sensitive_data(); - destroy_sensitive_data();
+ destroy_sensitive_data(1); + destroy_sensitive_data(1);
/* Don't audit this - both us and the parent would be talking to the
/* Force a password change */ monitor over a single socket, with no synchronization. */
if (s->authctxt->force_pwchange) { packet_destroy_all(0, 1);
diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit5 2011-02-23 09:33:38.000000000 +0100 --- openssh-5.8p1/sshd.c.audit5 2011-02-24 13:39:32.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-23 09:33:38.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-24 13:43:08.000000000 +0100
@@ -253,7 +253,7 @@ Buffer loginmsg; @@ -253,7 +253,7 @@ Buffer loginmsg;
struct passwd *privsep_pw = NULL; struct passwd *privsep_pw = NULL;
@ -448,7 +448,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
if (use_privsep) if (use_privsep)
mm_ssh1_session_id(session_id); mm_ssh1_session_id(session_id);
@@ -2351,8 +2402,23 @@ do_ssh2_kex(void) @@ -2351,8 +2402,22 @@ do_ssh2_kex(void)
void void
cleanup_exit(int i) cleanup_exit(int i)
{ {
@ -468,7 +468,6 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c
+ is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor(); + is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
+ if (sensitive_data.host_keys != NULL) + if (sensitive_data.host_keys != NULL)
+ destroy_sensitive_data(is_privsep_child); + destroy_sensitive_data(is_privsep_child);
+ packet_destroy_all(is_privsep_child); packet_destroy_all(1, is_privsep_child);
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */ /* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor())

View File

@ -0,0 +1,21 @@
diff -ur openssh/monitor.c openssh-5.8p1/monitor.c
--- openssh/monitor.c 2011-02-23 14:22:42.007937852 +0100
+++ openssh-5.8p1/monitor.c 2011-02-23 19:26:01.491710679 +0100
@@ -106,6 +106,8 @@
extern int auth_debug_init;
extern Buffer loginmsg;
+extern void destroy_sensitive_data(int);
+
/* State exported from the child */
struct {
@@ -1651,6 +1653,8 @@
sshpam_cleanup();
#endif
+ destroy_sensitive_data(0);
+
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
if (errno != EINTR)
exit(1);

View File

@ -1,38 +1,6 @@
diff -up openssh-5.8p1/audit.c.fips openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.fips 2011-02-21 17:05:13.000000000 +0100
+++ openssh-5.8p1/audit.c 2011-02-21 17:06:18.000000000 +0100
@@ -121,7 +121,7 @@ audit_key(int host_user, int *rv, const
char *fp;
const char *crypto_name;
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
if (key->type == KEY_RSA1)
crypto_name = "ssh-rsa1";
else
diff -up openssh-5.8p1/auth2-pubkey.c.fips openssh-5.8p1/auth2-pubkey.c
--- openssh-5.8p1/auth2-pubkey.c.fips 2011-02-21 17:05:14.000000000 +0100
+++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 17:05:14.000000000 +0100
@@ -36,6 +36,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <openssl/fips.h>
#include "xmalloc.h"
#include "ssh.h"
@@ -371,7 +372,7 @@ user_search_key_in_file(FILE *f, char *f
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
+ fp = key_fingerprint(found, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
key_type(found), fp);
xfree(fp);
diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
--- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100
+++ openssh-5.8p1/authfile.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/authfile.c 2011-02-24 10:34:41.000000000 +0100
@@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
/* Allocate space for the private part of the key in the buffer. */ /* Allocate space for the private part of the key in the buffer. */
cp = buffer_append_space(&encrypted, buffer_len(&buffer)); cp = buffer_append_space(&encrypted, buffer_len(&buffer));
@ -66,21 +34,9 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c
cipher_crypt(&ciphercontext, cp, cipher_crypt(&ciphercontext, cp,
buffer_ptr(blob), buffer_len(blob)); buffer_ptr(blob), buffer_len(blob));
cipher_cleanup(&ciphercontext); cipher_cleanup(&ciphercontext);
diff -up openssh-5.8p1/auth-rsa.c.fips openssh-5.8p1/auth-rsa.c
--- openssh-5.8p1/auth-rsa.c.fips 2011-02-21 17:05:13.000000000 +0100
+++ openssh-5.8p1/auth-rsa.c 2011-02-21 17:07:33.000000000 +0100
@@ -119,7 +119,7 @@ auth_rsa_verify_response(Key *key, BIGNU
rv = timingsafe_bcmp(response, mdbuf, 16) == 0;
#ifdef SSH_AUDIT_EVENTS
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
debug("unsuccessful audit");
rv = 0;
diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
--- openssh-5.8p1/cipher.c.fips 2011-02-21 17:05:13.000000000 +0100 --- openssh-5.8p1/cipher.c.fips 2011-02-24 10:34:40.000000000 +0100
+++ openssh-5.8p1/cipher.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/cipher.c 2011-02-24 10:34:41.000000000 +0100
@@ -40,6 +40,7 @@ @@ -40,6 +40,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -167,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c
/* /*
diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
--- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
+++ openssh-5.8p1/cipher-ctr.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/cipher-ctr.c 2011-02-24 10:34:41.000000000 +0100
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void) @@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
aes_ctr.do_cipher = ssh_aes_ctr; aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP #ifndef SSH_OLD_EVP
@ -179,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c
return (&aes_ctr); return (&aes_ctr);
} }
diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
--- openssh-5.8p1/cipher.h.fips 2011-02-21 17:05:13.000000000 +0100 --- openssh-5.8p1/cipher.h.fips 2011-02-24 10:34:40.000000000 +0100
+++ openssh-5.8p1/cipher.h 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/cipher.h 2011-02-24 10:34:41.000000000 +0100
@@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe
const u_char *, u_int, int); const u_char *, u_int, int);
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
@ -190,9 +146,29 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h
u_int cipher_blocksize(const Cipher *); u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *); u_int cipher_keylen(const Cipher *);
u_int cipher_is_cbc(const Cipher *); u_int cipher_is_cbc(const Cipher *);
diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c
--- openssh-5.8p1/key.c.fips 2011-02-24 10:35:39.000000000 +0100
+++ openssh-5.8p1/key.c 2011-02-24 10:37:20.000000000 +0100
@@ -40,6 +40,7 @@
#include <sys/types.h>
#include <openssl/evp.h>
+#include <openssl/fips.h>
#include <openbsd-compat/openssl-compat.h>
#include <stdarg.h>
@@ -601,6 +602,8 @@ key_fingerprint_selection(void)
static int rv = -1;
if (rv == -1) {
+ if (FIPS_mode())
+ return (rv = 1);
env = getenv("SSH_FINGERPRINT_TYPE");
rv = env && !strcmp (env, "sha");
}
diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
--- openssh-5.8p1/mac.c.fips 2011-02-21 17:05:13.000000000 +0100 --- openssh-5.8p1/mac.c.fips 2011-02-24 10:34:40.000000000 +0100
+++ openssh-5.8p1/mac.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/mac.c 2011-02-24 10:34:41.000000000 +0100
@@ -28,6 +28,7 @@ @@ -28,6 +28,7 @@
#include <sys/types.h> #include <sys/types.h>
@ -243,8 +219,8 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c
for (i = 0; macs[i].name; i++) { for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) { if (strcmp(name, macs[i].name) == 0) {
diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
--- openssh-5.8p1/Makefile.in.fips 2011-02-21 17:05:14.000000000 +0100 --- openssh-5.8p1/Makefile.in.fips 2011-02-24 10:34:40.000000000 +0100
+++ openssh-5.8p1/Makefile.in 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/Makefile.in 2011-02-24 10:34:41.000000000 +0100
@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) @@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@ $(RANLIB) $@
@ -288,7 +264,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
--- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100
+++ openssh-5.8p1/myproposal.h 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/myproposal.h 2011-02-24 10:34:41.000000000 +0100
@@ -81,7 +81,12 @@ @@ -81,7 +81,12 @@
"hmac-sha1-96,hmac-md5-96" "hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
@ -305,7 +281,7 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h
KEX_DEFAULT_KEX, KEX_DEFAULT_KEX,
diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c
--- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-24 10:34:41.000000000 +0100
@@ -39,6 +39,7 @@ @@ -39,6 +39,7 @@
static int rc4_ready = 0; static int rc4_ready = 0;
static RC4_KEY rc4; static RC4_KEY rc4;
@ -347,53 +323,9 @@ diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbs
#endif /* !HAVE_ARC4RANDOM */ #endif /* !HAVE_ARC4RANDOM */
#ifndef HAVE_ARC4RANDOM_BUF #ifndef HAVE_ARC4RANDOM_BUF
diff -up openssh-5.8p1/ssh-add.c.fips openssh-5.8p1/ssh-add.c
--- openssh-5.8p1/ssh-add.c.fips 2010-11-11 04:17:02.000000000 +0100
+++ openssh-5.8p1/ssh-add.c 2011-02-21 17:05:14.000000000 +0100
@@ -42,6 +42,7 @@
#include <sys/param.h>
#include <openssl/evp.h>
+#include <openssl/fips.h>
#include "openbsd-compat/openssl-compat.h"
#include <fcntl.h>
@@ -280,7 +281,7 @@ list_identities(AuthenticationConnection
key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
if (do_fp) {
- fp = key_fingerprint(key, SSH_FP_MD5,
+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
SSH_FP_HEX);
printf("%d %s %s (%s)\n",
key_size(key), fp, comment, key_type(key));
diff -up openssh-5.8p1/ssh-agent.c.fips openssh-5.8p1/ssh-agent.c
--- openssh-5.8p1/ssh-agent.c.fips 2010-12-01 01:50:35.000000000 +0100
+++ openssh-5.8p1/ssh-agent.c 2011-02-21 17:05:14.000000000 +0100
@@ -51,6 +51,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
+#include <openssl/fips.h>
#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
@@ -199,9 +200,9 @@ confirm_key(Identity *id)
char *p;
int ret = -1;
- p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
- id->comment, p))
+ p = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ if (ask_permission("Allow use of key %s?\nKey %sfingerprint %s.",
+ id->comment, FIPS_mode() ? "SHA1 " : "", p))
ret = 0;
xfree(p);
diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
--- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100
+++ openssh-5.8p1/ssh.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/ssh.c 2011-02-24 10:34:41.000000000 +0100
@@ -73,6 +73,8 @@ @@ -73,6 +73,8 @@
#include <openssl/evp.h> #include <openssl/evp.h>
@ -457,8 +389,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c
if (ssh_connect(host, &hostaddr, options.port, if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts, &timeout_ms, options.address_family, options.connection_attempts, &timeout_ms,
diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
--- openssh-5.8p1/sshconnect2.c.fips 2010-12-01 02:21:51.000000000 +0100 --- openssh-5.8p1/sshconnect2.c.fips 2011-02-24 10:34:40.000000000 +0100
+++ openssh-5.8p1/sshconnect2.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/sshconnect2.c 2011-02-24 10:34:41.000000000 +0100
@@ -44,6 +44,8 @@ @@ -44,6 +44,8 @@
#include <vis.h> #include <vis.h>
#endif #endif
@ -491,134 +423,9 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c
if (options.hostkeyalgorithms != NULL) if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms; options.hostkeyalgorithms;
@@ -590,8 +600,8 @@ input_userauth_pk_ok(int type, u_int32_t
key->type, pktype);
goto done;
}
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- debug2("input_userauth_pk_ok: fp %s", fp);
+ fp = key_fingerprint(key, SSH_FP_SHA1, SSH_FP_HEX);
+ debug2("input_userauth_pk_ok: SHA1 fp %s", fp);
xfree(fp);
/*
diff -up openssh-5.8p1/sshconnect.c.fips openssh-5.8p1/sshconnect.c
--- openssh-5.8p1/sshconnect.c.fips 2011-01-16 13:17:59.000000000 +0100
+++ openssh-5.8p1/sshconnect.c 2011-02-21 17:05:14.000000000 +0100
@@ -41,6 +41,8 @@
#include <string.h>
#include <unistd.h>
+#include <openssl/fips.h>
+
#include "xmalloc.h"
#include "key.h"
#include "hostfile.h"
@@ -705,6 +707,7 @@ check_host_key(char *hostname, struct so
int len, cancelled_forwarding = 0;
struct hostkeys *host_hostkeys, *ip_hostkeys;
const struct hostkey_entry *host_found, *ip_found;
+ int fips_on = FIPS_mode();
/*
* Force accepting of the host key for loopback/localhost. The
@@ -798,10 +801,10 @@ check_host_key(char *hostname, struct so
"key for IP address '%.128s' to the list "
"of known hosts.", type, ip);
} else if (options.visual_host_key) {
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
- ra = key_fingerprint(host_key, SSH_FP_MD5,
+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5,
SSH_FP_RANDOMART);
- logit("Host key fingerprint is %s\n%s\n", fp, ra);
+ logit("Host key %sfingerprint is %s\n%s\n", fips_on ? "SHA1 " : "", fp, ra);
xfree(ra);
xfree(fp);
}
@@ -830,6 +833,7 @@ check_host_key(char *hostname, struct so
goto fail;
} else if (options.strict_host_key_checking == 2) {
char msg1[1024], msg2[1024];
+ int fips_on = FIPS_mode();
if (show_other_keys(host_hostkeys, host_key))
snprintf(msg1, sizeof(msg1),
@@ -838,8 +842,8 @@ check_host_key(char *hostname, struct so
else
snprintf(msg1, sizeof(msg1), ".");
/* The default */
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
- ra = key_fingerprint(host_key, SSH_FP_MD5,
+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5,
SSH_FP_RANDOMART);
msg2[0] = '\0';
if (options.verify_host_key_dns) {
@@ -855,10 +859,10 @@ check_host_key(char *hostname, struct so
snprintf(msg, sizeof(msg),
"The authenticity of host '%.200s (%s)' can't be "
"established%s\n"
- "%s key fingerprint is %s.%s%s\n%s"
+ "%s key %sfingerprint is %s.%s%s\n%s"
"Are you sure you want to continue connecting "
"(yes/no)? ",
- host, ip, msg1, type, fp,
+ host, ip, msg1, type, fips_on ? "SHA1 " : "", fp,
options.visual_host_key ? "\n" : "",
options.visual_host_key ? ra : "",
msg2);
@@ -1208,20 +1212,21 @@ show_other_keys(struct hostkeys *hostkey
int i, ret = 0;
char *fp, *ra;
const struct hostkey_entry *found;
+ int fips_on = FIPS_mode();
for (i = 0; type[i] != -1; i++) {
if (type[i] == key->type)
continue;
if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
continue;
- fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX);
- ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART);
+ fp = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ ra = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_RANDOMART);
logit("WARNING: %s key found for host %s\n"
"in %s:%lu\n"
- "%s key fingerprint %s.",
+ "%s key %sfingerprint %s.\n%s\n",
key_type(found->key),
found->host, found->file, found->line,
- key_type(found->key), fp);
+ key_type(found), fips_on ? "SHA1 ":"", fp, ra);
if (options.visual_host_key)
logit("%s", ra);
xfree(ra);
@@ -1235,8 +1240,9 @@ static void
warn_changed_key(Key *host_key)
{
char *fp;
+ int fips_on = FIPS_mode();
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
@@ -1244,8 +1250,8 @@ warn_changed_key(Key *host_key)
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that a host key has just been changed.");
- error("The fingerprint for the %s key sent by the remote host is\n%s.",
- key_type(host_key), fp);
+ error("The %sfingerprint for the %s key sent by the remote host is\n%s.",
+ fips_on ? "SHA1 ":"", key_type(host_key), fp);
error("Please contact your system administrator.");
xfree(fp);
diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.fips 2011-02-21 17:05:14.000000000 +0100 --- openssh-5.8p1/sshd.c.fips 2011-02-24 10:34:41.000000000 +0100
+++ openssh-5.8p1/sshd.c 2011-02-21 17:05:14.000000000 +0100 +++ openssh-5.8p1/sshd.c 2011-02-24 10:34:41.000000000 +0100
@@ -76,6 +76,8 @@ @@ -76,6 +76,8 @@
#include <openssl/bn.h> #include <openssl/bn.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -628,7 +435,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE #ifdef HAVE_SECUREWARE
@@ -1327,6 +1329,12 @@ main(int ac, char **av) @@ -1363,6 +1365,12 @@ main(int ac, char **av)
(void)set_auth_parameters(ac, av); (void)set_auth_parameters(ac, av);
#endif #endif
__progname = ssh_get_progname(av[0]); __progname = ssh_get_progname(av[0]);
@ -641,7 +448,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
init_rng(); init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
@@ -1488,8 +1496,6 @@ main(int ac, char **av) @@ -1524,8 +1532,6 @@ main(int ac, char **av)
else else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@ -650,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
/* /*
* Force logging to stderr until we have loaded the private host * Force logging to stderr until we have loaded the private host
* key (unless started from inetd) * key (unless started from inetd)
@@ -1608,6 +1614,10 @@ main(int ac, char **av) @@ -1644,6 +1650,10 @@ main(int ac, char **av)
debug("private host key: #%d type %d %s", i, key->type, debug("private host key: #%d type %d %s", i, key->type,
key_type(key)); key_type(key));
} }
@ -661,7 +468,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key"); logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1; options.protocol &= ~SSH_PROTO_1;
@@ -1772,6 +1782,10 @@ main(int ac, char **av) @@ -1808,6 +1818,10 @@ main(int ac, char **av)
/* Initialize the random number generator. */ /* Initialize the random number generator. */
arc4random_stir(); arc4random_stir();
@ -672,7 +479,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
/* Chdir to the root directory so that the current disk can be /* Chdir to the root directory so that the current disk can be
unmounted if desired. */ unmounted if desired. */
chdir("/"); chdir("/");
@@ -2315,6 +2329,9 @@ do_ssh2_kex(void) @@ -2349,6 +2363,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) { if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@ -682,7 +489,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
} }
myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
@@ -2324,6 +2341,9 @@ do_ssh2_kex(void) @@ -2358,6 +2375,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) { if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
@ -692,43 +499,3 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c
} }
if (options.compression == COMP_NONE) { if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] = myproposal[PROPOSAL_COMP_ALGS_CTOS] =
diff -up openssh-5.8p1/ssh-keygen.c.fips openssh-5.8p1/ssh-keygen.c
--- openssh-5.8p1/ssh-keygen.c.fips 2011-02-21 17:05:14.000000000 +0100
+++ openssh-5.8p1/ssh-keygen.c 2011-02-21 17:05:14.000000000 +0100
@@ -21,6 +21,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
+#include <openssl/fips.h>
#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
@@ -721,7 +722,7 @@ do_fingerprint(struct passwd *pw)
enum fp_type fptype;
struct stat st;
- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
+ fptype = print_bubblebabble ? SSH_FP_SHA1 : FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5;
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
if (!have_identity)
@@ -2253,14 +2254,15 @@ passphrase_again:
fclose(f);
if (!quiet) {
- char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX);
- char *ra = key_fingerprint(public, SSH_FP_MD5,
+ int fips_on = FIPS_mode();
+ char *fp = key_fingerprint(public, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX);
+ char *ra = key_fingerprint(public, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5,
SSH_FP_RANDOMART);
printf("Your public key has been saved in %s.\n",
identity_file);
- printf("The key fingerprint is:\n");
+ printf("The key %sfingerprint is:\n", fips_on ? "SHA1 " : "");
printf("%s %s\n", fp, comment);
- printf("The key's randomart image is:\n");
+ printf("The key's %srandomart image is:\n", fips_on ? "SHA1 " :"");
printf("%s\n", ra);
xfree(ra);
xfree(fp);

View File

@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.8p1 %define openssh_ver 5.8p1
%define openssh_rel 7 %define openssh_rel 8
%define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 30 %define pam_ssh_agent_rel 30
@ -93,8 +93,10 @@ Source3: sshd.init
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
Source5: pam_ssh_agent-rmheaders Source5: pam_ssh_agent-rmheaders
Patch100: openssh-5.8p1-wIm.patch Patch99: openssh-5.8p1-wIm.patch
Patch0: openssh-5.6p1-redhat.patch Patch0: openssh-5.6p1-redhat.patch
#?
Patch100: openssh-5.8p1-fingerprit.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402 #https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Patch1: openssh-5.8p1-audit1.patch Patch1: openssh-5.8p1-audit1.patch
Patch101: openssh-5.8p1-audit1a.patch Patch101: openssh-5.8p1-audit1a.patch
@ -287,8 +289,9 @@ The module is most useful for su and sudo service stacks.
%prep %prep
%setup -q -a 4 %setup -q -a 4
#Do not enable by default #Do not enable by default
###%patch100 -p1 -b .wIm ###%patch99 -p1 -b .wIm
%patch0 -p1 -b .redhat %patch0 -p1 -b .redhat
%patch100 -p1 -b .fingerprint
%patch1 -p1 -b .audit1 %patch1 -p1 -b .audit1
%patch101 -p1 -b .audit1a %patch101 -p1 -b .audit1a
%patch2 -p1 -b .audit2 %patch2 -p1 -b .audit2
@ -616,7 +619,7 @@ fi
%endif %endif
%changelog %changelog
* Wed Feb 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-7 + 0.9.2-30 * Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
- another audit improovements - another audit improovements
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30 * Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30