132 lines
5.0 KiB
Diff
132 lines
5.0 KiB
Diff
diff -up openssh-5.8p1/audit-bsm.c.audit4a openssh-5.8p1/audit-bsm.c
|
|
--- openssh-5.8p1/audit-bsm.c.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -397,7 +397,7 @@ audit_kex_body(int ctos, char *enc, char
|
|
}
|
|
|
|
void
|
|
-audit_session_key_free_body(int ctos)
|
|
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
|
{
|
|
/* not implemented */
|
|
}
|
|
diff -up openssh-5.8p1/audit.c.audit4a openssh-5.8p1/audit.c
|
|
--- openssh-5.8p1/audit.c.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/audit.c 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -146,7 +146,7 @@ audit_kex(int ctos, char *enc, char *mac
|
|
void
|
|
audit_session_key_free(int ctos)
|
|
{
|
|
- PRIVSEP(audit_session_key_free_body(ctos));
|
|
+ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid()));
|
|
}
|
|
|
|
# ifndef CUSTOM_SSH_AUDIT_EVENTS
|
|
@@ -258,9 +258,10 @@ audit_kex_body(int ctos, char *enc, char
|
|
* This will be called on succesfull session key discard
|
|
*/
|
|
void
|
|
-audit_session_key_free_body(int ctos)
|
|
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
|
{
|
|
- debug("audit session key discard euid %d direction %d", geteuid(), ctos);
|
|
+ debug("audit session key discard euid %u direction %d from pid %ld uid %u",
|
|
+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
|
|
}
|
|
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
|
#endif /* SSH_AUDIT_EVENTS */
|
|
diff -up openssh-5.8p1/audit.h.audit4a openssh-5.8p1/audit.h
|
|
--- openssh-5.8p1/audit.h.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/audit.h 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -61,6 +61,6 @@ void audit_kex(int, char *, char *, char
|
|
void audit_unsupported_body(int);
|
|
void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
|
void audit_session_key_free(int ctos);
|
|
-void audit_session_key_free_body(int ctos);
|
|
+void audit_session_key_free_body(int ctos, pid_t, uid_t);
|
|
|
|
#endif /* _SSH_AUDIT_H */
|
|
diff -up openssh-5.8p1/audit-linux.c.audit4a openssh-5.8p1/audit-linux.c
|
|
--- openssh-5.8p1/audit-linux.c.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -299,13 +299,14 @@ audit_kex_body(int ctos, char *enc, char
|
|
}
|
|
|
|
void
|
|
-audit_session_key_free_body(int ctos)
|
|
+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
|
{
|
|
char buf[AUDIT_LOG_SIZE];
|
|
int audit_fd, audit_ok;
|
|
|
|
- snprintf(buf, sizeof(buf), "op=destroy kind=session direction=%s rport=%d laddr=%s lport=%d",
|
|
- direction[ctos], get_remote_port(),
|
|
+ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
|
|
+ direction[ctos], (intmax_t)pid, (intmax_t)uid,
|
|
+ get_remote_port(),
|
|
get_local_ipaddr(packet_get_connection_in()),
|
|
get_local_port());
|
|
audit_fd = audit_open();
|
|
diff -up openssh-5.8p1/monitor.c.audit4a openssh-5.8p1/monitor.c
|
|
--- openssh-5.8p1/monitor.c.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/monitor.c 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -2266,10 +2266,14 @@ int
|
|
mm_answer_audit_session_key_free_body(int sock, Buffer *m)
|
|
{
|
|
int ctos;
|
|
+ pid_t pid;
|
|
+ uid_t uid;
|
|
|
|
ctos = buffer_get_int(m);
|
|
+ pid = buffer_get_int64(m);
|
|
+ uid = buffer_get_int64(m);
|
|
|
|
- audit_session_key_free_body(ctos);
|
|
+ audit_session_key_free_body(ctos, pid, uid);
|
|
|
|
buffer_clear(m);
|
|
|
|
diff -up openssh-5.8p1/monitor_wrap.c.audit4a openssh-5.8p1/monitor_wrap.c
|
|
--- openssh-5.8p1/monitor_wrap.c.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -1451,12 +1451,14 @@ mm_audit_kex_body(int ctos, char *cipher
|
|
}
|
|
|
|
void
|
|
-mm_audit_session_key_free_body(int ctos)
|
|
+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
|
|
{
|
|
Buffer m;
|
|
|
|
buffer_init(&m);
|
|
buffer_put_int(&m, ctos);
|
|
+ buffer_put_int64(&m, pid);
|
|
+ buffer_put_int64(&m, uid);
|
|
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
|
|
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
|
|
&m);
|
|
diff -up openssh-5.8p1/monitor_wrap.h.audit4a openssh-5.8p1/monitor_wrap.h
|
|
--- openssh-5.8p1/monitor_wrap.h.audit4a 2011-02-21 18:42:14.000000000 +0100
|
|
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:42:14.000000000 +0100
|
|
@@ -76,7 +76,7 @@ void mm_audit_event(ssh_audit_event_t);
|
|
void mm_audit_run_command(const char *);
|
|
void mm_audit_unsupported_body(int);
|
|
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
|
-void mm_audit_session_key_free_body(int);
|
|
+void mm_audit_session_key_free_body(int, pid_t, uid_t);
|
|
#endif
|
|
|
|
struct Session;
|
|
diff -up openssh-5.8p1/sshd.c.audit4a openssh-5.8p1/sshd.c
|
|
--- openssh-5.8p1/sshd.c.audit4a 2011-02-21 18:48:30.000000000 +0100
|
|
+++ openssh-5.8p1/sshd.c 2011-02-21 18:48:41.000000000 +0100
|
|
@@ -693,7 +693,7 @@ privsep_postauth(Authctxt *authctxt)
|
|
newkeys_destroy(current_keys[MODE_OUT]);
|
|
newkeys_destroy(current_keys[MODE_IN]);
|
|
packet_destroy_all();
|
|
- audit_session_key_free_body(2);
|
|
+ audit_session_key_free_body(2, getpid(), getuid());
|
|
monitor_child_postauth(pmonitor);
|
|
|
|
/* NEVERREACHED */
|