Tree - rpms/openssh - CentOS Git server

rpms / openssh

Blame openssh-5.8p1-audit1a.patch

Blob History Raw

Jan F	9cefae	`diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c`
Jan F	9cefae	`--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-21 18:14:37.000000000 +0100`
Jan F	9cefae	`+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:17:33.000000000 +0100`
Jan F	9cefae	`@@ -35,13 +35,20 @@`
Jan F	9cefae
Jan F	9cefae	`#include "log.h"`
Jan F	9cefae	`#include "audit.h"`
Jan F	9cefae	`+#include "key.h"`
Jan F	9cefae	`+#include "hostfile.h"`
Jan F	9cefae	`+#include "auth.h"`
Jan F	9cefae	`+#include "servconf.h"`
Jan F	9cefae	`#include "canohost.h"`
Jan F	9cefae
Jan F	9cefae	`+extern ServerOptions options;`
Jan F	9cefae	`+extern Authctxt *the_authctxt;`
Jan F	9cefae	`+extern u_int utmp_len;`
Jan F	9cefae	`const char* audit_username(void);`
Jan F	9cefae
Jan F	9cefae	`static void`
Jan F	9cefae	`-linux_audit_user_login(int uid, const char *username,`
Jan F	9cefae	`- const char hostname, const char ip, const char *ttyn, int success)`
Jan F	9cefae	`+linux_audit_user_logxxx(int uid, const char *username,`
Jan F	9cefae	`+ const char hostname, const char ip, const char *ttyn, int success, int event)`
Jan F	9cefae	`{`
Jan F	9cefae	`int audit_fd, rc, saved_errno;`
Jan F	9cefae
Jan F	9cefae	`@@ -53,7 +60,7 @@ linux_audit_user_login(int uid, const ch`
Jan F	9cefae	`else`
Jan F	9cefae	`goto fatal_report; /* Must prevent login */`
Jan F	9cefae	`}`
Jan F	9cefae	`- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,`
Jan F	9cefae	`+ rc = audit_log_acct_message(audit_fd, event,`
Jan F	9cefae	`NULL, "login", username ? username : "(unknown)",`
Jan F	9cefae	`username == NULL ? uid : -1, hostname, ip, ttyn, success);`
Jan F	9cefae	`saved_errno = errno;`
Jan F	9cefae	`@@ -77,19 +84,19 @@ linux_audit_user_auth(int uid, const cha`
Jan F	9cefae	`{`
Jan F	9cefae	`int audit_fd, rc, saved_errno;`
Jan F	9cefae	`static const char *event_name[] = {`
Jan F	9cefae	`- "exceed maxtries",`
Jan F	9cefae	`+ "maxtries exceeded",`
Jan F	9cefae	`"root denied",`
Jan F	9cefae	`"success",`
Jan F	9cefae	`"none",`
Jan F	9cefae	`- "pasword",`
Jan F	9cefae	`- "chalenge-response",`
Jan F	9cefae	`+ "password",`
Jan F	9cefae	`+ "challenge-response",`
Jan F	9cefae	`"pubkey",`
Jan F	9cefae	`"hostbased",`
Jan F	9cefae	`"gssapi",`
Jan F	9cefae	`"invalid user",`
Jan F	9cefae	`"nologin",`
Jan F	9cefae	`- "connection close",`
Jan F	9cefae	`- "connection abandon",`
Jan F	9cefae	`+ "connection closed",`
Jan F	9cefae	`+ "connection abandoned",`
Jan F	9cefae	`"unknown"`
Jan F	9cefae	`};`
Jan F	9cefae
Jan F	9cefae	`@@ -123,6 +130,8 @@ fatal_report:`
Jan F	9cefae	`}`
Jan F	9cefae	`}`
Jan F	9cefae
Jan F	9cefae	`+static int user_login_count = 0;`
Jan F	9cefae	`+`
Jan F	9cefae	`/* Below is the sshd audit API code */`
Jan F	9cefae
Jan F	9cefae	`void`
Jan F	9cefae	`@@ -134,20 +143,31 @@ audit_connection_from(const char *host,`
Jan F	9cefae	`void`
Jan F	9cefae	`audit_run_command(const char *command)`
Jan F	9cefae	`{`
Jan F	9cefae	`- /* not implemented */`
Jan F	9cefae	`+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),`
Jan F	9cefae	`+ NULL, "ssh", 1, AUDIT_USER_START);`
Jan F	9cefae	`+ if (!user_login_count++)`
Jan F	9cefae	`+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),`
Jan F	9cefae	`+ NULL, "ssh", 1, AUDIT_USER_LOGIN);`
Jan F	9cefae	`}`
Jan F	9cefae
Jan F	9cefae	`void`
Jan F	9cefae	`audit_session_open(struct logininfo *li)`
Jan F	9cefae	`{`
Jan F	9cefae	`- linux_audit_user_login(li->uid, NULL, li->hostname,`
Jan F	9cefae	`- NULL, li->line, 1);`
Jan F	9cefae	`+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,`
Jan F	9cefae	`+ NULL, li->line, 1, AUDIT_USER_START);`
Jan F	9cefae	`+ if (!user_login_count++)`
Jan F	9cefae	`+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,`
Jan F	9cefae	`+ NULL, li->line, 1, AUDIT_USER_LOGIN);`
Jan F	9cefae	`}`
Jan F	9cefae
Jan F	9cefae	`void`
Jan F	9cefae	`audit_session_close(struct logininfo *li)`
Jan F	9cefae	`{`
Jan F	9cefae	`- /* not implemented */`
Jan F	9cefae	`+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,`
Jan F	9cefae	`+ NULL, li->line, 1, AUDIT_USER_END);`
Jan F	9cefae	`+ if (!--user_login_count)`
Jan F	9cefae	`+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,`
Jan F	9cefae	`+ NULL, li->line, 1, AUDIT_USER_LOGOUT);`
Jan F	9cefae	`}`
Jan F	9cefae
Jan F	9cefae	`void`
Jan F	9cefae	`@@ -163,8 +183,8 @@ audit_event(ssh_audit_event_t event)`
Jan F	9cefae	`case SSH_LOGIN_ROOT_DENIED:`
Jan F	9cefae	`linux_audit_user_auth(-1, audit_username(), NULL,`
Jan F	9cefae	`get_remote_ipaddr(), "sshd", 0, event);`
Jan F	9cefae	`- linux_audit_user_login(-1, audit_username(), NULL,`
Jan F	9cefae	`- get_remote_ipaddr(), "sshd", 0);`
Jan F	9cefae	`+ linux_audit_user_logxxx(-1, audit_username(), NULL,`
Jan F	9cefae	`+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);`
Jan F	9cefae	`break;`
Jan F	9cefae
Jan F	9cefae	`case SSH_LOGIN_EXCEED_MAXTRIES:`
Jan F	9cefae	`@@ -181,8 +201,8 @@ audit_event(ssh_audit_event_t event)`
Jan F	9cefae	`case SSH_CONNECTION_CLOSE:`
Jan F	9cefae	`case SSH_CONNECTION_ABANDON:`
Jan F	9cefae	`case SSH_INVALID_USER:`
Jan F	9cefae	`- linux_audit_user_login(-1, audit_username(), NULL,`
Jan F	9cefae	`- get_remote_ipaddr(), "sshd", 0);`
Jan F	9cefae	`+ linux_audit_user_logxxx(-1, audit_username(), NULL,`
Jan F	9cefae	`+ get_remote_ipaddr(), "sshd", 0, AUDIT_USER_LOGIN);`
Jan F	9cefae	`break;`
Jan F	9cefae
Jan F	9cefae	`default:`

rpms / openssh

Source Code

Blame openssh-5.8p1-audit1a.patch