|
Jan F |
9cefae |
diff -up openssh-5.8p1/audit-bsm.c.audit3a openssh-5.8p1/audit-bsm.c
|
|
Jan F |
9cefae |
--- openssh-5.8p1/audit-bsm.c.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/audit-bsm.c 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -391,7 +391,7 @@ audit_unsupported_body(int what)
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
void
|
|
Jan F |
9cefae |
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
|
|
Jan F |
9cefae |
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid)
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
/* not implemented */
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/audit.c.audit3a openssh-5.8p1/audit.c
|
|
Jan F |
9cefae |
--- openssh-5.8p1/audit.c.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/audit.c 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -28,6 +28,7 @@
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
#include <stdarg.h>
|
|
Jan F |
9cefae |
#include <string.h>
|
|
Jan F |
9cefae |
+#include <unistd.h>
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
#ifdef SSH_AUDIT_EVENTS
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
@@ -139,7 +140,7 @@ audit_unsupported(int what)
|
|
Jan F |
9cefae |
void
|
|
Jan F |
9cefae |
audit_kex(int ctos, char *enc, char *mac, char *comp)
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
- PRIVSEP(audit_kex_body(ctos, enc, mac, comp));
|
|
Jan F |
9cefae |
+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
# ifndef CUSTOM_SSH_AUDIT_EVENTS
|
|
Jan F |
9cefae |
@@ -239,10 +240,12 @@ audit_unsupported_body(int what)
|
|
Jan F |
9cefae |
* This will be called on succesfull protocol negotiation.
|
|
Jan F |
9cefae |
*/
|
|
Jan F |
9cefae |
void
|
|
Jan F |
9cefae |
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
|
|
Jan F |
9cefae |
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
|
Jan F |
9cefae |
+ uid_t uid)
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
- debug("audit procol negotiation euid %d direction %d cipher %s mac %s compresion %s",
|
|
Jan F |
9cefae |
- geteuid(), ctos, enc, mac, compress);
|
|
Jan F |
9cefae |
+ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
|
|
Jan F |
9cefae |
+ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
|
|
Jan F |
9cefae |
+ (unsigned)uid);
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
|
|
Jan F |
9cefae |
#endif /* SSH_AUDIT_EVENTS */
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/audit.h.audit3a openssh-5.8p1/audit.h
|
|
Jan F |
9cefae |
--- openssh-5.8p1/audit.h.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/audit.h 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -59,6 +59,6 @@ void audit_key(int, int *, const Key *);
|
|
Jan F |
9cefae |
void audit_unsupported(int);
|
|
Jan F |
9cefae |
void audit_kex(int, char *, char *, char *);
|
|
Jan F |
9cefae |
void audit_unsupported_body(int);
|
|
Jan F |
9cefae |
-void audit_kex_body(int, char *, char *, char *);
|
|
Jan F |
9cefae |
+void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
#endif /* _SSH_AUDIT_H */
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/audit-linux.c.audit3a openssh-5.8p1/audit-linux.c
|
|
Jan F |
9cefae |
--- openssh-5.8p1/audit-linux.c.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/audit-linux.c 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -267,7 +267,8 @@ audit_unsupported_body(int what)
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
void
|
|
Jan F |
9cefae |
-audit_kex_body(int ctos, char *enc, char *mac, char *compress)
|
|
Jan F |
9cefae |
+audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
|
|
Jan F |
9cefae |
+ uid_t uid)
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
#ifdef AUDIT_CRYPTO_SESSION
|
|
Jan F |
9cefae |
char buf[AUDIT_LOG_SIZE];
|
|
Jan F |
9cefae |
@@ -275,8 +276,9 @@ audit_kex_body(int ctos, char *enc, char
|
|
Jan F |
9cefae |
const static char *direction[] = { "from-server", "from-client", "both" };
|
|
Jan F |
9cefae |
Cipher *cipher = cipher_by_name(enc);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
- snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d rport=%d laddr=%s lport=%d",
|
|
Jan F |
9cefae |
+ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d",
|
|
Jan F |
9cefae |
direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
|
|
Jan F |
9cefae |
+ (intmax_t)pid, (intmax_t)uid,
|
|
Jan F |
9cefae |
get_remote_port(), get_local_ipaddr(packet_get_connection_in()), get_local_port());
|
|
Jan F |
9cefae |
audit_fd = audit_open();
|
|
Jan F |
9cefae |
if (audit_fd < 0) {
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/monitor.c.audit3a openssh-5.8p1/monitor.c
|
|
Jan F |
9cefae |
--- openssh-5.8p1/monitor.c.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/monitor.c 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -2239,13 +2239,17 @@ mm_answer_audit_kex_body(int sock, Buffe
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
int ctos, len;
|
|
Jan F |
9cefae |
char *cipher, *mac, *compress;
|
|
Jan F |
9cefae |
+ pid_t pid;
|
|
Jan F |
9cefae |
+ uid_t uid;
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
ctos = buffer_get_int(m);
|
|
Jan F |
9cefae |
cipher = buffer_get_string(m, &len;;
|
|
Jan F |
9cefae |
mac = buffer_get_string(m, &len;;
|
|
Jan F |
9cefae |
compress = buffer_get_string(m, &len;;
|
|
Jan F |
9cefae |
+ pid = buffer_get_int64(m);
|
|
Jan F |
9cefae |
+ uid = buffer_get_int64(m);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
- audit_kex_body(ctos, cipher, mac, compress);
|
|
Jan F |
9cefae |
+ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
buffer_clear(m);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/monitor_wrap.c.audit3a openssh-5.8p1/monitor_wrap.c
|
|
Jan F |
9cefae |
--- openssh-5.8p1/monitor_wrap.c.audit3a 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/monitor_wrap.c 2011-02-21 18:29:45.000000000 +0100
|
|
Jan F |
9cefae |
@@ -1430,7 +1430,8 @@ mm_audit_unsupported_body(int what)
|
|
Jan F |
9cefae |
}
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
void
|
|
Jan F |
9cefae |
-mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress)
|
|
Jan F |
9cefae |
+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid,
|
|
Jan F |
9cefae |
+ uid_t uid)
|
|
Jan F |
9cefae |
{
|
|
Jan F |
9cefae |
Buffer m;
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
@@ -1439,6 +1440,8 @@ mm_audit_kex_body(int ctos, char *cipher
|
|
Jan F |
9cefae |
buffer_put_cstring(&m, cipher);
|
|
Jan F |
9cefae |
buffer_put_cstring(&m, mac);
|
|
Jan F |
9cefae |
buffer_put_cstring(&m, compress);
|
|
Jan F |
9cefae |
+ buffer_put_int64(&m, pid);
|
|
Jan F |
9cefae |
+ buffer_put_int64(&m, uid);
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
|
|
Jan F |
9cefae |
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
|
|
Jan F |
9cefae |
diff -up openssh-5.8p1/monitor_wrap.h.audit3a openssh-5.8p1/monitor_wrap.h
|
|
Jan F |
9cefae |
--- openssh-5.8p1/monitor_wrap.h.audit3a 2011-02-21 18:33:57.000000000 +0100
|
|
Jan F |
9cefae |
+++ openssh-5.8p1/monitor_wrap.h 2011-02-21 18:34:18.000000000 +0100
|
|
Jan F |
9cefae |
@@ -75,7 +75,7 @@ void mm_sshpam_free_ctx(void *);
|
|
Jan F |
9cefae |
void mm_audit_event(ssh_audit_event_t);
|
|
Jan F |
9cefae |
void mm_audit_run_command(const char *);
|
|
Jan F |
9cefae |
void mm_audit_unsupported_body(int);
|
|
Jan F |
9cefae |
-void mm_audit_kex_body(int, char *, char *, char *);
|
|
Jan F |
9cefae |
+void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
|
|
Jan F |
9cefae |
#endif
|
|
Jan F |
9cefae |
|
|
Jan F |
9cefae |
struct Session;
|