Attachment #1981 for bug #1402

View | Details | Raw Unified | Return to bug 1402 | Differences between

and this patch

Lines 206-211 OpenSSH contains no GPL code. Link Here

(-)LICENCE (+1 lines)
206	Sun Microsystems	206	Sun Microsystems
207	The SCO Group	207	The SCO Group
208	Daniel Walsh	208	Daniel Walsh
		209	Red Hat, Inc
209		210
210	* Redistribution and use in source and binary forms, with or without	211	* Redistribution and use in source and binary forms, with or without
211	* modification, are permitted provided that the following conditions	212	* modification, are permitted provided that the following conditions

Lines 82-87 SSHOBJS= ssh.o readconf.o clientloop.o s Link Here

(-)Makefile.in (-1 / +2 lines)
82	roaming_common.o roaming_client.o	82	roaming_common.o roaming_client.o
83		83
84	SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \	84	SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
		85	audit.o audit-bsm.o audit-linux.o platform.o \
85	sshpty.o sshlogin.o servconf.o serverloop.o \	86	sshpty.o sshlogin.o servconf.o serverloop.o \
86	auth.o auth1.o auth2.o auth-options.o session.o \	87	auth.o auth1.o auth2.o auth-options.o session.o \
87	auth-chall.o auth2-chall.o groupaccess.o \	88	auth-chall.o auth2-chall.o groupaccess.o \
Lines 91-97 SSHDOBJS=sshd.o auth-rhosts.o auth-passw Link Here
91	auth-krb5.o \	92	auth-krb5.o \
92	auth2-gss.o gss-serv.o gss-serv-krb5.o \	93	auth2-gss.o gss-serv.o gss-serv-krb5.o \
93	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \	94	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
94	audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \	95	sftp-server.o sftp-common.o \
95	roaming_common.o roaming_serv.o	96	roaming_common.o roaming_serv.o
96		97
97	MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out	98	MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out




}

void
audit_session_open(struct logininfo *li)
{
	/* not implemented */
}

void
audit_session_close(struct logininfo *li)
{
	/* not implemented */
}




/* $Id: audit-linux.c,v 1.1 jfch Exp $ */

/*
 * Copyright 2010 Red Hat, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
 */

#include "includes.h"
#if defined(USE_LINUX_AUDIT)
#include <libaudit.h>
#include <unistd.h>
#include <string.h>

#include "log.h"
#include "audit.h"
#include "canohost.h"

const char* audit_username(void);

int
linux_audit_record_event(int uid, const char *username,
    const char *hostname, const char *ip, const char *ttyn, int success)
{
	int audit_fd, rc, saved_errno;

	audit_fd = audit_open();
	if (audit_fd < 0) {
		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
		    errno == EAFNOSUPPORT)
			return 1; /* No audit support in kernel */
		else
			return 0; /* Must prevent login */
	}
	rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
	    NULL, "login", username ? username : "(unknown)",
	    username == NULL ? uid : -1, hostname, ip, ttyn, success);
	saved_errno = errno;
	close(audit_fd);
	/*
	 * Do not report error if the error is EPERM and sshd is run as non
	 * root user.
	 */
	if ((rc == -EPERM) && (geteuid() != 0))
		rc = 0;
	errno = saved_errno;
	return (rc >= 0);
}

/* Below is the sshd audit API code */

void
audit_connection_from(const char *host, int port)
{
}
	/* not implemented */

void
audit_run_command(const char *command)
{
	/* not implemented */
}

void
audit_session_open(struct logininfo *li)
{
	if (linux_audit_record_event(li->uid, NULL, li->hostname,
	    NULL, li->line, 1) == 0)
		fatal("linux_audit_write_entry failed: %s", strerror(errno));
}

void
audit_session_close(struct logininfo *li)
{
	/* not implemented */
}

void
audit_event(ssh_audit_event_t event)
{
	switch(event) {
	case SSH_AUTH_SUCCESS:
	case SSH_CONNECTION_CLOSE:
	case SSH_NOLOGIN:
	case SSH_LOGIN_EXCEED_MAXTRIES:
	case SSH_LOGIN_ROOT_DENIED:
		break;

	case SSH_AUTH_FAIL_NONE:
	case SSH_AUTH_FAIL_PASSWD:
	case SSH_AUTH_FAIL_KBDINT:
	case SSH_AUTH_FAIL_PUBKEY:
	case SSH_AUTH_FAIL_HOSTBASED:
	case SSH_AUTH_FAIL_GSSAPI:
	case SSH_INVALID_USER:
		linux_audit_record_event(-1, audit_username(), NULL,
			get_remote_ipaddr(), "sshd", 0);
		break;

	default:
		debug("%s: unhandled event %d", __func__, event);
	}
}

#endif /* USE_LINUX_AUDIT */




 * within a single connection.
 */
void
audit_session_open(struct logininfo *li)
{
	const char *t = li->line ? li->line : "(no tty)";

	debug("audit session open euid %d user %s tty name %s", geteuid(),
	    audit_username(), t);

 * within a single connection.
 */
void
audit_session_close(struct logininfo *li)
{
	const char *t = li->line ? li->line : "(no tty)";

	debug("audit session close euid %d user %s tty name %s", geteuid(),
	    audit_username(), t);

Lines 26-31 Link Here

(-)audit.h (-2 / +5 lines)
26		26
27	#ifndef _SSH_AUDIT_H	27	#ifndef _SSH_AUDIT_H
28	# define _SSH_AUDIT_H	28	# define _SSH_AUDIT_H
		29
		30	#include "loginrec.h"
		31
29	enum ssh_audit_event_type {	32	enum ssh_audit_event_type {
30	SSH_LOGIN_EXCEED_MAXTRIES,	33	SSH_LOGIN_EXCEED_MAXTRIES,
31	SSH_LOGIN_ROOT_DENIED,	34	SSH_LOGIN_ROOT_DENIED,
Lines 46-53 typedef enum ssh_audit_event_type ssh_au Link Here
46		49
47	void audit_connection_from(const char *, int);	50	void audit_connection_from(const char *, int);
48	void audit_event(ssh_audit_event_t);	51	void audit_event(ssh_audit_event_t);
49	void audit_session_open(const char *);	52	void audit_session_open(struct logininfo *);
50	void audit_session_close(const char *);	53	void audit_session_close(struct logininfo *);
51	void audit_run_command(const char *);	54	void audit_run_command(const char *);
52	ssh_audit_event_t audit_classify_auth(const char *);	55	ssh_audit_event_t audit_classify_auth(const char *);
53		56





AUDIT_MODULE=none
AC_ARG_WITH(audit,
	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
	[
	  AC_MSG_CHECKING(for supported audit module)
	  case "$withval" in

		AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
		AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
		;;
	  linux)
		AC_MSG_RESULT(linux)
		AUDIT_MODULE=linux
		dnl    Checks for headers, libs and functions
		AC_CHECK_HEADERS(libaudit.h)
		SSHDLIBS="$SSHDLIBS -laudit"
		AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
		;;
	  debug)
		AUDIT_MODULE=debug
		AC_MSG_RESULT(debug)
		AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
		;;
	  no)
		AC_MSG_RESULT(no)

Lines 607-612 struct winsize { Link Here

(-)defines.h (+5 lines)
607	# define CUSTOM_SSH_AUDIT_EVENTS	607	# define CUSTOM_SSH_AUDIT_EVENTS
608	#endif	608	#endif
609		609
		610	#ifdef USE_LINUX_AUDIT
		611	# define SSH_AUDIT_EVENTS
		612	# define CUSTOM_SSH_AUDIT_EVENTS
		613	#endif
		614
610	#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)	615	#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
611	# define __func__ __FUNCTION__	616	# define __func__ __FUNCTION__
612	#elif !defined(HAVE___func__)	617	#elif !defined(HAVE___func__)

Lines 469-477 login_write(struct logininfo *li) Link Here

(-)loginrec.c (-2 / +2 lines)
469	#endif	469	#endif
470	#ifdef SSH_AUDIT_EVENTS	470	#ifdef SSH_AUDIT_EVENTS
471	if (li->type == LTYPE_LOGIN)	471	if (li->type == LTYPE_LOGIN)
472	audit_session_open(li->line);	472	audit_session_open(li);
473	else if (li->type == LTYPE_LOGOUT)	473	else if (li->type == LTYPE_LOGOUT)
474	audit_session_close(li->line);	474	audit_session_close(li);
475	#endif	475	#endif
476	return (0);	476	return (0);
477	}	477	}

Return to bug 1402

Lines 305-317 audit_run_command(const char *command) Link Here

(-)audit-bsm.c (-2 / +2 lines)
305	}	305	}
306		306
307	void	307	void
308	audit_session_open(const char *ttyn)	308	audit_session_open(struct logininfo *li)
309	{	309	{
310	/* not implemented */	310	/* not implemented */
311	}	311	}
312		312
313	void	313	void
314	audit_session_close(const char *ttyn)	314	audit_session_close(struct logininfo *li)
315	{	315	{
316	/* not implemented */	316	/* not implemented */
317	}	317	}

Lines 147-155 audit_event(ssh_audit_event_t event) Link Here

(-)audit.c (-4 / +4 lines)
147	* within a single connection.	147	* within a single connection.
148	*/	148	*/
149	void	149	void
150	audit_session_open(const char *ttyn)	150	audit_session_open(struct logininfo *li)
151	{	151	{
152	const char *t = ttyn ? ttyn : "(no tty)";	152	const char *t = li->line ? li->line : "(no tty)";
153		153
154	debug("audit session open euid %d user %s tty name %s", geteuid(),	154	debug("audit session open euid %d user %s tty name %s", geteuid(),
155	audit_username(), t);	155	audit_username(), t);
Lines 163-171 audit_session_open(const char *ttyn) Link Here
163	* within a single connection.	163	* within a single connection.
164	*/	164	*/
165	void	165	void
166	audit_session_close(const char *ttyn)	166	audit_session_close(struct logininfo *li)
167	{	167	{
168	const char *t = ttyn ? ttyn : "(no tty)";	168	const char *t = li->line ? li->line : "(no tty)";
169		169
170	debug("audit session close euid %d user %s tty name %s", geteuid(),	170	debug("audit session close euid %d user %s tty name %s", geteuid(),
171	audit_username(), t);	171	audit_username(), t);

Lines 1377-1383 int main(void) Link Here

(-)configure.ac (-2 / +10 lines)
1377		1377
1378	AUDIT_MODULE=none	1378	AUDIT_MODULE=none
1379	AC_ARG_WITH(audit,	1379	AC_ARG_WITH(audit,
1380	[ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],	1380	[ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
1381	[	1381	[
1382	AC_MSG_CHECKING(for supported audit module)	1382	AC_MSG_CHECKING(for supported audit module)
1383	case "$withval" in	1383	case "$withval" in
Lines 1401-1410 AC_ARG_WITH(audit, Link Here
1401	AC_CHECK_FUNCS(getaudit_addr aug_get_machine)	1401	AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1402	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])	1402	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1403	;;	1403	;;
		1404	linux)
		1405	AC_MSG_RESULT(linux)
		1406	AUDIT_MODULE=linux
		1407	dnl Checks for headers, libs and functions
		1408	AC_CHECK_HEADERS(libaudit.h)
		1409	SSHDLIBS="$SSHDLIBS -laudit"
		1410	AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module])
		1411	;;
1404	debug)	1412	debug)
1405	AUDIT_MODULE=debug	1413	AUDIT_MODULE=debug
1406	AC_MSG_RESULT(debug)	1414	AC_MSG_RESULT(debug)
1407	AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)	1415	AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module])
1408	;;	1416	;;
1409	no)	1417	no)
1410	AC_MSG_RESULT(no)	1418	AC_MSG_RESULT(no)

Added Link Here

(-)audit-linux.c (+126 lines)
1	/* $Id: audit-linux.c,v 1.1 jfch Exp $ */
2
3	/*
4	* Copyright 2010 Red Hat, Inc. All rights reserved.
5	* Use is subject to license terms.
6	*
7	* Redistribution and use in source and binary forms, with or without
8	* modification, are permitted provided that the following conditions
9	* are met:
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*
27	* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
28	*/
29
30	#include "includes.h"
31	#if defined(USE_LINUX_AUDIT)
32	#include <libaudit.h>
33	#include <unistd.h>
34	#include <string.h>
35
36	#include "log.h"
37	#include "audit.h"
38	#include "canohost.h"
39
40	const char* audit_username(void);
41
42	int
43	linux_audit_record_event(int uid, const char *username,
44	const char hostname, const char ip, const char *ttyn, int success)
45	{
46	int audit_fd, rc, saved_errno;
47
48	audit_fd = audit_open();
49	if (audit_fd < 0) {
50	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\|
51	errno == EAFNOSUPPORT)
52	return 1; /* No audit support in kernel */
53	else
54	return 0; /* Must prevent login */
55	}
56	rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
57	NULL, "login", username ? username : "(unknown)",
58	username == NULL ? uid : -1, hostname, ip, ttyn, success);
59	saved_errno = errno;
60	close(audit_fd);
61	/*
62	* Do not report error if the error is EPERM and sshd is run as non
63	* root user.
64	*/
65	if ((rc == -EPERM) && (geteuid() != 0))
66	rc = 0;
67	errno = saved_errno;
68	return (rc >= 0);
69	}
70
71	/* Below is the sshd audit API code */
72
73	void
74	audit_connection_from(const char *host, int port)
75	{
76	}
77	/* not implemented */
78
79	void
80	audit_run_command(const char *command)
81	{
82	/* not implemented */
83	}
84
85	void
86	audit_session_open(struct logininfo *li)
87	{
88	if (linux_audit_record_event(li->uid, NULL, li->hostname,
89	NULL, li->line, 1) == 0)
90	fatal("linux_audit_write_entry failed: %s", strerror(errno));
91	}
92
93	void
94	audit_session_close(struct logininfo *li)
95	{
96	/* not implemented */
97	}
98
99	void
100	audit_event(ssh_audit_event_t event)
101	{
102	switch(event) {
103	case SSH_AUTH_SUCCESS:
104	case SSH_CONNECTION_CLOSE:
105	case SSH_NOLOGIN:
106	case SSH_LOGIN_EXCEED_MAXTRIES:
107	case SSH_LOGIN_ROOT_DENIED:
108	break;
109
110	case SSH_AUTH_FAIL_NONE:
111	case SSH_AUTH_FAIL_PASSWD:
112	case SSH_AUTH_FAIL_KBDINT:
113	case SSH_AUTH_FAIL_PUBKEY:
114	case SSH_AUTH_FAIL_HOSTBASED:
115	case SSH_AUTH_FAIL_GSSAPI:
116	case SSH_INVALID_USER:
117	linux_audit_record_event(-1, audit_username(), NULL,
118	get_remote_ipaddr(), "sshd", 0);
119	break;
120
121	default:
122	debug("%s: unhandled event %d", __func__, event);
123	}
124	}
125
126	#endif /* USE_LINUX_AUDIT */