Attachment #2012 for bug #1402

View | Details | Raw Unified | Return to bug 1402 | Differences between

and this patch

Lines 329-334 audit_session_close(struct logininfo *li Link Here

(-)openssh-5.8p1/audit-bsm.c.audit2 (+6 lines)
329	/* not implemented */	329	/* not implemented */
330	}	330	}
331		331
		332	int
		333	audit_keyusage(int host_user, const char type, unsigned bits, char fp, int rv)
		334	{
		335	/* not implemented */
		336	}
		337
332	void	338	void
333	audit_event(ssh_audit_event_t event)	339	audit_event(ssh_audit_event_t event)
334	{	340	{




#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "xmalloc.h"

/*
 * Care must be taken when using this since it WILL NOT be initialized when

	return(event_lookup[i].name);
}

void
audit_key(int host_user, int *rv, const Key *key)
{
	char *fp;
	const char *crypto_name;

	fp = key_selected_fingerprint(key, SSH_FP_HEX);
	if (key->type == KEY_RSA1)
		crypto_name = "ssh-rsa1";
	else
		crypto_name = key_ssh_name(key);
	if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0)
		*rv = 0;
	xfree(fp);
}

# ifndef CUSTOM_SSH_AUDIT_EVENTS
/*
 * Null implementations of audit functions.

	    audit_username(), command);
}

/*
 * This will be called when user is successfully autherized by the RSA1/RSA/DSA key.
 *
 * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key.
 */
int
audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
{
	debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d", 
		host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
		key_fingerprint_prefix(), fp, rv);
}
# endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */

Lines 28-33 Link Here

(-)openssh-5.8p1/audit.h.audit2 (+3 lines)
28	# define _SSH_AUDIT_H	28	# define _SSH_AUDIT_H
29		29
30	#include "loginrec.h"	30	#include "loginrec.h"
		31	#include "key.h"
31		32
32	enum ssh_audit_event_type {	33	enum ssh_audit_event_type {
33	SSH_LOGIN_EXCEED_MAXTRIES,	34	SSH_LOGIN_EXCEED_MAXTRIES,
Lines 55-59 void audit_session_close(struct logininf Link Here
55	int audit_run_command(const char *);	56	int audit_run_command(const char *);
56	void audit_end_command(int, const char *);	57	void audit_end_command(int, const char *);
57	ssh_audit_event_t audit_classify_auth(const char *);	58	ssh_audit_event_t audit_classify_auth(const char *);
		59	int audit_keyusage(int, const char , unsigned, char , int);
		60	void audit_key(int, int , const Key );
58		61
59	#endif /* _SSH_AUDIT_H */	62	#endif /* _SSH_AUDIT_H */

Lines 41-46 Link Here

(-)openssh-5.8p1/audit-linux.c.audit2 (+33 lines)
41	#include "servconf.h"	41	#include "servconf.h"
42	#include "canohost.h"	42	#include "canohost.h"
43		43
		44	#define AUDIT_LOG_SIZE 128
		45
44	extern ServerOptions options;	46	extern ServerOptions options;
45	extern Authctxt *the_authctxt;	47	extern Authctxt *the_authctxt;
46	extern u_int utmp_len;	48	extern u_int utmp_len;
Lines 130-135 fatal_report: Link Here
130	}	132	}
131	}	133	}
132		134
		135	int
		136	audit_keyusage(int host_user, const char type, unsigned bits, char fp, int rv)
		137	{
		138	char buf[AUDIT_LOG_SIZE];
		139	int audit_fd, rc, saved_errno;
		140
		141	audit_fd = audit_open();
		142	if (audit_fd < 0) {
		143	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\|
		144	errno == EAFNOSUPPORT)
		145	return 1; /* No audit support in kernel */
		146	else
		147	return 0; /* Must prevent login */
		148	}
		149	snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "pubkey" : "hostbased", get_remote_port());
		150	rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
		151	buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
		152	if ((rc < 0) && ((rc != -1) \|\| (getuid() == 0)))
		153	goto out;
		154	snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s%s rport=%d",
		155	type, bits, key_fingerprint_prefix(), fp, get_remote_port());
		156	rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
		157	buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
		158	out:
		159	saved_errno = errno;
		160	audit_close(audit_fd);
		161	errno = saved_errno;
		162	/* do not report error if the error is EPERM and sshd is run as non root user */
		163	return (rc >= 0) \|\| ((rc == -EPERM) && (getuid() != 0));
		164	}
		165
133	static int user_login_count = 0;	166	static int user_login_count = 0;
134		167
135	/* Below is the sshd audit API code */	168	/* Below is the sshd audit API code */




	/* test for allowed key and correct signature */
	authenticated = 0;
	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
	    PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
			buffer_len(&b))) == 1)
		authenticated = 1;


	return authenticated;
}

int
hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
{
	int rv;

	rv = key_verify(key, sig, slen, data, datalen);
#ifdef SSH_AUDIT_EVENTS
	audit_key(0, &rv, key);
#endif
	return rv;
}

/* return 1 if given hostkey is allowed */
int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,




		/* test for correct signature */
		authenticated = 0;
		if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
		    PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
		    buffer_len(&b))) == 1)
			authenticated = 1;
		buffer_free(&b);

	return authenticated;
}

int
user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
{
	int rv;

	rv = key_verify(key, sig, slen, data, datalen);
#ifdef SSH_AUDIT_EVENTS
	audit_key(1, &rv, key);
#endif
	return rv;
}

static int
match_principals_option(const char *principal_list, struct KeyCert *cert)
{

Lines 170-175 void abandon_challenge_response(Authctxt Link Here

(-)openssh-5.8p1/auth.h.audit2 (+2 lines)
170	char authorized_keys_file(struct passwd );	170	char authorized_keys_file(struct passwd );
171	char authorized_keys_file2(struct passwd );	171	char authorized_keys_file2(struct passwd );
172	char authorized_principals_file(struct passwd );	172	char authorized_principals_file(struct passwd );
		173	int user_key_verify(const Key , const u_char , u_int, const u_char *, u_int);
173		174
174	FILE auth_openkeyfile(const char , struct passwd *, int);	175	FILE auth_openkeyfile(const char , struct passwd *, int);
175	FILE auth_openprincipals(const char , struct passwd *, int);	176	FILE auth_openprincipals(const char , struct passwd *, int);
Lines 185-190 Key *get_hostkey_public_by_type(int); Link Here
185	Key *get_hostkey_private_by_type(int);	186	Key *get_hostkey_private_by_type(int);
186	int get_hostkey_index(Key *);	187	int get_hostkey_index(Key *);
187	int ssh1_session_key(BIGNUM *);	188	int ssh1_session_key(BIGNUM *);
		189	int hostbased_key_verify(const Key , const u_char , u_int, const u_char *, u_int);
188		190
189	/* debug messages during authentication */	191	/* debug messages during authentication */
190	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));	192	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));

Lines 92-98 auth_rsa_verify_response(Key *key, BIGNU Link Here

(-)openssh-5.8p1/auth-rsa.c.audit2 (-6 / +15 lines)
92	{	92	{
93	u_char buf[32], mdbuf[16];	93	u_char buf[32], mdbuf[16];
94	MD5_CTX md;	94	MD5_CTX md;
95	int len;	95	int len, rv;
		96	#ifdef SSH_AUDIT_EVENTS
		97	char *fp;
		98	#endif
96		99
97	/* don't allow short keys */	100	/* don't allow short keys */
98	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {	101	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
Lines 113-124 auth_rsa_verify_response(Key *key, BIGNU Link Here
113	MD5_Final(mdbuf, &md);	116	MD5_Final(mdbuf, &md);
114		117
115	/* Verify that the response is the original challenge. */	118	/* Verify that the response is the original challenge. */
116	if (timingsafe_bcmp(response, mdbuf, 16) != 0) {	119	rv = timingsafe_bcmp(response, mdbuf, 16) == 0;
117	/* Wrong answer. */	120
118	return (0);	121	#ifdef SSH_AUDIT_EVENTS
		122	fp = key_selected_fingerprint(key, SSH_FP_HEX);
		123	if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
		124	debug("unsuccessful audit");
		125	rv = 0;
119	}	126	}
120	/* Correct answer. */	127	xfree(fp);
121	return (1);	128	#endif
		129
		130	return rv;
122	}	131	}
123		132
124	/*	133	/*

Lines 1208-1216 mm_answer_keyverify(int sock, Buffer *m) Link Here

(-)openssh-5.8p1/monitor.c.audit2 (-1 / +15 lines)
1208	Key *key;	1208	Key *key;
1209	u_char signature, data, *blob;	1209	u_char signature, data, *blob;
1210	u_int signaturelen, datalen, bloblen;	1210	u_int signaturelen, datalen, bloblen;
		1211	int type = 0;
1211	int verified = 0;	1212	int verified = 0;
1212	int valid_data = 0;	1213	int valid_data = 0;
1213		1214
		1215	type = buffer_get_int(m);
1214	blob = buffer_get_string(m, &bloblen);	1216	blob = buffer_get_string(m, &bloblen);
1215	signature = buffer_get_string(m, &signaturelen);	1217	signature = buffer_get_string(m, &signaturelen);
1216	data = buffer_get_string(m, &datalen);	1218	data = buffer_get_string(m, &datalen);
Lines 1218-1223 mm_answer_keyverify(int sock, Buffer *m) Link Here
1218	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|	1220	if (hostbased_cuser == NULL \|\| hostbased_chost == NULL \|\|
1219	!monitor_allowed_key(blob, bloblen))	1221	!monitor_allowed_key(blob, bloblen))
1220	fatal("%s: bad key, not previously allowed", __func__);	1222	fatal("%s: bad key, not previously allowed", __func__);
		1223	if (type != key_blobtype)
		1224	fatal("%s: bad key type", __func__);
1221		1225
1222	key = key_from_blob(blob, bloblen);	1226	key = key_from_blob(blob, bloblen);
1223	if (key == NULL)	1227	if (key == NULL)
Lines 1238-1244 mm_answer_keyverify(int sock, Buffer *m) Link Here
1238	if (!valid_data)	1242	if (!valid_data)
1239	fatal("%s: bad signature data blob", __func__);	1243	fatal("%s: bad signature data blob", __func__);
1240		1244
1241	verified = key_verify(key, signature, signaturelen, data, datalen);	1245	switch (key_blobtype) {
		1246	case MM_USERKEY:
		1247	verified = user_key_verify(key, signature, signaturelen, data, datalen);
		1248	break;
		1249	case MM_HOSTKEY:
		1250	verified = hostbased_key_verify(key, signature, signaturelen, data, datalen);
		1251	break;
		1252	default:
		1253	verified = 0;
		1254	break;
		1255	}
1242	debug3("%s: key %p signature %s",	1256	debug3("%s: key %p signature %s",
1243	__func__, key, (verified == 1) ? "verified" : "unverified");	1257	__func__, key, (verified == 1) ? "verified" : "unverified");
1244		1258




 */

int
mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
{
	Buffer m;
	u_char *blob;

		return (0);

	buffer_init(&m);
	buffer_put_int(&m, type);
	buffer_put_string(&m, blob, len);
	buffer_put_string(&m, sig, siglen);
	buffer_put_string(&m, data, datalen);

	return (verified);
}

int
mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
{
	return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
}

int
mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
{
	return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
}


/* Export key state after authentication */
Newkeys *
mm_newkeys_from_blob(u_char *blob, int blen)

Lines 48-54 int mm_key_allowed(enum mm_keytype, char Link Here

(-)openssh-5.8p1/monitor_wrap.h.audit2 (-1 / +2 lines)
48	int mm_user_key_allowed(struct passwd , Key );	48	int mm_user_key_allowed(struct passwd , Key );
49	int mm_hostbased_key_allowed(struct passwd , char , char , Key );	49	int mm_hostbased_key_allowed(struct passwd , char , char , Key );
50	int mm_auth_rhosts_rsa_key_allowed(struct passwd , char , char , Key );	50	int mm_auth_rhosts_rsa_key_allowed(struct passwd , char , char , Key );
51	int mm_key_verify(Key , u_char , u_int, u_char *, u_int);	51	int mm_hostbased_key_verify(Key , u_char , u_int, u_char *, u_int);
		52	int mm_user_key_verify(Key , u_char , u_int, u_char *, u_int);
52	int mm_auth_rsa_key_allowed(struct passwd , BIGNUM , Key **);	53	int mm_auth_rsa_key_allowed(struct passwd , BIGNUM , Key **);
53	int mm_auth_rsa_verify_response(Key , BIGNUM , u_char *);	54	int mm_auth_rsa_verify_response(Key , BIGNUM , u_char *);
54	BIGNUM mm_auth_rsa_generate_challenge(Key );	55	BIGNUM mm_auth_rsa_generate_challenge(Key );

Return to bug 1402

Lines 393-399 mm_key_allowed(enum mm_keytype type, cha Link Here

(-)openssh-5.8p1/monitor_wrap.c.audit2 (-1 / +15 lines)
393	*/	393	*/
394		394
395	int	395	int
396	mm_key_verify(Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)	396	mm_key_verify(enum mm_keytype type, Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)
397	{	397	{
398	Buffer m;	398	Buffer m;
399	u_char *blob;	399	u_char *blob;
Lines 407-412 mm_key_verify(Key key, u_char sig, u_i Link Here
407	return (0);	407	return (0);
408		408
409	buffer_init(&m);	409	buffer_init(&m);
		410	buffer_put_int(&m, type);
410	buffer_put_string(&m, blob, len);	411	buffer_put_string(&m, blob, len);
411	buffer_put_string(&m, sig, siglen);	412	buffer_put_string(&m, sig, siglen);
412	buffer_put_string(&m, data, datalen);	413	buffer_put_string(&m, data, datalen);
Lines 424-429 mm_key_verify(Key key, u_char sig, u_i Link Here
424	return (verified);	425	return (verified);
425	}	426	}
426		427
		428	int
		429	mm_hostbased_key_verify(Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)
		430	{
		431	return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
		432	}
		433
		434	int
		435	mm_user_key_verify(Key key, u_char sig, u_int siglen, u_char *data, u_int datalen)
		436	{
		437	return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
		438	}
		439
		440
427	/* Export key state after authentication */	441	/* Export key state after authentication */
428	Newkeys *	442	Newkeys *
429	mm_newkeys_from_blob(u_char *blob, int blen)	443	mm_newkeys_from_blob(u_char *blob, int blen)

Lines 36-41 Link Here

(-)openssh-5.8p1/audit.c.audit2 (+29 lines)
36	#include "key.h"	36	#include "key.h"
37	#include "hostfile.h"	37	#include "hostfile.h"
38	#include "auth.h"	38	#include "auth.h"
		39	#include "xmalloc.h"
39		40
40	/*	41	/*
41	* Care must be taken when using this since it WILL NOT be initialized when	42	* Care must be taken when using this since it WILL NOT be initialized when
Lines 111-116 audit_event_lookup(ssh_audit_event_t ev) Link Here
111	return(event_lookup[i].name);	112	return(event_lookup[i].name);
112	}	113	}
113		114
		115	void
		116	audit_key(int host_user, int rv, const Key key)
		117	{
		118	char *fp;
		119	const char *crypto_name;
		120
		121	fp = key_selected_fingerprint(key, SSH_FP_HEX);
		122	if (key->type == KEY_RSA1)
		123	crypto_name = "ssh-rsa1";
		124	else
		125	crypto_name = key_ssh_name(key);
		126	if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0)
		127	*rv = 0;
		128	xfree(fp);
		129	}
		130
114	# ifndef CUSTOM_SSH_AUDIT_EVENTS	131	# ifndef CUSTOM_SSH_AUDIT_EVENTS
115	/*	132	/*
116	* Null implementations of audit functions.	133	* Null implementations of audit functions.
Lines 209-213 audit_end_command(int handle, const char Link Here
209	audit_username(), command);	226	audit_username(), command);
210	}	227	}
211		228
		229	/*
		230	* This will be called when user is successfully autherized by the RSA1/RSA/DSA key.
		231	*
		232	* Type is the key type, len is the key length(byte) and fp is the fingerprint of the key.
		233	*/
		234	int
		235	audit_keyusage(int host_user, const char type, unsigned bits, char fp, int rv)
		236	{
		237	debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d",
		238	host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
		239	key_fingerprint_prefix(), fp, rv);
		240	}
212	# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */	241	# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
213	#endif /* SSH_AUDIT_EVENTS */	242	#endif /* SSH_AUDIT_EVENTS */

Lines 119-125 userauth_hostbased(Authctxt *authctxt) Link Here

(-)openssh-5.8p1/auth2-hostbased.c.audit2 (-1 / +13 lines)
119	/* test for allowed key and correct signature */	119	/* test for allowed key and correct signature */
120	authenticated = 0;	120	authenticated = 0;
121	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&	121	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
122	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),	122	PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
123	buffer_len(&b))) == 1)	123	buffer_len(&b))) == 1)
124	authenticated = 1;	124	authenticated = 1;
125		125
Lines 136-141 done: Link Here
136	return authenticated;	136	return authenticated;
137	}	137	}
138		138
		139	int
		140	hostbased_key_verify(const Key key, const u_char sig, u_int slen, const u_char *data, u_int datalen)
		141	{
		142	int rv;
		143
		144	rv = key_verify(key, sig, slen, data, datalen);
		145	#ifdef SSH_AUDIT_EVENTS
		146	audit_key(0, &rv, key);
		147	#endif
		148	return rv;
		149	}
		150
139	/* return 1 if given hostkey is allowed */	151	/* return 1 if given hostkey is allowed */
140	int	152	int
141	hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,	153	hostbased_key_allowed(struct passwd pw, const char cuser, char *chost,

Lines 140-146 userauth_pubkey(Authctxt *authctxt) Link Here

(-)openssh-5.8p1/auth2-pubkey.c.audit2 (-1 / +13 lines)
140	/* test for correct signature */	140	/* test for correct signature */
141	authenticated = 0;	141	authenticated = 0;
142	if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&	142	if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
143	PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),	143	PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
144	buffer_len(&b))) == 1)	144	buffer_len(&b))) == 1)
145	authenticated = 1;	145	authenticated = 1;
146	buffer_free(&b);	146	buffer_free(&b);
Lines 177-182 done: Link Here
177	return authenticated;	177	return authenticated;
178	}	178	}
179		179
		180	int
		181	user_key_verify(const Key key, const u_char sig, u_int slen, const u_char *data, u_int datalen)
		182	{
		183	int rv;
		184
		185	rv = key_verify(key, sig, slen, data, datalen);
		186	#ifdef SSH_AUDIT_EVENTS
		187	audit_key(1, &rv, key);
		188	#endif
		189	return rv;
		190	}
		191
180	static int	192	static int
181	match_principals_option(const char principal_list, struct KeyCert cert)	193	match_principals_option(const char principal_list, struct KeyCert cert)
182	{	194	{