View | Details | Raw Unified | Return to bug 1402 | Differences between
and this patch

Collapse All | Expand All

(-)openssh-5.9p1/Makefile.in.audit3 (-1 / +1 lines)
Lines 71-77 LIBSSH_OBJS=acss.o authfd.o authfile.o b Link Here
71
	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
71
	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
72
	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
72
	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
73
	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
73
	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o jpake.o \
74
	schnorr.o ssh-pkcs11.o
74
	schnorr.o ssh-pkcs11.o auditstub.o
75
75
76
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
76
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
77
	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
77
	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
(-)openssh-5.9p1/audit-bsm.c.audit3 (+12 lines)
Lines 396-399 audit_event(ssh_audit_event_t event) Link Here
396
		debug("%s: unhandled event %d", __func__, event);
396
		debug("%s: unhandled event %d", __func__, event);
397
	}
397
	}
398
}
398
}
399
400
void
401
audit_unsupported_body(int what)
402
{
403
	/* not implemented */
404
}
405
406
void
407
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid)
408
{
409
	/* not implemented */
410
}
399
#endif /* BSM */
411
#endif /* BSM */
(-)openssh-5.9p1/audit-linux.c.audit3 (+58 lines)
Lines 40-45 Link Here
40
#include "auth.h"
40
#include "auth.h"
41
#include "servconf.h"
41
#include "servconf.h"
42
#include "canohost.h"
42
#include "canohost.h"
43
#include "packet.h"
44
#include "cipher.h"
43
45
44
#define AUDIT_LOG_SIZE 128
46
#define AUDIT_LOG_SIZE 128
45
47
Lines 269-272 audit_event(ssh_audit_event_t event) Link Here
269
	}
271
	}
270
}
272
}
271
273
274
void
275
audit_unsupported_body(int what)
276
{
277
#ifdef AUDIT_CRYPTO_SESSION
278
	char buf[AUDIT_LOG_SIZE];
279
	const static char *name[] = { "cipher", "mac", "comp" };
280
	char *s;
281
	int audit_fd;
282
283
	snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
284
		name[what], get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())),
285
		get_local_port());
286
	xfree(s);
287
	audit_fd = audit_open();
288
	if (audit_fd < 0)
289
		/* no problem, the next instruction will be fatal() */
290
		return;
291
	audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
292
			buf, NULL, get_remote_ipaddr(), NULL, 0);
293
	audit_close(audit_fd);
294
#endif
295
}
296
297
void
298
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
299
	       uid_t uid)
300
{
301
#ifdef AUDIT_CRYPTO_SESSION
302
	char buf[AUDIT_LOG_SIZE];
303
	int audit_fd, audit_ok;
304
	const static char *direction[] = { "from-server", "from-client", "both" };
305
	Cipher *cipher = cipher_by_name(enc);
306
	char *s;
307
308
	snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
309
		direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
310
		(intmax_t)pid, (intmax_t)uid,
311
		get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port());
312
	xfree(s);
313
	audit_fd = audit_open();
314
	if (audit_fd < 0) {
315
		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
316
					 errno == EAFNOSUPPORT)
317
			return; /* No audit support in kernel */
318
		else                                                                                                                                       
319
			fatal("cannot open audit"); /* Must prevent login */
320
	}
321
	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
322
			buf, NULL, get_remote_ipaddr(), NULL, 1);
323
	audit_close(audit_fd);
324
	/* do not abort if the error is EPERM and sshd is run as non root user */
325
	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
326
		fatal("cannot write into audit"); /* Must prevent login */
327
#endif
328
}
329
272
#endif /* USE_LINUX_AUDIT */
330
#endif /* USE_LINUX_AUDIT */
(-)openssh-5.9p1/audit.c.audit3 (+36 lines)
Lines 28-33 Link Here
28
28
29
#include <stdarg.h>
29
#include <stdarg.h>
30
#include <string.h>
30
#include <string.h>
31
#include <unistd.h>
31
32
32
#ifdef SSH_AUDIT_EVENTS
33
#ifdef SSH_AUDIT_EVENTS
33
34
Lines 36-41 Link Here
36
#include "key.h"
37
#include "key.h"
37
#include "hostfile.h"
38
#include "hostfile.h"
38
#include "auth.h"
39
#include "auth.h"
40
#include "ssh-gss.h"
41
#include "monitor_wrap.h"
39
#include "xmalloc.h"
42
#include "xmalloc.h"
40
43
41
/*
44
/*
Lines 128-133 audit_key(int host_user, int *rv, const Link Here
128
	xfree(fp);
131
	xfree(fp);
129
}
132
}
130
133
134
void
135
audit_unsupported(int what)
136
{
137
	PRIVSEP(audit_unsupported_body(what));
138
}
139
140
void
141
audit_kex(int ctos, char *enc, char *mac, char *comp)
142
{
143
	PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
144
}
145
131
# ifndef CUSTOM_SSH_AUDIT_EVENTS
146
# ifndef CUSTOM_SSH_AUDIT_EVENTS
132
/*
147
/*
133
 * Null implementations of audit functions.
148
 * Null implementations of audit functions.
Lines 238-242 audit_keyusage(int host_user, const char Link Here
238
		host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
253
		host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
239
		key_fingerprint_prefix(), fp, rv);
254
		key_fingerprint_prefix(), fp, rv);
240
}
255
}
256
257
/*
258
 * This will be called when the protocol negotiation fails.
259
 */
260
void
261
audit_unsupported_body(int what)
262
{
263
	debug("audit unsupported protocol euid %d type %d", geteuid(), what);
264
}
265
266
/*
267
 * This will be called on succesfull protocol negotiation.
268
 */
269
void
270
audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
271
	       uid_t uid)
272
{
273
	debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
274
		(unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
275
	        (unsigned)uid);
276
}
241
# endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
277
# endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
242
#endif /* SSH_AUDIT_EVENTS */
278
#endif /* SSH_AUDIT_EVENTS */
(-)openssh-5.9p1/audit.h.audit3 (+4 lines)
Lines 58-62 void audit_end_command(int, const char Link Here
58
ssh_audit_event_t audit_classify_auth(const char *);
58
ssh_audit_event_t audit_classify_auth(const char *);
59
int	audit_keyusage(int, const char *, unsigned, char *, int);
59
int	audit_keyusage(int, const char *, unsigned, char *, int);
60
void	audit_key(int, int *, const Key *);
60
void	audit_key(int, int *, const Key *);
61
void	audit_unsupported(int);
62
void	audit_kex(int, char *, char *, char *);
63
void	audit_unsupported_body(int);
64
void	audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
61
65
62
#endif /* _SSH_AUDIT_H */
66
#endif /* _SSH_AUDIT_H */
(-)openssh-5.9p1/auditstub.c.audit3 (+39 lines)
Line 0 Link Here
1
/* $Id: auditstub.c,v 1.1 jfch Exp $ */
2
3
/*
4
 * Copyright 2010 Red Hat, Inc.  All rights reserved.
5
 * Use is subject to license terms.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
 *
27
 * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
28
 */
29
30
void
31
audit_unsupported(int n)
32
{
33
}
34
35
void
36
audit_kex(int ctos, char *enc, char *mac, char *comp)
37
{
38
}
39
(-)openssh-5.9p1/cipher.c.audit3 (-9 / +1 lines)
Lines 60-74 extern void ssh1_3des_iv(EVP_CIPHER_CTX Link Here
60
extern const EVP_CIPHER *evp_aes_128_ctr(void);
60
extern const EVP_CIPHER *evp_aes_128_ctr(void);
61
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
61
extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
62
62
63
struct Cipher {
63
struct Cipher ciphers[] = {
64
	char	*name;
65
	int	number;		/* for ssh1 only */
66
	u_int	block_size;
67
	u_int	key_len;
68
	u_int	discard_len;
69
	u_int	cbc_mode;
70
	const EVP_CIPHER	*(*evptype)(void);
71
} ciphers[] = {
72
	{ "none",		SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
64
	{ "none",		SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null },
73
	{ "des",		SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
65
	{ "des",		SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc },
74
	{ "3des",		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
66
	{ "3des",		SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des },
(-)openssh-5.9p1/cipher.h.audit3 (-1 / +10 lines)
Lines 61-67 Link Here
61
typedef struct Cipher Cipher;
61
typedef struct Cipher Cipher;
62
typedef struct CipherContext CipherContext;
62
typedef struct CipherContext CipherContext;
63
63
64
struct Cipher;
64
struct Cipher {
65
	char	*name;
66
	int	number;		/* for ssh1 only */
67
	u_int	block_size;
68
	u_int	key_len;
69
	u_int	discard_len;
70
	u_int	cbc_mode;
71
	const EVP_CIPHER	*(*evptype)(void);
72
};
73
65
struct CipherContext {
74
struct CipherContext {
66
	int	plaintext;
75
	int	plaintext;
67
	EVP_CIPHER_CTX evp;
76
	EVP_CIPHER_CTX evp;
(-)openssh-5.9p1/kex.c.audit3 (-3 / +19 lines)
Lines 49-54 Link Here
49
#include "dispatch.h"
49
#include "dispatch.h"
50
#include "monitor.h"
50
#include "monitor.h"
51
#include "roaming.h"
51
#include "roaming.h"
52
#include "audit.h"
52
53
53
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
54
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
54
# if defined(HAVE_EVP_SHA256)
55
# if defined(HAVE_EVP_SHA256)
Lines 286-294 static void Link Here
286
choose_enc(Enc *enc, char *client, char *server)
287
choose_enc(Enc *enc, char *client, char *server)
287
{
288
{
288
	char *name = match_list(client, server, NULL);
289
	char *name = match_list(client, server, NULL);
289
	if (name == NULL)
290
	if (name == NULL) {
291
#ifdef SSH_AUDIT_EVENTS
292
		audit_unsupported(0);
293
#endif
290
		fatal("no matching cipher found: client %s server %s",
294
		fatal("no matching cipher found: client %s server %s",
291
		    client, server);
295
		    client, server);
296
	}
292
	if ((enc->cipher = cipher_by_name(name)) == NULL)
297
	if ((enc->cipher = cipher_by_name(name)) == NULL)
293
		fatal("matching cipher is not supported: %s", name);
298
		fatal("matching cipher is not supported: %s", name);
294
	enc->name = name;
299
	enc->name = name;
Lines 303-311 static void Link Here
303
choose_mac(Mac *mac, char *client, char *server)
308
choose_mac(Mac *mac, char *client, char *server)
304
{
309
{
305
	char *name = match_list(client, server, NULL);
310
	char *name = match_list(client, server, NULL);
306
	if (name == NULL)
311
	if (name == NULL) {
312
#ifdef SSH_AUDIT_EVENTS
313
		audit_unsupported(1);
314
#endif
307
		fatal("no matching mac found: client %s server %s",
315
		fatal("no matching mac found: client %s server %s",
308
		    client, server);
316
		    client, server);
317
	}
309
	if (mac_setup(mac, name) < 0)
318
	if (mac_setup(mac, name) < 0)
310
		fatal("unsupported mac %s", name);
319
		fatal("unsupported mac %s", name);
311
	/* truncate the key */
320
	/* truncate the key */
Lines 320-327 static void Link Here
320
choose_comp(Comp *comp, char *client, char *server)
329
choose_comp(Comp *comp, char *client, char *server)
321
{
330
{
322
	char *name = match_list(client, server, NULL);
331
	char *name = match_list(client, server, NULL);
323
	if (name == NULL)
332
	if (name == NULL) {
333
#ifdef SSH_AUDIT_EVENTS
334
		audit_unsupported(2);
335
#endif
324
		fatal("no matching comp found: client %s server %s", client, server);
336
		fatal("no matching comp found: client %s server %s", client, server);
337
	}
325
	if (strcmp(name, "zlib@openssh.com") == 0) {
338
	if (strcmp(name, "zlib@openssh.com") == 0) {
326
		comp->type = COMP_DELAYED;
339
		comp->type = COMP_DELAYED;
327
	} else if (strcmp(name, "zlib") == 0) {
340
	} else if (strcmp(name, "zlib") == 0) {
Lines 446-451 kex_choose_conf(Kex *kex) Link Here
446
		    newkeys->enc.name,
459
		    newkeys->enc.name,
447
		    newkeys->mac.name,
460
		    newkeys->mac.name,
448
		    newkeys->comp.name);
461
		    newkeys->comp.name);
462
#ifdef SSH_AUDIT_EVENTS
463
		audit_kex(ctos, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name);
464
#endif
449
	}
465
	}
450
	choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
466
	choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
451
	choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
467
	choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
(-)openssh-5.9p1/monitor.c.audit3 (+55 lines)
Lines 97-102 Link Here
97
#include "ssh2.h"
97
#include "ssh2.h"
98
#include "jpake.h"
98
#include "jpake.h"
99
#include "roaming.h"
99
#include "roaming.h"
100
#include "audit.h"
100
101
101
#ifdef GSSAPI
102
#ifdef GSSAPI
102
static Gssctxt *gsscontext = NULL;
103
static Gssctxt *gsscontext = NULL;
Lines 187-192 int mm_answer_gss_checkmic(int, Buffer * Link Here
187
int mm_answer_audit_event(int, Buffer *);
188
int mm_answer_audit_event(int, Buffer *);
188
int mm_answer_audit_command(int, Buffer *);
189
int mm_answer_audit_command(int, Buffer *);
189
int mm_answer_audit_end_command(int, Buffer *);
190
int mm_answer_audit_end_command(int, Buffer *);
191
int mm_answer_audit_unsupported_body(int, Buffer *);
192
int mm_answer_audit_kex_body(int, Buffer *);
190
#endif
193
#endif
191
194
192
static int monitor_read_log(struct monitor *);
195
static int monitor_read_log(struct monitor *);
Lines 237-242 struct mon_table mon_dispatch_proto20[] Link Here
237
#endif
240
#endif
238
#ifdef SSH_AUDIT_EVENTS
241
#ifdef SSH_AUDIT_EVENTS
239
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
242
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
243
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
244
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
240
#endif
245
#endif
241
#ifdef BSD_AUTH
246
#ifdef BSD_AUTH
242
    {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
247
    {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
Lines 275-280 struct mon_table mon_dispatch_postauth20 Link Here
275
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
280
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
276
    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
281
    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
277
    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
282
    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
283
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
284
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
278
#endif
285
#endif
279
    {0, 0, NULL}
286
    {0, 0, NULL}
280
};
287
};
Lines 306-311 struct mon_table mon_dispatch_proto15[] Link Here
306
#endif
313
#endif
307
#ifdef SSH_AUDIT_EVENTS
314
#ifdef SSH_AUDIT_EVENTS
308
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
315
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
316
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
317
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
309
#endif
318
#endif
310
    {0, 0, NULL}
319
    {0, 0, NULL}
311
};
320
};
Lines 318-323 struct mon_table mon_dispatch_postauth15 Link Here
318
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
327
    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
319
    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
328
    {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
320
    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
329
    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
330
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
331
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
321
#endif
332
#endif
322
    {0, 0, NULL}
333
    {0, 0, NULL}
323
};
334
};
Lines 2383-2385 mm_answer_jpake_check_confirm(int sock, Link Here
2383
}
2394
}
2384
2395
2385
#endif /* JPAKE */
2396
#endif /* JPAKE */
2397
2398
#ifdef SSH_AUDIT_EVENTS
2399
int
2400
mm_answer_audit_unsupported_body(int sock, Buffer *m)
2401
{
2402
	int what;
2403
2404
	what = buffer_get_int(m);
2405
2406
	audit_unsupported_body(what);
2407
2408
	buffer_clear(m);
2409
2410
	mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m);
2411
	return 0;
2412
}
2413
2414
int
2415
mm_answer_audit_kex_body(int sock, Buffer *m)
2416
{
2417
	int ctos, len;
2418
	char *cipher, *mac, *compress;
2419
	pid_t pid;
2420
	uid_t uid;
2421
2422
	ctos = buffer_get_int(m);
2423
	cipher = buffer_get_string(m, &len);
2424
	mac = buffer_get_string(m, &len);
2425
	compress = buffer_get_string(m, &len);
2426
	pid = buffer_get_int64(m);
2427
	uid = buffer_get_int64(m);
2428
2429
	audit_kex_body(ctos, cipher, mac, compress, pid, uid);
2430
2431
	xfree(cipher);
2432
	xfree(mac);
2433
	xfree(compress);
2434
	buffer_clear(m);
2435
2436
	mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
2437
	return 0;
2438
}
2439
2440
#endif /* SSH_AUDIT_EVENTS */
(-)openssh-5.9p1/monitor.h.audit3 (+2 lines)
Lines 61-66 enum monitor_reqtype { Link Here
61
	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
61
	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
62
	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
62
	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
63
	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
63
	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
64
	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
65
	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
64
	MONITOR_REQ_TERM,
66
	MONITOR_REQ_TERM,
65
	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
67
	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
66
	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
68
	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
(-)openssh-5.9p1/monitor_wrap.c.audit3 (+38 lines)
Lines 1505-1507 mm_jpake_check_confirm(const BIGNUM *k, Link Here
1505
	return success;
1505
	return success;
1506
}
1506
}
1507
#endif /* JPAKE */
1507
#endif /* JPAKE */
1508
1509
#ifdef SSH_AUDIT_EVENTS
1510
void
1511
mm_audit_unsupported_body(int what)
1512
{
1513
	Buffer m;
1514
1515
	buffer_init(&m);
1516
	buffer_put_int(&m, what);
1517
1518
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, &m);
1519
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED,
1520
				  &m);
1521
1522
	buffer_free(&m);
1523
}
1524
1525
void
1526
mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid,
1527
		  uid_t uid)
1528
{
1529
	Buffer m;
1530
1531
	buffer_init(&m);
1532
	buffer_put_int(&m, ctos);
1533
	buffer_put_cstring(&m, cipher);
1534
	buffer_put_cstring(&m, mac);
1535
	buffer_put_cstring(&m, compress);
1536
	buffer_put_int64(&m, pid);
1537
	buffer_put_int64(&m, uid);
1538
1539
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
1540
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
1541
				  &m);
1542
1543
	buffer_free(&m);
1544
}
1545
#endif /* SSH_AUDIT_EVENTS */
(-)openssh-5.9p1/monitor_wrap.h.audit3 (+2 lines)
Lines 78-83 void mm_sshpam_free_ctx(void *); Link Here
78
void mm_audit_event(ssh_audit_event_t);
78
void mm_audit_event(ssh_audit_event_t);
79
int mm_audit_run_command(const char *);
79
int mm_audit_run_command(const char *);
80
void mm_audit_end_command(int, const char *);
80
void mm_audit_end_command(int, const char *);
81
void mm_audit_unsupported_body(int);
82
void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
81
#endif
83
#endif
82
84
83
struct Session;
85
struct Session;
(-)openssh-5.9p1/sshd.c.audit3 (+5 lines)
Lines 118-123 Link Here
118
#endif
118
#endif
119
#include "monitor_wrap.h"
119
#include "monitor_wrap.h"
120
#include "roaming.h"
120
#include "roaming.h"
121
#include "audit.h"
121
#include "ssh-sandbox.h"
122
#include "ssh-sandbox.h"
122
#include "version.h"
123
#include "version.h"
123
124
Lines 2209-2214 do_ssh1_kex(void) Link Here
2209
		if (cookie[i] != packet_get_char())
2210
		if (cookie[i] != packet_get_char())
2210
			packet_disconnect("IP Spoofing check bytes do not match.");
2211
			packet_disconnect("IP Spoofing check bytes do not match.");
2211
2212
2213
#ifdef SSH_AUDIT_EVENTS
2214
	audit_kex(2, cipher_name(cipher_type), "crc", "none");
2215
#endif
2216
2212
	debug("Encryption type: %.200s", cipher_name(cipher_type));
2217
	debug("Encryption type: %.200s", cipher_name(cipher_type));
2213
2218
2214
	/* Get the encrypted integer. */
2219
	/* Get the encrypted integer. */

Return to bug 1402