Attachment #2089 for bug #1402

View | Details | Raw Unified | Return to bug 1402 | Differences between

and this patch

Lines 408-411 audit_kex_body(int ctos, char *enc, char Link Here

(-)openssh-5.9p1/audit-bsm.c.audit4 (+6 lines)
408	{	408	{
409	/* not implemented */	409	/* not implemented */
410	}	410	}
		411
		412	void
		413	audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
		414	{
		415	/* not implemented */
		416	}
411	#endif /* BSM */	417	#endif /* BSM */

Lines 294-299 audit_unsupported_body(int what) Link Here

(-)openssh-5.9p1/audit-linux.c.audit4 (-1 / +30 lines)
294	#endif	294	#endif
295	}	295	}
296		296
		297	const static char *direction[] = { "from-server", "from-client", "both" };
		298
297	void	299	void
298	audit_kex_body(int ctos, char enc, char mac, char *compress, pid_t pid,	300	audit_kex_body(int ctos, char enc, char mac, char *compress, pid_t pid,
299	uid_t uid)	301	uid_t uid)
Lines 301-307 audit_kex_body(int ctos, char *enc, char Link Here
301	#ifdef AUDIT_CRYPTO_SESSION	303	#ifdef AUDIT_CRYPTO_SESSION
302	char buf[AUDIT_LOG_SIZE];	304	char buf[AUDIT_LOG_SIZE];
303	int audit_fd, audit_ok;	305	int audit_fd, audit_ok;
304	const static char *direction[] = { "from-server", "from-client", "both" };
305	Cipher *cipher = cipher_by_name(enc);	306	Cipher *cipher = cipher_by_name(enc);
306	char *s;	307	char *s;
307		308
Lines 327-330 audit_kex_body(int ctos, char *enc, char Link Here
327	#endif	328	#endif
328	}	329	}
329		330
		331	void
		332	audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
		333	{
		334	char buf[AUDIT_LOG_SIZE];
		335	int audit_fd, audit_ok;
		336	char *s;
		337
		338	snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
		339	direction[ctos], (intmax_t)pid, (intmax_t)uid,
		340	get_remote_port(),
		341	(s = get_local_ipaddr(packet_get_connection_in())),
		342	get_local_port());
		343	xfree(s);
		344	audit_fd = audit_open();
		345	if (audit_fd < 0) {
		346	if (errno != EINVAL && errno != EPROTONOSUPPORT &&
		347	errno != EAFNOSUPPORT)
		348	error("cannot open audit");
		349	return;
		350	}
		351	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
		352	buf, NULL, get_remote_ipaddr(), NULL, 1);
		353	audit_close(audit_fd);
		354	/* do not abort if the error is EPERM and sshd is run as non root user */
		355	if ((audit_ok < 0) && ((audit_ok != -1) \|\| (getuid() == 0)))
		356	error("cannot write into audit");
		357	}
		358
330	#endif /* USE_LINUX_AUDIT */	359	#endif /* USE_LINUX_AUDIT */

Lines 143-148 audit_kex(int ctos, char enc, char mac Link Here

(-)openssh-5.9p1/audit.c.audit4 (+16 lines)
143	PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));	143	PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
144	}	144	}
145		145
		146	void
		147	audit_session_key_free(int ctos)
		148	{
		149	PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid()));
		150	}
		151
146	# ifndef CUSTOM_SSH_AUDIT_EVENTS	152	# ifndef CUSTOM_SSH_AUDIT_EVENTS
147	/*	153	/*
148	* Null implementations of audit functions.	154	* Null implementations of audit functions.
Lines 274-278 audit_kex_body(int ctos, char *enc, char Link Here
274	(unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,	280	(unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
275	(unsigned)uid);	281	(unsigned)uid);
276	}	282	}
		283
		284	/*
		285	* This will be called on succesfull session key discard
		286	*/
		287	void
		288	audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
		289	{
		290	debug("audit session key discard euid %u direction %d from pid %ld uid %u",
		291	(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
		292	}
277	# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */	293	# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
278	#endif /* SSH_AUDIT_EVENTS */	294	#endif /* SSH_AUDIT_EVENTS */

Lines 62-66 void audit_unsupported(int); Link Here

(-)openssh-5.9p1/audit.h.audit4 (+2 lines)
62	void audit_kex(int, char , char , char *);	62	void audit_kex(int, char , char , char *);
63	void audit_unsupported_body(int);	63	void audit_unsupported_body(int);
64	void audit_kex_body(int, char , char , char *, pid_t, uid_t);	64	void audit_kex_body(int, char , char , char *, pid_t, uid_t);
		65	void audit_session_key_free(int ctos);
		66	void audit_session_key_free_body(int ctos, pid_t, uid_t);
65		67
66	#endif /* _SSH_AUDIT_H */	68	#endif /* _SSH_AUDIT_H */

Lines 27-32 Link Here

(-)openssh-5.9p1/auditstub.c.audit4 (+11 lines)
27	* Red Hat author: Jan F. Chadima <jchadima@redhat.com>	27	* Red Hat author: Jan F. Chadima <jchadima@redhat.com>
28	*/	28	*/
29		29
		30	#include <sys/types.h>
		31
30	void	32	void
31	audit_unsupported(int n)	33	audit_unsupported(int n)
32	{	34	{
Lines 37-39 audit_kex(int ctos, char enc, char mac Link Here
37	{	39	{
38	}	40	}
39		41
		42	void
		43	audit_session_key_free(int ctos)
		44	{
		45	}
		46
		47	void
		48	audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
		49	{
		50	}




	fprintf(stderr, "\n");
}
#endif

static void
enc_destroy(Enc *enc)
{
	if (enc == NULL)
		return;

	if (enc->key) {
		memset(enc->key, 0, enc->key_len);
		xfree(enc->key);
	}

	if (enc->iv) {
		memset(enc->iv,  0, enc->block_size);
		xfree(enc->iv);
	}

	memset(enc, 0, sizeof(*enc));
}

void
newkeys_destroy(Newkeys *newkeys)
{
	if (newkeys == NULL)
		return;

	enc_destroy(&newkeys->enc);
	mac_destroy(&newkeys->mac);
	memset(&newkeys->comp, 0, sizeof(newkeys->comp));
}


Lines 156-161 void kexgex_server(Kex *); Link Here

(-)openssh-5.9p1/kex.h.audit4 (+2 lines)
156	void kexecdh_client(Kex *);	156	void kexecdh_client(Kex *);
157	void kexecdh_server(Kex *);	157	void kexecdh_server(Kex *);
158		158
		159	void newkeys_destroy(Newkeys *newkeys);
		160
159	void	161	void
160	kex_dh_hash(char , char , char , int, char , int, u_char *, int,	162	kex_dh_hash(char , char , char , int, char , int, u_char *, int,
161	BIGNUM , BIGNUM , BIGNUM , u_char , u_int );	163	BIGNUM , BIGNUM , BIGNUM , u_char , u_int );




	mac->umac_ctx = NULL;
}

void
mac_destroy(Mac *mac)
{
	if (mac == NULL)
		return;

	if (mac->key) {
		memset(mac->key, 0, mac->key_len);
		xfree(mac->key);
	}

	memset(mac, 0, sizeof(*mac));
}

/* XXX copied from ciphers_valid */
#define	MAC_SEP	","
int

Lines 28-30 int mac_setup(Mac , char ); Link Here

(-)openssh-5.9p1/mac.h.audit4 (+1 lines)
28	int mac_init(Mac *);	28	int mac_init(Mac *);
29	u_char mac_compute(Mac , u_int32_t, u_char *, int);	29	u_char mac_compute(Mac , u_int32_t, u_char *, int);
30	void mac_clear(Mac *);	30	void mac_clear(Mac *);
		31	void mac_destroy(Mac *);




int mm_answer_audit_end_command(int, Buffer *);
int mm_answer_audit_unsupported_body(int, Buffer *);
int mm_answer_audit_kex_body(int, Buffer *);
int mm_answer_audit_session_key_free_body(int, Buffer *);
#endif

static int monitor_read_log(struct monitor *);

    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
    {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
#endif
#ifdef BSD_AUTH
    {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},

    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
    {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
#endif
    {0, 0, NULL}
};

    {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
    {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
#endif
    {0, 0, NULL}
};

    {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
    {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
    {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
    {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
#endif
    {0, 0, NULL}
};

#endif
	}

	/* Drain any buffered messages from the child */
	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
		;

	if (!authctxt->valid)
		fatal("%s: authenticated invalid user", __func__);
	if (strcmp(auth_method, "unknown") == 0)


	blob = buffer_get_string(&m, &bloblen);
	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
	memset(blob, 0, bloblen);
	xfree(blob);

	debug3("%s: Waiting for second key", __func__);
	blob = buffer_get_string(&m, &bloblen);
	current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
	memset(blob, 0, bloblen);
	xfree(blob);

	/* Now get sequence numbers for the packets */

	}

	buffer_free(&m);

#ifdef SSH_AUDIT_EVENTS
	if (compat20) {
		buffer_init(&m);
		mm_request_receive_expect(pmonitor->m_sendfd,
					  MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
		mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m);
		buffer_free(&m);
	}
#endif

	/* Drain any buffered messages from the child */
	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
		;

}



	return 0;
}

int
mm_answer_audit_session_key_free_body(int sock, Buffer *m)
{
	int ctos;
	pid_t pid;
	uid_t uid;

	ctos = buffer_get_int(m);
	pid = buffer_get_int64(m);
	uid = buffer_get_int64(m);

	audit_session_key_free_body(ctos, pid, uid);

	buffer_clear(m);

	mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
	return 0;
}
#endif /* SSH_AUDIT_EVENTS */

Lines 63-68 enum monitor_reqtype { Link Here

(-)openssh-5.9p1/monitor.h.audit4 (+1 lines)
63	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,	63	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
64	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,	64	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
65	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,	65	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
		66	MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
66	MONITOR_REQ_TERM,	67	MONITOR_REQ_TERM,
67	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,	68	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
68	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,	69	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,




		fatal("%s: conversion of newkeys failed", __func__);

	buffer_put_string(&m, blob, bloblen);
	memset(blob, 0, bloblen);
	xfree(blob);

	if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
		fatal("%s: conversion of newkeys failed", __func__);

	buffer_put_string(&m, blob, bloblen);
	memset(blob, 0, bloblen);
	xfree(blob);

	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);


	buffer_free(&m);
}

void
mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
{
	Buffer m;

	buffer_init(&m);
	buffer_put_int(&m, ctos);
	buffer_put_int64(&m, pid);
	buffer_put_int64(&m, uid);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
				  &m);
	buffer_free(&m);
}
#endif /* SSH_AUDIT_EVENTS */

Lines 79-84 int mm_audit_run_command(const char *); Link Here

(-)openssh-5.9p1/monitor_wrap.h.audit4 (+1 lines)
79	void mm_audit_end_command(int, const char *);	79	void mm_audit_end_command(int, const char *);
80	void mm_audit_unsupported_body(int);	80	void mm_audit_unsupported_body(int);
81	void mm_audit_kex_body(int, char , char , char *, pid_t, uid_t);	81	void mm_audit_kex_body(int, char , char , char *, pid_t, uid_t);
		82	void mm_audit_session_key_free_body(int, pid_t, uid_t);
82	#endif	83	#endif
83		84
84	struct Session;	85	struct Session;

Lines 60-65 Link Here

(-)openssh-5.9p1/packet.c.audit4 (-29 / +87 lines)
60	#include <signal.h>	60	#include <signal.h>
61		61
62	#include "xmalloc.h"	62	#include "xmalloc.h"
		63	#include "audit.h"
63	#include "buffer.h"	64	#include "buffer.h"
64	#include "packet.h"	65	#include "packet.h"
65	#include "crc32.h"	66	#include "crc32.h"
Lines 470-475 packet_get_connection_out(void) Link Here
470	return active_state->connection_out;	471	return active_state->connection_out;
471	}	472	}
472		473
		474	static int
		475	packet_state_has_keys (const struct session_state *state)
		476	{
		477	return state != NULL &&
		478	(state->newkeys[MODE_IN] != NULL \|\| state->newkeys[MODE_OUT] != NULL);
		479	}
		480
473	/* Closes the connection and clears and frees internal data structures. */	481	/* Closes the connection and clears and frees internal data structures. */
474		482
475	void	483	void
Lines 478-490 packet_close(void) Link Here
478	if (!active_state->initialized)	486	if (!active_state->initialized)
479	return;	487	return;
480	active_state->initialized = 0;	488	active_state->initialized = 0;
481	if (active_state->connection_in == active_state->connection_out) {
482	shutdown(active_state->connection_out, SHUT_RDWR);
483	close(active_state->connection_out);
484	} else {
485	close(active_state->connection_in);
486	close(active_state->connection_out);
487	}
488	buffer_free(&active_state->input);	489	buffer_free(&active_state->input);
489	buffer_free(&active_state->output);	490	buffer_free(&active_state->output);
490	buffer_free(&active_state->outgoing_packet);	491	buffer_free(&active_state->outgoing_packet);
Lines 493-500 packet_close(void) Link Here
493	buffer_free(&active_state->compression_buffer);	494	buffer_free(&active_state->compression_buffer);
494	buffer_compress_uninit();	495	buffer_compress_uninit();
495	}	496	}
496	cipher_cleanup(&active_state->send_context);	497	if (packet_state_has_keys(active_state)) {
497	cipher_cleanup(&active_state->receive_context);	498	cipher_cleanup(&active_state->send_context);
		499	cipher_cleanup(&active_state->receive_context);
		500	audit_session_key_free(2);
		501	}
		502	if (active_state->connection_in == active_state->connection_out) {
		503	shutdown(active_state->connection_out, SHUT_RDWR);
		504	close(active_state->connection_out);
		505	} else {
		506	close(active_state->connection_in);
		507	close(active_state->connection_out);
		508	}
498	}	509	}
499		510
500	/* Sets remote side protocol flags. */	511	/* Sets remote side protocol flags. */
Lines 729-734 packet_send1(void) Link Here
729	*/	740	*/
730	}	741	}
731		742
		743	static void
		744	newkeys_destroy_and_free(Newkeys *newkeys)
		745	{
		746	if (newkeys == NULL)
		747	return;
		748
		749	xfree(newkeys->enc.name);
		750
		751	mac_clear(&newkeys->mac);
		752	xfree(newkeys->mac.name);
		753
		754	xfree(newkeys->comp.name);
		755
		756	newkeys_destroy(newkeys);
		757	xfree(newkeys);
		758	}
		759
732	void	760	void
733	set_newkeys(int mode)	761	set_newkeys(int mode)
734	{	762	{
Lines 754-771 set_newkeys(int mode) Link Here
754	}	782	}
755	if (active_state->newkeys[mode] != NULL) {	783	if (active_state->newkeys[mode] != NULL) {
756	debug("set_newkeys: rekeying");	784	debug("set_newkeys: rekeying");
		785	audit_session_key_free(mode);
757	cipher_cleanup(cc);	786	cipher_cleanup(cc);
758	enc = &active_state->newkeys[mode]->enc;	787	newkeys_destroy_and_free(active_state->newkeys[mode]);
759	mac = &active_state->newkeys[mode]->mac;
760	comp = &active_state->newkeys[mode]->comp;
761	mac_clear(mac);
762	xfree(enc->name);
763	xfree(enc->iv);
764	xfree(enc->key);
765	xfree(mac->name);
766	xfree(mac->key);
767	xfree(comp->name);
768	xfree(active_state->newkeys[mode]);
769	}	788	}
770	active_state->newkeys[mode] = kex_get_newkeys(mode);	789	active_state->newkeys[mode] = kex_get_newkeys(mode);
771	if (active_state->newkeys[mode] == NULL)	790	if (active_state->newkeys[mode] == NULL)
Lines 1924-1929 packet_get_newkeys(int mode) Link Here
1924	return (void *)active_state->newkeys[mode];	1943	return (void *)active_state->newkeys[mode];
1925	}	1944	}
1926		1945
		1946	static void
		1947	packet_destroy_state(struct session_state *state)
		1948	{
		1949	if (state == NULL)
		1950	return;
		1951
		1952	cipher_cleanup(&state->receive_context);
		1953	cipher_cleanup(&state->send_context);
		1954
		1955	buffer_free(&state->input);
		1956	buffer_free(&state->output);
		1957	buffer_free(&state->outgoing_packet);
		1958	buffer_free(&state->incoming_packet);
		1959	buffer_free(&state->compression_buffer);
		1960	newkeys_destroy_and_free(state->newkeys[MODE_IN]);
		1961	state->newkeys[MODE_IN] = NULL;
		1962	newkeys_destroy_and_free(state->newkeys[MODE_OUT]);
		1963	state->newkeys[MODE_OUT] = NULL;
		1964	mac_destroy(state->packet_discard_mac);
		1965	// TAILQ_HEAD(, packet) outgoing;
		1966	// memset(state, 0, sizeof(state));
		1967	}
		1968
		1969	void
		1970	packet_destroy_all(int audit_it, int privsep)
		1971	{
		1972	if (audit_it)
		1973	audit_it = packet_state_has_keys (active_state) \|\|
		1974	packet_state_has_keys (backup_state);
		1975	packet_destroy_state(active_state);
		1976	packet_destroy_state(backup_state);
		1977	if (audit_it) {
		1978	#ifdef SSH_AUDIT_EVENTS
		1979	if (privsep)
		1980	audit_session_key_free(2);
		1981	else
		1982	audit_session_key_free_body(2, getpid(), getuid());
		1983	#endif
		1984	}
		1985	}
		1986
1927	/*	1987	/*
1928	* Save the state for the real connection, and use a separate state when	1988	* Save the state for the real connection, and use a separate state when
1929	* resuming a suspended connection.	1989	* resuming a suspended connection.
Lines 1931-1948 packet_get_newkeys(int mode) Link Here
1931	void	1991	void
1932	packet_backup_state(void)	1992	packet_backup_state(void)
1933	{	1993	{
1934	struct session_state *tmp;
1935
1936	close(active_state->connection_in);	1994	close(active_state->connection_in);
1937	active_state->connection_in = -1;	1995	active_state->connection_in = -1;
1938	close(active_state->connection_out);	1996	close(active_state->connection_out);
1939	active_state->connection_out = -1;	1997	active_state->connection_out = -1;
1940	if (backup_state)
1941	tmp = backup_state;
1942	else
1943	tmp = alloc_session_state();
1944	backup_state = active_state;	1998	backup_state = active_state;
1945	active_state = tmp;	1999	active_state = alloc_session_state();
1946	}	2000	}
1947		2001
1948	/*	2002	/*
Lines 1959-1967 packet_restore_state(void) Link Here
1959	backup_state = active_state;	2013	backup_state = active_state;
1960	active_state = tmp;	2014	active_state = tmp;
1961	active_state->connection_in = backup_state->connection_in;	2015	active_state->connection_in = backup_state->connection_in;
1962	backup_state->connection_in = -1;
1963	active_state->connection_out = backup_state->connection_out;	2016	active_state->connection_out = backup_state->connection_out;
1964	backup_state->connection_out = -1;
1965	len = buffer_len(&backup_state->input);	2017	len = buffer_len(&backup_state->input);
1966	if (len > 0) {	2018	if (len > 0) {
1967	buf = buffer_ptr(&backup_state->input);	2019	buf = buffer_ptr(&backup_state->input);
Lines 1969-1972 packet_restore_state(void) Link Here
1969	buffer_clear(&backup_state->input);	2021	buffer_clear(&backup_state->input);
1970	add_recv_bytes(len);	2022	add_recv_bytes(len);
1971	}	2023	}
		2024	backup_state->connection_in = -1;
		2025	backup_state->connection_out = -1;
		2026	packet_destroy_state(backup_state);
		2027	xfree(backup_state);
		2028	backup_state = NULL;
1972	}	2029	}
		2030

Lines 124-127 void packet_restore_state(void); Link Here

(-)openssh-5.9p1/packet.h.audit4 (+1 lines)
124	void *packet_get_input(void);	124	void *packet_get_input(void);
125	void *packet_get_output(void);	125	void *packet_get_output(void);
126		126
		127	void packet_destroy_all(int, int);
127	#endif /* PACKET_H */	128	#endif /* PACKET_H */

Lines 1634-1639 do_child(Session s, const char command Link Here

(-)openssh-5.9p1/session.c.audit4 (+3 lines)
1634		1634
1635	/* remove hostkey from the child's memory */	1635	/* remove hostkey from the child's memory */
1636	destroy_sensitive_data();	1636	destroy_sensitive_data();
		1637	/* Don't audit this - both us and the parent would be talking to the
		1638	monitor over a single socket, with no synchronization. */
		1639	packet_destroy_all(0, 1);
1637		1640
1638	/* Force a password change */	1641	/* Force a password change */
1639	if (s->authctxt->force_pwchange) {	1642	if (s->authctxt->force_pwchange) {

Lines 684-689 privsep_preauth(Authctxt *authctxt) Link Here

(-)openssh-5.9p1/sshd.c.audit4 (+21 lines)
684	}	684	}
685	}	685	}
686		686
		687	extern Newkeys *current_keys[];
		688
687	static void	689	static void
688	privsep_postauth(Authctxt *authctxt)	690	privsep_postauth(Authctxt *authctxt)
689	{	691	{
Lines 708-713 privsep_postauth(Authctxt *authctxt) Link Here
708	else if (pmonitor->m_pid != 0) {	710	else if (pmonitor->m_pid != 0) {
709	verbose("User child is on pid %ld", (long)pmonitor->m_pid);	711	verbose("User child is on pid %ld", (long)pmonitor->m_pid);
710	buffer_clear(&loginmsg);	712	buffer_clear(&loginmsg);
		713	newkeys_destroy(current_keys[MODE_OUT]);
		714	newkeys_destroy(current_keys[MODE_IN]);
		715	audit_session_key_free_body(2, getpid(), getuid());
		716	packet_destroy_all(0, 0);
711	monitor_child_postauth(pmonitor);	717	monitor_child_postauth(pmonitor);
712		718
713	/* NEVERREACHED */	719	/* NEVERREACHED */
Lines 1996-2001 main(int ac, char **av) Link Here
1996	*/	2002	*/
1997	if (use_privsep) {	2003	if (use_privsep) {
1998	mm_send_keystate(pmonitor);	2004	mm_send_keystate(pmonitor);
		2005	packet_destroy_all(1, 1);
1999	exit(0);	2006	exit(0);
2000	}	2007	}
2001		2008
Lines 2048-2053 main(int ac, char **av) Link Here
2048	do_authenticated(authctxt);	2055	do_authenticated(authctxt);
2049		2056
2050	/* The connection has been terminated. */	2057	/* The connection has been terminated. */
		2058	packet_destroy_all(1, 1);
		2059
2051	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);	2060	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
2052	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);	2061	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
2053	verbose("Transferred: sent %llu, received %llu bytes",	2062	verbose("Transferred: sent %llu, received %llu bytes",
Lines 2365-2372 do_ssh2_kex(void) Link Here
2365	void	2374	void
2366	cleanup_exit(int i)	2375	cleanup_exit(int i)
2367	{	2376	{
		2377	static int in_cleanup = 0;
		2378	int is_privsep_child;
		2379
		2380	/* cleanup_exit can be called at the very least from the privsep
		2381	wrappers used for auditing. Make sure we don't recurse
		2382	indefinitely. */
		2383	if (in_cleanup)
		2384	_exit(i);
		2385	in_cleanup = 1;
		2386
2368	if (the_authctxt)	2387	if (the_authctxt)
2369	do_cleanup(the_authctxt);	2388	do_cleanup(the_authctxt);
		2389	is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
		2390	packet_destroy_all(1, is_privsep_child);
2370	#ifdef SSH_AUDIT_EVENTS	2391	#ifdef SSH_AUDIT_EVENTS
2371	/* done after do_cleanup so it can cancel the PAM auth 'thread' */	2392	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
2372	if ((the_authctxt == NULL \|\| !the_authctxt->authenticated) &&	2393	if ((the_authctxt == NULL \|\| !the_authctxt->authenticated) &&

Return to bug 1402

Lines 168-173 mac_clear(Mac *mac) Link Here

(-)openssh-5.9p1/mac.c.audit4 (+14 lines)
168	mac->umac_ctx = NULL;	168	mac->umac_ctx = NULL;
169	}	169	}
170		170
		171	void
		172	mac_destroy(Mac *mac)
		173	{
		174	if (mac == NULL)
		175	return;
		176
		177	if (mac->key) {
		178	memset(mac->key, 0, mac->key_len);
		179	xfree(mac->key);
		180	}
		181
		182	memset(mac, 0, sizeof(*mac));
		183	}
		184
171	/* XXX copied from ciphers_valid */	185	/* XXX copied from ciphers_valid */
172	#define MAC_SEP ","	186	#define MAC_SEP ","
173	int	187	int

Lines 653-664 mm_send_keystate(struct monitor *monitor Link Here

(-)openssh-5.9p1/monitor_wrap.c.audit4 (+17 lines)
653	fatal("%s: conversion of newkeys failed", __func__);	653	fatal("%s: conversion of newkeys failed", __func__);
654		654
655	buffer_put_string(&m, blob, bloblen);	655	buffer_put_string(&m, blob, bloblen);
		656	memset(blob, 0, bloblen);
656	xfree(blob);	657	xfree(blob);
657		658
658	if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))	659	if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
659	fatal("%s: conversion of newkeys failed", __func__);	660	fatal("%s: conversion of newkeys failed", __func__);
660		661
661	buffer_put_string(&m, blob, bloblen);	662	buffer_put_string(&m, blob, bloblen);
		663	memset(blob, 0, bloblen);
662	xfree(blob);	664	xfree(blob);
663		665
664	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);	666	packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
Lines 1522-1525 mm_audit_kex_body(int ctos, char *cipher Link Here
1522		1524
1523	buffer_free(&m);	1525	buffer_free(&m);
1524	}	1526	}
		1527
		1528	void
		1529	mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
		1530	{
		1531	Buffer m;
		1532
		1533	buffer_init(&m);
		1534	buffer_put_int(&m, ctos);
		1535	buffer_put_int64(&m, pid);
		1536	buffer_put_int64(&m, uid);
		1537	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
		1538	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
		1539	&m);
		1540	buffer_free(&m);
		1541	}
1525	#endif /* SSH_AUDIT_EVENTS */	1542	#endif /* SSH_AUDIT_EVENTS */

Lines 624-626 dump_digest(char msg, u_char digest, i Link Here

(-)openssh-5.9p1/kex.c.audit4 (+31 lines)
624	fprintf(stderr, "\n");	624	fprintf(stderr, "\n");
625	}	625	}
626	#endif	626	#endif
		627
		628	static void
		629	enc_destroy(Enc *enc)
		630	{
		631	if (enc == NULL)
		632	return;
		633
		634	if (enc->key) {
		635	memset(enc->key, 0, enc->key_len);
		636	xfree(enc->key);
		637	}
		638
		639	if (enc->iv) {
		640	memset(enc->iv, 0, enc->block_size);
		641	xfree(enc->iv);
		642	}
		643
		644	memset(enc, 0, sizeof(*enc));
		645	}
		646
		647	void
		648	newkeys_destroy(Newkeys *newkeys)
		649	{
		650	if (newkeys == NULL)
		651	return;
		652
		653	enc_destroy(&newkeys->enc);
		654	mac_destroy(&newkeys->mac);
		655	memset(&newkeys->comp, 0, sizeof(newkeys->comp));
		656	}
		657

Lines 189-194 int mm_answer_audit_command(int, Buffer Link Here

(-)openssh-5.9p1/monitor.c.audit4 (-4 / +40 lines)
189	int mm_answer_audit_end_command(int, Buffer *);	189	int mm_answer_audit_end_command(int, Buffer *);
190	int mm_answer_audit_unsupported_body(int, Buffer *);	190	int mm_answer_audit_unsupported_body(int, Buffer *);
191	int mm_answer_audit_kex_body(int, Buffer *);	191	int mm_answer_audit_kex_body(int, Buffer *);
		192	int mm_answer_audit_session_key_free_body(int, Buffer *);
192	#endif	193	#endif
193		194
194	static int monitor_read_log(struct monitor *);	195	static int monitor_read_log(struct monitor *);
Lines 241-246 struct mon_table mon_dispatch_proto20[] Link Here
241	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	242	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
242	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},	243	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
243	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},	244	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
		245	{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
244	#endif	246	#endif
245	#ifdef BSD_AUTH	247	#ifdef BSD_AUTH
246	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},	248	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
Lines 280-285 struct mon_table mon_dispatch_postauth20 Link Here
280	{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},	282	{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
281	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},	283	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
282	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},	284	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
		285	{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
283	#endif	286	#endif
284	{0, 0, NULL}	287	{0, 0, NULL}
285	};	288	};
Lines 313-318 struct mon_table mon_dispatch_proto15[] Link Here
313	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	316	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
314	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},	317	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
315	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},	318	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
		319	{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
316	#endif	320	#endif
317	{0, 0, NULL}	321	{0, 0, NULL}
318	};	322	};
Lines 327-332 struct mon_table mon_dispatch_postauth15 Link Here
327	{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},	331	{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
328	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},	332	{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
329	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},	333	{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
		334	{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
330	#endif	335	#endif
331	{0, 0, NULL}	336	{0, 0, NULL}
332	};	337	};
Lines 433-442 monitor_child_preauth(Authctxt *_authctx Link Here
433	#endif	438	#endif
434	}	439	}
435		440
436	/* Drain any buffered messages from the child */
437	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
438	;
439
440	if (!authctxt->valid)	441	if (!authctxt->valid)
441	fatal("%s: authenticated invalid user", __func__);	442	fatal("%s: authenticated invalid user", __func__);
442	if (strcmp(auth_method, "unknown") == 0)	443	if (strcmp(auth_method, "unknown") == 0)
Lines 1922-1932 mm_get_keystate(struct monitor *pmonitor Link Here
1922		1923
1923	blob = buffer_get_string(&m, &bloblen);	1924	blob = buffer_get_string(&m, &bloblen);
1924	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);	1925	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
		1926	memset(blob, 0, bloblen);
1925	xfree(blob);	1927	xfree(blob);
1926		1928
1927	debug3("%s: Waiting for second key", __func__);	1929	debug3("%s: Waiting for second key", __func__);
1928	blob = buffer_get_string(&m, &bloblen);	1930	blob = buffer_get_string(&m, &bloblen);
1929	current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);	1931	current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
		1932	memset(blob, 0, bloblen);
1930	xfree(blob);	1933	xfree(blob);
1931		1934
1932	/* Now get sequence numbers for the packets */	1935	/* Now get sequence numbers for the packets */
Lines 1972-1977 mm_get_keystate(struct monitor *pmonitor Link Here
1972	}	1975	}
1973		1976
1974	buffer_free(&m);	1977	buffer_free(&m);
		1978
		1979	#ifdef SSH_AUDIT_EVENTS
		1980	if (compat20) {
		1981	buffer_init(&m);
		1982	mm_request_receive_expect(pmonitor->m_sendfd,
		1983	MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
		1984	mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m);
		1985	buffer_free(&m);
		1986	}
		1987	#endif
		1988
		1989	/* Drain any buffered messages from the child */
		1990	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
		1991	;
		1992
1975	}	1993	}
1976		1994
1977		1995
Lines 2416-2419 mm_answer_audit_kex_body(int sock, Buffe Link Here
2416	return 0;	2434	return 0;
2417	}	2435	}
2418		2436
		2437	int
		2438	mm_answer_audit_session_key_free_body(int sock, Buffer *m)
		2439	{
		2440	int ctos;
		2441	pid_t pid;
		2442	uid_t uid;
		2443
		2444	ctos = buffer_get_int(m);
		2445	pid = buffer_get_int64(m);
		2446	uid = buffer_get_int64(m);
		2447
		2448	audit_session_key_free_body(ctos, pid, uid);
		2449
		2450	buffer_clear(m);
		2451
		2452	mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
		2453	return 0;
		2454	}
2419	#endif /* SSH_AUDIT_EVENTS */	2455	#endif /* SSH_AUDIT_EVENTS */