Attachment #777 for bug #974

Line Link Here

(-)file_not_specified_in_diff (-7 / +139 lines)
0	-- Orginal/openssh/auth.c 2004-08-12 18:10:25.000000000 +0530	0	++ Patched/openssh/auth.c 2005-01-20 15:13:08.281151112 +0530
Lines 50-55 Link Here
50	#include "misc.h"	50	#include "misc.h"
51	#include "bufaux.h"	51	#include "bufaux.h"
52	#include "packet.h"	52	#include "packet.h"
		53	#include "monitor_wrap.h"
53	/* import */	54	/* import */
54	extern ServerOptions options;	55	extern ServerOptions options;
Lines 230-235 Link Here
230	else	231	else
231	authmsg = authenticated ? "Accepted" : "Failed";	232	authmsg = authenticated ? "Accepted" : "Failed";
		233	if(!authenticated && !authctxt->postponed && (!strcmp(method, "gssapi-with-mic") \|\| !strcmp(method, "publickey") \|\| !strcmp(method, "hostbased"))){
		234	debug("=== calling log_btmp uid %d ===\n", getuid());
		235	PRIVSEP(log_btmp(authctxt->user,get_canonical_hostname(options.use_dns)));
		236	}
		237
		238
		239	if(!authenticated && !authctxt->postponed && (!strcmp(method, "password") \|\| !strcmp(method, " keyboard-interactive") \|\| !strcmp(method,"challenge-response") \|\| !strcmp(method,"keyboard-interactive/pam"))){
		240	if ( getuid() == 0) {
		241	debug("=== calling log_btmp uid %d ===\n", getuid());
		242	log_btmp(authctxt->user,get_canonical_hostname(options.use_dns));
		243	}
		244	}
232	authlog("%s %s for %s%.100s from %.200s port %d%s",	245	authlog("%s %s for %s%.100s from %.200s port %d%s",
233	authmsg,	246	authmsg,
234	method,	247	method,
235	-- Orginal/openssh/loginrec.c 2004-09-12 10:56:01.000000000 +0530	248	++ Patched/openssh/loginrec.c 2005-01-20 15:03:15.855213544 +0530
Lines 123-128 Link Here
123	*	123	*
124	* Otherwise, patches to the specific method(s) are very helpful!	124	* Otherwise, patches to the specific method(s) are very helpful!
125	*/	125	*/
		126	/*
		127	* Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
		128	* All rights reserved.
		129	*
		130	* Redistribution and use in source and binary forms are permitted
		131	* provided that the above copyright notice and this paragraph are
		132	* duplicated in all such forms and that any documentation,
		133	* advertising materials, and other materials related to such
		134	* distribution and use acknowledge that the software was developed
		135	* by the University of California, Berkeley. The name of the
		136	* University may not be used to endorse or promote products derived
		137	* from this software without specific prior written permission.
		138	* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
		139	* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
		140	* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
		141	*/
		142
126	#include "includes.h"	143	#include "includes.h"
Lines 1563-1565 Link Here
1563	return (0);	1580	return (0);
1564	}	1581	}
1565	#endif /* USE_LASTLOG */	1582	#endif /* USE_LASTLOG */
1566	-- Orginal/openssh/monitor.h 2003-11-17 16:48:22.000000000 +0530	1583
		1584	/*
		1585	* Logs failed login attempts in _PATH_BTMP if that exists.
		1586	* The most common login failure is to give password instead of username.
		1587	* So the _PATH_BTMP file checked for the correct permission, so that
		1588	* only root can read it.
		1589	*/
		1590
		1591	#define _PATH_BTMP "/var/adm/btmp"
		1592	void
		1593	log_btmp(const char username, const char hostname) {
		1594	int fd, n;
		1595	struct utmp ut;
		1596	time_t t;
		1597	struct stat fst;
		1598
		1599	memset(&ut, 0, sizeof(ut));
		1600	strncpy(ut.ut_user, username, sizeof(ut.ut_user));
		1601	strcpy(ut.ut_line,"ssh:notty");
		1602
		1603	time(&t);
		1604	ut.ut_time = t; /* ut_time is not always a time_t */
		1605
		1606	ut.ut_type = LOGIN_PROCESS;
		1607	ut.ut_pid = getpid();
		1608	if (stat(_PATH_BTMP,&fst) == -1){
		1609	log("btmp file %s does not exist\n",_PATH_BTMP);
		1610	return;
		1611	}
		1612
		1613	if((fst.st_mode & (S_IRWXG \| S_IRWXO))\|\|(fst.st_uid != 0)){
		1614	log("Excess permission or bad ownership on file %s\n",_PATH_BTMP);
		1615	return;
		1616	}
		1617	if (hostname) {
		1618	struct hostent *he;
		1619	strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
		1620	if ((he = gethostbyname(hostname)))
		1621	memcpy(&ut.ut_addr, he->h_addr_list[0], sizeof(ut.ut_addr));
		1622	}
		1623
		1624	fd = open(_PATH_BTMP, O_WRONLY \| O_APPEND);
		1625	if (fd == -1) {
		1626	log("Unable to open the btmp file %s\n",_PATH_BTMP);
		1627	return;
		1628	}
		1629	n = atomicio(vwrite,fd, &ut, sizeof(ut));
		1630	close(fd);
		1631
		1632	}
		1633
		1634	++ Patched/openssh/monitor.h 2005-01-19 20:32:32.000000000 +0530
Lines 59-65 Link Here
59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,	59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
62	MONITOR_REQ_TERM	62	MONITOR_REQ_TERM,
		63	MONITOR_REQ_BADLOGIN
63	};	64	};
64	struct mm_master;	65	struct mm_master;
65	-- Orginal/openssh/monitor.c 2004-09-11 18:37:03.000000000 +0530	66	++ Patched/openssh/monitor.c 2005-01-19 20:46:43.000000000 +0530
Lines 126-131 Link Here
126	int mm_answer_rsa_response(int, Buffer *);	126	int mm_answer_rsa_response(int, Buffer *);
127	int mm_answer_sesskey(int, Buffer *);	127	int mm_answer_sesskey(int, Buffer *);
128	int mm_answer_sessid(int, Buffer *);	128	int mm_answer_sessid(int, Buffer *);
		129	int mm_answer_log_btmp(int, Buffer *);
129	#ifdef USE_PAM	130	#ifdef USE_PAM
130	int mm_answer_pam_start(int, Buffer *);	131	int mm_answer_pam_start(int, Buffer *);
Lines 202-207 Link Here
202	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},	203	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
203	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},	204	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
204	#endif	205	#endif
		206	{MONITOR_REQ_BADLOGIN, MON_ISAUTH, mm_answer_log_btmp},
205	{0, 0, NULL}	207	{0, 0, NULL}
206	};	208	};
Lines 211-216 Link Here
211	{MONITOR_REQ_PTY, 0, mm_answer_pty},	213	{MONITOR_REQ_PTY, 0, mm_answer_pty},
212	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},	214	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
213	{MONITOR_REQ_TERM, 0, mm_answer_term},	215	{MONITOR_REQ_TERM, 0, mm_answer_term},
		216	{MONITOR_REQ_BADLOGIN, 0, mm_answer_log_btmp},
214	{0, 0, NULL}	217	{0, 0, NULL}
215	};	218	};
Lines 239-244 Link Here
239	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	242	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
240	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	243	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
241	#endif	244	#endif
		245	{MONITOR_REQ_BADLOGIN , MON_ISAUTH , mm_answer_log_btmp},
242	{0, 0, NULL}	246	{0, 0, NULL}
243	};	247	};
Lines 246-251 Link Here
246	{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},	250	{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
247	{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},	251	{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
248	{MONITOR_REQ_TERM, 0, mm_answer_term},	252	{MONITOR_REQ_TERM, 0, mm_answer_term},
		253	{MONITOR_REQ_BADLOGIN , 0, mm_answer_log_btmp},
249	{0, 0, NULL}	254	{0, 0, NULL}
250	};	255	};
Lines 378-383 Link Here
378	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);	383	monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
379	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);	384	monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
380	}	385	}
		386	monitor_permit(mon_dispatch, MONITOR_REQ_BADLOGIN, 1);
381	for (;;)	387	for (;;)
382	monitor_read(pmonitor, mon_dispatch, NULL);	388	monitor_read(pmonitor, mon_dispatch, NULL);
Lines 1850-1852 Link Here
1850	return (authenticated);	1856	return (authenticated);
1851	}	1857	}
1852	#endif /* GSSAPI */	1858	#endif /* GSSAPI */
1853	-- Orginal/openssh/monitor_wrap.c 2004-09-11 18:37:03.000000000 +0530	1859
		1860	/* RECORD_BADLOGINS
		1861	Receive a "bad login request" from the unpriviledged
		1862	process. The priviledged process will receive the user
		1863	and the hostname. Record the bad login attempt.
		1864	*/
		1865	int mm_answer_log_btmp(int socket, Buffer *m){
		1866	char user[1024];
		1867	char hostname[1024];
		1868
		1869	memset(user,0, 1024);
		1870	memset(hostname,0, 1024);
		1871
		1872	buffer_get(m, user ,1024);
		1873	buffer_get(m, hostname ,1024);
		1874
		1875	debug("#### Priviledged process: received user %s host %s",user, hostname );
		1876
		1877	log_btmp(user,get_canonical_hostname(options.use_dns));
		1878	}
		1879
		1880
		1881	++ Patched/openssh/monitor_wrap.c 2005-01-20 15:05:54.513093880 +0530
Lines 1188-1190 Link Here
1188	return (authenticated);	1188	return (authenticated);
1189	}	1189	}
1190	#endif /* GSSAPI */	1190	#endif /* GSSAPI */
1191	-- Orginal/openssh/monitor_wrap.h 2004-06-22 08:26:02.000000000 +0530	1191
		1192	/* BADLOGINS FIX
		1193	* Only the priviledged process can update the /var/adm/btmp.
		1194	* Send user and hostname name to the priviledged process.
		1195	*/
		1196
		1197	int
		1198	mm_log_btmp(const char username, const char hostname) {
		1199	Buffer m;
		1200	buffer_init(&m);
		1201
		1202	buffer_append(&m, username, 1024);
		1203	buffer_append(&m, hostname, 1024);
		1204
		1205	debug("=== calling log_btmp uid %d by a priviledged process ===", getuid());
		1206
		1207	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BADLOGIN, &m);
		1208
		1209	buffer_free(&m);
		1210	}
		1211	++ Patched/openssh/monitor_wrap.h 2005-01-20 15:06:22.971767504 +0530
Lines 106-108 Link Here
106	void mm_init_compression(struct mm_master *);	106	void mm_init_compression(struct mm_master *);
107	#endif /* _MM_H_ */	107	#endif /* _MM_H_ */
		108
		109	int mm_log_btmp(const char username, const char hostname);

Return to bug 974