Attachment 862 Details for Bug 974 – Patch for logging Bad key based Authentications

[patch] Patch for logging Bad key based Authentications

OpenSSH_keybased_BTMP.patch (text/plain), 4.00 KB, created by senthilkumar on 2005-03-31 16:00:36 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: senthilkumar

Created: 2005-03-31 16:00:36 AEST

Size: 4.00 KB

patch

obsolete

>--- openssh-4.0p1/auth.c        2005-02-15 16:15:57.000000000 +0530
>+++ openssh-4.0p1-btmp/auth.c   2005-03-31 11:03:32.000000000 +0530
>@@ -245,12 +245,18 @@
>            info);
>
> #ifdef CUSTOM_FAILED_LOGIN
>-       if (authenticated == 0 && !authctxt->postponed &&
>-           (strcmp(method, "password") == 0 ||
>-           strncmp(method, "keyboard-interactive", 20) == 0 ||
>-           strcmp(method, "challenge-response") == 0))
>-               record_failed_login(authctxt->user,
>-                   get_canonical_hostname(options.use_dns), "ssh");
>+       if (authenticated == 0 && !authctxt->postponed &&  strcmp(method,"none"))
>+       {
>+                 debug("Entering record_failed_login uid %d ", getuid());
>+               if(!strcmp(method,"publickey") || !strcmp(method,"gssapi-with-mic") || !strcmp(method,"gssapi") || !strcmp(method,"hostbased")) {
>+                PRIVSEP(record_failed_login(authctxt->user,
>+                    get_canonical_hostname(options.use_dns), "ssh"));
>+                                 }
>+        else if (getuid()==0){
>+                record_failed_login(authctxt->user,
>+                    get_canonical_hostname(options.use_dns), "ssh");
>+                             }
>+       }
> #endif
> #ifdef SSH_AUDIT_EVENTS
>        if (authenticated == 0 && !authctxt->postponed) {
>diff -Nur openssh-4.0p1/monitor.c openssh-4.0p1-btmp/monitor.c
>--- openssh-4.0p1/monitor.c     2005-03-06 17:01:36.000000000 +0530
>+++ openssh-4.0p1-btmp/monitor.c        2005-03-31 11:01:48.000000000 +0530
>@@ -127,6 +127,8 @@
> int mm_answer_sesskey(int, Buffer *);
> int mm_answer_sessid(int, Buffer *);
>
>+int mm_answer_record_failed_login(int, Buffer *);
>+
> #ifdef USE_PAM
> int mm_answer_pam_start(int, Buffer *);
> int mm_answer_pam_account(int, Buffer *);
>@@ -210,6 +212,7 @@
>     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
>     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
> #endif
>+    {MONITOR_REQ_BADLOGIN, MON_ISAUTH, mm_answer_record_failed_login},
>     {0, 0, NULL}
> };
>
>@@ -254,6 +257,7 @@
> #ifdef SSH_AUDIT_EVENTS
>     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
> #endif
>+    {MONITOR_REQ_BADLOGIN ,  MON_ISAUTH , mm_answer_record_failed_login},
>     {0, 0, NULL}
> };
>
>@@ -1916,3 +1920,10 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+int
>+mm_answer_record_failed_login(int socket, Buffer *m)
>+{
>+       record_failed_login(authctxt->user,get_canonical_hostname(options.use_dns), "ssh");
>+}
>+
>diff -Nur openssh-4.0p1/monitor.h openssh-4.0p1-btmp/monitor.h
>--- openssh-4.0p1/monitor.h     2005-02-02 18:50:53.000000000 +0530
>+++ openssh-4.0p1-btmp/monitor.h        2005-03-31 10:28:12.000000000 +0530
>@@ -59,6 +59,7 @@
>        MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
>        MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
>        MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
>+       MONITOR_REQ_BADLOGIN,
>        MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
>        MONITOR_REQ_TERM
> };
>diff -Nur openssh-4.0p1/monitor_wrap.c openssh-4.0p1-btmp/monitor_wrap.c
>--- openssh-4.0p1/monitor_wrap.c        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.0p1-btmp/monitor_wrap.c   2005-03-31 11:01:14.000000000 +0530
>@@ -1218,3 +1218,15 @@
>        return (authenticated);
> }
> #endif /* GSSAPI */
>+
>+void
>+mm_record_failed_login(const char *username, const char *hostname, const char *service)
>+{
>+       Buffer m;
>+       buffer_init(&m);
>+
>+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BADLOGIN, &m);
>+
>+       buffer_free(&m);
>+}
>+
>diff -Nur openssh-4.0p1/monitor_wrap.h openssh-4.0p1-btmp/monitor_wrap.h
>--- openssh-4.0p1/monitor_wrap.h        2005-02-08 16:22:48.000000000 +0530
>+++ openssh-4.0p1-btmp/monitor_wrap.h   2005-03-31 10:30:58.000000000 +0530
>@@ -111,4 +111,5 @@
> void mm_zfree(struct mm_master *, void *);
> void mm_init_compression(struct mm_master *);
>
>+void mm_record_failed_login(const char *, const char *, const char *);
> #endif /* _MM_H_ */

Actions: View | Diff

Attachments on bug 974: 774 | 776 | 777 | 780 | 781 | 785 | 787 | 798 | 799 | 862