Attachment #1689 for bug #1642

View | Details | Raw Unified | Return to bug 1642
Collapse All | Expand All

Lines 287-292 auth_log(Authctxt *authctxt, int authent Link Here

(-)openssh-5.2p1/auth.c.audit (+10 lines)
287	get_canonical_hostname(options.use_dns), "ssh", &loginmsg);	287	get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
288	# endif	288	# endif
289	#endif	289	#endif
		290	#if HAVE_LINUX_AUDIT
		291	if (authenticated == 0 && !authctxt->postponed) {
		292	linux_audit_record_event(-1, authctxt->user, NULL,
		293	get_remote_ipaddr(), "sshd", 0);
		294	}
		295	#endif
290	#ifdef SSH_AUDIT_EVENTS	296	#ifdef SSH_AUDIT_EVENTS
291	if (authenticated == 0 && !authctxt->postponed)	297	if (authenticated == 0 && !authctxt->postponed)
292	audit_event(audit_classify_auth(method));	298	audit_event(audit_classify_auth(method));
Lines 533-538 getpwnamallow(const char *user) Link Here
533	record_failed_login(user,	539	record_failed_login(user,
534	get_canonical_hostname(options.use_dns), "ssh");	540	get_canonical_hostname(options.use_dns), "ssh");
535	#endif	541	#endif
		542	#ifdef HAVE_LINUX_AUDIT
		543	linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
		544	"sshd", 0);
		545	#endif
536	#ifdef SSH_AUDIT_EVENTS	546	#ifdef SSH_AUDIT_EVENTS
537	audit_event(SSH_INVALID_USER);	547	audit_event(SSH_INVALID_USER);
538	#endif /* SSH_AUDIT_EVENTS */	548	#endif /* SSH_AUDIT_EVENTS */

Lines 1-5 Link Here

(-)openssh-5.2p1/config.h.in.audit (-3 / +27 lines)
1	/* config.h.in. Generated from configure.ac by autoheader. */	1	/* config.h.in. Generated from configure.ac by autoheader. */
2		2
		3	/* Define if building universal (internal helper macro) */
		4	#undef AC_APPLE_UNIVERSAL_BUILD
		5
3	/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address	6	/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
4	*/	7	*/
5	#undef AIX_GETNAMEINFO_HACK	8	#undef AIX_GETNAMEINFO_HACK
Lines 521-526 Link Here
521	/* Define to 1 if you have the <lastlog.h> header file. */	524	/* Define to 1 if you have the <lastlog.h> header file. */
522	#undef HAVE_LASTLOG_H	525	#undef HAVE_LASTLOG_H
523		526
		527	/* Define to 1 if you have the <libaudit.h> header file. */
		528	#undef HAVE_LIBAUDIT_H
		529
524	/* Define to 1 if you have the `bsm' library (-lbsm). */	530	/* Define to 1 if you have the `bsm' library (-lbsm). */
525	#undef HAVE_LIBBSM	531	#undef HAVE_LIBBSM
526		532
Lines 560-565 Link Here
560	/* Define to 1 if you have the <limits.h> header file. */	566	/* Define to 1 if you have the <limits.h> header file. */
561	#undef HAVE_LIMITS_H	567	#undef HAVE_LIMITS_H
562		568
		569	/* Define if you want Linux audit support. */
		570	#undef HAVE_LINUX_AUDIT
		571
563	/* Define to 1 if you have the <linux/if_tun.h> header file. */	572	/* Define to 1 if you have the <linux/if_tun.h> header file. */
564	#undef HAVE_LINUX_IF_TUN_H	573	#undef HAVE_LINUX_IF_TUN_H
565		574
Lines 756-761 Link Here
756	/* Define to 1 if you have the `setgroups' function. */	765	/* Define to 1 if you have the `setgroups' function. */
757	#undef HAVE_SETGROUPS	766	#undef HAVE_SETGROUPS
758		767
		768	/* Define to 1 if you have the `setkeycreatecon' function. */
		769	#undef HAVE_SETKEYCREATECON
		770
759	/* Define to 1 if you have the `setlogin' function. */	771	/* Define to 1 if you have the `setlogin' function. */
760	#undef HAVE_SETLOGIN	772	#undef HAVE_SETLOGIN
761		773
Lines 1330-1335 Link Here
1330	/* Prepend the address family to IP tunnel traffic */	1342	/* Prepend the address family to IP tunnel traffic */
1331	#undef SSH_TUN_PREPEND_AF	1343	#undef SSH_TUN_PREPEND_AF
1332		1344
		1345	/* Define to your vendor patch level, if it has been modified from the
		1346	upstream source release. */
		1347	#undef SSH_VENDOR_PATCHLEVEL
		1348
1333	/* Define to 1 if you have the ANSI C header files. */	1349	/* Define to 1 if you have the ANSI C header files. */
1334	#undef STDC_HEADERS	1350	#undef STDC_HEADERS
1335		1351
Lines 1397-1405 Link Here
1397	/* Define if you want SELinux support. */	1413	/* Define if you want SELinux support. */
1398	#undef WITH_SELINUX	1414	#undef WITH_SELINUX
1399		1415
1400	/* Define to 1 if your processor stores words with the most significant byte	1416	/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
1401	first (like Motorola and SPARC, unlike Intel and VAX). */	1417	significant byte first (like Motorola and SPARC, unlike Intel). */
1402	#undef WORDS_BIGENDIAN	1418	#if defined AC_APPLE_UNIVERSAL_BUILD
		1419	# if defined __BIG_ENDIAN__
		1420	# define WORDS_BIGENDIAN 1
		1421	# endif
		1422	#else
		1423	# ifndef WORDS_BIGENDIAN
		1424	# undef WORDS_BIGENDIAN
		1425	# endif
		1426	#endif
1403		1427
1404	/* Define if xauth is found in your path */	1428	/* Define if xauth is found in your path */
1405	#undef XAUTH_PATH	1429	#undef XAUTH_PATH




	fi ]
)

# Check whether user wants Linux audit support
LINUX_AUDIT_MSG="no"
AC_ARG_WITH(linux-audit,
	[  --with-linux-audit   Enable Linux audit support],
	[ if test "x$withval" != "xno" ; then
		AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
		LINUX_AUDIT_MSG="yes"
		AC_CHECK_HEADERS(libaudit.h)
		SSHDLIBS="$SSHDLIBS -laudit"
	fi ]
)

# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,

echo "                   OSF SIA support: $SIA_MSG"
echo "                 KerberosV support: $KRB5_MSG"
echo "                   SELinux support: $SELINUX_MSG"
echo "               Linux audit support: $LINUX_AUDIT_MSG"
echo "                 Smartcard support: $SCARD_MSG"
echo "                     S/KEY support: $SKEY_MSG"
echo "              TCP Wrappers support: $TCPW_MSG"

Lines 176-181 Link Here

(-)openssh-5.2p1/loginrec.c.audit (+92 lines)
176	#include "auth.h"	176	#include "auth.h"
177	#include "buffer.h"	177	#include "buffer.h"
178		178
		179	#ifdef HAVE_LINUX_AUDIT
		180	# include <libaudit.h>
		181	#endif
		182
179	#ifdef HAVE_UTIL_H	183	#ifdef HAVE_UTIL_H
180	# include <util.h>	184	# include <util.h>
181	#endif	185	#endif
Lines 202-207 int utmp_write_entry(struct logininfo *l Link Here
202	int utmpx_write_entry(struct logininfo *li);	206	int utmpx_write_entry(struct logininfo *li);
203	int wtmp_write_entry(struct logininfo *li);	207	int wtmp_write_entry(struct logininfo *li);
204	int wtmpx_write_entry(struct logininfo *li);	208	int wtmpx_write_entry(struct logininfo *li);
		209	#ifdef HAVE_LINUX_AUDIT
		210	int linux_audit_write_entry(struct logininfo *li);
		211	#endif
205	int lastlog_write_entry(struct logininfo *li);	212	int lastlog_write_entry(struct logininfo *li);
206	int syslogin_write_entry(struct logininfo *li);	213	int syslogin_write_entry(struct logininfo *li);
207		214
Lines 440-445 login_write(struct logininfo *li) Link Here
440		447
441	/* set the timestamp */	448	/* set the timestamp */
442	login_set_current_time(li);	449	login_set_current_time(li);
		450	#ifdef HAVE_LINUX_AUDIT
		451	if (linux_audit_write_entry(li) == 0)
		452	fatal("linux_audit_write_entry failed: %s", strerror(errno));
		453	#endif
443	#ifdef USE_LOGIN	454	#ifdef USE_LOGIN
444	syslogin_write_entry(li);	455	syslogin_write_entry(li);
445	#endif	456	#endif
Lines 1394-1399 wtmpx_get_entry(struct logininfo *li) Link Here
1394	}	1405	}
1395	#endif /* USE_WTMPX */	1406	#endif /* USE_WTMPX */
1396		1407
		1408	#ifdef HAVE_LINUX_AUDIT
		1409	static void
		1410	_audit_hexscape(const char what, char where, unsigned int size)
		1411	{
		1412	const char *ptr = what;
		1413	const char *hex = "0123456789ABCDEF";
		1414
		1415	while (*ptr) {
		1416	if (ptr == '"' \|\| ptr < 0x21 \|\| *ptr > 0x7E) {
		1417	unsigned int i;
		1418	ptr = what;
		1419	for (i = 0; *ptr && i+2 < size; i += 2) {
		1420	where[i] = hex[((unsigned)ptr & 0xF0)>>4]; / Upper nibble */
		1421	where[i+1] = hex[(unsigned)ptr & 0x0F]; / Lower nibble */
		1422	ptr++;
		1423	}
		1424	where[i] = '\0';
		1425	return;
		1426	}
		1427	ptr++;
		1428	}
		1429	where[0] = '"';
		1430	if ((unsigned)(ptr - what) < size - 3)
		1431	{
		1432	size = ptr - what + 3;
		1433	}
		1434	strncpy(where + 1, what, size - 3);
		1435	where[size-2] = '"';
		1436	where[size-1] = '\0';
		1437	}
		1438
		1439	#define AUDIT_LOG_SIZE 128
		1440	#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
		1441
		1442	int
		1443	linux_audit_record_event(int uid, const char *username,
		1444	const char hostname, const char ip, const char *ttyn, int success)
		1445	{
		1446	char buf[AUDIT_LOG_SIZE];
		1447	int audit_fd, rc;
		1448
		1449	audit_fd = audit_open();
		1450	if (audit_fd < 0) {
		1451	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\|
		1452	errno == EAFNOSUPPORT)
		1453	return 1; /* No audit support in kernel */
		1454	else
		1455	return 0; /* Must prevent login */
		1456	}
		1457	if (username == NULL)
		1458	snprintf(buf, sizeof(buf), "uid=%d", uid);
		1459	else {
		1460	char encoded[AUDIT_ACCT_SIZE];
		1461	_audit_hexscape(username, encoded, sizeof(encoded));
		1462	snprintf(buf, sizeof(buf), "acct=%s", encoded);
		1463	}
		1464	rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
		1465	buf, hostname, ip, ttyn, success);
		1466	close(audit_fd);
		1467	if (rc >= 0)
		1468	return 1;
		1469	else
		1470	return 0;
		1471	}
1472
1473	int
1474	linux_audit_write_entry(struct logininfo *li)
1475	{
1476	switch(li->type) {
1477	case LTYPE_LOGIN:
1478	return (linux_audit_record_event(li->uid, NULL, li->hostname,
1479	NULL, li->line, 1));
1480	case LTYPE_LOGOUT:
1481	return (1); /* We only care about logins */
1482	default:
1483	logit("%s: invalid type field", __func__);
1484	return (0);
1485	}
1486	}
1487	#endif /* HAVE_LINUX_AUDIT */
1488
1397	/**	1489	/**
1398	** Low-level libutil login() functions	1490	** Low-level libutil login() functions
1399	**/	1491	**/

Lines 127-131 char line_stripname(char dst, const ch Link Here

(-)openssh-5.2p1/loginrec.h.audit (+4 lines)
127	char line_abbrevname(char dst, const char *src, int dstsize);	127	char line_abbrevname(char dst, const char *src, int dstsize);
128		128
129	void record_failed_login(const char , const char , const char *);	129	void record_failed_login(const char , const char , const char *);
		130	#ifdef HAVE_LINUX_AUDIT
		131	int linux_audit_record_event(int uid, const char *username,
		132	const char hostname, const char ip, const char *ttyn, int success);
		133	#endif /* HAVE_LINUX_AUDIT */
130		134
131	#endif /* _HAVE_LOGINREC_H_ */	135	#endif /* _HAVE_LOGINREC_H_ */

Return to bug 1642

Lines 3342-3347 AC_ARG_WITH(selinux, Link Here

(-)openssh-5.2p1/configure.ac.audit (+13 lines)
3342	fi ]	3342	fi ]
3343	)	3343	)
3344		3344
		3345	# Check whether user wants Linux audit support
		3346	LINUX_AUDIT_MSG="no"
		3347	AC_ARG_WITH(linux-audit,
		3348	[ --with-linux-audit Enable Linux audit support],
		3349	[ if test "x$withval" != "xno" ; then
		3350	AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
		3351	LINUX_AUDIT_MSG="yes"
		3352	AC_CHECK_HEADERS(libaudit.h)
		3353	SSHDLIBS="$SSHDLIBS -laudit"
		3354	fi ]
		3355	)
		3356
3345	# Check whether user wants Kerberos 5 support	3357	# Check whether user wants Kerberos 5 support
3346	KRB5_MSG="no"	3358	KRB5_MSG="no"
3347	AC_ARG_WITH(kerberos5,	3359	AC_ARG_WITH(kerberos5,
Lines 4170-4175 echo " PAM support Link Here
4170	echo " OSF SIA support: $SIA_MSG"	4182	echo " OSF SIA support: $SIA_MSG"
4171	echo " KerberosV support: $KRB5_MSG"	4183	echo " KerberosV support: $KRB5_MSG"
4172	echo " SELinux support: $SELINUX_MSG"	4184	echo " SELinux support: $SELINUX_MSG"
		4185	echo " Linux audit support: $LINUX_AUDIT_MSG"
4173	echo " Smartcard support: $SCARD_MSG"	4186	echo " Smartcard support: $SCARD_MSG"
4174	echo " S/KEY support: $SKEY_MSG"	4187	echo " S/KEY support: $SKEY_MSG"
4175	echo " TCP Wrappers support: $TCPW_MSG"	4188	echo " TCP Wrappers support: $TCPW_MSG"