Bugzilla – Attachment 777 Details for
Bug 974
Record Badlogins for all supported Authentication methods
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
BTMP PATCH
BTMP-PATCH.txt (text/plain), 8.01 KB, created by
Ashok
on 2005-01-20 21:09:43 AEDT
(
hide
)
Description:
BTMP PATCH
Filename:
MIME Type:
Creator:
Ashok
Created:
2005-01-20 21:09:43 AEDT
Size:
8.01 KB
patch
obsolete
>--- Orginal/openssh/auth.c 2004-08-12 18:10:25.000000000 +0530 >+++ Patched/openssh/auth.c 2005-01-20 15:13:08.281151112 +0530 >@@ -50,6 +50,7 @@ > #include "misc.h" > #include "bufaux.h" > #include "packet.h" >+#include "monitor_wrap.h" > > /* import */ > extern ServerOptions options; >@@ -230,6 +231,18 @@ > else > authmsg = authenticated ? "Accepted" : "Failed"; > >+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "gssapi-with-mic") || !strcmp(method, "publickey") || !strcmp(method, "hostbased"))){ >+ debug("=== calling log_btmp uid %d ===\n", getuid()); >+ PRIVSEP(log_btmp(authctxt->user,get_canonical_hostname(options.use_dns))); >+ } >+ >+ >+ if(!authenticated && !authctxt->postponed && (!strcmp(method, "password") || !strcmp(method, " keyboard-interactive") || !strcmp(method,"challenge-response") || !strcmp(method,"keyboard-interactive/pam"))){ >+ if ( getuid() == 0) { >+ debug("=== calling log_btmp uid %d ===\n", getuid()); >+ log_btmp(authctxt->user,get_canonical_hostname(options.use_dns)); >+ } >+ } > authlog("%s %s for %s%.100s from %.200s port %d%s", > authmsg, > method, > >--- Orginal/openssh/loginrec.c 2004-09-12 10:56:01.000000000 +0530 >+++ Patched/openssh/loginrec.c 2005-01-20 15:03:15.855213544 +0530 >@@ -123,6 +123,23 @@ > * > * Otherwise, patches to the specific method(s) are very helpful! > */ >+/* >+ * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. >+ * All rights reserved. >+ * >+ * Redistribution and use in source and binary forms are permitted >+ * provided that the above copyright notice and this paragraph are >+ * duplicated in all such forms and that any documentation, >+ * advertising materials, and other materials related to such >+ * distribution and use acknowledge that the software was developed >+ * by the University of California, Berkeley. The name of the >+ * University may not be used to endorse or promote products derived >+ * from this software without specific prior written permission. >+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED >+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. >+ */ >+ > > #include "includes.h" > >@@ -1563,3 +1580,54 @@ > return (0); > } > #endif /* USE_LASTLOG */ >+ >+ /* >+ * Logs failed login attempts in _PATH_BTMP if that exists. >+ * The most common login failure is to give password instead of username. >+ * So the _PATH_BTMP file checked for the correct permission, so that >+ * only root can read it. >+ */ >+ >+#define _PATH_BTMP "/var/adm/btmp" >+void >+log_btmp(const char *username, const char *hostname) { >+ int fd, n; >+ struct utmp ut; >+ time_t t; >+ struct stat fst; >+ >+ memset(&ut, 0, sizeof(ut)); >+ strncpy(ut.ut_user, username, sizeof(ut.ut_user)); >+ strcpy(ut.ut_line,"ssh:notty"); >+ >+ time(&t); >+ ut.ut_time = t; /* ut_time is not always a time_t */ >+ >+ ut.ut_type = LOGIN_PROCESS; >+ ut.ut_pid = getpid(); >+ if (stat(_PATH_BTMP,&fst) == -1){ >+ log("btmp file %s does not exist\n",_PATH_BTMP); >+ return; >+ } >+ >+ if((fst.st_mode & (S_IRWXG | S_IRWXO))||(fst.st_uid != 0)){ >+ log("Excess permission or bad ownership on file %s\n",_PATH_BTMP); >+ return; >+ } >+ if (hostname) { >+ struct hostent *he; >+ strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); >+ if ((he = gethostbyname(hostname))) >+ memcpy(&ut.ut_addr, he->h_addr_list[0], sizeof(ut.ut_addr)); >+ } >+ >+ fd = open(_PATH_BTMP, O_WRONLY | O_APPEND); >+ if (fd == -1) { >+ log("Unable to open the btmp file %s\n",_PATH_BTMP); >+ return; >+ } >+ n = atomicio(vwrite,fd, &ut, sizeof(ut)); >+ close(fd); >+ >+ } >+ > > >--- Orginal/openssh/monitor.h 2003-11-17 16:48:22.000000000 +0530 >+++ Patched/openssh/monitor.h 2005-01-19 20:32:32.000000000 +0530 >@@ -59,7 +59,8 @@ > MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY, > MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, > MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, >- MONITOR_REQ_TERM >+ MONITOR_REQ_TERM, >+ MONITOR_REQ_BADLOGIN > }; > > struct mm_master; > >--- Orginal/openssh/monitor.c 2004-09-11 18:37:03.000000000 +0530 >+++ Patched/openssh/monitor.c 2005-01-19 20:46:43.000000000 +0530 >@@ -126,6 +126,7 @@ > int mm_answer_rsa_response(int, Buffer *); > int mm_answer_sesskey(int, Buffer *); > int mm_answer_sessid(int, Buffer *); >+int mm_answer_log_btmp(int, Buffer *); > > #ifdef USE_PAM > int mm_answer_pam_start(int, Buffer *); >@@ -202,6 +203,7 @@ > {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, > {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, > #endif >+ {MONITOR_REQ_BADLOGIN, MON_ISAUTH, mm_answer_log_btmp}, > {0, 0, NULL} > }; > >@@ -211,6 +213,7 @@ > {MONITOR_REQ_PTY, 0, mm_answer_pty}, > {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, > {MONITOR_REQ_TERM, 0, mm_answer_term}, >+ {MONITOR_REQ_BADLOGIN, 0, mm_answer_log_btmp}, > {0, 0, NULL} > }; > >@@ -239,6 +242,7 @@ > {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, > {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, > #endif >+ {MONITOR_REQ_BADLOGIN , MON_ISAUTH , mm_answer_log_btmp}, > {0, 0, NULL} > }; > >@@ -246,6 +250,7 @@ > {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, > {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, > {MONITOR_REQ_TERM, 0, mm_answer_term}, >+ {MONITOR_REQ_BADLOGIN , 0, mm_answer_log_btmp}, > {0, 0, NULL} > }; > >@@ -378,6 +383,7 @@ > monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); > monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); > } >+ monitor_permit(mon_dispatch, MONITOR_REQ_BADLOGIN, 1); > > for (;;) > monitor_read(pmonitor, mon_dispatch, NULL); >@@ -1850,3 +1856,25 @@ > return (authenticated); > } > #endif /* GSSAPI */ >+ >+/* RECORD_BADLOGINS >+ Receive a "bad login request" from the unpriviledged >+ process. The priviledged process will receive the user >+ and the hostname. Record the bad login attempt. >+*/ >+int mm_answer_log_btmp(int socket, Buffer *m){ >+ char user[1024]; >+ char hostname[1024]; >+ >+ memset(user,0, 1024); >+ memset(hostname,0, 1024); >+ >+ buffer_get(m, user ,1024); >+ buffer_get(m, hostname ,1024); >+ >+ debug("#### Priviledged process: received user %s host %s",user, hostname ); >+ >+ log_btmp(user,get_canonical_hostname(options.use_dns)); >+} >+ >+ > >--- Orginal/openssh/monitor_wrap.c 2004-09-11 18:37:03.000000000 +0530 >+++ Patched/openssh/monitor_wrap.c 2005-01-20 15:05:54.513093880 +0530 >@@ -1188,3 +1188,23 @@ > return (authenticated); > } > #endif /* GSSAPI */ >+ >+/* BADLOGINS FIX >+ * Only the priviledged process can update the /var/adm/btmp. >+ * Send user and hostname name to the priviledged process. >+*/ >+ >+int >+mm_log_btmp(const char *username, const char *hostname) { >+ Buffer m; >+ buffer_init(&m); >+ >+ buffer_append(&m, username, 1024); >+ buffer_append(&m, hostname, 1024); >+ >+ debug("=== calling log_btmp uid %d by a priviledged process ===", getuid()); >+ >+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BADLOGIN, &m); >+ >+ buffer_free(&m); >+} > >--- Orginal/openssh/monitor_wrap.h 2004-06-22 08:26:02.000000000 +0530 >+++ Patched/openssh/monitor_wrap.h 2005-01-20 15:06:22.971767504 +0530 >@@ -106,3 +106,5 @@ > void mm_init_compression(struct mm_master *); > > #endif /* _MM_H_ */ >+ >+int mm_log_btmp(const char *username, const char *hostname);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=777">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 974
:
774
|
776
|
777
|
780
|
781
|
785
|
787
|
798
|
799
|
862