Attachment #793 for bug #125

View | Details | Raw Unified | Return to bug 125 | Differences between

and this patch

Lines 85-91 SSHDOBJS=sshd.o auth-rhosts.o auth-passw Link Here

(-)Makefile.in (-1 / +1 lines)
85	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \	85	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
86	auth-krb5.o \	86	auth-krb5.o \
87	auth2-gss.o gss-serv.o gss-serv-krb5.o \	87	auth2-gss.o gss-serv.o gss-serv-krb5.o \
88	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o	88	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
89		89
90	MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out	90	MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
91	MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5	91	MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5




/* $Id$ */

/*
 * Copyright (c) 2004, 2005 Darren Tucker.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"
#ifndef CUSTOM_AUDIT_EVENTS

#include "audit.h"
#include "log.h"
#include "auth.h"

extern Authctxt *the_authctxt;

/*
 * Null implementations of audit functions.
 * These get used if AUDIT_EVENTS is enabled but no audit module is defined.
 */

void
audit_connection_from(const char *host, int port)
{
	debug("%s: euid %d connection from %s port %d", __func__, geteuid(),
	    host, port);
}

void
audit_event(enum audit_event_type event)
{
	/* XXX debugging only */
	char *eventstr[] = {
		"AUTH_FAILED",
		"LOGIN_SUCCESS",
		"LOGIN_EXCEED_MAXTRIES",
		"LOGIN_FAIL_NONE",
		"LOGIN_FAIL_BADPW",
		"LOGIN_FAIL_KBDINT",
		"LOGIN_FAIL_OTHER",
		"INVALID_USER",
		"ROOT_NOT_CONSOLE",
		"NOLOGIN",
		"LOGOUT"
	};

	debug("%s: euid %d user %s event %d (%s)", __func__, geteuid(),
	    the_authctxt->user, event, eventstr[event]);
}

void
audit_save_ttyn(const char *ttyn)
{
	debug("%s: euid %d user %s tty name %s", __func__, geteuid(),
	     the_authctxt->user, ttyn);
}

void
audit_run_command(const char *command)
{
	debug("%s: euid %d user %s command '%s'", __func__, geteuid(),
	    the_authctxt->user, command);
}

void
record_failed_login(const char *user, const char *ttyname)
{
	debug("%s: (audit) euid %d user %s ttyname %s", __func__, geteuid(),
	    user, ttyname);
}
#endif




/* $Id$ */

/*
 * Copyright (c) 2004, 2005 Darren Tucker.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "auth.h"

#ifndef _SSH_AUDIT_H
# define _SSH_AUDIT_H
enum audit_event_type {
	AUTH_FAILED,		/* merge with LOGIN_FAIL_BADPW? */
	LOGIN_SUCCESS,
	LOGIN_EXCEED_MAXTRIES,
	LOGIN_FAIL_NONE,
	LOGIN_FAIL_BADPW,
	LOGIN_FAIL_KBDINT,
	LOGIN_FAIL_OTHER,
	INVALID_USER,
	ROOT_NOT_CONSOLE,
	NOLOGIN,
	LOGOUT
};

void audit_init(Authctxt *ctxt);
void audit_connection_from(const char *host, int port);
void audit_event(enum audit_event_type event);
void audit_save_ttyn(const char *ttyn);
void audit_run_command(const char *command);
void record_failed_login(const char *, const char *);

#endif /* _SSH_AUDIT_H */




#include "misc.h"
#include "bufaux.h"
#include "packet.h"
#include "monitor_wrap.h"

/* import */
extern ServerOptions options;

	if (authenticated == 0 && strcmp(method, "password") == 0)
		record_failed_login(authctxt->user, "ssh");
#endif
#ifdef AUDIT_EVENTS
	if (authenticated == 0) {
		enum audit_event_type event = LOGIN_FAIL_OTHER;

		if (strcmp(method, "none") == 0)
			event = LOGIN_FAIL_NONE;
		else if (strcmp(method, "password") == 0)
			event = LOGIN_FAIL_BADPW;
		else if (strcmp(method, "keyboard-interactive") == 0)
			event = LOGIN_FAIL_KBDINT;

		if (geteuid() == 0)
			audit_event(event);
	}
#endif
}

/*

#ifdef CUSTOM_FAILED_LOGIN
		record_failed_login(user, "ssh");
#endif
#ifdef AUDIT_EVENTS
		audit_event(INVALID_USER);
#endif /* AUDIT_EVENTS */
		return (NULL);
	}
	if (!allowed_user(pw))

Lines 130-135 int auth_shadow_pwexpired(Authctxt *); Link Here

(-)auth.h (+1 lines)
130	#endif	130	#endif
131		131
132	#include "auth-pam.h"	132	#include "auth-pam.h"
		133	#include "audit.h"
133	void remove_kbdint_device(const char *);	134	void remove_kbdint_device(const char *);
134		135
135	void disable_forwarding(void);	136	void disable_forwarding(void);

Lines 247-254 do_authloop(Authctxt *authctxt) Link Here

(-)auth1.c (-2 / +11 lines)
247	#else	247	#else
248	/* Special handling for root */	248	/* Special handling for root */
249	if (authenticated && authctxt->pw->pw_uid == 0 &&	249	if (authenticated && authctxt->pw->pw_uid == 0 &&
250	!auth_root_allowed(get_authname(type)))	250	!auth_root_allowed(get_authname(type))) {
251	authenticated = 0;	251	authenticated = 0;
		252	# ifdef AUDIT_EVENTS
		253	PRIVSEP(audit_event(ROOT_NOT_CONSOLE));
		254	# endif
		255	}
252	#endif	256	#endif
253		257
254	#ifdef USE_PAM	258	#ifdef USE_PAM
Lines 283-290 do_authloop(Authctxt *authctxt) Link Here
283	if (authenticated)	287	if (authenticated)
284	return;	288	return;
285		289
286	if (authctxt->failures++ > options.max_authtries)	290	if (authctxt->failures++ > options.max_authtries) {
		291	#ifdef AUDIT_EVENTS
		292	if (use_privsep)
		293	PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
		294	#endif
287	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	295	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		296	}
288		297
289	packet_start(SSH_SMSG_FAILURE);	298	packet_start(SSH_SMSG_FAILURE);
290	packet_send();	299	packet_send();

Lines 167-172 input_userauth_request(int type, u_int32 Link Here

(-)auth2.c (-2 / +14 lines)
167	if (options.use_pam)	167	if (options.use_pam)
168	PRIVSEP(start_pam(authctxt));	168	PRIVSEP(start_pam(authctxt));
169	#endif	169	#endif
		170	#ifdef AUDIT_EVENTS
		171	PRIVSEP(audit_event(INVALID_USER));
		172	#endif
170	}	173	}
171	setproctitle("%s%s", authctxt->valid ? user : "unknown",	174	setproctitle("%s%s", authctxt->valid ? user : "unknown",
172	use_privsep ? " [net]" : "");	175	use_privsep ? " [net]" : "");
Lines 214-221 userauth_finish(Authctxt *authctxt, int Link Here
214		217
215	/* Special handling for root */	218	/* Special handling for root */
216	if (authenticated && authctxt->pw->pw_uid == 0 &&	219	if (authenticated && authctxt->pw->pw_uid == 0 &&
217	!auth_root_allowed(method))	220	!auth_root_allowed(method)) {
218	authenticated = 0;	221	authenticated = 0;
		222	#ifdef AUDIT_EVENTS
		223	PRIVSEP(audit_event(ROOT_NOT_CONSOLE));
		224	#endif
		225	}
219		226
220	#ifdef USE_PAM	227	#ifdef USE_PAM
221	if (options.use_pam && authenticated) {	228	if (options.use_pam && authenticated) {
Lines 255-262 userauth_finish(Authctxt *authctxt, int Link Here
255	/* now we can break out */	262	/* now we can break out */
256	authctxt->success = 1;	263	authctxt->success = 1;
257	} else {	264	} else {
258	if (authctxt->failures++ > options.max_authtries)	265	if (authctxt->failures++ > options.max_authtries) {
		266	#ifdef AUDIT_EVENTS
		267	if (use_privsep)
		268	PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
		269	#endif
259	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	270	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		271	}
260	methods = authmethods_get();	272	methods = authmethods_get();
261	packet_start(SSH2_MSG_USERAUTH_FAILURE);	273	packet_start(SSH2_MSG_USERAUTH_FAILURE);
262	packet_put_cstring(methods);	274	packet_put_cstring(methods);

Lines 131-136 Link Here

(-)loginrec.c (+8 lines)
131	#include "loginrec.h"	131	#include "loginrec.h"
132	#include "log.h"	132	#include "log.h"
133	#include "atomicio.h"	133	#include "atomicio.h"
		134	#include "auth.h"
134		135
135	#ifdef HAVE_UTIL_H	136	#ifdef HAVE_UTIL_H
136	# include <util.h>	137	# include <util.h>
Lines 205-210 login_login(struct logininfo *li) Link Here
205	int	206	int
206	login_logout(struct logininfo *li)	207	login_logout(struct logininfo *li)
207	{	208	{
		209	#ifdef AUDIT_EVENTS
		210	audit_event(LOGOUT);
		211	#endif
208	li->type = LTYPE_LOGOUT;	212	li->type = LTYPE_LOGOUT;
209	return (login_write(li));	213	return (login_write(li));
210	}	214	}
Lines 419-424 login_write(struct logininfo *li) Link Here
419	if (li->type == LTYPE_LOGIN &&	423	if (li->type == LTYPE_LOGIN &&
420	!sys_auth_record_login(li->username,li->hostname,li->line))	424	!sys_auth_record_login(li->username,li->hostname,li->line))
421	logit("Writing login record failed for %s", li->username);	425	logit("Writing login record failed for %s", li->username);
		426	#endif
		427	#ifdef AUDIT_EVENTS
		428	if (li->type == LTYPE_LOGIN)
		429	audit_save_ttyn(li->line);
422	#endif	430	#endif
423	return (0);	431	return (0);
424	}	432	}

Lines 143-148 int mm_answer_gss_userok(int, Buffer *); Link Here

(-)monitor.c (+52 lines)
143	int mm_answer_gss_checkmic(int, Buffer *);	143	int mm_answer_gss_checkmic(int, Buffer *);
144	#endif	144	#endif
145		145
		146	#ifdef AUDIT_EVENTS
		147	int mm_answer_audit_event(int, Buffer *);
		148	int mm_answer_audit_command(int, Buffer *);
		149	#endif
		150
146	static Authctxt *authctxt;	151	static Authctxt *authctxt;
147	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */	152	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */
148		153
Lines 186-191 struct mon_table mon_dispatch_proto20[] Link Here
186	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	191	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
187	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	192	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
188	#endif	193	#endif
		194	#ifdef AUDIT_EVENTS
		195	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		196	#endif
189	#ifdef BSD_AUTH	197	#ifdef BSD_AUTH
190	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},	198	{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
191	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},	199	{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
Lines 211-216 struct mon_table mon_dispatch_postauth20 Link Here
211	{MONITOR_REQ_PTY, 0, mm_answer_pty},	219	{MONITOR_REQ_PTY, 0, mm_answer_pty},
212	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},	220	{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
213	{MONITOR_REQ_TERM, 0, mm_answer_term},	221	{MONITOR_REQ_TERM, 0, mm_answer_term},
		222	#ifdef AUDIT_EVENTS
		223	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		224	{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT\|MON_ONCE, mm_answer_audit_command},
		225	#endif
214	{0, 0, NULL}	226	{0, 0, NULL}
215	};	227	};
216		228
Lines 1490-1495 mm_answer_term(int sock, Buffer *req) Link Here
1490	/* Terminate process */	1502	/* Terminate process */
1491	exit(res);	1503	exit(res);
1492	}	1504	}
		1505
		1506	#ifdef AUDIT_EVENTS
		1507	/* Report that an audit event occurred */
		1508	int
		1509	mm_answer_audit_event(int socket, Buffer *m)
		1510	{
		1511	enum audit_event_type event;
		1512
		1513	debug3("%s entering", __func__);
		1514
		1515	event = buffer_get_int(m);
		1516	buffer_free(m);
		1517	switch(event) {
		1518	case NOLOGIN:
		1519	case AUTH_FAILED:
		1520	case LOGIN_EXCEED_MAXTRIES:
		1521	audit_event(event);
		1522	break;
		1523	default:
		1524	fatal("Audit event type %d not permitted", event);
		1525	}
		1526
		1527	return (0);
		1528	}
		1529
		1530	int
		1531	mm_answer_audit_command(int socket, Buffer *m)
		1532	{
		1533	u_int len;
		1534	char *cmd;
		1535
		1536	debug3("%s entering", __func__);
		1537	cmd = buffer_get_string(m, &len);
		1538	/* sanity check command, if so how? */
		1539	buffer_free(m);
		1540	audit_run_command(cmd);
		1541	xfree(cmd);
		1542	return (0);
		1543	}
		1544	#endif /* AUDIT_EVENTS */
1493		1545
1494	void	1546	void
1495	monitor_apply_keystate(struct monitor *pmonitor)	1547	monitor_apply_keystate(struct monitor *pmonitor)

Lines 59-64 enum monitor_reqtype { Link Here

(-)monitor.h (+1 lines)
59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,	59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
		62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
62	MONITOR_REQ_TERM	63	MONITOR_REQ_TERM
63	};	64	};
64		65




	return (success);
}

#ifdef AUDIT_EVENTS
void
mm_audit_event(enum audit_event_type event)
{
	Buffer m;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_int(&m, event);

	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
	buffer_free(&m);
}

void
mm_audit_run_command(const char *command)
{
	Buffer m;

	debug3("%s entering command %s", __func__, command);

	buffer_init(&m);
	buffer_put_cstring(&m, command);

	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
	buffer_free(&m);
}
#endif /* AUDIT_EVENTS */

#ifdef GSSAPI
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)

Lines 74-79 int mm_sshpam_respond(void *, u_int, cha Link Here

(-)monitor_wrap.h (+6 lines)
74	void mm_sshpam_free_ctx(void *);	74	void mm_sshpam_free_ctx(void *);
75	#endif	75	#endif
76		76
		77	#ifdef AUDIT_EVENTS
		78	#include "audit.h"
		79	void mm_audit_event(enum audit_event_type);
		80	void mm_audit_run_command(const char *);
		81	#endif
		82
77	struct Session;	83	struct Session;
78	void mm_terminate(void);	84	void mm_terminate(void);
79	int mm_pty_allocate(int , int , char *, int);	85	int mm_pty_allocate(int , int , char *, int);




#endif

static int is_child = 0;
static int nologin = 0;

/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;

		debug("Forced command '%.900s'", command);
	}

#ifdef AUDIT_EVENTS
	if (command != NULL)
		PRIVSEP(audit_run_command(command));
	/*
	 * this is incompatible with the HAVE_LOGIN_CAP bits in do_nologin.
	 * To fix it would require changing do_nologin to return a value.
	 */
	if (s->pw->pw_uid != 0) {
		FILE *f;

		if ((f = fopen(_PATH_NOLOGIN, "r")) != NULL) {
			fclose(f);
			nologin = 1;
			PRIVSEP(audit_event(NOLOGIN));
		}
	}
#endif

#ifdef GSSAPI
	if (options.gss_authentication) {
		temporarily_use_uid(s->pw);

	if (pw->pw_uid)
		f = fopen(_PATH_NOLOGIN, "r");
#endif

#ifdef AUDIT_EVENTS
	if (nologin && f == NULL) {
		/* we recorded a nologin earlier but the file has disappeared */
		printf("Can't open %s: %s", _PATH_NOLOGIN, strerror(errno));
		fflush(NULL);
		exit(254);
	}
#endif

	if (f) {
		/* /etc/nologin exists.  Print its contents and exit. */
		logit("User %.100s not allowed because %s exists",

Lines 1628-1633 main(int ac, char **av) Link Here

(-)sshd.c (+7 lines)
1628	remote_port = get_remote_port();	1628	remote_port = get_remote_port();
1629	remote_ip = get_remote_ipaddr();	1629	remote_ip = get_remote_ipaddr();
1630		1630
		1631	#ifdef AUDIT_EVENTS
		1632	audit_connection_from(remote_ip, remote_port);
		1633	#endif
1631	#ifdef LIBWRAP	1634	#ifdef LIBWRAP
1632	/* Check whether logins are denied from this host. */	1635	/* Check whether logins are denied from this host. */
1633	if (packet_connection_is_on_socket()) {	1636	if (packet_connection_is_on_socket()) {
Lines 1697-1702 main(int ac, char **av) Link Here
1697	}	1700	}
1698		1701
1699	authenticated:	1702	authenticated:
		1703	#ifdef AUDIT_EVENTS
		1704	audit_event(LOGIN_SUCCESS);
		1705	#endif
		1706
1700	/*	1707	/*
1701	* In privilege separation, we fork another child and prepare	1708	* In privilege separation, we fork another child and prepare
1702	* file descriptor passing.	1709	* file descriptor passing.

Return to bug 125

Lines 1103-1108 mm_auth_rsa_verify_response(Key *key, BI Link Here

(-)monitor_wrap.c (+30 lines)
1103	return (success);	1103	return (success);
1104	}	1104	}
1105		1105
		1106	#ifdef AUDIT_EVENTS
		1107	void
		1108	mm_audit_event(enum audit_event_type event)
		1109	{
		1110	Buffer m;
		1111
		1112	debug3("%s entering", __func__);
		1113
		1114	buffer_init(&m);
		1115	buffer_put_int(&m, event);
		1116
		1117	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
		1118	buffer_free(&m);
		1119	}
		1120
		1121	void
		1122	mm_audit_run_command(const char *command)
		1123	{
		1124	Buffer m;
		1125
		1126	debug3("%s entering command %s", __func__, command);
		1127
		1128	buffer_init(&m);
		1129	buffer_put_cstring(&m, command);
		1130
		1131	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
		1132	buffer_free(&m);
		1133	}
		1134	#endif /* AUDIT_EVENTS */
		1135
1106	#ifdef GSSAPI	1136	#ifdef GSSAPI
1107	OM_uint32	1137	OM_uint32
1108	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)	1138	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID goid)

Lines 111-116 login_cap_t *lc; Link Here

(-)session.c (+29 lines)
111	#endif	111	#endif
112		112
113	static int is_child = 0;	113	static int is_child = 0;
		114	static int nologin = 0;
114		115
115	/* Name and directory of socket for authentication agent forwarding. */	116	/* Name and directory of socket for authentication agent forwarding. */
116	static char *auth_sock_name = NULL;	117	static char *auth_sock_name = NULL;
Lines 665-670 do_exec(Session s, const char command) Link Here
665	debug("Forced command '%.900s'", command);	666	debug("Forced command '%.900s'", command);
666	}	667	}
667		668
		669	#ifdef AUDIT_EVENTS
		670	if (command != NULL)
		671	PRIVSEP(audit_run_command(command));
		672	/*
		673	* this is incompatible with the HAVE_LOGIN_CAP bits in do_nologin.
		674	* To fix it would require changing do_nologin to return a value.
		675	*/
		676	if (s->pw->pw_uid != 0) {
		677	FILE *f;
		678
		679	if ((f = fopen(_PATH_NOLOGIN, "r")) != NULL) {
		680	fclose(f);
		681	nologin = 1;
		682	PRIVSEP(audit_event(NOLOGIN));
		683	}
		684	}
		685	#endif
		686
668	#ifdef GSSAPI	687	#ifdef GSSAPI
669	if (options.gss_authentication) {	688	if (options.gss_authentication) {
670	temporarily_use_uid(s->pw);	689	temporarily_use_uid(s->pw);
Lines 1228-1233 do_nologin(struct passwd *pw) Link Here
1228	if (pw->pw_uid)	1247	if (pw->pw_uid)
1229	f = fopen(_PATH_NOLOGIN, "r");	1248	f = fopen(_PATH_NOLOGIN, "r");
1230	#endif	1249	#endif
		1250
		1251	#ifdef AUDIT_EVENTS
		1252	if (nologin && f == NULL) {
		1253	/* we recorded a nologin earlier but the file has disappeared */
		1254	printf("Can't open %s: %s", _PATH_NOLOGIN, strerror(errno));
		1255	fflush(NULL);
		1256	exit(254);
		1257	}
		1258	#endif
		1259
1231	if (f) {	1260	if (f) {
1232	/* /etc/nologin exists. Print its contents and exit. */	1261	/* /etc/nologin exists. Print its contents and exit. */
1233	logit("User %.100s not allowed because %s exists",	1262	logit("User %.100s not allowed because %s exists",

Added Link Here

(-)audit.c (+90 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	* 2. Redistributions in binary form must reproduce the above copyright
12	* notice, this list of conditions and the following disclaimer in the
13	* documentation and/or other materials provided with the distribution.
14	*
15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*/
26
27	#include "includes.h"
28	#ifndef CUSTOM_AUDIT_EVENTS
29
30	#include "audit.h"
31	#include "log.h"
32	#include "auth.h"
33
34	extern Authctxt *the_authctxt;
35
36	/*
37	* Null implementations of audit functions.
38	* These get used if AUDIT_EVENTS is enabled but no audit module is defined.
39	*/
40
41	void
42	audit_connection_from(const char *host, int port)
43	{
44	debug("%s: euid %d connection from %s port %d", __func__, geteuid(),
45	host, port);
46	}
47
48	void
49	audit_event(enum audit_event_type event)
50	{
51	/* XXX debugging only */
52	char *eventstr[] = {
53	"AUTH_FAILED",
54	"LOGIN_SUCCESS",
55	"LOGIN_EXCEED_MAXTRIES",
56	"LOGIN_FAIL_NONE",
57	"LOGIN_FAIL_BADPW",
58	"LOGIN_FAIL_KBDINT",
59	"LOGIN_FAIL_OTHER",
60	"INVALID_USER",
61	"ROOT_NOT_CONSOLE",
62	"NOLOGIN",
63	"LOGOUT"
64	};
65
66	debug("%s: euid %d user %s event %d (%s)", __func__, geteuid(),
67	the_authctxt->user, event, eventstr[event]);
68	}
69
70	void
71	audit_save_ttyn(const char *ttyn)
72	{
73	debug("%s: euid %d user %s tty name %s", __func__, geteuid(),
74	the_authctxt->user, ttyn);
75	}
76
77	void
78	audit_run_command(const char *command)
79	{
80	debug("%s: euid %d user %s command '%s'", __func__, geteuid(),
81	the_authctxt->user, command);
82	}
83
84	void
85	record_failed_login(const char user, const char ttyname)
86	{
87	debug("%s: (audit) euid %d user %s ttyname %s", __func__, geteuid(),
88	user, ttyname);
89	}
90	#endif

Added Link Here

(-)audit.h (+52 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	* 2. Redistributions in binary form must reproduce the above copyright
12	* notice, this list of conditions and the following disclaimer in the
13	* documentation and/or other materials provided with the distribution.
14	*
15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*/
26
27	#include "auth.h"
28
29	#ifndef _SSH_AUDIT_H
30	# define _SSH_AUDIT_H
31	enum audit_event_type {
32	AUTH_FAILED, /* merge with LOGIN_FAIL_BADPW? */
33	LOGIN_SUCCESS,
34	LOGIN_EXCEED_MAXTRIES,
35	LOGIN_FAIL_NONE,
36	LOGIN_FAIL_BADPW,
37	LOGIN_FAIL_KBDINT,
38	LOGIN_FAIL_OTHER,
39	INVALID_USER,
40	ROOT_NOT_CONSOLE,
41	NOLOGIN,
42	LOGOUT
43	};
44
45	void audit_init(Authctxt *ctxt);
46	void audit_connection_from(const char *host, int port);
47	void audit_event(enum audit_event_type event);
48	void audit_save_ttyn(const char *ttyn);
49	void audit_run_command(const char *command);
50	void record_failed_login(const char , const char );
51
52	#endif /* _SSH_AUDIT_H */

Lines 50-55 RCSID("$OpenBSD: auth.c,v 1.57 2005/01/2 Link Here

(-)auth.c (+19 lines)
50	#include "misc.h"	50	#include "misc.h"
51	#include "bufaux.h"	51	#include "bufaux.h"
52	#include "packet.h"	52	#include "packet.h"
		53	#include "monitor_wrap.h"
53		54
54	/* import */	55	/* import */
55	extern ServerOptions options;	56	extern ServerOptions options;
Lines 246-251 auth_log(Authctxt *authctxt, int authent Link Here
246	if (authenticated == 0 && strcmp(method, "password") == 0)	247	if (authenticated == 0 && strcmp(method, "password") == 0)
247	record_failed_login(authctxt->user, "ssh");	248	record_failed_login(authctxt->user, "ssh");
248	#endif	249	#endif
		250	#ifdef AUDIT_EVENTS
		251	if (authenticated == 0) {
		252	enum audit_event_type event = LOGIN_FAIL_OTHER;
		253
		254	if (strcmp(method, "none") == 0)
		255	event = LOGIN_FAIL_NONE;
		256	else if (strcmp(method, "password") == 0)
		257	event = LOGIN_FAIL_BADPW;
		258	else if (strcmp(method, "keyboard-interactive") == 0)
		259	event = LOGIN_FAIL_KBDINT;
		260
		261	if (geteuid() == 0)
		262	audit_event(event);
		263	}
		264	#endif
249	}	265	}
250		266
251	/*	267	/*
Lines 470-475 getpwnamallow(const char *user) Link Here
470	#ifdef CUSTOM_FAILED_LOGIN	486	#ifdef CUSTOM_FAILED_LOGIN
471	record_failed_login(user, "ssh");	487	record_failed_login(user, "ssh");
472	#endif	488	#endif
		489	#ifdef AUDIT_EVENTS
		490	audit_event(INVALID_USER);
		491	#endif /* AUDIT_EVENTS */
473	return (NULL);	492	return (NULL);
474	}	493	}
475	if (!allowed_user(pw))	494	if (!allowed_user(pw))