tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c 

monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
   defines and enums with SSH_ to prevent namespace collisions on some
   platforms (eg AIX).
This commit is contained in:
Darren Tucker 2005-02-08 21:52:47 +11:00
parent b4d3012d2e
commit 2e0cf0dca2
12 changed files with 96 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -3,6 +3,10 @@
regress tests so newer versions of GNU head(1) behave themselves. Patch regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me. by djm, so ok me.
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
20050204 20050204
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
@ -2082,4 +2086,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ $Id: ChangeLog,v 1.3639 2005/02/08 10:52:47 dtucker Exp $

56
audit.c
View File

@ -1,4 +1,4 @@
/* $Id: audit.c,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ /* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
/* /*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@ -26,7 +26,7 @@
#include "includes.h" #include "includes.h"
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
#include "audit.h" #include "audit.h"
#include "log.h" #include "log.h"
@ -44,22 +44,22 @@ ssh_audit_event_t
audit_classify_auth(const char *method) audit_classify_auth(const char *method)
{ {
if (strcmp(method, "none") == 0) if (strcmp(method, "none") == 0)
return AUTH_FAIL_NONE; return SSH_AUTH_FAIL_NONE;
else if (strcmp(method, "password") == 0) else if (strcmp(method, "password") == 0)
return AUTH_FAIL_PASSWD; return SSH_AUTH_FAIL_PASSWD;
else if (strcmp(method, "publickey") == 0 || else if (strcmp(method, "publickey") == 0 ||
strcmp(method, "rsa") == 0) strcmp(method, "rsa") == 0)
return AUTH_FAIL_PUBKEY; return SSH_AUTH_FAIL_PUBKEY;
else if (strncmp(method, "keyboard-interactive", 20) == 0 || else if (strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0) strcmp(method, "challenge-response") == 0)
return AUTH_FAIL_KBDINT; return SSH_AUTH_FAIL_KBDINT;
else if (strcmp(method, "hostbased") == 0 || else if (strcmp(method, "hostbased") == 0 ||
strcmp(method, "rhosts-rsa") == 0) strcmp(method, "rhosts-rsa") == 0)
return AUTH_FAIL_HOSTBASED; return SSH_AUTH_FAIL_HOSTBASED;
else if (strcmp(method, "gssapi-with-mic") == 0) else if (strcmp(method, "gssapi-with-mic") == 0)
return AUTH_FAIL_GSSAPI; return SSH_AUTH_FAIL_GSSAPI;
else else
return AUDIT_UNKNOWN; return SSH_AUDIT_UNKNOWN;
} }
/* helper to return supplied username */ /* helper to return supplied username */
@ -84,32 +84,32 @@ audit_event_lookup(ssh_audit_event_t ev)
ssh_audit_event_t event; ssh_audit_event_t event;
const char *name; const char *name;
} event_lookup[] = { } event_lookup[] = {
{LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"},
{LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"},
{AUTH_SUCCESS, "AUTH_SUCCESS"}, {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"},
{AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"},
{AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"},
{AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"},
{AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"},
{AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"},
{AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"},
{INVALID_USER, "INVALID_USER"}, {SSH_INVALID_USER, "INVALID_USER"},
{NOLOGIN, "NOLOGIN"}, {SSH_NOLOGIN, "NOLOGIN"},
{CONNECTION_CLOSE, "CONNECTION_CLOSE"}, {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"},
{CONNECTION_ABANDON, "CONNECTION_ABANDON"}, {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"},
{AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"}
}; };
for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++) for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++)
if (event_lookup[i].event == ev) if (event_lookup[i].event == ev)
break; break;
return(event_lookup[i].name); return(event_lookup[i].name);
} }
# ifndef CUSTOM_AUDIT_EVENTS # ifndef CUSTOM_SSH_AUDIT_EVENTS
/* /*
* Null implementations of audit functions. * Null implementations of audit functions.
* These get used if AUDIT_EVENTS is defined but no audit module is enabled. * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled.
*/ */
/* /*
@ -177,5 +177,5 @@ audit_run_command(const char *command)
debug("audit run command euid %d user %s command '%.200s'", geteuid(), debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command); audit_username(), command);
} }
# endif /* !defined CUSTOM_AUDIT_EVENTS */ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */

30
audit.h
View File

@ -1,4 +1,4 @@
/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ /* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
/* /*
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@ -29,20 +29,20 @@
#ifndef _SSH_AUDIT_H #ifndef _SSH_AUDIT_H
# define _SSH_AUDIT_H # define _SSH_AUDIT_H
enum ssh_audit_event_type { enum ssh_audit_event_type {
LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_EXCEED_MAXTRIES,
LOGIN_ROOT_DENIED, SSH_LOGIN_ROOT_DENIED,
AUTH_SUCCESS, SSH_AUTH_SUCCESS,
AUTH_FAIL_NONE, SSH_AUTH_FAIL_NONE,
AUTH_FAIL_PASSWD, SSH_AUTH_FAIL_PASSWD,
AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
AUTH_FAIL_GSSAPI, SSH_AUTH_FAIL_GSSAPI,
INVALID_USER, SSH_INVALID_USER,
NOLOGIN, /* denied by /etc/nologin, not implemented */ SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */
CONNECTION_CLOSE, /* closed after attempting auth or session */ SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */
CONNECTION_ABANDON, /* closed without completing auth */ SSH_CONNECTION_ABANDON, /* closed without completing auth */
AUDIT_UNKNOWN SSH_AUDIT_UNKNOWN
}; };
typedef enum ssh_audit_event_type ssh_audit_event_t; typedef enum ssh_audit_event_type ssh_audit_event_t;

20
auth.c
View File

@ -252,7 +252,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
record_failed_login(authctxt->user, record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh"); get_canonical_hostname(options.use_dns), "ssh");
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed) { if (authenticated == 0 && !authctxt->postponed) {
ssh_audit_event_t event; ssh_audit_event_t event;
@ -265,15 +265,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
*/ */
event = audit_classify_auth(method); event = audit_classify_auth(method);
switch(event) { switch(event) {
case AUTH_FAIL_NONE: case SSH_AUTH_FAIL_NONE:
case AUTH_FAIL_PASSWD: case SSH_AUTH_FAIL_PASSWD:
case AUTH_FAIL_KBDINT: case SSH_AUTH_FAIL_KBDINT:
if (geteuid() == 0) if (geteuid() == 0)
audit_event(event); audit_event(event);
break; break;
case AUTH_FAIL_PUBKEY: case SSH_AUTH_FAIL_PUBKEY:
case AUTH_FAIL_HOSTBASED: case SSH_AUTH_FAIL_HOSTBASED:
case AUTH_FAIL_GSSAPI: case SSH_AUTH_FAIL_GSSAPI:
/* /*
* This is required to handle the case where privsep * This is required to handle the case where privsep
* is enabled but it's root logging in, since * is enabled but it's root logging in, since
@ -515,9 +515,9 @@ getpwnamallow(const char *user)
record_failed_login(user, record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh"); get_canonical_hostname(options.use_dns), "ssh");
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_event(INVALID_USER); audit_event(SSH_INVALID_USER);
#endif /* AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
return (NULL); return (NULL);
} }
if (!allowed_user(pw)) if (!allowed_user(pw))

8
auth1.c
View File

@ -249,8 +249,8 @@ do_authloop(Authctxt *authctxt)
if (authenticated && authctxt->pw->pw_uid == 0 && if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type))) { !auth_root_allowed(get_authname(type))) {
authenticated = 0; authenticated = 0;
# ifdef AUDIT_EVENTS # ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
# endif # endif
} }
#endif #endif
@ -288,8 +288,8 @@ do_authloop(Authctxt *authctxt)
return; return;
if (authctxt->failures++ > options.max_authtries) { if (authctxt->failures++ > options.max_authtries) {
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif #endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user); packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
} }

12
auth2.c
View File

@ -167,8 +167,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
if (options.use_pam) if (options.use_pam)
PRIVSEP(start_pam(authctxt)); PRIVSEP(start_pam(authctxt));
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(INVALID_USER)); PRIVSEP(audit_event(SSH_INVALID_USER));
#endif #endif
} }
setproctitle("%s%s", authctxt->valid ? user : "unknown", setproctitle("%s%s", authctxt->valid ? user : "unknown",
@ -219,8 +219,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
if (authenticated && authctxt->pw->pw_uid == 0 && if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method)) { !auth_root_allowed(method)) {
authenticated = 0; authenticated = 0;
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
#endif #endif
} }
@ -263,8 +263,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
authctxt->success = 1; authctxt->success = 1;
} else { } else {
if (authctxt->failures++ > options.max_authtries) { if (authctxt->failures++ > options.max_authtries) {
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif #endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user); packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
} }

4
loginrec.c
View File

@ -164,7 +164,7 @@
# include <libutil.h> # include <libutil.h>
#endif #endif
RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $");
/** /**
** prototypes for helper functions in this file ** prototypes for helper functions in this file
@ -444,7 +444,7 @@ login_write(struct logininfo *li)
!sys_auth_record_login(li->username,li->hostname,li->line)) !sys_auth_record_login(li->username,li->hostname,li->line))
logit("Writing login record failed for %s", li->username); logit("Writing login record failed for %s", li->username);
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (li->type == LTYPE_LOGIN) if (li->type == LTYPE_LOGIN)
audit_session_open(li->line); audit_session_open(li->line);
else if (li->type == LTYPE_LOGOUT) else if (li->type == LTYPE_LOGOUT)

30
monitor.c
View File

@ -143,7 +143,7 @@ int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *); int mm_answer_gss_checkmic(int, Buffer *);
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *); int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *); int mm_answer_audit_command(int, Buffer *);
#endif #endif
@ -191,7 +191,7 @@ struct mon_table mon_dispatch_proto20[] = {
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
#endif #endif
#ifdef BSD_AUTH #ifdef BSD_AUTH
@ -219,7 +219,7 @@ struct mon_table mon_dispatch_postauth20[] = {
{MONITOR_REQ_PTY, 0, mm_answer_pty}, {MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term}, {MONITOR_REQ_TERM, 0, mm_answer_term},
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
#endif #endif
@ -251,7 +251,7 @@ struct mon_table mon_dispatch_proto15[] = {
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
#endif #endif
{0, 0, NULL} {0, 0, NULL}
@ -261,7 +261,7 @@ struct mon_table mon_dispatch_postauth15[] = {
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term}, {MONITOR_REQ_TERM, 0, mm_answer_term},
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
#endif #endif
@ -628,7 +628,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
if (options.use_pam) if (options.use_pam)
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1);
#endif #endif
@ -1513,7 +1513,7 @@ mm_answer_term(int sock, Buffer *req)
exit(res); exit(res);
} }
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
/* Report that an audit event occurred */ /* Report that an audit event occurred */
int int
mm_answer_audit_event(int socket, Buffer *m) mm_answer_audit_event(int socket, Buffer *m)
@ -1525,13 +1525,13 @@ mm_answer_audit_event(int socket, Buffer *m)
event = buffer_get_int(m); event = buffer_get_int(m);
buffer_free(m); buffer_free(m);
switch(event) { switch(event) {
case AUTH_FAIL_PUBKEY: case SSH_AUTH_FAIL_PUBKEY:
case AUTH_FAIL_HOSTBASED: case SSH_AUTH_FAIL_HOSTBASED:
case AUTH_FAIL_GSSAPI: case SSH_AUTH_FAIL_GSSAPI:
case LOGIN_EXCEED_MAXTRIES: case SSH_LOGIN_EXCEED_MAXTRIES:
case LOGIN_ROOT_DENIED: case SSH_LOGIN_ROOT_DENIED:
case CONNECTION_CLOSE: case SSH_CONNECTION_CLOSE:
case INVALID_USER: case SSH_INVALID_USER:
audit_event(event); audit_event(event);
break; break;
default: default:
@ -1555,7 +1555,7 @@ mm_answer_audit_command(int socket, Buffer *m)
buffer_free(m); buffer_free(m);
return (0); return (0);
} }
#endif /* AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
void void
monitor_apply_keystate(struct monitor *pmonitor) monitor_apply_keystate(struct monitor *pmonitor)

4
monitor_wrap.c
View File

@ -1103,7 +1103,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
return (success); return (success);
} }
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
void void
mm_audit_event(ssh_audit_event_t event) mm_audit_event(ssh_audit_event_t event)
{ {
@ -1131,7 +1131,7 @@ mm_audit_run_command(const char *command)
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
buffer_free(&m); buffer_free(&m);
} }
#endif /* AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
#ifdef GSSAPI #ifdef GSSAPI
OM_uint32 OM_uint32

2
monitor_wrap.h
View File

@ -74,7 +74,7 @@ int mm_sshpam_respond(void *, u_int, char **);
void mm_sshpam_free_ctx(void *); void mm_sshpam_free_ctx(void *);
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
#include "audit.h" #include "audit.h"
void mm_audit_event(ssh_audit_event_t); void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *); void mm_audit_run_command(const char *);

6
session.c
View File

@ -665,7 +665,7 @@ do_exec(Session *s, const char *command)
debug("Forced command '%.900s'", command); debug("Forced command '%.900s'", command);
} }
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (command != NULL) if (command != NULL)
PRIVSEP(audit_run_command(command)); PRIVSEP(audit_run_command(command));
else if (s->ttyfd == -1) { else if (s->ttyfd == -1) {
@ -2333,8 +2333,8 @@ do_cleanup(Authctxt *authctxt)
} }
#endif #endif
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(CONNECTION_CLOSE)); PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
#endif #endif
/* remove agent socket */ /* remove agent socket */

10
sshd.c
View File

@ -1628,7 +1628,7 @@ main(int ac, char **av)
remote_port = get_remote_port(); remote_port = get_remote_port();
remote_ip = get_remote_ipaddr(); remote_ip = get_remote_ipaddr();
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port); audit_connection_from(remote_ip, remote_port);
#endif #endif
#ifdef LIBWRAP #ifdef LIBWRAP
@ -1700,8 +1700,8 @@ main(int ac, char **av)
} }
authenticated: authenticated:
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_event(AUTH_SUCCESS); audit_event(SSH_AUTH_SUCCESS);
#endif #endif
/* /*
@ -2017,10 +2017,10 @@ cleanup_exit(int i)
{ {
if (the_authctxt) if (the_authctxt)
do_cleanup(the_authctxt); do_cleanup(the_authctxt);
#ifdef AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */ /* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor()) if (!use_privsep || mm_is_monitor())
audit_event(CONNECTION_ABANDON); audit_event(SSH_CONNECTION_ABANDON);
#endif #endif
_exit(i); _exit(i);
} }