diff --git a/audit-bsm.c b/audit-bsm.c index 1409f69ae..0ba16c72c 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { char textbuf[BSM_TEXTBUFSZ]; static int logged_in = 0; diff --git a/audit-linux.c b/audit-linux.c index 136ed76bb..3fcbe5c53 100644 --- a/audit-linux.c +++ b/audit-linux.c @@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li) } void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { - struct ssh *ssh = active_state; /* XXX */ - switch(event) { case SSH_AUTH_SUCCESS: case SSH_CONNECTION_CLOSE: diff --git a/audit.c b/audit.c index 33a04376d..dd2f03558 100644 --- a/audit.c +++ b/audit.c @@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port) * events and what they mean). */ void -audit_event(ssh_audit_event_t event) +audit_event(struct ssh *ssh, ssh_audit_event_t event) { debug("audit event euid %d user %s event %d (%s)", geteuid(), audit_username(), event, audit_event_lookup(event)); diff --git a/audit.h b/audit.h index 0b593666d..38cb5ad31 100644 --- a/audit.h +++ b/audit.h @@ -27,6 +27,8 @@ #include "loginrec.h" +struct ssh; + enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_ROOT_DENIED, @@ -46,7 +48,7 @@ enum ssh_audit_event_type { typedef enum ssh_audit_event_type ssh_audit_event_t; void audit_connection_from(const char *, int); -void audit_event(ssh_audit_event_t); +void audit_event(struct ssh *, ssh_audit_event_t); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); void audit_run_command(const char *); diff --git a/auth.c b/auth.c index a4c1dece5..62c58e72f 100644 --- a/auth.c +++ b/auth.c @@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial, #endif #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) - audit_event(audit_classify_auth(method)); + audit_event(ssh, audit_classify_auth(method)); #endif } @@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user) auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_INVALID_USER); + audit_event(ssh, SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ return (NULL); } diff --git a/auth2.c b/auth2.c index a80b3f872..e43350c36 100644 --- a/auth2.c +++ b/auth2.c @@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) /* Invalid user, fake password information */ authctxt->pw = fakepw(); #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_INVALID_USER)); + PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); #endif } #ifdef USE_PAM @@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, !auth_root_allowed(ssh, method)) { authenticated = 0; #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED)); #endif } @@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); + PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); #endif auth_maxtries_exceeded(ssh); } diff --git a/monitor.c b/monitor.c index 5fa30b2a8..a9546dad2 100644 --- a/monitor.c +++ b/monitor.c @@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m) case SSH_LOGIN_ROOT_DENIED: case SSH_CONNECTION_CLOSE: case SSH_INVALID_USER: - audit_event(event); + audit_event(ssh, event); break; default: fatal("Audit event type %d not permitted", event); diff --git a/monitor_wrap.c b/monitor_wrap.c index f52b9c88c..9e3c7cd17 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) #ifdef SSH_AUDIT_EVENTS void -mm_audit_event(ssh_audit_event_t event) +mm_audit_event(struct ssh *ssh, ssh_audit_event_t event) { struct sshbuf *m; int r; diff --git a/monitor_wrap.h b/monitor_wrap.h index c7e0c91dd..fdebb3aa4 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h @@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *); #ifdef SSH_AUDIT_EVENTS #include "audit.h" -void mm_audit_event(ssh_audit_event_t); +void mm_audit_event(struct ssh *, ssh_audit_event_t); void mm_audit_run_command(const char *); #endif diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c index 3e2c48160..61cae042f 100644 --- a/regress/misc/kexfuzz/kexfuzz.c +++ b/regress/misc/kexfuzz/kexfuzz.c @@ -29,8 +29,6 @@ #include "authfile.h" #include "log.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index 90f1ebf45..112bc5499 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -24,8 +24,6 @@ #include "packet.h" #include "myproposal.h" -struct ssh *active_state = NULL; /* XXX - needed for linking */ - void kex_tests(void); static int do_debug = 0; diff --git a/session.c b/session.c index b5a382473..4862e5d63 100644 --- a/session.c +++ b/session.c @@ -123,9 +123,6 @@ int do_exec_no_pty(struct ssh *, Session *, const char *); int do_exec(struct ssh *, Session *, const char *); void do_login(struct ssh *, Session *, const char *); void do_child(struct ssh *, Session *, const char *); -#ifdef LOGIN_NEEDS_UTMPX -static void do_pre_login(Session *s); -#endif void do_motd(void); int check_quietlogin(Session *, const char *); @@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command) return 0; } -#ifdef LOGIN_NEEDS_UTMPX -static void -do_pre_login(Session *s) -{ - struct ssh *ssh = active_state; /* XXX */ - socklen_t fromlen; - struct sockaddr_storage from; - pid_t pid = getpid(); - - /* - * Get IP address of client. If the connection is not a socket, let - * the address be 0.0.0.0. - */ - memset(&from, 0, sizeof(from)); - fromlen = sizeof(from); - if (packet_connection_is_on_socket()) { - if (getpeername(packet_get_connection_in(), - (struct sockaddr *)&from, &fromlen) < 0) { - debug("getpeername: %.100s", strerror(errno)); - cleanup_exit(255); - } - } - - record_utmp_only(pid, s->tty, s->pw->pw_name, - session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns), - (struct sockaddr *)&from, fromlen); -} -#endif - /* * This is called to fork and execute a command. If another command is * to be forced, execute that instead. diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 38b1c548b..88449f672 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -83,8 +83,6 @@ fd_set *read_wait; size_t read_wait_nfdset; int ncon; -struct ssh *active_state = NULL; /* XXX needed for linking */ - /* * Keep a connection structure for each file descriptor. The state * associated with file descriptor n is held in fdcon[n]. diff --git a/ssh-keysign.c b/ssh-keysign.c index 7ea5ad0e9..601f6ca72 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -59,8 +59,6 @@ #include "sshkey.h" #include "ssherr.h" -struct ssh *active_state = NULL; /* XXX needed for linking */ - extern char *__progname; static int diff --git a/sshd.c b/sshd.c index 58d17e546..f6927672e 100644 --- a/sshd.c +++ b/sshd.c @@ -2080,7 +2080,7 @@ main(int ac, char **av) } #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_AUTH_SUCCESS); + audit_event(ssh, SSH_AUTH_SUCCESS); #endif #ifdef GSSAPI @@ -2128,7 +2128,7 @@ main(int ac, char **av) #endif /* USE_PAM */ #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); + PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE)); #endif ssh_packet_close(ssh); @@ -2256,8 +2256,8 @@ cleanup_exit(int i) } #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ - if (!use_privsep || mm_is_monitor()) - audit_event(SSH_CONNECTION_ABANDON); + if (the_active_state != NULL && (!use_privsep || mm_is_monitor())) + audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif _exit(i); }