last bits of old packet API / active_state global

2019-01-20 14:55:27 +11:00 · 2019-01-20 14:55:27 +11:00 · 9b655dc9c9
parent 3f0786bbe7
commit 9b655dc9c9
15 changed files with 18 additions and 58 deletions
--- a/audit-bsm.c
+++ b/audit-bsm.c
@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li)
 }
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	char    textbuf[BSM_TEXTBUFSZ];
 	static int logged_in = 0;
--- a/audit-linux.c
+++ b/audit-linux.c
@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li)
 }
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	struct ssh *ssh = active_state; /* XXX */
 	switch(event) {
 	case SSH_AUTH_SUCCESS:
 	case SSH_CONNECTION_CLOSE:
--- a/audit.c
+++ b/audit.c
@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port)
 * events and what they mean).
 */
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	debug("audit event euid %d user %s event %d (%s)", geteuid(),
 	    audit_username(), event, audit_event_lookup(event));
--- a/audit.h
+++ b/audit.h
@ -27,6 +27,8 @@
 #include "loginrec.h"
 struct ssh;
 enum ssh_audit_event_type {
 	SSH_LOGIN_EXCEED_MAXTRIES,
 	SSH_LOGIN_ROOT_DENIED,
@ -46,7 +48,7 @@ enum ssh_audit_event_type {
 typedef enum ssh_audit_event_type ssh_audit_event_t;
 void	audit_connection_from(const char *, int);
-void	audit_event(ssh_audit_event_t);
+void	audit_event(struct ssh *, ssh_audit_event_t);
 void	audit_session_open(struct logininfo *);
 void	audit_session_close(struct logininfo *);
 void	audit_run_command(const char *);
--- a/auth.c
+++ b/auth.c
@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
 #endif
 #ifdef SSH_AUDIT_EVENTS
 	if (authenticated == 0 && !authctxt->postponed)
-		audit_event(audit_classify_auth(method));
+		audit_event(ssh, audit_classify_auth(method));
 #endif
 }
@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
 #endif
 #ifdef SSH_AUDIT_EVENTS
-		audit_event(SSH_INVALID_USER);
+		audit_event(ssh, SSH_INVALID_USER);
 #endif /* SSH_AUDIT_EVENTS */
 		return (NULL);
 	}
--- a/auth2.c
+++ b/auth2.c
@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_INVALID_USER));
+			PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
 #endif
 		}
 #ifdef USE_PAM
@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 	    !auth_root_allowed(ssh, method)) {
 		authenticated = 0;
 #ifdef SSH_AUDIT_EVENTS
-		PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+		PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
 #endif
 	}
@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+			PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
 			auth_maxtries_exceeded(ssh);
 		}
--- a/monitor.c
+++ b/monitor.c
@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
 	case SSH_LOGIN_ROOT_DENIED:
 	case SSH_CONNECTION_CLOSE:
 	case SSH_INVALID_USER:
-		audit_event(event);
+		audit_event(ssh, event);
 		break;
 	default:
 		fatal("Audit event type %d not permitted", event);
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
 #ifdef SSH_AUDIT_EVENTS
 void
-mm_audit_event(ssh_audit_event_t event)
+mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	struct sshbuf *m;
 	int r;
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *);
 #ifdef SSH_AUDIT_EVENTS
 #include "audit.h"
-void mm_audit_event(ssh_audit_event_t);
+void mm_audit_event(struct ssh *, ssh_audit_event_t);
 void mm_audit_run_command(const char *);
 #endif
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@ -29,8 +29,6 @@
 #include "authfile.h"
 #include "log.h"
 struct ssh *active_state = NULL; /* XXX - needed for linking */
 void kex_tests(void);
 static int do_debug = 0;
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@ -24,8 +24,6 @@
 #include "packet.h"
 #include "myproposal.h"
 struct ssh *active_state = NULL; /* XXX - needed for linking */
 void kex_tests(void);
 static int do_debug = 0;
--- a/session.c
+++ b/session.c
@ -123,9 +123,6 @@ int	do_exec_no_pty(struct ssh *, Session *, const char *);
 int	do_exec(struct ssh *, Session *, const char *);
 void	do_login(struct ssh *, Session *, const char *);
 void	do_child(struct ssh *, Session *, const char *);
 #ifdef LOGIN_NEEDS_UTMPX
 static void	do_pre_login(Session *s);
 #endif
 void	do_motd(void);
 int	check_quietlogin(Session *, const char *);
@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
 	return 0;
 }
 #ifdef LOGIN_NEEDS_UTMPX
 static void
 do_pre_login(Session *s)
 {
 	struct ssh *ssh = active_state;	/* XXX */
 	socklen_t fromlen;
 	struct sockaddr_storage from;
 	pid_t pid = getpid();
 	/*
 	 * Get IP address of client. If the connection is not a socket, let
 	 * the address be 0.0.0.0.
 	 */
 	memset(&from, 0, sizeof(from));
 	fromlen = sizeof(from);
 	if (packet_connection_is_on_socket()) {
 		if (getpeername(packet_get_connection_in(),
 		    (struct sockaddr *)&from, &fromlen) < 0) {
 			debug("getpeername: %.100s", strerror(errno));
 			cleanup_exit(255);
 		}
 	}
 	record_utmp_only(pid, s->tty, s->pw->pw_name,
 	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
 	    (struct sockaddr *)&from, fromlen);
 }
 #endif
 /*
 * This is called to fork and execute a command.  If another command is
 * to be forced, execute that instead.
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@ -83,8 +83,6 @@ fd_set *read_wait;
 size_t read_wait_nfdset;
 int ncon;
 struct ssh *active_state = NULL; /* XXX needed for linking */
 /*
 * Keep a connection structure for each file descriptor.  The state
 * associated with file descriptor n is held in fdcon[n].
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@ -59,8 +59,6 @@
 #include "sshkey.h"
 #include "ssherr.h"
 struct ssh *active_state = NULL; /* XXX needed for linking */
 extern char *__progname;
 static int
--- a/sshd.c
+++ b/sshd.c
@ -2080,7 +2080,7 @@ main(int ac, char **av)
 	}
 #ifdef SSH_AUDIT_EVENTS
-	audit_event(SSH_AUTH_SUCCESS);
+	audit_event(ssh, SSH_AUTH_SUCCESS);
 #endif
 #ifdef GSSAPI
@ -2128,7 +2128,7 @@ main(int ac, char **av)
 #endif /* USE_PAM */
 #ifdef SSH_AUDIT_EVENTS
-	PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+	PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE));
 #endif
 	ssh_packet_close(ssh);
@ -2256,8 +2256,8 @@ cleanup_exit(int i)
 	}
 #ifdef SSH_AUDIT_EVENTS
 	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
-	if (!use_privsep || mm_is_monitor())
+	if (the_active_state != NULL && (!use_privsep || mm_is_monitor()))
-		audit_event(SSH_CONNECTION_ABANDON);
+		audit_event(the_active_state, SSH_CONNECTION_ABANDON);
 #endif
 	_exit(i);
 }