- (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor

   and slave, we can remove the special-case handling in the audit hook in
   auth_log.

diff --git a/ChangeLog b/ChangeLog
index 05b35585bb06ae18b7085759e122ae898f84d5e4..74f5e95de8c6ed40a1b6be60d37667ef04a198e6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,13 @@
-20050517
+20060521
+ - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
+   and slave, we can remove the special-case handling in the audit hook in
+   auth_log.
+
+20060517
  - (dtucker) [ssh-rand-helper.c] Check return code of mkdir and fix file
    pointer leak.  From kjhall at us.ibm.com, found by coverity.
 
-20050515
+20060515
  - (dtucker) [openbsd-compat/getrrsetbyname.c] Use _compat_res instead of
    _res, prevents problems on some platforms that have _res as a global but
    don't have getrrsetbyname(), eg IRIX 5.3.  Found and tested by
@@ -12,7 +17,7 @@
  - (dtucker) [auth-pam.c] Bug #1188: pass result of do_pam_account back and
    do not allow kbdint again after the PAM account check fails.  ok djm@
 
-20050506
+20060506
  - (dtucker) OpenBSD CVS Sync
    - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
      [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]

diff --git a/auth.c b/auth.c
index e43c816581be1781d89a6e52bfb006f3e199dfb3..ffa94e886845114c3272445c27a801276b999405 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -271,42 +271,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
                    get_canonical_hostname(options.use_dns), "ssh");
 #endif
 #ifdef SSH_AUDIT_EVENTS
-       if (authenticated == 0 && !authctxt->postponed) {
-               ssh_audit_event_t event;
-
-               debug3("audit failed auth attempt, method %s euid %d",
-                   method, (int)geteuid());
-               /*
-                * Because the auth loop is used in both monitor and slave,
-                * we must be careful to send each event only once and with
-                * enough privs to write the event.
-                */
-               event = audit_classify_auth(method);
-               switch(event) {
-               case SSH_AUTH_FAIL_NONE:
-               case SSH_AUTH_FAIL_PASSWD:
-               case SSH_AUTH_FAIL_KBDINT:
-                       if (geteuid() == 0)
-                               audit_event(event);
-                       break;
-               case SSH_AUTH_FAIL_PUBKEY:
-               case SSH_AUTH_FAIL_HOSTBASED:
-               case SSH_AUTH_FAIL_GSSAPI:
-                       /*
-                        * This is required to handle the case where privsep
-                        * is enabled but it's root logging in, since
-                        * use_privsep won't be cleared until after a
-                        * successful login.
-                        */
-                       if (geteuid() == 0)
-                               audit_event(event);
-                       else
-                               PRIVSEP(audit_event(event));
-                       break;
-               default:
-                       error("unknown authentication audit event %d", event);
-               }
-       }
+       if (authenticated == 0 && !authctxt->postponed)
+               audit_event(audit_classify_auth(method));
 #endif
 }
 

diff --git a/monitor.c b/monitor.c
index 4b8287d85f48fe9c88d9b15f8d8c933635bb5e08..08919ddfc4eb0464b053000b504577aa277ca10f 100644 (file)
--- a/monitor.c
+++ b/monitor.c
@@ -909,6 +909,7 @@ mm_answer_pam_query(int sock, Buffer *m)
                xfree(prompts);
        if (echo_on != NULL)
                xfree(echo_on);
+       auth_method = "keyboard-interactive/pam";
        mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
        return (0);
 }
@@ -951,6 +952,7 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
        (sshpam_device.free_ctx)(sshpam_ctxt);
        buffer_clear(m);
        mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
+       auth_method = "keyboard-interactive/pam";
        return (sshpam_authok == sshpam_ctxt);
 }
 #endif