regress tests so newer versions of GNU head(1) behave themselves. Patch
by djm, so ok me.
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
+ - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
+ monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
+ defines and enums with SSH_ to prevent namespace collisions on some
+ platforms (eg AIX).
20050204
- (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
#include "includes.h"
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
#include "audit.h"
#include "log.h"
audit_classify_auth(const char *method)
{
if (strcmp(method, "none") == 0)
- return AUTH_FAIL_NONE;
+ return SSH_AUTH_FAIL_NONE;
else if (strcmp(method, "password") == 0)
- return AUTH_FAIL_PASSWD;
+ return SSH_AUTH_FAIL_PASSWD;
else if (strcmp(method, "publickey") == 0 ||
strcmp(method, "rsa") == 0)
- return AUTH_FAIL_PUBKEY;
+ return SSH_AUTH_FAIL_PUBKEY;
else if (strncmp(method, "keyboard-interactive", 20) == 0 ||
strcmp(method, "challenge-response") == 0)
- return AUTH_FAIL_KBDINT;
+ return SSH_AUTH_FAIL_KBDINT;
else if (strcmp(method, "hostbased") == 0 ||
strcmp(method, "rhosts-rsa") == 0)
- return AUTH_FAIL_HOSTBASED;
+ return SSH_AUTH_FAIL_HOSTBASED;
else if (strcmp(method, "gssapi-with-mic") == 0)
- return AUTH_FAIL_GSSAPI;
+ return SSH_AUTH_FAIL_GSSAPI;
else
- return AUDIT_UNKNOWN;
+ return SSH_AUDIT_UNKNOWN;
}
/* helper to return supplied username */
ssh_audit_event_t event;
const char *name;
} event_lookup[] = {
- {LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"},
- {LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"},
- {AUTH_SUCCESS, "AUTH_SUCCESS"},
- {AUTH_FAIL_NONE, "AUTH_FAIL_NONE"},
- {AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"},
- {AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"},
- {AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"},
- {AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"},
- {AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"},
- {INVALID_USER, "INVALID_USER"},
- {NOLOGIN, "NOLOGIN"},
- {CONNECTION_CLOSE, "CONNECTION_CLOSE"},
- {CONNECTION_ABANDON, "CONNECTION_ABANDON"},
- {AUDIT_UNKNOWN, "AUDIT_UNKNOWN"}
+ {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"},
+ {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"},
+ {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"},
+ {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"},
+ {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"},
+ {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"},
+ {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"},
+ {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"},
+ {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"},
+ {SSH_INVALID_USER, "INVALID_USER"},
+ {SSH_NOLOGIN, "NOLOGIN"},
+ {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"},
+ {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"},
+ {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"}
};
- for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++)
+ for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++)
if (event_lookup[i].event == ev)
break;
return(event_lookup[i].name);
}
-# ifndef CUSTOM_AUDIT_EVENTS
+# ifndef CUSTOM_SSH_AUDIT_EVENTS
/*
* Null implementations of audit functions.
- * These get used if AUDIT_EVENTS is defined but no audit module is enabled.
+ * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled.
*/
/*
debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command);
}
-# endif /* !defined CUSTOM_AUDIT_EVENTS */
-#endif /* AUDIT_EVENTS */
+# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
+#endif /* SSH_AUDIT_EVENTS */
#ifndef _SSH_AUDIT_H
# define _SSH_AUDIT_H
enum ssh_audit_event_type {
- LOGIN_EXCEED_MAXTRIES,
- LOGIN_ROOT_DENIED,
- AUTH_SUCCESS,
- AUTH_FAIL_NONE,
- AUTH_FAIL_PASSWD,
- AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
- AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
- AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
- AUTH_FAIL_GSSAPI,
- INVALID_USER,
- NOLOGIN, /* denied by /etc/nologin, not implemented */
- CONNECTION_CLOSE, /* closed after attempting auth or session */
- CONNECTION_ABANDON, /* closed without completing auth */
- AUDIT_UNKNOWN
+ SSH_LOGIN_EXCEED_MAXTRIES,
+ SSH_LOGIN_ROOT_DENIED,
+ SSH_AUTH_SUCCESS,
+ SSH_AUTH_FAIL_NONE,
+ SSH_AUTH_FAIL_PASSWD,
+ SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
+ SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
+ SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
+ SSH_AUTH_FAIL_GSSAPI,
+ SSH_INVALID_USER,
+ SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */
+ SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */
+ SSH_CONNECTION_ABANDON, /* closed without completing auth */
+ SSH_AUDIT_UNKNOWN
};
typedef enum ssh_audit_event_type ssh_audit_event_t;
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed) {
ssh_audit_event_t event;
*/
event = audit_classify_auth(method);
switch(event) {
- case AUTH_FAIL_NONE:
- case AUTH_FAIL_PASSWD:
- case AUTH_FAIL_KBDINT:
+ case SSH_AUTH_FAIL_NONE:
+ case SSH_AUTH_FAIL_PASSWD:
+ case SSH_AUTH_FAIL_KBDINT:
if (geteuid() == 0)
audit_event(event);
break;
- case AUTH_FAIL_PUBKEY:
- case AUTH_FAIL_HOSTBASED:
- case AUTH_FAIL_GSSAPI:
+ case SSH_AUTH_FAIL_PUBKEY:
+ case SSH_AUTH_FAIL_HOSTBASED:
+ case SSH_AUTH_FAIL_GSSAPI:
/*
* This is required to handle the case where privsep
* is enabled but it's root logging in, since
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
-#ifdef AUDIT_EVENTS
- audit_event(INVALID_USER);
-#endif /* AUDIT_EVENTS */
+#ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_INVALID_USER);
+#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
if (!allowed_user(pw))
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type))) {
authenticated = 0;
-# ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+# ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
# endif
}
#endif
return;
if (authctxt->failures++ > options.max_authtries) {
-#ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
-#ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(INVALID_USER));
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_INVALID_USER));
#endif
}
setproctitle("%s%s", authctxt->valid ? user : "unknown",
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method)) {
authenticated = 0;
-#ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(LOGIN_ROOT_DENIED));
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
#endif
}
authctxt->success = 1;
} else {
if (authctxt->failures++ > options.max_authtries) {
-#ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
#endif
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
!sys_auth_record_login(li->username,li->hostname,li->line))
logit("Writing login record failed for %s", li->username);
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
if (li->type == LTYPE_LOGIN)
audit_session_open(li->line);
else if (li->type == LTYPE_LOGOUT)
int mm_answer_gss_checkmic(int, Buffer *);
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *);
int mm_answer_audit_command(int, Buffer *);
#endif
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_PTY, 0, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
#endif
{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
#endif
{0, 0, NULL}
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
#endif
if (options.use_pam)
monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1);
#endif
exit(res);
}
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
/* Report that an audit event occurred */
int
mm_answer_audit_event(int socket, Buffer *m)
event = buffer_get_int(m);
buffer_free(m);
switch(event) {
- case AUTH_FAIL_PUBKEY:
- case AUTH_FAIL_HOSTBASED:
- case AUTH_FAIL_GSSAPI:
- case LOGIN_EXCEED_MAXTRIES:
- case LOGIN_ROOT_DENIED:
- case CONNECTION_CLOSE:
- case INVALID_USER:
+ case SSH_AUTH_FAIL_PUBKEY:
+ case SSH_AUTH_FAIL_HOSTBASED:
+ case SSH_AUTH_FAIL_GSSAPI:
+ case SSH_LOGIN_EXCEED_MAXTRIES:
+ case SSH_LOGIN_ROOT_DENIED:
+ case SSH_CONNECTION_CLOSE:
+ case SSH_INVALID_USER:
audit_event(event);
break;
default:
buffer_free(m);
return (0);
}
-#endif /* AUDIT_EVENTS */
+#endif /* SSH_AUDIT_EVENTS */
void
monitor_apply_keystate(struct monitor *pmonitor)
return (success);
}
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
void
mm_audit_event(ssh_audit_event_t event)
{
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
buffer_free(&m);
}
-#endif /* AUDIT_EVENTS */
+#endif /* SSH_AUDIT_EVENTS */
#ifdef GSSAPI
OM_uint32
void mm_sshpam_free_ctx(void *);
#endif
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
#include "audit.h"
void mm_audit_event(ssh_audit_event_t);
void mm_audit_run_command(const char *);
debug("Forced command '%.900s'", command);
}
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
else if (s->ttyfd == -1) {
}
#endif
-#ifdef AUDIT_EVENTS
- PRIVSEP(audit_event(CONNECTION_CLOSE));
+#ifdef SSH_AUDIT_EVENTS
+ PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
#endif
/* remove agent socket */
remote_port = get_remote_port();
remote_ip = get_remote_ipaddr();
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
audit_connection_from(remote_ip, remote_port);
#endif
#ifdef LIBWRAP
}
authenticated:
-#ifdef AUDIT_EVENTS
- audit_event(AUTH_SUCCESS);
+#ifdef SSH_AUDIT_EVENTS
+ audit_event(SSH_AUTH_SUCCESS);
#endif
/*
{
if (the_authctxt)
do_cleanup(the_authctxt);
-#ifdef AUDIT_EVENTS
+#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
if (!use_privsep || mm_is_monitor())
- audit_event(CONNECTION_ABANDON);
+ audit_event(SSH_CONNECTION_ABANDON);
#endif
_exit(i);
}