Drop unused function from audit

2018-01-16 16:24:27 +01:00 · 2018-01-16 16:24:27 +01:00 · 6b6760fc06
parent 17cd512319
commit 6b6760fc06
1 changed files with 4 additions and 42 deletions
--- a/openssh-7.6p1-audit.patch
+++ b/openssh-7.6p1-audit.patch
@ -39,7 +39,7 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
 void
 audit_event(ssh_audit_event_t event)
 {
-@@ -452,4 +471,40 @@ audit_event(ssh_audit_event_t event)
+@@ -452,4 +471,34 @@ audit_event(ssh_audit_event_t event)
 		debug("%s: unhandled event %d", __func__, event);
 	}
 }
@ -72,12 +72,6 @@ diff -up openssh-7.6p1/audit-bsm.c.audit openssh-7.6p1/audit-bsm.c
 +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
 +{
 +	/* not implemented */
-+}
-+
-+void
-+audit_generate_ephemeral_server_key(const char *fp)
-+{
-+	/* not implemented */
 +}
 #endif /* BSM */
 diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
@ -183,7 +177,7 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
  * Called when a user session is started.  Argument is the tty allocated to
  * the session, or NULL if no tty was allocated.
  *
-@@ -172,13 +218,91 @@ audit_session_close(struct logininfo *li
+@@ -172,13 +218,82 @@ audit_session_close(struct logininfo *li
 /*
  * This will be called when a user runs a non-interactive command.  Note that
  * it may be called multiple times for a single connection since SSH2 allows
@ -265,15 +259,6 @@ diff -up openssh-7.6p1/audit.c.audit openssh-7.6p1/audit.c
 +{
 +	debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
 +		geteuid(), fp, (long)pid, (unsigned)uid);
-+}
-+
-+/*
-+ * This will be called on generation of the ephemeral server key
-+ */
-+void
-+audit_generate_ephemeral_server_key(const char *)
-+{
-+	debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
 }
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
@ -288,7 +273,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
 
 enum ssh_audit_event_type {
 	SSH_LOGIN_EXCEED_MAXTRIES,
-@@ -43,13 +44,33 @@ enum ssh_audit_event_type {
+@@ -43,13 +44,32 @@ enum ssh_audit_event_type {
 	SSH_CONNECTION_ABANDON,	/* closed without completing auth */
 	SSH_AUDIT_UNKNOWN
 };
@ -320,7 +305,6 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
 +void	audit_session_key_free(int ctos);
 +void	audit_session_key_free_body(int ctos, pid_t, uid_t);
 +void	audit_destroy_sensitive_data(const char *, pid_t, uid_t);
-+void	audit_generate_ephemeral_server_key(const char *);
 
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
@ -529,7 +513,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
 }
 
 void
-@@ -103,24 +231,180 @@ audit_event(ssh_audit_event_t event)
+@@ -103,24 +231,158 @@ audit_event(ssh_audit_event_t event)
 
 	switch(event) {
 	case SSH_AUTH_SUCCESS:
@ -690,28 +674,6 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
 +	/* do not abort if the error is EPERM and sshd is run as non root user */
 +	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
 +		error("cannot write into audit");
-+}
-+
-+void
-+audit_generate_ephemeral_server_key(const char *fp)
-+{
-+	char buf[AUDIT_LOG_SIZE];
-+	int audit_fd, audit_ok;
-+
-+	snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp);
-+	audit_fd = audit_open();
-+	if (audit_fd < 0) {
-+		if (errno != EINVAL && errno != EPROTONOSUPPORT &&
-+					 errno != EAFNOSUPPORT)
-+			error("cannot open audit");
-+		return;
-+	}
-+	audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
-+			buf, NULL, 0, NULL, 1);
-+	audit_close(audit_fd);
-+	/* do not abort if the error is EPERM and sshd is run as non root user */
-+	if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
-+		error("cannot write into audit");
 +}
 #endif /* USE_LINUX_AUDIT */
 diff -up openssh-7.6p1/auditstub.c.audit openssh-7.6p1/auditstub.c