From cf74d509bcdc5e392fbc9e53becd823803b51eea Mon Sep 17 00:00:00 2001 From: "Jan F. Chadima" Date: Tue, 31 Aug 2010 21:47:07 +0200 Subject: [PATCH] - add missing headers to linux audit --- openssh-5.6p1-audit.patch | 44 +++++++++++++++++---------------------- openssh.spec | 7 ++++--- 2 files changed, 23 insertions(+), 28 deletions(-) diff --git a/openssh-5.6p1-audit.patch b/openssh-5.6p1-audit.patch index 4d047f9..ee4c6a3 100644 --- a/openssh-5.6p1-audit.patch +++ b/openssh-5.6p1-audit.patch @@ -1,6 +1,6 @@ diff -up openssh-5.6p1/audit-bsm.c.audit openssh-5.6p1/audit-bsm.c --- openssh-5.6p1/audit-bsm.c.audit 2008-02-25 11:05:04.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/audit-bsm.c 2010-10-01 08:48:17.000000000 +0200 @@ -305,13 +305,13 @@ audit_run_command(const char *command) } @@ -19,7 +19,7 @@ diff -up openssh-5.6p1/audit-bsm.c.audit openssh-5.6p1/audit-bsm.c } diff -up openssh-5.6p1/audit.c.audit openssh-5.6p1/audit.c --- openssh-5.6p1/audit.c.audit 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.6p1/audit.c 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/audit.c 2010-10-01 08:48:17.000000000 +0200 @@ -147,9 +147,9 @@ audit_event(ssh_audit_event_t event) * within a single connection. */ @@ -46,7 +46,7 @@ diff -up openssh-5.6p1/audit.c.audit openssh-5.6p1/audit.c audit_username(), t); diff -up openssh-5.6p1/audit.h.audit openssh-5.6p1/audit.h --- openssh-5.6p1/audit.h.audit 2006-08-05 16:05:10.000000000 +0200 -+++ openssh-5.6p1/audit.h 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/audit.h 2010-10-01 08:48:17.000000000 +0200 @@ -26,6 +26,9 @@ #ifndef _SSH_AUDIT_H @@ -69,9 +69,9 @@ diff -up openssh-5.6p1/audit.h.audit openssh-5.6p1/audit.h ssh_audit_event_t audit_classify_auth(const char *); diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit 2010-09-25 16:07:42.000000000 +0200 -+++ openssh-5.6p1/audit-linux.c 2010-09-25 16:08:37.000000000 +0200 -@@ -0,0 +1,128 @@ +--- openssh-5.6p1/audit-linux.c.audit 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/audit-linux.c 2010-10-01 08:53:11.000000000 +0200 +@@ -0,0 +1,122 @@ +/* $Id: audit-linux.c,v 1.1 jfch Exp $ */ + +/* @@ -110,6 +110,9 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c + +#include "log.h" +#include "audit.h" ++#include "canohost.h" ++ ++const char* audit_username(void); + +int +linux_audit_record_event(int uid, const char *username, @@ -152,7 +155,6 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c +void +audit_session_open(struct logininfo *li) +{ -+ debug("audit session open euid %d", geteuid()); + if (linux_audit_record_event(li->uid, NULL, li->hostname, + NULL, li->line, 1) == 0) + fatal("linux_audit_write_entry failed: %s", strerror(errno)); @@ -168,20 +170,12 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c +audit_event(ssh_audit_event_t event) +{ + switch(event) { -+// case SSH_AUTH_SUCCESS: -+// break; -+// -+// case SSH_CONNECTION_CLOSE: -+// break; -+// -+// case SSH_NOLOGIN: -+// break; -+// -+// case SSH_LOGIN_EXCEED_MAXTRIES: -+// break; -+// -+// case SSH_LOGIN_ROOT_DENIED: -+// break; ++ case SSH_AUTH_SUCCESS: ++ case SSH_CONNECTION_CLOSE: ++ case SSH_NOLOGIN: ++ case SSH_LOGIN_EXCEED_MAXTRIES: ++ case SSH_LOGIN_ROOT_DENIED: ++ break; + + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: @@ -202,7 +196,7 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c +#endif /* USE_LINUX_AUDIT */ diff -up openssh-5.6p1/configure.ac.audit openssh-5.6p1/configure.ac --- openssh-5.6p1/configure.ac.audit 2010-08-16 05:15:23.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/configure.ac 2010-10-01 08:48:17.000000000 +0200 @@ -1308,7 +1308,7 @@ int main(void) AUDIT_MODULE=none @@ -234,7 +228,7 @@ diff -up openssh-5.6p1/configure.ac.audit openssh-5.6p1/configure.ac AC_MSG_RESULT(no) diff -up openssh-5.6p1/defines.h.audit openssh-5.6p1/defines.h --- openssh-5.6p1/defines.h.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/defines.h 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/defines.h 2010-10-01 08:48:17.000000000 +0200 @@ -566,6 +566,11 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif @@ -249,7 +243,7 @@ diff -up openssh-5.6p1/defines.h.audit openssh-5.6p1/defines.h #elif !defined(HAVE___func__) diff -up openssh-5.6p1/loginrec.c.audit openssh-5.6p1/loginrec.c --- openssh-5.6p1/loginrec.c.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/loginrec.c 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/loginrec.c 2010-10-01 08:48:17.000000000 +0200 @@ -468,9 +468,9 @@ login_write(struct logininfo *li) #endif #ifdef SSH_AUDIT_EVENTS @@ -264,7 +258,7 @@ diff -up openssh-5.6p1/loginrec.c.audit openssh-5.6p1/loginrec.c } diff -up openssh-5.6p1/Makefile.in.audit openssh-5.6p1/Makefile.in --- openssh-5.6p1/Makefile.in.audit 2010-05-12 08:51:39.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-09-25 16:07:42.000000000 +0200 ++++ openssh-5.6p1/Makefile.in 2010-10-01 08:48:17.000000000 +0200 @@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ diff --git a/openssh.spec b/openssh.spec index 49b1b79..7da3961 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.6p1 -%define openssh_rel 9 +%define openssh_rel 10 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 27 @@ -102,8 +102,6 @@ Patch10: pam_ssh_agent_auth-0.9-build.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Patch12: openssh-5.4p1-selinux.patch Patch13: openssh-5.6p1-mls.patch -####https://bugzilla.mindrot.org/show_bug.cgi?id=1402 -###Patch16: openssh-5.3p1-audit.patch Patch18: openssh-5.4p1-pam_selinux.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Patch20: openssh-5.6p1-authorized-keys-command.patch @@ -587,6 +585,9 @@ fi %endif %changelog +* Fri Oct 1 2010 Jan F. Chadima - 5.6p1-10 + 0.9.2-27 +- add missing headers to linux audit + * Wed Sep 29 2010 Jan F. Chadima - 5.6p1-9 + 0.9.2-27 - audit module now uses openssh audit framevork