Do not attempt to pass hostnames to audit (inconsistency) (#1534577)
This commit is contained in:
Jakub Jelen
parent
32dc9bd1cd
commit
f284c5eb83
|
|
@ -310,7 +310,7 @@ diff -up openssh-7.6p1/audit.h.audit openssh-7.6p1/audit.h
|
|||
diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
||||
--- openssh-7.6p1/audit-linux.c.audit 2017-10-02 21:34:26.000000000 +0200
|
||||
+++ openssh-7.6p1/audit-linux.c 2017-10-04 17:18:32.835505053 +0200
|
||||
@@ -33,25 +33,38 @@
|
||||
@@ -33,27 +33,40 @@
|
||||
|
||||
#include "log.h"
|
||||
#include "audit.h"
|
||||
|
|
@ -337,7 +337,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
-linux_audit_record_event(int uid, const char *username, const char *hostname,
|
||||
- const char *ip, const char *ttyn, int success)
|
||||
+static void
|
||||
+linux_audit_user_logxxx(int uid, const char *username, const char *hostname,
|
||||
+linux_audit_user_logxxx(int uid, const char *username,
|
||||
+ const char *ip, const char *ttyn, int success, int event)
|
||||
{
|
||||
int audit_fd, rc, saved_errno;
|
||||
|
|
@ -354,8 +354,11 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
|
||||
+ rc = audit_log_acct_message(audit_fd, event,
|
||||
NULL, "login", username ? username : "(unknown)",
|
||||
username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
||||
- username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
||||
+ username == NULL ? uid : -1, NULL, ip, ttyn, success);
|
||||
saved_errno = errno;
|
||||
close(audit_fd);
|
||||
|
||||
@@ -65,9 +78,97 @@ linux_audit_record_event(int uid, const
|
||||
rc = 0;
|
||||
errno = saved_errno;
|
||||
|
|
@ -369,7 +372,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
+
|
||||
+static void
|
||||
+linux_audit_user_auth(int uid, const char *username,
|
||||
+ const char *hostname, const char *ip, const char *ttyn, int success, int event)
|
||||
+ const char *ip, const char *ttyn, int success, int event)
|
||||
+{
|
||||
+ int audit_fd, rc, saved_errno;
|
||||
+ static const char *event_name[] = {
|
||||
|
|
@ -403,7 +406,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
+
|
||||
+ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH,
|
||||
+ NULL, event_name[event], username ? username : "(unknown)",
|
||||
+ username == NULL ? uid : -1, hostname, ip, ttyn, success);
|
||||
+ username == NULL ? uid : -1, NULL, ip, ttyn, success);
|
||||
+ saved_errno = errno;
|
||||
+ close(audit_fd);
|
||||
+ /*
|
||||
|
|
@ -455,7 +458,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
/* Below is the sshd audit API code */
|
||||
|
||||
void
|
||||
@@ -76,24 +177,51 @@ audit_connection_from(const char *host,
|
||||
@@ -76,24 +177,55 @@ audit_connection_from(const char *host,
|
||||
/* not implemented */
|
||||
}
|
||||
|
||||
|
|
@ -465,21 +468,25 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
{
|
||||
- /* not implemented */
|
||||
+ if (!user_login_count++)
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_LOGIN);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_START);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ ssh_remote_ipaddr(active_state),
|
||||
+ "ssh", 1, AUDIT_USER_LOGIN);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ ssh_remote_ipaddr(active_state),
|
||||
+ "ssh", 1, AUDIT_USER_START);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+audit_end_command(int handle, const char *command)
|
||||
+{
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_END);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ ssh_remote_ipaddr(active_state),
|
||||
+ "ssh", 1, AUDIT_USER_END);
|
||||
+ if (user_login_count && !--user_login_count)
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, session_get_remote_name_or_ip(active_state, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ ssh_remote_ipaddr(active_state),
|
||||
+ "ssh", 1, AUDIT_USER_LOGOUT);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
|
|
@ -496,9 +503,9 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
- fatal("linux_audit_write_entry failed: %s", strerror(errno));
|
||||
+ if (!user_login_count++)
|
||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||
+ NULL, li->line, 1, AUDIT_USER_LOGIN);
|
||||
+ li->line, 1, AUDIT_USER_LOGIN);
|
||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||
+ NULL, li->line, 1, AUDIT_USER_START);
|
||||
+ li->line, 1, AUDIT_USER_START);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -506,10 +513,10 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
{
|
||||
- /* not implemented */
|
||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||
+ NULL, li->line, 1, AUDIT_USER_END);
|
||||
+ li->line, 1, AUDIT_USER_END);
|
||||
+ if (user_login_count && !--user_login_count)
|
||||
+ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
|
||||
+ NULL, li->line, 1, AUDIT_USER_LOGOUT);
|
||||
+ li->line, 1, AUDIT_USER_LOGOUT);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -518,16 +525,16 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
switch(event) {
|
||||
case SSH_AUTH_SUCCESS:
|
||||
- case SSH_CONNECTION_CLOSE:
|
||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||
+ linux_audit_user_auth(-1, audit_username(),
|
||||
+ ssh_remote_ipaddr(ssh), "ssh", 1, event);
|
||||
+ break;
|
||||
+
|
||||
case SSH_NOLOGIN:
|
||||
- case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||
case SSH_LOGIN_ROOT_DENIED:
|
||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||
+ linux_audit_user_auth(-1, audit_username(),
|
||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
||||
+ linux_audit_user_logxxx(-1, audit_username(),
|
||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
||||
break;
|
||||
+ case SSH_LOGIN_EXCEED_MAXTRIES:
|
||||
|
|
@ -537,7 +544,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
case SSH_AUTH_FAIL_PUBKEY:
|
||||
case SSH_AUTH_FAIL_HOSTBASED:
|
||||
case SSH_AUTH_FAIL_GSSAPI:
|
||||
+ linux_audit_user_auth(-1, audit_username(), NULL,
|
||||
+ linux_audit_user_auth(-1, audit_username(),
|
||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, event);
|
||||
+ break;
|
||||
+
|
||||
|
|
@ -545,11 +552,11 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
+ if (user_login_count) {
|
||||
+ while (user_login_count--)
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_END);
|
||||
+ ssh_remote_ipaddr(ssh),
|
||||
+ "ssh", 1, AUDIT_USER_END);
|
||||
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,
|
||||
+ session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
|
||||
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
|
||||
+ ssh_remote_ipaddr(ssh),
|
||||
+ "ssh", 1, AUDIT_USER_LOGOUT);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
|
|
@ -557,7 +564,7 @@ diff -up openssh-7.6p1/audit-linux.c.audit openssh-7.6p1/audit-linux.c
|
|||
case SSH_INVALID_USER:
|
||||
- linux_audit_record_event(-1, audit_username(), NULL,
|
||||
- ssh_remote_ipaddr(ssh), "sshd", 0);
|
||||
+ linux_audit_user_logxxx(-1, audit_username(), NULL,
|
||||
+ linux_audit_user_logxxx(-1, audit_username(),
|
||||
+ ssh_remote_ipaddr(ssh), "ssh", 0, AUDIT_USER_LOGIN);
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
Loading…
Reference in New Issue