diff options
author | Darren Tucker <dtucker@zip.com.au> | 2005-02-08 21:52:47 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-08 21:52:47 +1100 |
commit | 2e0cf0dca20e56eb5d95a80ba0004769c5bc4ba7 (patch) | |
tree | d03f7560b26c36b6afd48ffb962775b6424fee72 | |
parent | b4d3012d2e9a0eb53c56565108c8278e45cefc77 (diff) |
- (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
defines and enums with SSH_ to prevent namespace collisions on some
platforms (eg AIX).
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | audit.c | 56 | ||||
-rw-r--r-- | audit.h | 30 | ||||
-rw-r--r-- | auth.c | 20 | ||||
-rw-r--r-- | auth1.c | 8 | ||||
-rw-r--r-- | auth2.c | 12 | ||||
-rw-r--r-- | loginrec.c | 4 | ||||
-rw-r--r-- | monitor.c | 30 | ||||
-rw-r--r-- | monitor_wrap.c | 4 | ||||
-rw-r--r-- | monitor_wrap.h | 2 | ||||
-rw-r--r-- | session.c | 6 | ||||
-rw-r--r-- | sshd.c | 10 |
12 files changed, 96 insertions, 92 deletions
@@ -3,6 +3,10 @@ | |||
3 | regress tests so newer versions of GNU head(1) behave themselves. Patch | 3 | regress tests so newer versions of GNU head(1) behave themselves. Patch |
4 | by djm, so ok me. | 4 | by djm, so ok me. |
5 | - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. | 5 | - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. |
6 | - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c | ||
7 | monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit | ||
8 | defines and enums with SSH_ to prevent namespace collisions on some | ||
9 | platforms (eg AIX). | ||
6 | 10 | ||
7 | 20050204 | 11 | 20050204 |
8 | - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. | 12 | - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. |
@@ -2082,4 +2086,4 @@ | |||
2082 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2086 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2083 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2087 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2084 | 2088 | ||
2085 | $Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ | 2089 | $Id: ChangeLog,v 1.3639 2005/02/08 10:52:47 dtucker Exp $ |
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: audit.c,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ | 1 | /* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. |
@@ -26,7 +26,7 @@ | |||
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | 28 | ||
29 | #ifdef AUDIT_EVENTS | 29 | #ifdef SSH_AUDIT_EVENTS |
30 | 30 | ||
31 | #include "audit.h" | 31 | #include "audit.h" |
32 | #include "log.h" | 32 | #include "log.h" |
@@ -44,22 +44,22 @@ ssh_audit_event_t | |||
44 | audit_classify_auth(const char *method) | 44 | audit_classify_auth(const char *method) |
45 | { | 45 | { |
46 | if (strcmp(method, "none") == 0) | 46 | if (strcmp(method, "none") == 0) |
47 | return AUTH_FAIL_NONE; | 47 | return SSH_AUTH_FAIL_NONE; |
48 | else if (strcmp(method, "password") == 0) | 48 | else if (strcmp(method, "password") == 0) |
49 | return AUTH_FAIL_PASSWD; | 49 | return SSH_AUTH_FAIL_PASSWD; |
50 | else if (strcmp(method, "publickey") == 0 || | 50 | else if (strcmp(method, "publickey") == 0 || |
51 | strcmp(method, "rsa") == 0) | 51 | strcmp(method, "rsa") == 0) |
52 | return AUTH_FAIL_PUBKEY; | 52 | return SSH_AUTH_FAIL_PUBKEY; |
53 | else if (strncmp(method, "keyboard-interactive", 20) == 0 || | 53 | else if (strncmp(method, "keyboard-interactive", 20) == 0 || |
54 | strcmp(method, "challenge-response") == 0) | 54 | strcmp(method, "challenge-response") == 0) |
55 | return AUTH_FAIL_KBDINT; | 55 | return SSH_AUTH_FAIL_KBDINT; |
56 | else if (strcmp(method, "hostbased") == 0 || | 56 | else if (strcmp(method, "hostbased") == 0 || |
57 | strcmp(method, "rhosts-rsa") == 0) | 57 | strcmp(method, "rhosts-rsa") == 0) |
58 | return AUTH_FAIL_HOSTBASED; | 58 | return SSH_AUTH_FAIL_HOSTBASED; |
59 | else if (strcmp(method, "gssapi-with-mic") == 0) | 59 | else if (strcmp(method, "gssapi-with-mic") == 0) |
60 | return AUTH_FAIL_GSSAPI; | 60 | return SSH_AUTH_FAIL_GSSAPI; |
61 | else | 61 | else |
62 | return AUDIT_UNKNOWN; | 62 | return SSH_AUDIT_UNKNOWN; |
63 | } | 63 | } |
64 | 64 | ||
65 | /* helper to return supplied username */ | 65 | /* helper to return supplied username */ |
@@ -84,32 +84,32 @@ audit_event_lookup(ssh_audit_event_t ev) | |||
84 | ssh_audit_event_t event; | 84 | ssh_audit_event_t event; |
85 | const char *name; | 85 | const char *name; |
86 | } event_lookup[] = { | 86 | } event_lookup[] = { |
87 | {LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, | 87 | {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, |
88 | {LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, | 88 | {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, |
89 | {AUTH_SUCCESS, "AUTH_SUCCESS"}, | 89 | {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"}, |
90 | {AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, | 90 | {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, |
91 | {AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, | 91 | {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, |
92 | {AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, | 92 | {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, |
93 | {AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, | 93 | {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, |
94 | {AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, | 94 | {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, |
95 | {AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, | 95 | {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, |
96 | {INVALID_USER, "INVALID_USER"}, | 96 | {SSH_INVALID_USER, "INVALID_USER"}, |
97 | {NOLOGIN, "NOLOGIN"}, | 97 | {SSH_NOLOGIN, "NOLOGIN"}, |
98 | {CONNECTION_CLOSE, "CONNECTION_CLOSE"}, | 98 | {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"}, |
99 | {CONNECTION_ABANDON, "CONNECTION_ABANDON"}, | 99 | {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"}, |
100 | {AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} | 100 | {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} |
101 | }; | 101 | }; |
102 | 102 | ||
103 | for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++) | 103 | for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++) |
104 | if (event_lookup[i].event == ev) | 104 | if (event_lookup[i].event == ev) |
105 | break; | 105 | break; |
106 | return(event_lookup[i].name); | 106 | return(event_lookup[i].name); |
107 | } | 107 | } |
108 | 108 | ||
109 | # ifndef CUSTOM_AUDIT_EVENTS | 109 | # ifndef CUSTOM_SSH_AUDIT_EVENTS |
110 | /* | 110 | /* |
111 | * Null implementations of audit functions. | 111 | * Null implementations of audit functions. |
112 | * These get used if AUDIT_EVENTS is defined but no audit module is enabled. | 112 | * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled. |
113 | */ | 113 | */ |
114 | 114 | ||
115 | /* | 115 | /* |
@@ -177,5 +177,5 @@ audit_run_command(const char *command) | |||
177 | debug("audit run command euid %d user %s command '%.200s'", geteuid(), | 177 | debug("audit run command euid %d user %s command '%.200s'", geteuid(), |
178 | audit_username(), command); | 178 | audit_username(), command); |
179 | } | 179 | } |
180 | # endif /* !defined CUSTOM_AUDIT_EVENTS */ | 180 | # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ |
181 | #endif /* AUDIT_EVENTS */ | 181 | #endif /* SSH_AUDIT_EVENTS */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ | 1 | /* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. | 4 | * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. |
@@ -29,20 +29,20 @@ | |||
29 | #ifndef _SSH_AUDIT_H | 29 | #ifndef _SSH_AUDIT_H |
30 | # define _SSH_AUDIT_H | 30 | # define _SSH_AUDIT_H |
31 | enum ssh_audit_event_type { | 31 | enum ssh_audit_event_type { |
32 | LOGIN_EXCEED_MAXTRIES, | 32 | SSH_LOGIN_EXCEED_MAXTRIES, |
33 | LOGIN_ROOT_DENIED, | 33 | SSH_LOGIN_ROOT_DENIED, |
34 | AUTH_SUCCESS, | 34 | SSH_AUTH_SUCCESS, |
35 | AUTH_FAIL_NONE, | 35 | SSH_AUTH_FAIL_NONE, |
36 | AUTH_FAIL_PASSWD, | 36 | SSH_AUTH_FAIL_PASSWD, |
37 | AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ | 37 | SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ |
38 | AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ | 38 | SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ |
39 | AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ | 39 | SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ |
40 | AUTH_FAIL_GSSAPI, | 40 | SSH_AUTH_FAIL_GSSAPI, |
41 | INVALID_USER, | 41 | SSH_INVALID_USER, |
42 | NOLOGIN, /* denied by /etc/nologin, not implemented */ | 42 | SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */ |
43 | CONNECTION_CLOSE, /* closed after attempting auth or session */ | 43 | SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */ |
44 | CONNECTION_ABANDON, /* closed without completing auth */ | 44 | SSH_CONNECTION_ABANDON, /* closed without completing auth */ |
45 | AUDIT_UNKNOWN | 45 | SSH_AUDIT_UNKNOWN |
46 | }; | 46 | }; |
47 | typedef enum ssh_audit_event_type ssh_audit_event_t; | 47 | typedef enum ssh_audit_event_type ssh_audit_event_t; |
48 | 48 | ||
@@ -252,7 +252,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
252 | record_failed_login(authctxt->user, | 252 | record_failed_login(authctxt->user, |
253 | get_canonical_hostname(options.use_dns), "ssh"); | 253 | get_canonical_hostname(options.use_dns), "ssh"); |
254 | #endif | 254 | #endif |
255 | #ifdef AUDIT_EVENTS | 255 | #ifdef SSH_AUDIT_EVENTS |
256 | if (authenticated == 0 && !authctxt->postponed) { | 256 | if (authenticated == 0 && !authctxt->postponed) { |
257 | ssh_audit_event_t event; | 257 | ssh_audit_event_t event; |
258 | 258 | ||
@@ -265,15 +265,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
265 | */ | 265 | */ |
266 | event = audit_classify_auth(method); | 266 | event = audit_classify_auth(method); |
267 | switch(event) { | 267 | switch(event) { |
268 | case AUTH_FAIL_NONE: | 268 | case SSH_AUTH_FAIL_NONE: |
269 | case AUTH_FAIL_PASSWD: | 269 | case SSH_AUTH_FAIL_PASSWD: |
270 | case AUTH_FAIL_KBDINT: | 270 | case SSH_AUTH_FAIL_KBDINT: |
271 | if (geteuid() == 0) | 271 | if (geteuid() == 0) |
272 | audit_event(event); | 272 | audit_event(event); |
273 | break; | 273 | break; |
274 | case AUTH_FAIL_PUBKEY: | 274 | case SSH_AUTH_FAIL_PUBKEY: |
275 | case AUTH_FAIL_HOSTBASED: | 275 | case SSH_AUTH_FAIL_HOSTBASED: |
276 | case AUTH_FAIL_GSSAPI: | 276 | case SSH_AUTH_FAIL_GSSAPI: |
277 | /* | 277 | /* |
278 | * This is required to handle the case where privsep | 278 | * This is required to handle the case where privsep |
279 | * is enabled but it's root logging in, since | 279 | * is enabled but it's root logging in, since |
@@ -515,9 +515,9 @@ getpwnamallow(const char *user) | |||
515 | record_failed_login(user, | 515 | record_failed_login(user, |
516 | get_canonical_hostname(options.use_dns), "ssh"); | 516 | get_canonical_hostname(options.use_dns), "ssh"); |
517 | #endif | 517 | #endif |
518 | #ifdef AUDIT_EVENTS | 518 | #ifdef SSH_AUDIT_EVENTS |
519 | audit_event(INVALID_USER); | 519 | audit_event(SSH_INVALID_USER); |
520 | #endif /* AUDIT_EVENTS */ | 520 | #endif /* SSH_AUDIT_EVENTS */ |
521 | return (NULL); | 521 | return (NULL); |
522 | } | 522 | } |
523 | if (!allowed_user(pw)) | 523 | if (!allowed_user(pw)) |
@@ -249,8 +249,8 @@ do_authloop(Authctxt *authctxt) | |||
249 | if (authenticated && authctxt->pw->pw_uid == 0 && | 249 | if (authenticated && authctxt->pw->pw_uid == 0 && |
250 | !auth_root_allowed(get_authname(type))) { | 250 | !auth_root_allowed(get_authname(type))) { |
251 | authenticated = 0; | 251 | authenticated = 0; |
252 | # ifdef AUDIT_EVENTS | 252 | # ifdef SSH_AUDIT_EVENTS |
253 | PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); | 253 | PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); |
254 | # endif | 254 | # endif |
255 | } | 255 | } |
256 | #endif | 256 | #endif |
@@ -288,8 +288,8 @@ do_authloop(Authctxt *authctxt) | |||
288 | return; | 288 | return; |
289 | 289 | ||
290 | if (authctxt->failures++ > options.max_authtries) { | 290 | if (authctxt->failures++ > options.max_authtries) { |
291 | #ifdef AUDIT_EVENTS | 291 | #ifdef SSH_AUDIT_EVENTS |
292 | PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); | 292 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
293 | #endif | 293 | #endif |
294 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 294 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
295 | } | 295 | } |
@@ -167,8 +167,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
167 | if (options.use_pam) | 167 | if (options.use_pam) |
168 | PRIVSEP(start_pam(authctxt)); | 168 | PRIVSEP(start_pam(authctxt)); |
169 | #endif | 169 | #endif |
170 | #ifdef AUDIT_EVENTS | 170 | #ifdef SSH_AUDIT_EVENTS |
171 | PRIVSEP(audit_event(INVALID_USER)); | 171 | PRIVSEP(audit_event(SSH_INVALID_USER)); |
172 | #endif | 172 | #endif |
173 | } | 173 | } |
174 | setproctitle("%s%s", authctxt->valid ? user : "unknown", | 174 | setproctitle("%s%s", authctxt->valid ? user : "unknown", |
@@ -219,8 +219,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
219 | if (authenticated && authctxt->pw->pw_uid == 0 && | 219 | if (authenticated && authctxt->pw->pw_uid == 0 && |
220 | !auth_root_allowed(method)) { | 220 | !auth_root_allowed(method)) { |
221 | authenticated = 0; | 221 | authenticated = 0; |
222 | #ifdef AUDIT_EVENTS | 222 | #ifdef SSH_AUDIT_EVENTS |
223 | PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); | 223 | PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); |
224 | #endif | 224 | #endif |
225 | } | 225 | } |
226 | 226 | ||
@@ -263,8 +263,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
263 | authctxt->success = 1; | 263 | authctxt->success = 1; |
264 | } else { | 264 | } else { |
265 | if (authctxt->failures++ > options.max_authtries) { | 265 | if (authctxt->failures++ > options.max_authtries) { |
266 | #ifdef AUDIT_EVENTS | 266 | #ifdef SSH_AUDIT_EVENTS |
267 | PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); | 267 | PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); |
268 | #endif | 268 | #endif |
269 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 269 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
270 | } | 270 | } |
diff --git a/loginrec.c b/loginrec.c index 0fa9bdea7..c033582ad 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -164,7 +164,7 @@ | |||
164 | # include <libutil.h> | 164 | # include <libutil.h> |
165 | #endif | 165 | #endif |
166 | 166 | ||
167 | RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); | 167 | RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $"); |
168 | 168 | ||
169 | /** | 169 | /** |
170 | ** prototypes for helper functions in this file | 170 | ** prototypes for helper functions in this file |
@@ -444,7 +444,7 @@ login_write(struct logininfo *li) | |||
444 | !sys_auth_record_login(li->username,li->hostname,li->line)) | 444 | !sys_auth_record_login(li->username,li->hostname,li->line)) |
445 | logit("Writing login record failed for %s", li->username); | 445 | logit("Writing login record failed for %s", li->username); |
446 | #endif | 446 | #endif |
447 | #ifdef AUDIT_EVENTS | 447 | #ifdef SSH_AUDIT_EVENTS |
448 | if (li->type == LTYPE_LOGIN) | 448 | if (li->type == LTYPE_LOGIN) |
449 | audit_session_open(li->line); | 449 | audit_session_open(li->line); |
450 | else if (li->type == LTYPE_LOGOUT) | 450 | else if (li->type == LTYPE_LOGOUT) |
@@ -143,7 +143,7 @@ int mm_answer_gss_userok(int, Buffer *); | |||
143 | int mm_answer_gss_checkmic(int, Buffer *); | 143 | int mm_answer_gss_checkmic(int, Buffer *); |
144 | #endif | 144 | #endif |
145 | 145 | ||
146 | #ifdef AUDIT_EVENTS | 146 | #ifdef SSH_AUDIT_EVENTS |
147 | int mm_answer_audit_event(int, Buffer *); | 147 | int mm_answer_audit_event(int, Buffer *); |
148 | int mm_answer_audit_command(int, Buffer *); | 148 | int mm_answer_audit_command(int, Buffer *); |
149 | #endif | 149 | #endif |
@@ -191,7 +191,7 @@ struct mon_table mon_dispatch_proto20[] = { | |||
191 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 191 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
192 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 192 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
193 | #endif | 193 | #endif |
194 | #ifdef AUDIT_EVENTS | 194 | #ifdef SSH_AUDIT_EVENTS |
195 | {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, | 195 | {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, |
196 | #endif | 196 | #endif |
197 | #ifdef BSD_AUTH | 197 | #ifdef BSD_AUTH |
@@ -219,7 +219,7 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
219 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, | 219 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, |
220 | {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, | 220 | {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, |
221 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | 221 | {MONITOR_REQ_TERM, 0, mm_answer_term}, |
222 | #ifdef AUDIT_EVENTS | 222 | #ifdef SSH_AUDIT_EVENTS |
223 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 223 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
224 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | 224 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, |
225 | #endif | 225 | #endif |
@@ -251,7 +251,7 @@ struct mon_table mon_dispatch_proto15[] = { | |||
251 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 251 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
252 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 252 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
253 | #endif | 253 | #endif |
254 | #ifdef AUDIT_EVENTS | 254 | #ifdef SSH_AUDIT_EVENTS |
255 | {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, | 255 | {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, |
256 | #endif | 256 | #endif |
257 | {0, 0, NULL} | 257 | {0, 0, NULL} |
@@ -261,7 +261,7 @@ struct mon_table mon_dispatch_postauth15[] = { | |||
261 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, | 261 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, |
262 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, | 262 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, |
263 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | 263 | {MONITOR_REQ_TERM, 0, mm_answer_term}, |
264 | #ifdef AUDIT_EVENTS | 264 | #ifdef SSH_AUDIT_EVENTS |
265 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 265 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
266 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | 266 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
267 | #endif | 267 | #endif |
@@ -628,7 +628,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
628 | if (options.use_pam) | 628 | if (options.use_pam) |
629 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | 629 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); |
630 | #endif | 630 | #endif |
631 | #ifdef AUDIT_EVENTS | 631 | #ifdef SSH_AUDIT_EVENTS |
632 | monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); | 632 | monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); |
633 | #endif | 633 | #endif |
634 | 634 | ||
@@ -1513,7 +1513,7 @@ mm_answer_term(int sock, Buffer *req) | |||
1513 | exit(res); | 1513 | exit(res); |
1514 | } | 1514 | } |
1515 | 1515 | ||
1516 | #ifdef AUDIT_EVENTS | 1516 | #ifdef SSH_AUDIT_EVENTS |
1517 | /* Report that an audit event occurred */ | 1517 | /* Report that an audit event occurred */ |
1518 | int | 1518 | int |
1519 | mm_answer_audit_event(int socket, Buffer *m) | 1519 | mm_answer_audit_event(int socket, Buffer *m) |
@@ -1525,13 +1525,13 @@ mm_answer_audit_event(int socket, Buffer *m) | |||
1525 | event = buffer_get_int(m); | 1525 | event = buffer_get_int(m); |
1526 | buffer_free(m); | 1526 | buffer_free(m); |
1527 | switch(event) { | 1527 | switch(event) { |
1528 | case AUTH_FAIL_PUBKEY: | 1528 | case SSH_AUTH_FAIL_PUBKEY: |
1529 | case AUTH_FAIL_HOSTBASED: | 1529 | case SSH_AUTH_FAIL_HOSTBASED: |
1530 | case AUTH_FAIL_GSSAPI: | 1530 | case SSH_AUTH_FAIL_GSSAPI: |
1531 | case LOGIN_EXCEED_MAXTRIES: | 1531 | case SSH_LOGIN_EXCEED_MAXTRIES: |
1532 | case LOGIN_ROOT_DENIED: | 1532 | case SSH_LOGIN_ROOT_DENIED: |
1533 | case CONNECTION_CLOSE: | 1533 | case SSH_CONNECTION_CLOSE: |
1534 | case INVALID_USER: | 1534 | case SSH_INVALID_USER: |
1535 | audit_event(event); | 1535 | audit_event(event); |
1536 | break; | 1536 | break; |
1537 | default: | 1537 | default: |
@@ -1555,7 +1555,7 @@ mm_answer_audit_command(int socket, Buffer *m) | |||
1555 | buffer_free(m); | 1555 | buffer_free(m); |
1556 | return (0); | 1556 | return (0); |
1557 | } | 1557 | } |
1558 | #endif /* AUDIT_EVENTS */ | 1558 | #endif /* SSH_AUDIT_EVENTS */ |
1559 | 1559 | ||
1560 | void | 1560 | void |
1561 | monitor_apply_keystate(struct monitor *pmonitor) | 1561 | monitor_apply_keystate(struct monitor *pmonitor) |
diff --git a/monitor_wrap.c b/monitor_wrap.c index 983b24072..e1b6512b4 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1103,7 +1103,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | |||
1103 | return (success); | 1103 | return (success); |
1104 | } | 1104 | } |
1105 | 1105 | ||
1106 | #ifdef AUDIT_EVENTS | 1106 | #ifdef SSH_AUDIT_EVENTS |
1107 | void | 1107 | void |
1108 | mm_audit_event(ssh_audit_event_t event) | 1108 | mm_audit_event(ssh_audit_event_t event) |
1109 | { | 1109 | { |
@@ -1131,7 +1131,7 @@ mm_audit_run_command(const char *command) | |||
1131 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); | 1131 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); |
1132 | buffer_free(&m); | 1132 | buffer_free(&m); |
1133 | } | 1133 | } |
1134 | #endif /* AUDIT_EVENTS */ | 1134 | #endif /* SSH_AUDIT_EVENTS */ |
1135 | 1135 | ||
1136 | #ifdef GSSAPI | 1136 | #ifdef GSSAPI |
1137 | OM_uint32 | 1137 | OM_uint32 |
diff --git a/monitor_wrap.h b/monitor_wrap.h index 7ed241aa8..310b42513 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -74,7 +74,7 @@ int mm_sshpam_respond(void *, u_int, char **); | |||
74 | void mm_sshpam_free_ctx(void *); | 74 | void mm_sshpam_free_ctx(void *); |
75 | #endif | 75 | #endif |
76 | 76 | ||
77 | #ifdef AUDIT_EVENTS | 77 | #ifdef SSH_AUDIT_EVENTS |
78 | #include "audit.h" | 78 | #include "audit.h" |
79 | void mm_audit_event(ssh_audit_event_t); | 79 | void mm_audit_event(ssh_audit_event_t); |
80 | void mm_audit_run_command(const char *); | 80 | void mm_audit_run_command(const char *); |
@@ -665,7 +665,7 @@ do_exec(Session *s, const char *command) | |||
665 | debug("Forced command '%.900s'", command); | 665 | debug("Forced command '%.900s'", command); |
666 | } | 666 | } |
667 | 667 | ||
668 | #ifdef AUDIT_EVENTS | 668 | #ifdef SSH_AUDIT_EVENTS |
669 | if (command != NULL) | 669 | if (command != NULL) |
670 | PRIVSEP(audit_run_command(command)); | 670 | PRIVSEP(audit_run_command(command)); |
671 | else if (s->ttyfd == -1) { | 671 | else if (s->ttyfd == -1) { |
@@ -2333,8 +2333,8 @@ do_cleanup(Authctxt *authctxt) | |||
2333 | } | 2333 | } |
2334 | #endif | 2334 | #endif |
2335 | 2335 | ||
2336 | #ifdef AUDIT_EVENTS | 2336 | #ifdef SSH_AUDIT_EVENTS |
2337 | PRIVSEP(audit_event(CONNECTION_CLOSE)); | 2337 | PRIVSEP(audit_event(SSH_CONNECTION_CLOSE)); |
2338 | #endif | 2338 | #endif |
2339 | 2339 | ||
2340 | /* remove agent socket */ | 2340 | /* remove agent socket */ |
@@ -1628,7 +1628,7 @@ main(int ac, char **av) | |||
1628 | remote_port = get_remote_port(); | 1628 | remote_port = get_remote_port(); |
1629 | remote_ip = get_remote_ipaddr(); | 1629 | remote_ip = get_remote_ipaddr(); |
1630 | 1630 | ||
1631 | #ifdef AUDIT_EVENTS | 1631 | #ifdef SSH_AUDIT_EVENTS |
1632 | audit_connection_from(remote_ip, remote_port); | 1632 | audit_connection_from(remote_ip, remote_port); |
1633 | #endif | 1633 | #endif |
1634 | #ifdef LIBWRAP | 1634 | #ifdef LIBWRAP |
@@ -1700,8 +1700,8 @@ main(int ac, char **av) | |||
1700 | } | 1700 | } |
1701 | 1701 | ||
1702 | authenticated: | 1702 | authenticated: |
1703 | #ifdef AUDIT_EVENTS | 1703 | #ifdef SSH_AUDIT_EVENTS |
1704 | audit_event(AUTH_SUCCESS); | 1704 | audit_event(SSH_AUTH_SUCCESS); |
1705 | #endif | 1705 | #endif |
1706 | 1706 | ||
1707 | /* | 1707 | /* |
@@ -2017,10 +2017,10 @@ cleanup_exit(int i) | |||
2017 | { | 2017 | { |
2018 | if (the_authctxt) | 2018 | if (the_authctxt) |
2019 | do_cleanup(the_authctxt); | 2019 | do_cleanup(the_authctxt); |
2020 | #ifdef AUDIT_EVENTS | 2020 | #ifdef SSH_AUDIT_EVENTS |
2021 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ | 2021 | /* done after do_cleanup so it can cancel the PAM auth 'thread' */ |
2022 | if (!use_privsep || mm_is_monitor()) | 2022 | if (!use_privsep || mm_is_monitor()) |
2023 | audit_event(CONNECTION_ABANDON); | 2023 | audit_event(SSH_CONNECTION_ABANDON); |
2024 | #endif | 2024 | #endif |
2025 | _exit(i); | 2025 | _exit(i); |
2026 | } | 2026 | } |