summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--audit-linux.c23
1 files changed, 11 insertions, 12 deletions
diff --git a/audit-linux.c b/audit-linux.c
index 58722d737..d3524f7e1 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -38,16 +38,15 @@
38#include "canohost.h" 38#include "canohost.h"
39#include "packet.h" 39#include "packet.h"
40 40
41const char* audit_username(void); 41const char *audit_username(void);
42 42
43int 43int
44linux_audit_record_event(int uid, const char *username, 44linux_audit_record_event(int uid, const char *username, const char *hostname,
45 const char *hostname, const char *ip, const char *ttyn, int success) 45 const char *ip, const char *ttyn, int success)
46{ 46{
47 int audit_fd, rc, saved_errno; 47 int audit_fd, rc, saved_errno;
48 48
49 audit_fd = audit_open(); 49 if ((audit_fd = audit_open()) < 0) {
50 if (audit_fd < 0) {
51 if (errno == EINVAL || errno == EPROTONOSUPPORT || 50 if (errno == EINVAL || errno == EPROTONOSUPPORT ||
52 errno == EAFNOSUPPORT) 51 errno == EAFNOSUPPORT)
53 return 1; /* No audit support in kernel */ 52 return 1; /* No audit support in kernel */
@@ -59,6 +58,7 @@ linux_audit_record_event(int uid, const char *username,
59 username == NULL ? uid : -1, hostname, ip, ttyn, success); 58 username == NULL ? uid : -1, hostname, ip, ttyn, success);
60 saved_errno = errno; 59 saved_errno = errno;
61 close(audit_fd); 60 close(audit_fd);
61
62 /* 62 /*
63 * Do not report error if the error is EPERM and sshd is run as non 63 * Do not report error if the error is EPERM and sshd is run as non
64 * root user. 64 * root user.
@@ -66,7 +66,8 @@ linux_audit_record_event(int uid, const char *username,
66 if ((rc == -EPERM) && (geteuid() != 0)) 66 if ((rc == -EPERM) && (geteuid() != 0))
67 rc = 0; 67 rc = 0;
68 errno = saved_errno; 68 errno = saved_errno;
69 return (rc >= 0); 69
70 return rc >= 0;
70} 71}
71 72
72/* Below is the sshd audit API code */ 73/* Below is the sshd audit API code */
@@ -74,8 +75,8 @@ linux_audit_record_event(int uid, const char *username,
74void 75void
75audit_connection_from(const char *host, int port) 76audit_connection_from(const char *host, int port)
76{ 77{
77}
78 /* not implemented */ 78 /* not implemented */
79}
79 80
80void 81void
81audit_run_command(const char *command) 82audit_run_command(const char *command)
@@ -86,8 +87,8 @@ audit_run_command(const char *command)
86void 87void
87audit_session_open(struct logininfo *li) 88audit_session_open(struct logininfo *li)
88{ 89{
89 if (linux_audit_record_event(li->uid, NULL, li->hostname, 90 if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL,
90 NULL, li->line, 1) == 0) 91 li->line, 1) == 0)
91 fatal("linux_audit_write_entry failed: %s", strerror(errno)); 92 fatal("linux_audit_write_entry failed: %s", strerror(errno));
92} 93}
93 94
@@ -109,7 +110,6 @@ audit_event(ssh_audit_event_t event)
109 case SSH_LOGIN_EXCEED_MAXTRIES: 110 case SSH_LOGIN_EXCEED_MAXTRIES:
110 case SSH_LOGIN_ROOT_DENIED: 111 case SSH_LOGIN_ROOT_DENIED:
111 break; 112 break;
112
113 case SSH_AUTH_FAIL_NONE: 113 case SSH_AUTH_FAIL_NONE:
114 case SSH_AUTH_FAIL_PASSWD: 114 case SSH_AUTH_FAIL_PASSWD:
115 case SSH_AUTH_FAIL_KBDINT: 115 case SSH_AUTH_FAIL_KBDINT:
@@ -120,10 +120,9 @@ audit_event(ssh_audit_event_t event)
120 linux_audit_record_event(-1, audit_username(), NULL, 120 linux_audit_record_event(-1, audit_username(), NULL,
121 ssh_remote_ipaddr(ssh), "sshd", 0); 121 ssh_remote_ipaddr(ssh), "sshd", 0);
122 break; 122 break;
123
124 default: 123 default:
125 debug("%s: unhandled event %d", __func__, event); 124 debug("%s: unhandled event %d", __func__, event);
125 break;
126 } 126 }
127} 127}
128
129#endif /* USE_LINUX_AUDIT */ 128#endif /* USE_LINUX_AUDIT */