summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--audit.c56
-rw-r--r--audit.h30
-rw-r--r--auth.c20
-rw-r--r--auth1.c8
-rw-r--r--auth2.c12
-rw-r--r--loginrec.c4
-rw-r--r--monitor.c30
-rw-r--r--monitor_wrap.c4
-rw-r--r--monitor_wrap.h2
-rw-r--r--session.c6
-rw-r--r--sshd.c10
12 files changed, 96 insertions, 92 deletions
diff --git a/ChangeLog b/ChangeLog
index 89424da03..60e5374ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
3 regress tests so newer versions of GNU head(1) behave themselves. Patch 3 regress tests so newer versions of GNU head(1) behave themselves. Patch
4 by djm, so ok me. 4 by djm, so ok me.
5 - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 5 - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
6 - (dtucker) [audit.c audit.h auth.c auth1.c auth2.c loginrec.c monitor.c
7 monitor_wrap.c monitor_wrap.h session.c sshd.c]: Prepend all of the audit
8 defines and enums with SSH_ to prevent namespace collisions on some
9 platforms (eg AIX).
6 10
720050204 1120050204
8 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too. 12 - (dtucker) [monitor.c] Permit INVALID_USER audit events from slave too.
@@ -2082,4 +2086,4 @@
2082 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 2086 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2083 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 2087 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2084 2088
2085$Id: ChangeLog,v 1.3638 2005/02/08 10:06:55 dtucker Exp $ 2089$Id: ChangeLog,v 1.3639 2005/02/08 10:52:47 dtucker Exp $
diff --git a/audit.c b/audit.c
index 13852a05e..18fc41047 100644
--- a/audit.c
+++ b/audit.c
@@ -1,4 +1,4 @@
1/* $Id: audit.c,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ 1/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@@ -26,7 +26,7 @@
26 26
27#include "includes.h" 27#include "includes.h"
28 28
29#ifdef AUDIT_EVENTS 29#ifdef SSH_AUDIT_EVENTS
30 30
31#include "audit.h" 31#include "audit.h"
32#include "log.h" 32#include "log.h"
@@ -44,22 +44,22 @@ ssh_audit_event_t
44audit_classify_auth(const char *method) 44audit_classify_auth(const char *method)
45{ 45{
46 if (strcmp(method, "none") == 0) 46 if (strcmp(method, "none") == 0)
47 return AUTH_FAIL_NONE; 47 return SSH_AUTH_FAIL_NONE;
48 else if (strcmp(method, "password") == 0) 48 else if (strcmp(method, "password") == 0)
49 return AUTH_FAIL_PASSWD; 49 return SSH_AUTH_FAIL_PASSWD;
50 else if (strcmp(method, "publickey") == 0 || 50 else if (strcmp(method, "publickey") == 0 ||
51 strcmp(method, "rsa") == 0) 51 strcmp(method, "rsa") == 0)
52 return AUTH_FAIL_PUBKEY; 52 return SSH_AUTH_FAIL_PUBKEY;
53 else if (strncmp(method, "keyboard-interactive", 20) == 0 || 53 else if (strncmp(method, "keyboard-interactive", 20) == 0 ||
54 strcmp(method, "challenge-response") == 0) 54 strcmp(method, "challenge-response") == 0)
55 return AUTH_FAIL_KBDINT; 55 return SSH_AUTH_FAIL_KBDINT;
56 else if (strcmp(method, "hostbased") == 0 || 56 else if (strcmp(method, "hostbased") == 0 ||
57 strcmp(method, "rhosts-rsa") == 0) 57 strcmp(method, "rhosts-rsa") == 0)
58 return AUTH_FAIL_HOSTBASED; 58 return SSH_AUTH_FAIL_HOSTBASED;
59 else if (strcmp(method, "gssapi-with-mic") == 0) 59 else if (strcmp(method, "gssapi-with-mic") == 0)
60 return AUTH_FAIL_GSSAPI; 60 return SSH_AUTH_FAIL_GSSAPI;
61 else 61 else
62 return AUDIT_UNKNOWN; 62 return SSH_AUDIT_UNKNOWN;
63} 63}
64 64
65/* helper to return supplied username */ 65/* helper to return supplied username */
@@ -84,32 +84,32 @@ audit_event_lookup(ssh_audit_event_t ev)
84 ssh_audit_event_t event; 84 ssh_audit_event_t event;
85 const char *name; 85 const char *name;
86 } event_lookup[] = { 86 } event_lookup[] = {
87 {LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"}, 87 {SSH_LOGIN_EXCEED_MAXTRIES, "LOGIN_EXCEED_MAXTRIES"},
88 {LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"}, 88 {SSH_LOGIN_ROOT_DENIED, "LOGIN_ROOT_DENIED"},
89 {AUTH_SUCCESS, "AUTH_SUCCESS"}, 89 {SSH_AUTH_SUCCESS, "AUTH_SUCCESS"},
90 {AUTH_FAIL_NONE, "AUTH_FAIL_NONE"}, 90 {SSH_AUTH_FAIL_NONE, "AUTH_FAIL_NONE"},
91 {AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"}, 91 {SSH_AUTH_FAIL_PASSWD, "AUTH_FAIL_PASSWD"},
92 {AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"}, 92 {SSH_AUTH_FAIL_KBDINT, "AUTH_FAIL_KBDINT"},
93 {AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"}, 93 {SSH_AUTH_FAIL_PUBKEY, "AUTH_FAIL_PUBKEY"},
94 {AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"}, 94 {SSH_AUTH_FAIL_HOSTBASED, "AUTH_FAIL_HOSTBASED"},
95 {AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"}, 95 {SSH_AUTH_FAIL_GSSAPI, "AUTH_FAIL_GSSAPI"},
96 {INVALID_USER, "INVALID_USER"}, 96 {SSH_INVALID_USER, "INVALID_USER"},
97 {NOLOGIN, "NOLOGIN"}, 97 {SSH_NOLOGIN, "NOLOGIN"},
98 {CONNECTION_CLOSE, "CONNECTION_CLOSE"}, 98 {SSH_CONNECTION_CLOSE, "CONNECTION_CLOSE"},
99 {CONNECTION_ABANDON, "CONNECTION_ABANDON"}, 99 {SSH_CONNECTION_ABANDON, "CONNECTION_ABANDON"},
100 {AUDIT_UNKNOWN, "AUDIT_UNKNOWN"} 100 {SSH_AUDIT_UNKNOWN, "AUDIT_UNKNOWN"}
101 }; 101 };
102 102
103 for (i = 0; event_lookup[i].event != AUDIT_UNKNOWN; i++) 103 for (i = 0; event_lookup[i].event != SSH_AUDIT_UNKNOWN; i++)
104 if (event_lookup[i].event == ev) 104 if (event_lookup[i].event == ev)
105 break; 105 break;
106 return(event_lookup[i].name); 106 return(event_lookup[i].name);
107} 107}
108 108
109# ifndef CUSTOM_AUDIT_EVENTS 109# ifndef CUSTOM_SSH_AUDIT_EVENTS
110/* 110/*
111 * Null implementations of audit functions. 111 * Null implementations of audit functions.
112 * These get used if AUDIT_EVENTS is defined but no audit module is enabled. 112 * These get used if SSH_AUDIT_EVENTS is defined but no audit module is enabled.
113 */ 113 */
114 114
115/* 115/*
@@ -177,5 +177,5 @@ audit_run_command(const char *command)
177 debug("audit run command euid %d user %s command '%.200s'", geteuid(), 177 debug("audit run command euid %d user %s command '%.200s'", geteuid(),
178 audit_username(), command); 178 audit_username(), command);
179} 179}
180# endif /* !defined CUSTOM_AUDIT_EVENTS */ 180# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
181#endif /* AUDIT_EVENTS */ 181#endif /* SSH_AUDIT_EVENTS */
diff --git a/audit.h b/audit.h
index 2c1437391..78e58966f 100644
--- a/audit.h
+++ b/audit.h
@@ -1,4 +1,4 @@
1/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */ 1/* $Id: audit.h,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@@ -29,20 +29,20 @@
29#ifndef _SSH_AUDIT_H 29#ifndef _SSH_AUDIT_H
30# define _SSH_AUDIT_H 30# define _SSH_AUDIT_H
31enum ssh_audit_event_type { 31enum ssh_audit_event_type {
32 LOGIN_EXCEED_MAXTRIES, 32 SSH_LOGIN_EXCEED_MAXTRIES,
33 LOGIN_ROOT_DENIED, 33 SSH_LOGIN_ROOT_DENIED,
34 AUTH_SUCCESS, 34 SSH_AUTH_SUCCESS,
35 AUTH_FAIL_NONE, 35 SSH_AUTH_FAIL_NONE,
36 AUTH_FAIL_PASSWD, 36 SSH_AUTH_FAIL_PASSWD,
37 AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */ 37 SSH_AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
38 AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */ 38 SSH_AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
39 AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */ 39 SSH_AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
40 AUTH_FAIL_GSSAPI, 40 SSH_AUTH_FAIL_GSSAPI,
41 INVALID_USER, 41 SSH_INVALID_USER,
42 NOLOGIN, /* denied by /etc/nologin, not implemented */ 42 SSH_NOLOGIN, /* denied by /etc/nologin, not implemented */
43 CONNECTION_CLOSE, /* closed after attempting auth or session */ 43 SSH_CONNECTION_CLOSE, /* closed after attempting auth or session */
44 CONNECTION_ABANDON, /* closed without completing auth */ 44 SSH_CONNECTION_ABANDON, /* closed without completing auth */
45 AUDIT_UNKNOWN 45 SSH_AUDIT_UNKNOWN
46}; 46};
47typedef enum ssh_audit_event_type ssh_audit_event_t; 47typedef enum ssh_audit_event_type ssh_audit_event_t;
48 48
diff --git a/auth.c b/auth.c
index 4b62ad8f7..e6dcab209 100644
--- a/auth.c
+++ b/auth.c
@@ -252,7 +252,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
252 record_failed_login(authctxt->user, 252 record_failed_login(authctxt->user,
253 get_canonical_hostname(options.use_dns), "ssh"); 253 get_canonical_hostname(options.use_dns), "ssh");
254#endif 254#endif
255#ifdef AUDIT_EVENTS 255#ifdef SSH_AUDIT_EVENTS
256 if (authenticated == 0 && !authctxt->postponed) { 256 if (authenticated == 0 && !authctxt->postponed) {
257 ssh_audit_event_t event; 257 ssh_audit_event_t event;
258 258
@@ -265,15 +265,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
265 */ 265 */
266 event = audit_classify_auth(method); 266 event = audit_classify_auth(method);
267 switch(event) { 267 switch(event) {
268 case AUTH_FAIL_NONE: 268 case SSH_AUTH_FAIL_NONE:
269 case AUTH_FAIL_PASSWD: 269 case SSH_AUTH_FAIL_PASSWD:
270 case AUTH_FAIL_KBDINT: 270 case SSH_AUTH_FAIL_KBDINT:
271 if (geteuid() == 0) 271 if (geteuid() == 0)
272 audit_event(event); 272 audit_event(event);
273 break; 273 break;
274 case AUTH_FAIL_PUBKEY: 274 case SSH_AUTH_FAIL_PUBKEY:
275 case AUTH_FAIL_HOSTBASED: 275 case SSH_AUTH_FAIL_HOSTBASED:
276 case AUTH_FAIL_GSSAPI: 276 case SSH_AUTH_FAIL_GSSAPI:
277 /* 277 /*
278 * This is required to handle the case where privsep 278 * This is required to handle the case where privsep
279 * is enabled but it's root logging in, since 279 * is enabled but it's root logging in, since
@@ -515,9 +515,9 @@ getpwnamallow(const char *user)
515 record_failed_login(user, 515 record_failed_login(user,
516 get_canonical_hostname(options.use_dns), "ssh"); 516 get_canonical_hostname(options.use_dns), "ssh");
517#endif 517#endif
518#ifdef AUDIT_EVENTS 518#ifdef SSH_AUDIT_EVENTS
519 audit_event(INVALID_USER); 519 audit_event(SSH_INVALID_USER);
520#endif /* AUDIT_EVENTS */ 520#endif /* SSH_AUDIT_EVENTS */
521 return (NULL); 521 return (NULL);
522 } 522 }
523 if (!allowed_user(pw)) 523 if (!allowed_user(pw))
diff --git a/auth1.c b/auth1.c
index aeb5d8cb9..d08928455 100644
--- a/auth1.c
+++ b/auth1.c
@@ -249,8 +249,8 @@ do_authloop(Authctxt *authctxt)
249 if (authenticated && authctxt->pw->pw_uid == 0 && 249 if (authenticated && authctxt->pw->pw_uid == 0 &&
250 !auth_root_allowed(get_authname(type))) { 250 !auth_root_allowed(get_authname(type))) {
251 authenticated = 0; 251 authenticated = 0;
252# ifdef AUDIT_EVENTS 252# ifdef SSH_AUDIT_EVENTS
253 PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); 253 PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
254# endif 254# endif
255 } 255 }
256#endif 256#endif
@@ -288,8 +288,8 @@ do_authloop(Authctxt *authctxt)
288 return; 288 return;
289 289
290 if (authctxt->failures++ > options.max_authtries) { 290 if (authctxt->failures++ > options.max_authtries) {
291#ifdef AUDIT_EVENTS 291#ifdef SSH_AUDIT_EVENTS
292 PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); 292 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
293#endif 293#endif
294 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 294 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
295 } 295 }
diff --git a/auth2.c b/auth2.c
index 2727e0ff5..2265d311e 100644
--- a/auth2.c
+++ b/auth2.c
@@ -167,8 +167,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
167 if (options.use_pam) 167 if (options.use_pam)
168 PRIVSEP(start_pam(authctxt)); 168 PRIVSEP(start_pam(authctxt));
169#endif 169#endif
170#ifdef AUDIT_EVENTS 170#ifdef SSH_AUDIT_EVENTS
171 PRIVSEP(audit_event(INVALID_USER)); 171 PRIVSEP(audit_event(SSH_INVALID_USER));
172#endif 172#endif
173 } 173 }
174 setproctitle("%s%s", authctxt->valid ? user : "unknown", 174 setproctitle("%s%s", authctxt->valid ? user : "unknown",
@@ -219,8 +219,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
219 if (authenticated && authctxt->pw->pw_uid == 0 && 219 if (authenticated && authctxt->pw->pw_uid == 0 &&
220 !auth_root_allowed(method)) { 220 !auth_root_allowed(method)) {
221 authenticated = 0; 221 authenticated = 0;
222#ifdef AUDIT_EVENTS 222#ifdef SSH_AUDIT_EVENTS
223 PRIVSEP(audit_event(LOGIN_ROOT_DENIED)); 223 PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
224#endif 224#endif
225 } 225 }
226 226
@@ -263,8 +263,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
263 authctxt->success = 1; 263 authctxt->success = 1;
264 } else { 264 } else {
265 if (authctxt->failures++ > options.max_authtries) { 265 if (authctxt->failures++ > options.max_authtries) {
266#ifdef AUDIT_EVENTS 266#ifdef SSH_AUDIT_EVENTS
267 PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); 267 PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
268#endif 268#endif
269 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 269 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
270 } 270 }
diff --git a/loginrec.c b/loginrec.c
index 0fa9bdea7..c033582ad 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -164,7 +164,7 @@
164# include <libutil.h> 164# include <libutil.h>
165#endif 165#endif
166 166
167RCSID("$Id: loginrec.c,v 1.64 2005/02/02 13:20:53 dtucker Exp $"); 167RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $");
168 168
169/** 169/**
170 ** prototypes for helper functions in this file 170 ** prototypes for helper functions in this file
@@ -444,7 +444,7 @@ login_write(struct logininfo *li)
444 !sys_auth_record_login(li->username,li->hostname,li->line)) 444 !sys_auth_record_login(li->username,li->hostname,li->line))
445 logit("Writing login record failed for %s", li->username); 445 logit("Writing login record failed for %s", li->username);
446#endif 446#endif
447#ifdef AUDIT_EVENTS 447#ifdef SSH_AUDIT_EVENTS
448 if (li->type == LTYPE_LOGIN) 448 if (li->type == LTYPE_LOGIN)
449 audit_session_open(li->line); 449 audit_session_open(li->line);
450 else if (li->type == LTYPE_LOGOUT) 450 else if (li->type == LTYPE_LOGOUT)
diff --git a/monitor.c b/monitor.c
index 04534d759..d6df656b0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -143,7 +143,7 @@ int mm_answer_gss_userok(int, Buffer *);
143int mm_answer_gss_checkmic(int, Buffer *); 143int mm_answer_gss_checkmic(int, Buffer *);
144#endif 144#endif
145 145
146#ifdef AUDIT_EVENTS 146#ifdef SSH_AUDIT_EVENTS
147int mm_answer_audit_event(int, Buffer *); 147int mm_answer_audit_event(int, Buffer *);
148int mm_answer_audit_command(int, Buffer *); 148int mm_answer_audit_command(int, Buffer *);
149#endif 149#endif
@@ -191,7 +191,7 @@ struct mon_table mon_dispatch_proto20[] = {
191 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 191 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
192 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 192 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
193#endif 193#endif
194#ifdef AUDIT_EVENTS 194#ifdef SSH_AUDIT_EVENTS
195 {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, 195 {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
196#endif 196#endif
197#ifdef BSD_AUTH 197#ifdef BSD_AUTH
@@ -219,7 +219,7 @@ struct mon_table mon_dispatch_postauth20[] = {
219 {MONITOR_REQ_PTY, 0, mm_answer_pty}, 219 {MONITOR_REQ_PTY, 0, mm_answer_pty},
220 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, 220 {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup},
221 {MONITOR_REQ_TERM, 0, mm_answer_term}, 221 {MONITOR_REQ_TERM, 0, mm_answer_term},
222#ifdef AUDIT_EVENTS 222#ifdef SSH_AUDIT_EVENTS
223 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 223 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
224 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, 224 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
225#endif 225#endif
@@ -251,7 +251,7 @@ struct mon_table mon_dispatch_proto15[] = {
251 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, 251 {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
252 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, 252 {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
253#endif 253#endif
254#ifdef AUDIT_EVENTS 254#ifdef SSH_AUDIT_EVENTS
255 {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event}, 255 {MONITOR_REQ_AUDIT_EVENT, 0, mm_answer_audit_event},
256#endif 256#endif
257 {0, 0, NULL} 257 {0, 0, NULL}
@@ -261,7 +261,7 @@ struct mon_table mon_dispatch_postauth15[] = {
261 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, 261 {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
262 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, 262 {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
263 {MONITOR_REQ_TERM, 0, mm_answer_term}, 263 {MONITOR_REQ_TERM, 0, mm_answer_term},
264#ifdef AUDIT_EVENTS 264#ifdef SSH_AUDIT_EVENTS
265 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, 265 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
266 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, 266 {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
267#endif 267#endif
@@ -628,7 +628,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
628 if (options.use_pam) 628 if (options.use_pam)
629 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); 629 monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
630#endif 630#endif
631#ifdef AUDIT_EVENTS 631#ifdef SSH_AUDIT_EVENTS
632 monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1); 632 monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_EVENT, 1);
633#endif 633#endif
634 634
@@ -1513,7 +1513,7 @@ mm_answer_term(int sock, Buffer *req)
1513 exit(res); 1513 exit(res);
1514} 1514}
1515 1515
1516#ifdef AUDIT_EVENTS 1516#ifdef SSH_AUDIT_EVENTS
1517/* Report that an audit event occurred */ 1517/* Report that an audit event occurred */
1518int 1518int
1519mm_answer_audit_event(int socket, Buffer *m) 1519mm_answer_audit_event(int socket, Buffer *m)
@@ -1525,13 +1525,13 @@ mm_answer_audit_event(int socket, Buffer *m)
1525 event = buffer_get_int(m); 1525 event = buffer_get_int(m);
1526 buffer_free(m); 1526 buffer_free(m);
1527 switch(event) { 1527 switch(event) {
1528 case AUTH_FAIL_PUBKEY: 1528 case SSH_AUTH_FAIL_PUBKEY:
1529 case AUTH_FAIL_HOSTBASED: 1529 case SSH_AUTH_FAIL_HOSTBASED:
1530 case AUTH_FAIL_GSSAPI: 1530 case SSH_AUTH_FAIL_GSSAPI:
1531 case LOGIN_EXCEED_MAXTRIES: 1531 case SSH_LOGIN_EXCEED_MAXTRIES:
1532 case LOGIN_ROOT_DENIED: 1532 case SSH_LOGIN_ROOT_DENIED:
1533 case CONNECTION_CLOSE: 1533 case SSH_CONNECTION_CLOSE:
1534 case INVALID_USER: 1534 case SSH_INVALID_USER:
1535 audit_event(event); 1535 audit_event(event);
1536 break; 1536 break;
1537 default: 1537 default:
@@ -1555,7 +1555,7 @@ mm_answer_audit_command(int socket, Buffer *m)
1555 buffer_free(m); 1555 buffer_free(m);
1556 return (0); 1556 return (0);
1557} 1557}
1558#endif /* AUDIT_EVENTS */ 1558#endif /* SSH_AUDIT_EVENTS */
1559 1559
1560void 1560void
1561monitor_apply_keystate(struct monitor *pmonitor) 1561monitor_apply_keystate(struct monitor *pmonitor)
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 983b24072..e1b6512b4 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1103,7 +1103,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
1103 return (success); 1103 return (success);
1104} 1104}
1105 1105
1106#ifdef AUDIT_EVENTS 1106#ifdef SSH_AUDIT_EVENTS
1107void 1107void
1108mm_audit_event(ssh_audit_event_t event) 1108mm_audit_event(ssh_audit_event_t event)
1109{ 1109{
@@ -1131,7 +1131,7 @@ mm_audit_run_command(const char *command)
1131 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); 1131 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
1132 buffer_free(&m); 1132 buffer_free(&m);
1133} 1133}
1134#endif /* AUDIT_EVENTS */ 1134#endif /* SSH_AUDIT_EVENTS */
1135 1135
1136#ifdef GSSAPI 1136#ifdef GSSAPI
1137OM_uint32 1137OM_uint32
diff --git a/monitor_wrap.h b/monitor_wrap.h
index 7ed241aa8..310b42513 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -74,7 +74,7 @@ int mm_sshpam_respond(void *, u_int, char **);
74void mm_sshpam_free_ctx(void *); 74void mm_sshpam_free_ctx(void *);
75#endif 75#endif
76 76
77#ifdef AUDIT_EVENTS 77#ifdef SSH_AUDIT_EVENTS
78#include "audit.h" 78#include "audit.h"
79void mm_audit_event(ssh_audit_event_t); 79void mm_audit_event(ssh_audit_event_t);
80void mm_audit_run_command(const char *); 80void mm_audit_run_command(const char *);
diff --git a/session.c b/session.c
index b645144c5..a50bfcff7 100644
--- a/session.c
+++ b/session.c
@@ -665,7 +665,7 @@ do_exec(Session *s, const char *command)
665 debug("Forced command '%.900s'", command); 665 debug("Forced command '%.900s'", command);
666 } 666 }
667 667
668#ifdef AUDIT_EVENTS 668#ifdef SSH_AUDIT_EVENTS
669 if (command != NULL) 669 if (command != NULL)
670 PRIVSEP(audit_run_command(command)); 670 PRIVSEP(audit_run_command(command));
671 else if (s->ttyfd == -1) { 671 else if (s->ttyfd == -1) {
@@ -2333,8 +2333,8 @@ do_cleanup(Authctxt *authctxt)
2333 } 2333 }
2334#endif 2334#endif
2335 2335
2336#ifdef AUDIT_EVENTS 2336#ifdef SSH_AUDIT_EVENTS
2337 PRIVSEP(audit_event(CONNECTION_CLOSE)); 2337 PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
2338#endif 2338#endif
2339 2339
2340 /* remove agent socket */ 2340 /* remove agent socket */
diff --git a/sshd.c b/sshd.c
index e61870ea5..6b379521b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1628,7 +1628,7 @@ main(int ac, char **av)
1628 remote_port = get_remote_port(); 1628 remote_port = get_remote_port();
1629 remote_ip = get_remote_ipaddr(); 1629 remote_ip = get_remote_ipaddr();
1630 1630
1631#ifdef AUDIT_EVENTS 1631#ifdef SSH_AUDIT_EVENTS
1632 audit_connection_from(remote_ip, remote_port); 1632 audit_connection_from(remote_ip, remote_port);
1633#endif 1633#endif
1634#ifdef LIBWRAP 1634#ifdef LIBWRAP
@@ -1700,8 +1700,8 @@ main(int ac, char **av)
1700 } 1700 }
1701 1701
1702 authenticated: 1702 authenticated:
1703#ifdef AUDIT_EVENTS 1703#ifdef SSH_AUDIT_EVENTS
1704 audit_event(AUTH_SUCCESS); 1704 audit_event(SSH_AUTH_SUCCESS);
1705#endif 1705#endif
1706 1706
1707 /* 1707 /*
@@ -2017,10 +2017,10 @@ cleanup_exit(int i)
2017{ 2017{
2018 if (the_authctxt) 2018 if (the_authctxt)
2019 do_cleanup(the_authctxt); 2019 do_cleanup(the_authctxt);
2020#ifdef AUDIT_EVENTS 2020#ifdef SSH_AUDIT_EVENTS
2021 /* done after do_cleanup so it can cancel the PAM auth 'thread' */ 2021 /* done after do_cleanup so it can cancel the PAM auth 'thread' */
2022 if (!use_privsep || mm_is_monitor()) 2022 if (!use_privsep || mm_is_monitor())
2023 audit_event(CONNECTION_ABANDON); 2023 audit_event(SSH_CONNECTION_ABANDON);
2024#endif 2024#endif
2025 _exit(i); 2025 _exit(i);
2026} 2026}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 20:46:18 +0000