1 files changed, 15 insertions, 13 deletions
diff --git a/audit-linux.c b/audit-linux.c
index b3ee2f4da..d3524f7e1 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -36,17 +36,17 @@
 #include "log.h"
 #include "audit.h"
 #include "canohost.h"
+#include "packet.h"
-const char* audit_username(void);
+const char *audit_username(void);
 int
-linux_audit_record_event(int uid, const char *username,
+linux_audit_record_event(int uid, const char *username, const char *hostname,
-    const char *hostname, const char *ip, const char *ttyn, int success)
+    const char *ip, const char *ttyn, int success)
 {
        int audit_fd, rc, saved_errno;
-        audit_fd = audit_open();
+        if ((audit_fd = audit_open()) < 0) {
-        if (audit_fd < 0) {
                if (errno == EINVAL || errno == EPROTONOSUPPORT ||
                    errno == EAFNOSUPPORT)
                        return 1; /* No audit support in kernel */
@@ -58,6 +58,7 @@ linux_audit_record_event(int uid, const char *username,
            username == NULL ? uid : -1, hostname, ip, ttyn, success);
        saved_errno = errno;
        close(audit_fd);
        /*
         * Do not report error if the error is EPERM and sshd is run as non
         * root user.
@@ -65,7 +66,8 @@ linux_audit_record_event(int uid, const char *username,
        if ((rc == -EPERM) && (geteuid() != 0))
                rc = 0;
        errno = saved_errno;
-        return (rc >= 0);
+        return rc >= 0;
 }
 /* Below is the sshd audit API code */
@@ -73,8 +75,8 @@ linux_audit_record_event(int uid, const char *username,
 void
 audit_connection_from(const char *host, int port)
 {
-}
        /* not implemented */
+}
 void
 audit_run_command(const char *command)
@@ -85,8 +87,8 @@ audit_run_command(const char *command)
 void
 audit_session_open(struct logininfo *li)
 {
-        if (linux_audit_record_event(li->uid, NULL, li->hostname,
+        if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL,
-            NULL, li->line, 1) == 0)
+            li->line, 1) == 0)
                fatal("linux_audit_write_entry failed: %s", strerror(errno));
 }
@@ -99,6 +101,8 @@ audit_session_close(struct logininfo *li)
 void
 audit_event(ssh_audit_event_t event)
 {
+        struct ssh *ssh = active_state; /* XXX */
        switch(event) {
        case SSH_AUTH_SUCCESS:
        case SSH_CONNECTION_CLOSE:
@@ -106,7 +110,6 @@ audit_event(ssh_audit_event_t event)
        case SSH_LOGIN_EXCEED_MAXTRIES:
        case SSH_LOGIN_ROOT_DENIED:
                break;
        case SSH_AUTH_FAIL_NONE:
        case SSH_AUTH_FAIL_PASSWD:
        case SSH_AUTH_FAIL_KBDINT:
@@ -115,12 +118,11 @@ audit_event(ssh_audit_event_t event)
        case SSH_AUTH_FAIL_GSSAPI:
        case SSH_INVALID_USER:
                linux_audit_record_event(-1, audit_username(), NULL,
-                        get_remote_ipaddr(), "sshd", 0);
+                    ssh_remote_ipaddr(ssh), "sshd", 0);
                break;
        default:
                debug("%s: unhandled event %d", __func__, event);
+                break;
        }
 }
 #endif /* USE_LINUX_AUDIT */

diff --git a/audit-linux.c b/audit-linux.c index b3ee2f4da..d3524f7e1 100644 --- a/audit-linux.c +++ b/audit-linux.c
@@ -36,17 +36,17 @@
36	#include "log.h"	36	#include "log.h"
37	#include "audit.h"	37	#include "audit.h"
38	#include "canohost.h"	38	#include "canohost.h"
		39	#include "packet.h"
39		40
40	const char* audit_username(void);	41	const char *audit_username(void);
41		42
42	int	43	int
43	linux_audit_record_event(int uid, const char *username,	44	linux_audit_record_event(int uid, const char username, const char hostname,
44	const char hostname, const char ip, const char *ttyn, int success)	45	const char ip, const char ttyn, int success)
45	{	46	{
46	int audit_fd, rc, saved_errno;	47	int audit_fd, rc, saved_errno;
47		48
48	audit_fd = audit_open();	49	if ((audit_fd = audit_open()) < 0) {
49	if (audit_fd < 0) {
50	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\|	50	if (errno == EINVAL \|\| errno == EPROTONOSUPPORT \|\|
51	errno == EAFNOSUPPORT)	51	errno == EAFNOSUPPORT)
52	return 1; /* No audit support in kernel */	52	return 1; /* No audit support in kernel */
@@ -58,6 +58,7 @@ linux_audit_record_event(int uid, const char *username,
58	username == NULL ? uid : -1, hostname, ip, ttyn, success);	58	username == NULL ? uid : -1, hostname, ip, ttyn, success);
59	saved_errno = errno;	59	saved_errno = errno;
60	close(audit_fd);	60	close(audit_fd);
		61
61	/*	62	/*
62	* Do not report error if the error is EPERM and sshd is run as non	63	* Do not report error if the error is EPERM and sshd is run as non
63	* root user.	64	* root user.
@@ -65,7 +66,8 @@ linux_audit_record_event(int uid, const char *username,
65	if ((rc == -EPERM) && (geteuid() != 0))	66	if ((rc == -EPERM) && (geteuid() != 0))
66	rc = 0;	67	rc = 0;
67	errno = saved_errno;	68	errno = saved_errno;
68	return (rc >= 0);	69
		70	return rc >= 0;
69	}	71	}
70		72
71	/* Below is the sshd audit API code */	73	/* Below is the sshd audit API code */
@@ -73,8 +75,8 @@ linux_audit_record_event(int uid, const char *username,
73	void	75	void
74	audit_connection_from(const char *host, int port)	76	audit_connection_from(const char *host, int port)
75	{	77	{
76	}
77	/* not implemented */	78	/* not implemented */
		79	}
78		80
79	void	81	void
80	audit_run_command(const char *command)	82	audit_run_command(const char *command)
@@ -85,8 +87,8 @@ audit_run_command(const char *command)
85	void	87	void
86	audit_session_open(struct logininfo *li)	88	audit_session_open(struct logininfo *li)
87	{	89	{
88	if (linux_audit_record_event(li->uid, NULL, li->hostname,	90	if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL,
89	NULL, li->line, 1) == 0)	91	li->line, 1) == 0)
90	fatal("linux_audit_write_entry failed: %s", strerror(errno));	92	fatal("linux_audit_write_entry failed: %s", strerror(errno));
91	}	93	}
92		94
@@ -99,6 +101,8 @@ audit_session_close(struct logininfo *li)
99	void	101	void
100	audit_event(ssh_audit_event_t event)	102	audit_event(ssh_audit_event_t event)
101	{	103	{
		104	struct ssh ssh = active_state; / XXX */
		105
102	switch(event) {	106	switch(event) {
103	case SSH_AUTH_SUCCESS:	107	case SSH_AUTH_SUCCESS:
104	case SSH_CONNECTION_CLOSE:	108	case SSH_CONNECTION_CLOSE:
@@ -106,7 +110,6 @@ audit_event(ssh_audit_event_t event)
106	case SSH_LOGIN_EXCEED_MAXTRIES:	110	case SSH_LOGIN_EXCEED_MAXTRIES:
107	case SSH_LOGIN_ROOT_DENIED:	111	case SSH_LOGIN_ROOT_DENIED:
108	break;	112	break;
109
110	case SSH_AUTH_FAIL_NONE:	113	case SSH_AUTH_FAIL_NONE:
111	case SSH_AUTH_FAIL_PASSWD:	114	case SSH_AUTH_FAIL_PASSWD:
112	case SSH_AUTH_FAIL_KBDINT:	115	case SSH_AUTH_FAIL_KBDINT:
@@ -115,12 +118,11 @@ audit_event(ssh_audit_event_t event)
115	case SSH_AUTH_FAIL_GSSAPI:	118	case SSH_AUTH_FAIL_GSSAPI:
116	case SSH_INVALID_USER:	119	case SSH_INVALID_USER:
117	linux_audit_record_event(-1, audit_username(), NULL,	120	linux_audit_record_event(-1, audit_username(), NULL,
118	get_remote_ipaddr(), "sshd", 0);	121	ssh_remote_ipaddr(ssh), "sshd", 0);
119	break;	122	break;
120
121	default:	123	default:
122	debug("%s: unhandled event %d", __func__, event);	124	debug("%s: unhandled event %d", __func__, event);
		125	break;
123	}	126	}
124	}	127	}
125
126	#endif /* USE_LINUX_AUDIT */	128	#endif /* USE_LINUX_AUDIT */