1 files changed, 56 insertions, 0 deletions
diff --git a/audit.h b/audit.h
new file mode 100644
index 000000000..2c1437391
--- /dev/null
+++ b/audit.h
@@ -0,0 +1,56 @@
+/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */
+/*
+ * Copyright (c) 2004, 2005 Darren Tucker.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "auth.h"
+#ifndef _SSH_AUDIT_H
+# define _SSH_AUDIT_H
+enum ssh_audit_event_type {
+        LOGIN_EXCEED_MAXTRIES,
+        LOGIN_ROOT_DENIED,
+        AUTH_SUCCESS,
+        AUTH_FAIL_NONE,
+        AUTH_FAIL_PASSWD,
+        AUTH_FAIL_KBDINT,       /* keyboard-interactive or challenge-response */
+        AUTH_FAIL_PUBKEY,       /* ssh2 pubkey or ssh1 rsa */
+        AUTH_FAIL_HOSTBASED,    /* ssh2 hostbased or ssh1 rhostsrsa */
+        AUTH_FAIL_GSSAPI,
+        INVALID_USER,
+        NOLOGIN,                /* denied by /etc/nologin, not implemented */
+        CONNECTION_CLOSE,       /* closed after attempting auth or session */
+        CONNECTION_ABANDON,     /* closed without completing auth */
+        AUDIT_UNKNOWN
+};
+typedef enum ssh_audit_event_type ssh_audit_event_t;
+void    audit_connection_from(const char *, int);
+void    audit_event(ssh_audit_event_t);
+void    audit_session_open(const char *);
+void    audit_session_close(const char *);
+void    audit_run_command(const char *);
+ssh_audit_event_t audit_classify_auth(const char *);
+#endif /* _SSH_AUDIT_H */

diff --git a/audit.h b/audit.h new file mode 100644 index 000000000..2c1437391 --- /dev/null +++ b/audit.h
@@ -0,0 +1,56 @@
	1	/* $Id: audit.h,v 1.1 2005/02/02 13:37:14 dtucker Exp $ */
	2
	3	/*
	4	* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*/
	26
	27	#include "auth.h"
	28
	29	#ifndef _SSH_AUDIT_H
	30	# define _SSH_AUDIT_H
	31	enum ssh_audit_event_type {
	32	LOGIN_EXCEED_MAXTRIES,
	33	LOGIN_ROOT_DENIED,
	34	AUTH_SUCCESS,
	35	AUTH_FAIL_NONE,
	36	AUTH_FAIL_PASSWD,
	37	AUTH_FAIL_KBDINT, /* keyboard-interactive or challenge-response */
	38	AUTH_FAIL_PUBKEY, /* ssh2 pubkey or ssh1 rsa */
	39	AUTH_FAIL_HOSTBASED, /* ssh2 hostbased or ssh1 rhostsrsa */
	40	AUTH_FAIL_GSSAPI,
	41	INVALID_USER,
	42	NOLOGIN, /* denied by /etc/nologin, not implemented */
	43	CONNECTION_CLOSE, /* closed after attempting auth or session */
	44	CONNECTION_ABANDON, /* closed without completing auth */
	45	AUDIT_UNKNOWN
	46	};
	47	typedef enum ssh_audit_event_type ssh_audit_event_t;
	48
	49	void audit_connection_from(const char *, int);
	50	void audit_event(ssh_audit_event_t);
	51	void audit_session_open(const char *);
	52	void audit_session_close(const char *);
	53	void audit_run_command(const char *);
	54	ssh_audit_event_t audit_classify_auth(const char *);
	55
	56	#endif /* _SSH_AUDIT_H */