diff options
Diffstat (limited to 'monitor.c')
-rw-r--r-- | monitor.c | 73 |
1 files changed, 71 insertions, 2 deletions
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.61 2004/07/17 05:31:41 dtucker Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -143,6 +143,11 @@ int mm_answer_gss_userok(int, Buffer *); | |||
143 | int mm_answer_gss_checkmic(int, Buffer *); | 143 | int mm_answer_gss_checkmic(int, Buffer *); |
144 | #endif | 144 | #endif |
145 | 145 | ||
146 | #ifdef SSH_AUDIT_EVENTS | ||
147 | int mm_answer_audit_event(int, Buffer *); | ||
148 | int mm_answer_audit_command(int, Buffer *); | ||
149 | #endif | ||
150 | |||
146 | static Authctxt *authctxt; | 151 | static Authctxt *authctxt; |
147 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 152 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
148 | 153 | ||
@@ -186,6 +191,9 @@ struct mon_table mon_dispatch_proto20[] = { | |||
186 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 191 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
187 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 192 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
188 | #endif | 193 | #endif |
194 | #ifdef SSH_AUDIT_EVENTS | ||
195 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
196 | #endif | ||
189 | #ifdef BSD_AUTH | 197 | #ifdef BSD_AUTH |
190 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, | 198 | {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, |
191 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, | 199 | {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, |
@@ -211,6 +219,10 @@ struct mon_table mon_dispatch_postauth20[] = { | |||
211 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, | 219 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, |
212 | {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, | 220 | {MONITOR_REQ_PTYCLEANUP, 0, mm_answer_pty_cleanup}, |
213 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | 221 | {MONITOR_REQ_TERM, 0, mm_answer_term}, |
222 | #ifdef SSH_AUDIT_EVENTS | ||
223 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
224 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | ||
225 | #endif | ||
214 | {0, 0, NULL} | 226 | {0, 0, NULL} |
215 | }; | 227 | }; |
216 | 228 | ||
@@ -239,6 +251,9 @@ struct mon_table mon_dispatch_proto15[] = { | |||
239 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, | 251 | {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, |
240 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, | 252 | {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, |
241 | #endif | 253 | #endif |
254 | #ifdef SSH_AUDIT_EVENTS | ||
255 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
256 | #endif | ||
242 | {0, 0, NULL} | 257 | {0, 0, NULL} |
243 | }; | 258 | }; |
244 | 259 | ||
@@ -246,6 +261,10 @@ struct mon_table mon_dispatch_postauth15[] = { | |||
246 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, | 261 | {MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty}, |
247 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, | 262 | {MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup}, |
248 | {MONITOR_REQ_TERM, 0, mm_answer_term}, | 263 | {MONITOR_REQ_TERM, 0, mm_answer_term}, |
264 | #ifdef SSH_AUDIT_EVENTS | ||
265 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | ||
266 | {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, | ||
267 | #endif | ||
249 | {0, 0, NULL} | 268 | {0, 0, NULL} |
250 | }; | 269 | }; |
251 | 270 | ||
@@ -609,6 +628,9 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
609 | if (options.use_pam) | 628 | if (options.use_pam) |
610 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); | 629 | monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1); |
611 | #endif | 630 | #endif |
631 | #ifdef SSH_AUDIT_EVENTS | ||
632 | monitor_permit(mon_dispatch, MONITOR_REQ_AUDIT_COMMAND, 1); | ||
633 | #endif | ||
612 | 634 | ||
613 | return (0); | 635 | return (0); |
614 | } | 636 | } |
@@ -810,6 +832,9 @@ mm_answer_pam_account(int sock, Buffer *m) | |||
810 | ret = do_pam_account(); | 832 | ret = do_pam_account(); |
811 | 833 | ||
812 | buffer_put_int(m, ret); | 834 | buffer_put_int(m, ret); |
835 | buffer_append(&loginmsg, "\0", 1); | ||
836 | buffer_put_cstring(m, buffer_ptr(&loginmsg)); | ||
837 | buffer_clear(&loginmsg); | ||
813 | 838 | ||
814 | mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); | 839 | mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); |
815 | 840 | ||
@@ -1297,7 +1322,7 @@ mm_answer_sesskey(int sock, Buffer *m) | |||
1297 | int rsafail; | 1322 | int rsafail; |
1298 | 1323 | ||
1299 | /* Turn off permissions */ | 1324 | /* Turn off permissions */ |
1300 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); | 1325 | monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 0); |
1301 | 1326 | ||
1302 | if ((p = BN_new()) == NULL) | 1327 | if ((p = BN_new()) == NULL) |
1303 | fatal("%s: BN_new", __func__); | 1328 | fatal("%s: BN_new", __func__); |
@@ -1488,6 +1513,50 @@ mm_answer_term(int sock, Buffer *req) | |||
1488 | exit(res); | 1513 | exit(res); |
1489 | } | 1514 | } |
1490 | 1515 | ||
1516 | #ifdef SSH_AUDIT_EVENTS | ||
1517 | /* Report that an audit event occurred */ | ||
1518 | int | ||
1519 | mm_answer_audit_event(int socket, Buffer *m) | ||
1520 | { | ||
1521 | ssh_audit_event_t event; | ||
1522 | |||
1523 | debug3("%s entering", __func__); | ||
1524 | |||
1525 | event = buffer_get_int(m); | ||
1526 | buffer_free(m); | ||
1527 | switch(event) { | ||
1528 | case SSH_AUTH_FAIL_PUBKEY: | ||
1529 | case SSH_AUTH_FAIL_HOSTBASED: | ||
1530 | case SSH_AUTH_FAIL_GSSAPI: | ||
1531 | case SSH_LOGIN_EXCEED_MAXTRIES: | ||
1532 | case SSH_LOGIN_ROOT_DENIED: | ||
1533 | case SSH_CONNECTION_CLOSE: | ||
1534 | case SSH_INVALID_USER: | ||
1535 | audit_event(event); | ||
1536 | break; | ||
1537 | default: | ||
1538 | fatal("Audit event type %d not permitted", event); | ||
1539 | } | ||
1540 | |||
1541 | return (0); | ||
1542 | } | ||
1543 | |||
1544 | int | ||
1545 | mm_answer_audit_command(int socket, Buffer *m) | ||
1546 | { | ||
1547 | u_int len; | ||
1548 | char *cmd; | ||
1549 | |||
1550 | debug3("%s entering", __func__); | ||
1551 | cmd = buffer_get_string(m, &len); | ||
1552 | /* sanity check command, if so how? */ | ||
1553 | audit_run_command(cmd); | ||
1554 | xfree(cmd); | ||
1555 | buffer_free(m); | ||
1556 | return (0); | ||
1557 | } | ||
1558 | #endif /* SSH_AUDIT_EVENTS */ | ||
1559 | |||
1491 | void | 1560 | void |
1492 | monitor_apply_keystate(struct monitor *pmonitor) | 1561 | monitor_apply_keystate(struct monitor *pmonitor) |
1493 | { | 1562 | { |