From 34ee4204c6051f5f48113903750738e8e055a778 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 5 Nov 2010 10:52:37 +1100 Subject: - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of int. Should fix bz#1817 cleanly; ok dtucker@ --- loginrec.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'loginrec.c') diff --git a/loginrec.c b/loginrec.c index 6f655cb16..95f14c46f 100644 --- a/loginrec.c +++ b/loginrec.c @@ -273,7 +273,7 @@ login_logout(struct logininfo *li) * try to retrieve lastlog information from wtmp/wtmpx. */ unsigned int -login_get_lastlog_time(const int uid) +login_get_lastlog_time(const uid_t uid) { struct logininfo li; @@ -297,7 +297,7 @@ login_get_lastlog_time(const int uid) * 0 on failure (will use OpenSSH's logging facilities for diagnostics) */ struct logininfo * -login_get_lastlog(struct logininfo *li, const int uid) +login_get_lastlog(struct logininfo *li, const uid_t uid) { struct passwd *pw; @@ -311,7 +311,8 @@ login_get_lastlog(struct logininfo *li, const int uid) */ pw = getpwuid(uid); if (pw == NULL) - fatal("%s: Cannot find account for uid %i", __func__, uid); + fatal("%s: Cannot find account for uid %ld", __func__, + (long)uid); /* No MIN_SIZEOF here - we absolutely *must not* truncate the * username (XXX - so check for trunc!) */ @@ -335,7 +336,7 @@ login_get_lastlog(struct logininfo *li, const int uid) * allocation fails, the program halts. */ struct -logininfo *login_alloc_entry(int pid, const char *username, +logininfo *login_alloc_entry(pid_t pid, const char *username, const char *hostname, const char *line) { struct logininfo *newli; @@ -363,7 +364,7 @@ login_free_entry(struct logininfo *li) * Returns: 1 */ int -login_init_entry(struct logininfo *li, int pid, const char *username, +login_init_entry(struct logininfo *li, pid_t pid, const char *username, const char *hostname, const char *line) { struct passwd *pw; @@ -1496,7 +1497,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) if (S_ISREG(st.st_mode)) { /* find this uid's offset in the lastlog file */ - offset = (off_t) ((long)li->uid * sizeof(struct lastlog)); + offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog)); if (lseek(*fd, offset, SEEK_SET) != offset) { logit("%s: %s->lseek(): %s", __func__, -- cgit v1.2.3 From 88e341e1ca9502403242a275941b11e509f669fb Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 24 Nov 2010 10:36:15 +1100 Subject: - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow group read/write. ok dtucker@ --- ChangeLog | 2 ++ loginrec.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'loginrec.c') diff --git a/ChangeLog b/ChangeLog index 62c9c6666..91e2c892a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20101124 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and into the platform-specific code Only affects SCO, tested by and ok tim@. + - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow + group read/write. ok dtucker@ 20101122 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch diff --git a/loginrec.c b/loginrec.c index 95f14c46f..cccaa47ae 100644 --- a/loginrec.c +++ b/loginrec.c @@ -1673,7 +1673,7 @@ record_failed_login(const char *username, const char *hostname, strerror(errno)); goto out; } - if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ + if((fst.st_mode & (S_IXGRP | S_IRWXO)) || (fst.st_uid != 0)){ logit("Excess permission or bad ownership on file %s", _PATH_BTMP); goto out; -- cgit v1.2.3 From 4a06f9271fe5341c942232015add391cee366b68 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 2 Jan 2011 21:43:59 +1100 Subject: - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker --- ChangeLog | 3 +++ loginrec.c | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'loginrec.c') diff --git a/ChangeLog b/ChangeLog index 16100a052..5007e8c52 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20110102 + - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker + 20101226 - (dtucker) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/12/08 04:02:47 diff --git a/loginrec.c b/loginrec.c index cccaa47ae..587d55f7d 100644 --- a/loginrec.c +++ b/loginrec.c @@ -873,11 +873,13 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) pos = (off_t)tty * sizeof(struct utmp); if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { logit("%s: lseek: %s", __func__, strerror(errno)); + close(fd); return (0); } if (ret != pos) { logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); + close(fd); return (0); } /* @@ -893,16 +895,20 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut) if ((ret = lseek(fd, pos, SEEK_SET)) == -1) { logit("%s: lseek: %s", __func__, strerror(errno)); + close(fd); return (0); } if (ret != pos) { logit("%s: Couldn't seek to tty %d slot in %s", __func__, tty, UTMP_FILE); + close(fd); return (0); } if (atomicio(vwrite, fd, ut, sizeof(*ut)) != sizeof(*ut)) { logit("%s: error writing %s: %s", __func__, UTMP_FILE, strerror(errno)); + close(fd); + return (0); } close(fd); @@ -1206,7 +1212,7 @@ wtmp_get_entry(struct logininfo *li) close (fd); return (0); } - if ( wtmp_islogin(li, &ut) ) { + if (wtmp_islogin(li, &ut) ) { found = 1; /* * We've already checked for a time in struct @@ -1502,6 +1508,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode) if (lseek(*fd, offset, SEEK_SET) != offset) { logit("%s: %s->lseek(): %s", __func__, lastlog_file, strerror(errno)); + close(*fd); return (0); } } -- cgit v1.2.3 From ea52a829699e981a58a69a77342e7ca3715a5f5b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 17 Jan 2011 21:15:27 +1100 Subject: - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem support, based on patches from Tomas Mraz and jchadima at redhat. --- ChangeLog | 3 ++ LICENCE | 1 + Makefile.in | 5 ++- audit-bsm.c | 6 +-- audit-linux.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ audit.c | 10 ++--- audit.h | 9 +++-- configure.ac | 16 ++++++-- defines.h | 7 +++- loginrec.c | 4 +- 10 files changed, 167 insertions(+), 20 deletions(-) create mode 100644 audit-linux.c (limited to 'loginrec.c') diff --git a/ChangeLog b/ChangeLog index 6230fdc26..f393ca491 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - (tim) [regress/agent-getpeereid.sh] shell portability fix. - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on the tinderbox. + - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h + configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem + support, based on patches from Tomas Mraz and jchadima at redhat. 20110116 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based diff --git a/LICENCE b/LICENCE index 3964b1d77..120d6fd54 100644 --- a/LICENCE +++ b/LICENCE @@ -206,6 +206,7 @@ OpenSSH contains no GPL code. Sun Microsystems The SCO Group Daniel Walsh + Red Hat, Inc * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.in b/Makefile.in index c4011daf7..77a78aa61 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.319 2011/01/16 07:28:10 dtucker Exp $ +# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -82,6 +82,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ roaming_common.o roaming_client.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ + audit.o audit-bsm.o audit-linux.o platform.o \ sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth1.o auth2.o auth-options.o session.o \ auth-chall.o auth2-chall.o groupaccess.o \ @@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ + sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out diff --git a/audit-bsm.c b/audit-bsm.c index 2c417bc27..f196d4f1e 100644 --- a/audit-bsm.c +++ b/audit-bsm.c @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ /* * TODO @@ -305,13 +305,13 @@ audit_run_command(const char *command) } void -audit_session_open(const char *ttyn) +audit_session_open(struct logininfo *li) { /* not implemented */ } void -audit_session_close(const char *ttyn) +audit_session_close(struct logininfo *li) { /* not implemented */ } diff --git a/audit-linux.c b/audit-linux.c new file mode 100644 index 000000000..b3ee2f4da --- /dev/null +++ b/audit-linux.c @@ -0,0 +1,126 @@ +/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */ + +/* + * Copyright 2010 Red Hat, Inc. All rights reserved. + * Use is subject to license terms. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Red Hat author: Jan F. Chadima + */ + +#include "includes.h" +#if defined(USE_LINUX_AUDIT) +#include +#include +#include + +#include "log.h" +#include "audit.h" +#include "canohost.h" + +const char* audit_username(void); + +int +linux_audit_record_event(int uid, const char *username, + const char *hostname, const char *ip, const char *ttyn, int success) +{ + int audit_fd, rc, saved_errno; + + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT) + return 1; /* No audit support in kernel */ + else + return 0; /* Must prevent login */ + } + rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, + NULL, "login", username ? username : "(unknown)", + username == NULL ? uid : -1, hostname, ip, ttyn, success); + saved_errno = errno; + close(audit_fd); + /* + * Do not report error if the error is EPERM and sshd is run as non + * root user. + */ + if ((rc == -EPERM) && (geteuid() != 0)) + rc = 0; + errno = saved_errno; + return (rc >= 0); +} + +/* Below is the sshd audit API code */ + +void +audit_connection_from(const char *host, int port) +{ +} + /* not implemented */ + +void +audit_run_command(const char *command) +{ + /* not implemented */ +} + +void +audit_session_open(struct logininfo *li) +{ + if (linux_audit_record_event(li->uid, NULL, li->hostname, + NULL, li->line, 1) == 0) + fatal("linux_audit_write_entry failed: %s", strerror(errno)); +} + +void +audit_session_close(struct logininfo *li) +{ + /* not implemented */ +} + +void +audit_event(ssh_audit_event_t event) +{ + switch(event) { + case SSH_AUTH_SUCCESS: + case SSH_CONNECTION_CLOSE: + case SSH_NOLOGIN: + case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: + break; + + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: + case SSH_INVALID_USER: + linux_audit_record_event(-1, audit_username(), NULL, + get_remote_ipaddr(), "sshd", 0); + break; + + default: + debug("%s: unhandled event %d", __func__, event); + } +} + +#endif /* USE_LINUX_AUDIT */ diff --git a/audit.c b/audit.c index dbea34cb2..ced57fa64 100644 --- a/audit.c +++ b/audit.c @@ -1,4 +1,4 @@ -/* $Id: audit.c,v 1.5 2006/09/01 05:38:36 djm Exp $ */ +/* $Id: audit.c,v 1.6 2011/01/17 10:15:30 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -147,9 +147,9 @@ audit_event(ssh_audit_event_t event) * within a single connection. */ void -audit_session_open(const char *ttyn) +audit_session_open(struct logininfo *li) { - const char *t = ttyn ? ttyn : "(no tty)"; + const char *t = li->line ? li->line : "(no tty)"; debug("audit session open euid %d user %s tty name %s", geteuid(), audit_username(), t); @@ -163,9 +163,9 @@ audit_session_open(const char *ttyn) * within a single connection. */ void -audit_session_close(const char *ttyn) +audit_session_close(struct logininfo *li) { - const char *t = ttyn ? ttyn : "(no tty)"; + const char *t = li->line ? li->line : "(no tty)"; debug("audit session close euid %d user %s tty name %s", geteuid(), audit_username(), t); diff --git a/audit.h b/audit.h index 695f72354..92ede5bc4 100644 --- a/audit.h +++ b/audit.h @@ -1,4 +1,4 @@ -/* $Id: audit.h,v 1.3 2006/08/05 14:05:10 dtucker Exp $ */ +/* $Id: audit.h,v 1.4 2011/01/17 10:15:30 dtucker Exp $ */ /* * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. @@ -26,6 +26,9 @@ #ifndef _SSH_AUDIT_H # define _SSH_AUDIT_H + +#include "loginrec.h" + enum ssh_audit_event_type { SSH_LOGIN_EXCEED_MAXTRIES, SSH_LOGIN_ROOT_DENIED, @@ -46,8 +49,8 @@ typedef enum ssh_audit_event_type ssh_audit_event_t; void audit_connection_from(const char *, int); void audit_event(ssh_audit_event_t); -void audit_session_open(const char *); -void audit_session_close(const char *); +void audit_session_open(struct logininfo *); +void audit_session_close(struct logininfo *); void audit_run_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); diff --git a/configure.ac b/configure.ac index 02e8423c0..233d3cfa1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.466 2011/01/17 05:17:09 djm Exp $ +# $Id: configure.ac,v 1.467 2011/01/17 10:15:30 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.466 $) +AC_REVISION($Revision: 1.467 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -1378,7 +1378,7 @@ int main(void) AUDIT_MODULE=none AC_ARG_WITH(audit, - [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], [ AC_MSG_CHECKING(for supported audit module) case "$withval" in @@ -1402,10 +1402,18 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit_addr aug_get_machine) AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) ;; + linux) + AC_MSG_RESULT(linux) + AUDIT_MODULE=linux + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(libaudit.h) + SSHDLIBS="$SSHDLIBS -laudit" + AC_DEFINE(USE_LINUX_AUDIT, 1, [Use Linux audit module]) + ;; debug) AUDIT_MODULE=debug AC_MSG_RESULT(debug) - AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module) + AC_DEFINE(SSH_AUDIT_EVENTS, 1, [Use audit debugging module]) ;; no) AC_MSG_RESULT(no) diff --git a/defines.h b/defines.h index ed438bd88..cd273066d 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.163 2010/11/23 23:50:05 djm Exp $ */ +/* $Id: defines.h,v 1.164 2011/01/17 10:15:31 dtucker Exp $ */ /* Constants */ @@ -607,6 +607,11 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif +#ifdef USE_LINUX_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) # define __func__ __FUNCTION__ #elif !defined(HAVE___func__) diff --git a/loginrec.c b/loginrec.c index 587d55f7d..32941c985 100644 --- a/loginrec.c +++ b/loginrec.c @@ -469,9 +469,9 @@ login_write(struct logininfo *li) #endif #ifdef SSH_AUDIT_EVENTS if (li->type == LTYPE_LOGIN) - audit_session_open(li->line); + audit_session_open(li); else if (li->type == LTYPE_LOGOUT) - audit_session_close(li->line); + audit_session_close(li); #endif return (0); } -- cgit v1.2.3