From f9ff105e581a1f7f73033a05f30b64fd7af703e0 Mon Sep 17 00:00:00 2001 From: Jan F Date: Feb 24 2011 13:17:34 +0000 Subject: another audit improovements --- diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index 055ee19..ea7def7 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c --- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:49:49.000000000 +0100 @@ -305,6 +305,12 @@ audit_run_command(const char *command) } @@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c /* not implemented */ diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c --- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-24 13:49:49.000000000 +0100 @@ -182,5 +182,18 @@ audit_run_command(const char *command) debug("audit run command euid %d user %s command '%.200s'", geteuid(), audit_username(), command); @@ -38,7 +38,7 @@ diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h --- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-24 13:49:49.000000000 +0100 @@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); @@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:46:43.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 13:49:49.000000000 +0100 @@ -35,13 +35,20 @@ #include "log.h" @@ -259,7 +259,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c default: diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c --- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-24 13:49:49.000000000 +0100 @@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer * #ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, Buffer *); @@ -307,7 +307,7 @@ diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c void diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-24 13:49:49.000000000 +0100 @@ -60,6 +60,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, @@ -318,7 +318,7 @@ diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:49:49.000000000 +0100 @@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); buffer_free(&m); @@ -342,7 +342,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c #ifdef GSSAPI diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:49:49.000000000 +0100 @@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -353,7 +353,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-24 13:49:49.000000000 +0100 @@ -809,14 +809,16 @@ do_exec(Session *s, const char *command) } @@ -362,14 +362,14 @@ diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c + if (command != NULL) { PRIVSEP(audit_run_command(command)); - else if (s->ttyfd == -1) { -+ command = xstrdup(command); ++ s->command = xstrdup(command); + } else if (s->ttyfd == -1) { char *shell = s->pw->pw_shell; if (shell[0] == '\0') /* empty shell means /bin/sh */ shell =_PATH_BSHELL; PRIVSEP(audit_run_command(shell)); -+ command = xstrdup(shell); ++ s->command = xstrdup(shell); } #endif if (s->ttyfd != -1) @@ -388,7 +388,7 @@ diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c if (s->display) diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h --- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200 -+++ openssh-5.8p1/session.h 2011-02-23 09:45:05.000000000 +0100 ++++ openssh-5.8p1/session.h 2011-02-24 13:49:49.000000000 +0100 @@ -60,6 +60,11 @@ struct Session { char *name; char *val; @@ -401,3 +401,16 @@ diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h }; void do_authenticated(Authctxt *); +diff -up openssh-5.8p1/sshd.c.audit1 openssh-5.8p1/sshd.c +--- openssh-5.8p1/sshd.c.audit1 2011-02-24 13:50:29.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-24 13:50:47.000000000 +0100 +@@ -2342,7 +2342,8 @@ cleanup_exit(int i) + do_cleanup(the_authctxt); + #ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ +- if (!use_privsep || mm_is_monitor()) ++ if ((the_authctxt == NULL || !the_authctxt->authenticated) && ++ (!use_privsep || mm_is_monitor())) + audit_event(SSH_CONNECTION_ABANDON); + #endif + _exit(i); diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index e69de29..0774dba 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -0,0 +1,39 @@ +diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c +--- openssh-5.8p1/audit-linux.c.audit1a 2011-02-24 13:16:51.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 13:17:17.000000000 +0100 +@@ -143,7 +143,7 @@ audit_connection_from(const char *host, + void + audit_run_command(const char *command) + { +- if (!user_login_count++) ++ if (!user_login_count++ && !options.use_pam) + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_LOGIN); + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), +@@ -155,7 +155,7 @@ audit_end_command(const char *command) + { + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_END); +- if (!--user_login_count) ++ if (!--user_login_count && !options.use_pam) + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_LOGOUT); + } +@@ -163,7 +163,7 @@ audit_end_command(const char *command) + void + audit_session_open(struct logininfo *li) + { +- if (!user_login_count++) ++ if (!user_login_count++ && !options.use_pam) + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_LOGIN); + linux_audit_user_logxxx(li->uid, NULL, li->hostname, +@@ -175,7 +175,7 @@ audit_session_close(struct logininfo *li + { + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_END); +- if (!--user_login_count) ++ if (!--user_login_count && !options.use_pam) + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_LOGOUT); + } diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch index ed3c74b..437034f 100644 --- a/openssh-5.8p1-audit2.patch +++ b/openssh-5.8p1-audit2.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit2 2011-02-23 07:46:37.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:38:06.000000000 +0100 @@ -322,6 +322,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c audit_event(ssh_audit_event_t event) { diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit2 2011-02-23 07:46:37.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-23 07:47:32.000000000 +0100 +--- openssh-5.8p1/audit.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-24 09:46:00.000000000 +0100 @@ -36,6 +36,7 @@ #include "key.h" #include "hostfile.h" @@ -35,7 +35,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c + char *fp; + const char *crypto_name; + -+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); ++ fp = key_selected_fingerprint(key, SSH_FP_HEX); + if (key->type == KEY_RSA1) + crypto_name = "ssh-rsa1"; + else @@ -48,7 +48,7 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -195,5 +212,16 @@ audit_end_command(const char *command) +@@ -195,5 +212,17 @@ audit_end_command(const char *command) audit_username(), command); } @@ -60,14 +60,15 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c +int +audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) +{ -+ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", -+ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); ++ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d", ++ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, ++ key_fingerprint_prefix(), fp, rv); +} # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit2 2011-02-23 07:46:37.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-23 07:48:16.000000000 +0100 +--- openssh-5.8p1/audit.h.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-24 09:38:06.000000000 +0100 @@ -28,6 +28,7 @@ # define _SSH_AUDIT_H @@ -85,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit2 2011-02-23 07:46:37.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 09:47:31.000000000 +0100 @@ -41,6 +41,8 @@ #include "servconf.h" #include "canohost.h" @@ -119,8 +120,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); + if ((rc < 0) && ((rc != -1) || (getuid() == 0))) + goto out; -+ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", -+ type, bits, fp, get_remote_port()); ++ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s%s rport=%d", ++ type, bits, key_fingerprint_prefix(), fp, get_remote_port()); + rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, + buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); +out: @@ -135,8 +136,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c /* Below is the sshd audit API code */ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c ---- openssh-5.8p1/auth2-hostbased.c.audit2 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/auth2-hostbased.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-24 09:38:06.000000000 +0100 @@ -136,6 +136,18 @@ done: return authenticated; } @@ -157,8 +158,8 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.audit2 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/auth2-pubkey.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-24 09:38:06.000000000 +0100 @@ -177,6 +177,18 @@ done: return authenticated; } @@ -180,7 +181,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c { diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h --- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200 -+++ openssh-5.8p1/auth.h 2011-02-23 07:46:37.000000000 +0100 ++++ openssh-5.8p1/auth.h 2011-02-24 09:38:06.000000000 +0100 @@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); @@ -198,8 +199,8 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h /* debug messages during authentication */ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.audit2 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/auth-rsa.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-24 09:48:39.000000000 +0100 @@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU { u_char buf[32], mdbuf[16]; @@ -222,7 +223,7 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c + rv = timingsafe_bcmp(response, mdbuf, 16) == 0; + +#ifdef SSH_AUDIT_EVENTS -+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); ++ fp = key_selected_fingerprint(key, SSH_FP_HEX); + if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { + debug("unsuccessful audit"); + rv = 0; @@ -237,8 +238,8 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c /* diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit2 2011-02-23 07:46:37.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-23 07:46:37.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit2 2011-02-24 09:38:06.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-24 09:38:06.000000000 +0100 @@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m) if (!valid_data) fatal("%s: bad signature data blob", __func__); diff --git a/openssh-5.8p1-audit3.patch b/openssh-5.8p1-audit3.patch index a55a01e..1e6b6d6 100644 --- a/openssh-5.8p1-audit3.patch +++ b/openssh-5.8p1-audit3.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-24 09:54:32.000000000 +0100 @@ -389,4 +389,16 @@ audit_event(ssh_audit_event_t event) debug("%s: unhandled event %d", __func__, event); } @@ -19,8 +19,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit3 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-23 10:07:53.000000000 +0100 +--- openssh-5.8p1/audit.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-24 09:56:03.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -57,9 +57,9 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -223,5 +238,26 @@ audit_keyusage(int host_user, const char - debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s, result %d", - host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, fp, rv); +@@ -224,5 +239,26 @@ audit_keyusage(int host_user, const char + host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, + key_fingerprint_prefix(), fp, rv); } + +/* @@ -68,7 +68,7 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c +void +audit_unsupported_body(int what) +{ -+ debug("audit unsupported protocol ieuid %d type %d", geteuid(), what); ++ debug("audit unsupported protocol euid %d type %d", geteuid(), what); +} + +/* @@ -85,8 +85,8 @@ diff -up openssh-5.8p1/audit.c.audit3 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/audit.h.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-24 09:54:32.000000000 +0100 @@ -57,5 +57,9 @@ void audit_end_command(const char *); ssh_audit_event_t audit_classify_auth(const char *); int audit_keyusage(int, const char *, unsigned, char *, int); @@ -98,8 +98,8 @@ diff -up openssh-5.8p1/audit.h.audit3 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 09:54:32.000000000 +0100 @@ -40,6 +40,8 @@ #include "auth.h" #include "servconf.h" @@ -167,8 +167,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit3 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-24 09:54:32.000000000 +0100 @@ -0,0 +1,39 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -211,7 +211,7 @@ diff -up openssh-5.8p1/auditstub.c.audit3 openssh-5.8p1/auditstub.c + diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c --- openssh-5.8p1/cipher.c.audit3 2011-02-09 15:24:23.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-24 09:54:32.000000000 +0100 @@ -59,15 +59,7 @@ extern void ssh1_3des_iv(EVP_CIPHER_CTX extern const EVP_CIPHER *evp_aes_128_ctr(void); extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int); @@ -231,7 +231,7 @@ diff -up openssh-5.8p1/cipher.c.audit3 openssh-5.8p1/cipher.c { "3des", SSH_CIPHER_3DES, 8, 16, 0, 1, evp_ssh1_3des }, diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h --- openssh-5.8p1/cipher.h.audit3 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-24 09:54:32.000000000 +0100 @@ -61,7 +61,16 @@ typedef struct Cipher Cipher; typedef struct CipherContext CipherContext; @@ -252,7 +252,7 @@ diff -up openssh-5.8p1/cipher.h.audit3 openssh-5.8p1/cipher.h EVP_CIPHER_CTX evp; diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c --- openssh-5.8p1/kex.c.audit3 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.c 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-24 09:54:32.000000000 +0100 @@ -49,6 +49,7 @@ #include "dispatch.h" #include "monitor.h" @@ -317,7 +317,7 @@ diff -up openssh-5.8p1/kex.c.audit3 openssh-5.8p1/kex.c choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in --- openssh-5.8p1/Makefile.in.audit3 2011-02-04 01:42:13.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-24 09:54:32.000000000 +0100 @@ -76,7 +76,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ @@ -328,8 +328,8 @@ diff -up openssh-5.8p1/Makefile.in.audit3 openssh-5.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o mux.o \ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-24 09:54:32.000000000 +0100 @@ -89,6 +89,7 @@ #include "ssh2.h" #include "jpake.h" @@ -429,8 +429,8 @@ diff -up openssh-5.8p1/monitor.c.audit3 openssh-5.8p1/monitor.c + +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-24 09:54:32.000000000 +0100 @@ -67,6 +67,8 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_STEP2, MONITOR_ANS_JPAKE_STEP2, MONITOR_REQ_JPAKE_KEY_CONFIRM, MONITOR_ANS_JPAKE_KEY_CONFIRM, @@ -441,8 +441,8 @@ diff -up openssh-5.8p1/monitor.h.audit3 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-24 09:54:32.000000000 +0100 @@ -1426,3 +1426,41 @@ mm_jpake_check_confirm(const BIGNUM *k, return success; } @@ -486,8 +486,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit3 openssh-5.8p1/monitor_wrap.c +} +#endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-23 10:05:33.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 10:05:33.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit3 2011-02-24 09:54:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-24 09:54:32.000000000 +0100 @@ -75,6 +75,8 @@ void mm_sshpam_free_ctx(void *); void mm_audit_event(ssh_audit_event_t); void mm_audit_run_command(const char *); @@ -499,7 +499,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit3 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/sshd.c.audit3 openssh-5.8p1/sshd.c --- openssh-5.8p1/sshd.c.audit3 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-23 10:05:33.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-24 09:54:32.000000000 +0100 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index 8f25907..94f129e 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:54:02.000000000 +0100 @@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-24 13:54:02.000000000 +0100 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -28,7 +28,7 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # ifndef CUSTOM_SSH_AUDIT_EVENTS /* * Null implementations of audit functions. -@@ -259,5 +265,15 @@ audit_kex_body(int ctos, char *enc, char +@@ -260,5 +266,15 @@ audit_kex_body(int ctos, char *enc, char (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid, (unsigned)uid); } @@ -45,8 +45,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/audit.h.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-24 13:54:02.000000000 +0100 @@ -61,5 +61,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); @@ -56,9 +56,9 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:23:30.000000000 +0100 -@@ -281,6 +281,8 @@ audit_unsupported_body(int what) +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 13:54:02.000000000 +0100 +@@ -285,6 +285,8 @@ audit_unsupported_body(int what) #endif } @@ -67,7 +67,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c void audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid) -@@ -288,7 +290,6 @@ audit_kex_body(int ctos, char *enc, char +@@ -292,7 +294,6 @@ audit_kex_body(int ctos, char *enc, char #ifdef AUDIT_CRYPTO_SESSION char buf[AUDIT_LOG_SIZE]; int audit_fd, audit_ok; @@ -75,7 +75,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c Cipher *cipher = cipher_by_name(enc); snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d", -@@ -312,4 +313,30 @@ audit_kex_body(int ctos, char *enc, char +@@ -316,4 +317,30 @@ audit_kex_body(int ctos, char *enc, char #endif } @@ -107,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-24 13:54:02.000000000 +0100 @@ -27,6 +27,8 @@ * Red Hat author: Jan F. Chadima */ @@ -132,8 +132,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-24 13:54:02.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -171,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-24 13:54:02.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -183,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-24 13:54:02.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -207,15 +207,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-24 13:54:02.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-24 13:54:02.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -311,8 +311,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-24 13:54:02.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -322,8 +322,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:54:02.000000000 +0100 @@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor fatal("%s: conversion of newkeys failed", __func__); @@ -360,8 +360,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:54:02.000000000 +0100 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); @@ -372,7 +372,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-24 13:54:02.000000000 +0100 @@ -60,6 +60,7 @@ #include @@ -434,7 +434,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c } active_state->newkeys[mode] = kex_get_newkeys(mode); if (active_state->newkeys[mode] == NULL) -@@ -1912,6 +1922,55 @@ packet_get_newkeys(int mode) +@@ -1912,6 +1922,54 @@ packet_get_newkeys(int mode) return (void *)active_state->newkeys[mode]; } @@ -469,12 +469,11 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c +} + +void -+packet_destroy_all(int privsep) ++packet_destroy_all(int audit_it, int privsep) +{ -+ int audit_it; -+ -+ audit_it = packet_state_has_keys (active_state) || -+ packet_state_has_keys (backup_state); ++ if (audit_it) ++ audit_it = packet_state_has_keys (active_state) || ++ packet_state_has_keys (backup_state); + packet_destroy_state(active_state); + packet_destroy_state(backup_state); + if (audit_it) { @@ -490,7 +489,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c /* * Save the state for the real connection, and use a separate state when * resuming a suspended connection. -@@ -1919,18 +1978,12 @@ packet_get_newkeys(int mode) +@@ -1919,18 +1977,12 @@ packet_get_newkeys(int mode) void packet_backup_state(void) { @@ -510,7 +509,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c } /* -@@ -1947,9 +2000,7 @@ packet_restore_state(void) +@@ -1947,9 +1999,7 @@ packet_restore_state(void) backup_state = active_state; active_state = tmp; active_state->connection_in = backup_state->connection_in; @@ -520,7 +519,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c len = buffer_len(&backup_state->input); if (len > 0) { buf = buffer_ptr(&backup_state->input); -@@ -1957,4 +2008,10 @@ packet_restore_state(void) +@@ -1957,4 +2007,10 @@ packet_restore_state(void) buffer_clear(&backup_state->input); add_recv_bytes(len); } @@ -533,16 +532,29 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-23 09:23:30.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-24 13:54:02.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); -+void packet_destroy_all(int); ++void packet_destroy_all(int, int); #endif /* PACKET_H */ +diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c +--- openssh-5.8p1/session.c.audit4 2011-02-24 13:54:01.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-24 13:54:02.000000000 +0100 +@@ -1617,6 +1617,9 @@ do_child(Session *s, const char *command + + /* remove hostkey from the child's memory */ + destroy_sensitive_data(); ++ /* Don't audit this - both us and the parent would be talking to the ++ monitor over a single socket, with no synchronization. */ ++ packet_destroy_all(0, 1); + + /* Force a password change */ + if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-23 09:23:30.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-23 09:23:30.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-24 13:55:09.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } @@ -558,7 +570,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c buffer_clear(&loginmsg); + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); -+ packet_destroy_all(0); ++ packet_destroy_all(1, 0); monitor_child_postauth(pmonitor); /* NEVERREACHED */ @@ -566,7 +578,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c */ if (use_privsep) { mm_send_keystate(pmonitor); -+ packet_destroy_all(1); ++ packet_destroy_all(1, 1); exit(0); } @@ -574,8 +586,16 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c do_authenticated(authctxt); /* The connection has been terminated. */ -+ packet_destroy_all(0); ++ packet_destroy_all(1, 0); + packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); verbose("Transferred: sent %llu, received %llu bytes", +@@ -2345,6 +2353,7 @@ cleanup_exit(int i) + { + if (the_authctxt) + do_cleanup(the_authctxt); ++ packet_destroy_all(1, is_privsep_child); + #ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ + if ((the_authctxt == NULL || !the_authctxt->authenticated) && diff --git a/openssh-5.8p1-audit4a.patch b/openssh-5.8p1-audit4a.patch index e69de29..a4a3d66 100644 --- a/openssh-5.8p1-audit4a.patch +++ b/openssh-5.8p1-audit4a.patch @@ -0,0 +1,13 @@ +diff -ur openssh/sshd.c openssh-5.8p1/sshd.c +--- openssh/sshd.c 2011-02-23 16:23:05.720096223 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-23 17:04:24.206612620 +0100 +@@ -748,7 +748,8 @@ + buffer_clear(&loginmsg); + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); +- packet_destroy_all(1, 0); ++ audit_session_key_free_body(2, getpid(), getuid()); ++ packet_destroy_all(0, 0); + monitor_child_postauth(pmonitor); + + /* NEVERREACHED */ diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index 65e014e..9923f0b 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:39:32.000000000 +0100 @@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ @@ -25,9 +25,9 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-23 09:33:38.000000000 +0100 -@@ -275,5 +275,24 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-24 13:39:32.000000000 +0100 +@@ -276,5 +276,24 @@ audit_session_key_free_body(int ctos, pi debug("audit session key discard euid %u direction %d from pid %ld uid %u", (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); } @@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-24 13:39:32.000000000 +0100 @@ -48,6 +48,8 @@ enum ssh_audit_event_type { }; typedef enum ssh_audit_event_type ssh_audit_event_t; @@ -73,9 +73,9 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-23 09:33:38.000000000 +0100 -@@ -339,4 +339,50 @@ audit_session_key_free_body(int ctos, pi +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-24 13:39:32.000000000 +0100 +@@ -343,4 +343,50 @@ audit_session_key_free_body(int ctos, pi error("cannot write into audit"); } @@ -127,9 +127,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c +} #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.audit5 2011-02-04 01:48:34.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-23 09:33:38.000000000 +0100 -@@ -1769,6 +1769,30 @@ key_demote(const Key *k) +--- openssh-5.8p1/key.c.audit5 2011-02-24 13:39:31.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-24 13:39:32.000000000 +0100 +@@ -1795,6 +1795,30 @@ key_demote(const Key *k) } int @@ -161,9 +161,9 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c { if (k == NULL) diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h ---- openssh-5.8p1/key.h.audit5 2010-11-05 00:19:49.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-23 09:33:38.000000000 +0100 -@@ -106,6 +106,7 @@ Key *key_generate(int, u_int); +--- openssh-5.8p1/key.h.audit5 2011-02-24 13:39:31.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-24 13:39:32.000000000 +0100 +@@ -109,6 +109,7 @@ Key *key_generate(int, u_int); Key *key_from_private(const Key *); int key_type_from_name(char *); int key_is_cert(const Key *); @@ -172,8 +172,8 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h int key_to_certified(Key *, int); int key_drop_cert(Key *); diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-24 13:39:32.000000000 +0100 @@ -182,6 +182,7 @@ int mm_answer_audit_end_command(int, Buf int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); @@ -240,8 +240,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-24 13:39:32.000000000 +0100 @@ -70,6 +70,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -251,8 +251,8 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:39:32.000000000 +0100 @@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); @@ -275,8 +275,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:39:32.000000000 +0100 @@ -78,6 +78,7 @@ void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); @@ -286,8 +286,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/session.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-24 13:43:35.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -303,12 +303,12 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c /* remove hostkey from the child's memory */ - destroy_sensitive_data(); + destroy_sensitive_data(1); - - /* Force a password change */ - if (s->authctxt->force_pwchange) { + /* Don't audit this - both us and the parent would be talking to the + monitor over a single socket, with no synchronization. */ + packet_destroy_all(0, 1); diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-23 09:33:38.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-23 09:33:38.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-02-24 13:39:32.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-24 13:43:08.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; @@ -448,7 +448,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c if (use_privsep) mm_ssh1_session_id(session_id); -@@ -2351,8 +2402,23 @@ do_ssh2_kex(void) +@@ -2351,8 +2402,22 @@ do_ssh2_kex(void) void cleanup_exit(int i) { @@ -468,7 +468,6 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c + is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor(); + if (sensitive_data.host_keys != NULL) + destroy_sensitive_data(is_privsep_child); -+ packet_destroy_all(is_privsep_child); + packet_destroy_all(1, is_privsep_child); #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ - if (!use_privsep || mm_is_monitor()) diff --git a/openssh-5.8p1-audit5a.patch b/openssh-5.8p1-audit5a.patch index e69de29..e70cf9e 100644 --- a/openssh-5.8p1-audit5a.patch +++ b/openssh-5.8p1-audit5a.patch @@ -0,0 +1,21 @@ +diff -ur openssh/monitor.c openssh-5.8p1/monitor.c +--- openssh/monitor.c 2011-02-23 14:22:42.007937852 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-23 19:26:01.491710679 +0100 +@@ -106,6 +106,8 @@ + extern int auth_debug_init; + extern Buffer loginmsg; + ++extern void destroy_sensitive_data(int); ++ + /* State exported from the child */ + + struct { +@@ -1651,6 +1653,8 @@ + sshpam_cleanup(); + #endif + ++ destroy_sensitive_data(0); ++ + while (waitpid(pmonitor->m_pid, &status, 0) == -1) + if (errno != EINTR) + exit(1); diff --git a/openssh-5.8p1-fips.patch b/openssh-5.8p1-fips.patch index 418f882..6fe3deb 100644 --- a/openssh-5.8p1-fips.patch +++ b/openssh-5.8p1-fips.patch @@ -1,38 +1,6 @@ -diff -up openssh-5.8p1/audit.c.fips openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.fips 2011-02-21 17:05:13.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-21 17:06:18.000000000 +0100 -@@ -121,7 +121,7 @@ audit_key(int host_user, int *rv, const - char *fp; - const char *crypto_name; - -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - if (key->type == KEY_RSA1) - crypto_name = "ssh-rsa1"; - else -diff -up openssh-5.8p1/auth2-pubkey.c.fips openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.fips 2011-02-21 17:05:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-21 17:05:14.000000000 +0100 -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - - #include "xmalloc.h" - #include "ssh.h" -@@ -371,7 +372,7 @@ user_search_key_in_file(FILE *f, char *f - found_key = 1; - debug("matching key found: file %s, line %lu", - file, linenum); -- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_fingerprint(found, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s key: %s", - key_type(found), fp); - xfree(fp); diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 -+++ openssh-5.8p1/authfile.c 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/authfile.c 2011-02-24 10:34:41.000000000 +0100 @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -66,21 +34,9 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c cipher_crypt(&ciphercontext, cp, buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); -diff -up openssh-5.8p1/auth-rsa.c.fips openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.fips 2011-02-21 17:05:13.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-21 17:07:33.000000000 +0100 -@@ -119,7 +119,7 @@ auth_rsa_verify_response(Key *key, BIGNU - rv = timingsafe_bcmp(response, mdbuf, 16) == 0; - - #ifdef SSH_AUDIT_EVENTS -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { - debug("unsuccessful audit"); - rv = 0; diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c ---- openssh-5.8p1/cipher.c.fips 2011-02-21 17:05:13.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/cipher.c.fips 2011-02-24 10:34:40.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-24 10:34:41.000000000 +0100 @@ -40,6 +40,7 @@ #include @@ -167,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c /* diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 -+++ openssh-5.8p1/cipher-ctr.c 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/cipher-ctr.c 2011-02-24 10:34:41.000000000 +0100 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -179,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c return (&aes_ctr); } diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h ---- openssh-5.8p1/cipher.h.fips 2011-02-21 17:05:13.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/cipher.h.fips 2011-02-24 10:34:40.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-24 10:34:41.000000000 +0100 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -190,9 +146,29 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h u_int cipher_blocksize(const Cipher *); u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); +diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c +--- openssh-5.8p1/key.c.fips 2011-02-24 10:35:39.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-24 10:37:20.000000000 +0100 +@@ -40,6 +40,7 @@ + #include + + #include ++#include + #include + + #include +@@ -601,6 +602,8 @@ key_fingerprint_selection(void) + static int rv = -1; + + if (rv == -1) { ++ if (FIPS_mode()) ++ return (rv = 1); + env = getenv("SSH_FINGERPRINT_TYPE"); + rv = env && !strcmp (env, "sha"); + } diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c ---- openssh-5.8p1/mac.c.fips 2011-02-21 17:05:13.000000000 +0100 -+++ openssh-5.8p1/mac.c 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/mac.c.fips 2011-02-24 10:34:40.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-24 10:34:41.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -243,8 +219,8 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.fips 2011-02-21 17:05:14.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/Makefile.in.fips 2011-02-24 10:34:40.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-24 10:34:41.000000000 +0100 @@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ @@ -288,7 +264,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 -+++ openssh-5.8p1/myproposal.h 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/myproposal.h 2011-02-24 10:34:41.000000000 +0100 @@ -81,7 +81,12 @@ "hmac-sha1-96,hmac-md5-96" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" @@ -305,7 +281,7 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h KEX_DEFAULT_KEX, diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-24 10:34:41.000000000 +0100 @@ -39,6 +39,7 @@ static int rc4_ready = 0; static RC4_KEY rc4; @@ -347,53 +323,9 @@ diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbs #endif /* !HAVE_ARC4RANDOM */ #ifndef HAVE_ARC4RANDOM_BUF -diff -up openssh-5.8p1/ssh-add.c.fips openssh-5.8p1/ssh-add.c ---- openssh-5.8p1/ssh-add.c.fips 2010-11-11 04:17:02.000000000 +0100 -+++ openssh-5.8p1/ssh-add.c 2011-02-21 17:05:14.000000000 +0100 -@@ -42,6 +42,7 @@ - #include - - #include -+#include - #include "openbsd-compat/openssl-compat.h" - - #include -@@ -280,7 +281,7 @@ list_identities(AuthenticationConnection - key = ssh_get_next_identity(ac, &comment, version)) { - had_identities = 1; - if (do_fp) { -- fp = key_fingerprint(key, SSH_FP_MD5, -+ fp = key_fingerprint(key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, - SSH_FP_HEX); - printf("%d %s %s (%s)\n", - key_size(key), fp, comment, key_type(key)); -diff -up openssh-5.8p1/ssh-agent.c.fips openssh-5.8p1/ssh-agent.c ---- openssh-5.8p1/ssh-agent.c.fips 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-5.8p1/ssh-agent.c 2011-02-21 17:05:14.000000000 +0100 -@@ -51,6 +51,7 @@ - - #include - #include -+#include - #include "openbsd-compat/openssl-compat.h" - - #include -@@ -199,9 +200,9 @@ confirm_key(Identity *id) - char *p; - int ret = -1; - -- p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); -- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", -- id->comment, p)) -+ p = key_fingerprint(id->key, FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ if (ask_permission("Allow use of key %s?\nKey %sfingerprint %s.", -+ id->comment, FIPS_mode() ? "SHA1 " : "", p)) - ret = 0; - xfree(p); - diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 -+++ openssh-5.8p1/ssh.c 2011-02-21 17:05:14.000000000 +0100 ++++ openssh-5.8p1/ssh.c 2011-02-24 10:34:41.000000000 +0100 @@ -73,6 +73,8 @@ #include @@ -457,8 +389,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c ---- openssh-5.8p1/sshconnect2.c.fips 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/sshconnect2.c.fips 2011-02-24 10:34:40.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-24 10:34:41.000000000 +0100 @@ -44,6 +44,8 @@ #include #endif @@ -491,134 +423,9 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c if (options.hostkeyalgorithms != NULL) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; -@@ -590,8 +600,8 @@ input_userauth_pk_ok(int type, u_int32_t - key->type, pktype); - goto done; - } -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- debug2("input_userauth_pk_ok: fp %s", fp); -+ fp = key_fingerprint(key, SSH_FP_SHA1, SSH_FP_HEX); -+ debug2("input_userauth_pk_ok: SHA1 fp %s", fp); - xfree(fp); - - /* -diff -up openssh-5.8p1/sshconnect.c.fips openssh-5.8p1/sshconnect.c ---- openssh-5.8p1/sshconnect.c.fips 2011-01-16 13:17:59.000000000 +0100 -+++ openssh-5.8p1/sshconnect.c 2011-02-21 17:05:14.000000000 +0100 -@@ -41,6 +41,8 @@ - #include - #include - -+#include -+ - #include "xmalloc.h" - #include "key.h" - #include "hostfile.h" -@@ -705,6 +707,7 @@ check_host_key(char *hostname, struct so - int len, cancelled_forwarding = 0; - struct hostkeys *host_hostkeys, *ip_hostkeys; - const struct hostkey_entry *host_found, *ip_found; -+ int fips_on = FIPS_mode(); - - /* - * Force accepting of the host key for loopback/localhost. The -@@ -798,10 +801,10 @@ check_host_key(char *hostname, struct so - "key for IP address '%.128s' to the list " - "of known hosts.", type, ip); - } else if (options.visual_host_key) { -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(host_key, SSH_FP_MD5, -+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ ra = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, - SSH_FP_RANDOMART); -- logit("Host key fingerprint is %s\n%s\n", fp, ra); -+ logit("Host key %sfingerprint is %s\n%s\n", fips_on ? "SHA1 " : "", fp, ra); - xfree(ra); - xfree(fp); - } -@@ -830,6 +833,7 @@ check_host_key(char *hostname, struct so - goto fail; - } else if (options.strict_host_key_checking == 2) { - char msg1[1024], msg2[1024]; -+ int fips_on = FIPS_mode(); - - if (show_other_keys(host_hostkeys, host_key)) - snprintf(msg1, sizeof(msg1), -@@ -838,8 +842,8 @@ check_host_key(char *hostname, struct so - else - snprintf(msg1, sizeof(msg1), "."); - /* The default */ -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(host_key, SSH_FP_MD5, -+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ ra = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, - SSH_FP_RANDOMART); - msg2[0] = '\0'; - if (options.verify_host_key_dns) { -@@ -855,10 +859,10 @@ check_host_key(char *hostname, struct so - snprintf(msg, sizeof(msg), - "The authenticity of host '%.200s (%s)' can't be " - "established%s\n" -- "%s key fingerprint is %s.%s%s\n%s" -+ "%s key %sfingerprint is %s.%s%s\n%s" - "Are you sure you want to continue connecting " - "(yes/no)? ", -- host, ip, msg1, type, fp, -+ host, ip, msg1, type, fips_on ? "SHA1 " : "", fp, - options.visual_host_key ? "\n" : "", - options.visual_host_key ? ra : "", - msg2); -@@ -1208,20 +1212,21 @@ show_other_keys(struct hostkeys *hostkey - int i, ret = 0; - char *fp, *ra; - const struct hostkey_entry *found; -+ int fips_on = FIPS_mode(); - - for (i = 0; type[i] != -1; i++) { - if (type[i] == key->type) - continue; - if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) - continue; -- fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART); -+ fp = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ ra = key_fingerprint(found->key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_RANDOMART); - logit("WARNING: %s key found for host %s\n" - "in %s:%lu\n" -- "%s key fingerprint %s.", -+ "%s key %sfingerprint %s.\n%s\n", - key_type(found->key), - found->host, found->file, found->line, -- key_type(found->key), fp); -+ key_type(found), fips_on ? "SHA1 ":"", fp, ra); - if (options.visual_host_key) - logit("%s", ra); - xfree(ra); -@@ -1235,8 +1240,9 @@ static void - warn_changed_key(Key *host_key) - { - char *fp; -+ int fips_on = FIPS_mode(); - -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_fingerprint(host_key, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); - - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); -@@ -1244,8 +1250,8 @@ warn_changed_key(Key *host_key) - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that a host key has just been changed."); -- error("The fingerprint for the %s key sent by the remote host is\n%s.", -- key_type(host_key), fp); -+ error("The %sfingerprint for the %s key sent by the remote host is\n%s.", -+ fips_on ? "SHA1 ":"", key_type(host_key), fp); - error("Please contact your system administrator."); - - xfree(fp); diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.fips 2011-02-21 17:05:14.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-21 17:05:14.000000000 +0100 +--- openssh-5.8p1/sshd.c.fips 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-24 10:34:41.000000000 +0100 @@ -76,6 +76,8 @@ #include #include @@ -628,7 +435,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1327,6 +1329,12 @@ main(int ac, char **av) +@@ -1363,6 +1365,12 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); @@ -641,7 +448,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -@@ -1488,8 +1496,6 @@ main(int ac, char **av) +@@ -1524,8 +1532,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -650,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1608,6 +1614,10 @@ main(int ac, char **av) +@@ -1644,6 +1650,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -661,7 +468,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1772,6 +1782,10 @@ main(int ac, char **av) +@@ -1808,6 +1818,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -672,7 +479,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); -@@ -2315,6 +2329,9 @@ do_ssh2_kex(void) +@@ -2349,6 +2363,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -682,7 +489,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2324,6 +2341,9 @@ do_ssh2_kex(void) +@@ -2358,6 +2375,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; @@ -692,43 +499,3 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c } if (options.compression == COMP_NONE) { myproposal[PROPOSAL_COMP_ALGS_CTOS] = -diff -up openssh-5.8p1/ssh-keygen.c.fips openssh-5.8p1/ssh-keygen.c ---- openssh-5.8p1/ssh-keygen.c.fips 2011-02-21 17:05:14.000000000 +0100 -+++ openssh-5.8p1/ssh-keygen.c 2011-02-21 17:05:14.000000000 +0100 -@@ -21,6 +21,7 @@ - - #include - #include -+#include - #include "openbsd-compat/openssl-compat.h" - - #include -@@ -721,7 +722,7 @@ do_fingerprint(struct passwd *pw) - enum fp_type fptype; - struct stat st; - -- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; -+ fptype = print_bubblebabble ? SSH_FP_SHA1 : FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5; - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; - - if (!have_identity) -@@ -2253,14 +2254,15 @@ passphrase_again: - fclose(f); - - if (!quiet) { -- char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); -- char *ra = key_fingerprint(public, SSH_FP_MD5, -+ int fips_on = FIPS_mode(); -+ char *fp = key_fingerprint(public, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, SSH_FP_HEX); -+ char *ra = key_fingerprint(public, fips_on ? SSH_FP_SHA1 : SSH_FP_MD5, - SSH_FP_RANDOMART); - printf("Your public key has been saved in %s.\n", - identity_file); -- printf("The key fingerprint is:\n"); -+ printf("The key %sfingerprint is:\n", fips_on ? "SHA1 " : ""); - printf("%s %s\n", fp, comment); -- printf("The key's randomart image is:\n"); -+ printf("The key's %srandomart image is:\n", fips_on ? "SHA1 " :""); - printf("%s\n", ra); - xfree(ra); - xfree(fp); diff --git a/openssh.spec b/openssh.spec index fa78bbf..1d24258 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 7 +%define openssh_rel 8 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -93,8 +93,10 @@ Source3: sshd.init Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2 Source5: pam_ssh_agent-rmheaders -Patch100: openssh-5.8p1-wIm.patch +Patch99: openssh-5.8p1-wIm.patch Patch0: openssh-5.6p1-redhat.patch +#? +Patch100: openssh-5.8p1-fingerprit.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Patch1: openssh-5.8p1-audit1.patch Patch101: openssh-5.8p1-audit1a.patch @@ -287,8 +289,9 @@ The module is most useful for su and sudo service stacks. %prep %setup -q -a 4 #Do not enable by default -###%patch100 -p1 -b .wIm +###%patch99 -p1 -b .wIm %patch0 -p1 -b .redhat +%patch100 -p1 -b .fingerprint %patch1 -p1 -b .audit1 %patch101 -p1 -b .audit1a %patch2 -p1 -b .audit2 @@ -616,7 +619,7 @@ fi %endif %changelog -* Wed Feb 23 2011 Jan F. Chadima - 5.8p1-7 + 0.9.2-30 +* Thu Feb 24 2011 Jan F. Chadima - 5.8p1-8 + 0.9.2-30 - another audit improovements * Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30