[openssh] improove ssk-keycat (documentation)
Jan F. Chadima
jfch2222 at fedoraproject.org
Fri Mar 4 14:22:37 UTC 2011
commit 825921b7f3fb60b617b3d4c086028f783fd5e756
Author: Jan F <jfch at kerberos.example.com>
Date: Fri Mar 4 15:22:12 2011 +0100
improove ssk-keycat (documentation)
openssh-5.8p1-audit0.patch | 17 ++
openssh-5.8p1-audit0a.patch | 17 --
openssh-5.8p1-audit1.patch | 353 +++++++++++++++++++++++++++++-------
openssh-5.8p1-audit1a.patch | 429 -------------------------------------------
openssh-5.8p1-audit2.patch | 140 ++++++++++++---
openssh-5.8p1-audit2a.patch | 153 ---------------
openssh-5.8p1-keycat.patch | 139 +++++++++++++-
openssh-5.8p1-keycat2.patch | 132 -------------
openssh.spec | 6 +-
ssh-keycat.pam | 4 +-
10 files changed, 561 insertions(+), 829 deletions(-)
---
diff --git a/openssh-5.8p1-audit0.patch b/openssh-5.8p1-audit0.patch
index e69de29..9a0f37c 100644
--- a/openssh-5.8p1-audit0.patch
+++ b/openssh-5.8p1-audit0.patch
@@ -0,0 +1,17 @@
+Don't audit SSH_INVALID_USER twice.
+
+PRIVSEP(getpwnamallow()) a few lines above already did this.
+
+diff -ur openssh/auth2.c openssh-5.8p1/auth2.c
+--- openssh/auth2.c 2011-03-02 02:32:52.383773622 +0100
++++ openssh-5.8p1/auth2.c 2011-03-02 03:32:34.585110911 +0100
+@@ -250,9 +250,6 @@
+ } else {
+ logit("input_userauth_request: invalid user %s", user);
+ authctxt->pw = fakepw();
+-#ifdef SSH_AUDIT_EVENTS
+- PRIVSEP(audit_event(SSH_INVALID_USER));
+-#endif
+ }
+ #ifdef USE_PAM
+ if (options.use_pam)
diff --git a/openssh-5.8p1-audit0a.patch b/openssh-5.8p1-audit0a.patch
index 9a0f37c..e69de29 100644
--- a/openssh-5.8p1-audit0a.patch
+++ b/openssh-5.8p1-audit0a.patch
@@ -1,17 +0,0 @@
-Don't audit SSH_INVALID_USER twice.
-
-PRIVSEP(getpwnamallow()) a few lines above already did this.
-
-diff -ur openssh/auth2.c openssh-5.8p1/auth2.c
---- openssh/auth2.c 2011-03-02 02:32:52.383773622 +0100
-+++ openssh-5.8p1/auth2.c 2011-03-02 03:32:34.585110911 +0100
-@@ -250,9 +250,6 @@
- } else {
- logit("input_userauth_request: invalid user %s", user);
- authctxt->pw = fakepw();
--#ifdef SSH_AUDIT_EVENTS
-- PRIVSEP(audit_event(SSH_INVALID_USER));
--#endif
- }
- #ifdef USE_PAM
- if (options.use_pam)
diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch
index 08674a9..a4ac470 100644
--- a/openssh-5.8p1-audit1.patch
+++ b/openssh-5.8p1-audit1.patch
@@ -1,55 +1,103 @@
diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c
--- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c 2011-02-28 22:39:02.000000000 +0100
-@@ -305,6 +305,12 @@ audit_run_command(const char *command)
++++ openssh-5.8p1/audit-bsm.c 2011-03-04 14:16:25.000000000 +0100
+@@ -298,10 +298,23 @@ audit_connection_from(const char *host,
+ #endif
}
- void
-+audit_end_command(const char *command)
+-void
++int
+ audit_run_command(const char *command)
+ {
+ /* not implemented */
++ return 0;
++}
++
++void
++audit_end_command(int handle, const char *command)
+{
+ /* not implemented */
+}
+
+void
- audit_session_open(struct logininfo *li)
- {
- /* not implemented */
++audit_count_session_open(void)
++{
++ /* not necessary */
+ }
+
+ void
diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c
--- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.8p1/audit.c 2011-02-28 22:39:02.000000000 +0100
-@@ -182,5 +182,18 @@ audit_run_command(const char *command)
++++ openssh-5.8p1/audit.c 2011-03-04 14:16:25.000000000 +0100
+@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
+ }
+
+ /*
++ * Called when a child process has called, or will soon call,
++ * audit_session_open.
++ */
++void
++audit_count_session_open(void)
++{
++ debug("audit count session open euid %d user %s", geteuid(),
++ audit_username());
++}
++
++/*
+ * Called when a user session is started. Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
+ /*
+ * This will be called when a user runs a non-interactive command. Note that
+ * it may be called multiple times for a single connection since SSH2 allows
+- * multiple sessions within a single connection.
++ * multiple sessions within a single connection. Returns a "handle" for
++ * audit_end_command.
+ */
+-void
++int
+ audit_run_command(const char *command)
+ {
debug("audit run command euid %d user %s command '%.200s'", geteuid(),
audit_username(), command);
- }
++ return 0;
++}
+
+/*
+ * This will be called when the non-interactive command finishes. Note that
+ * it may be called multiple times for a single connection since SSH2 allows
-+ * multiple sessions within a single connection.
++ * multiple sessions within a single connection. "handle" should come from
++ * the corresponding audit_run_command.
+ */
+void
-+audit_end_command(const char *command)
++audit_end_command(int handle, const char *command)
+{
+ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(),
+ audit_username(), command);
-+}
+ }
+
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h
--- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.8p1/audit.h 2011-02-28 22:39:02.000000000 +0100
-@@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t);
++++ openssh-5.8p1/audit.h 2011-03-04 14:16:25.000000000 +0100
+@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
+
+ void audit_connection_from(const char *, int);
+ void audit_event(ssh_audit_event_t);
++void audit_count_session_open(void);
void audit_session_open(struct logininfo *);
void audit_session_close(struct logininfo *);
- void audit_run_command(const char *);
-+void audit_end_command(const char *);
+-void audit_run_command(const char *);
++int audit_run_command(const char *);
++void audit_end_command(int, const char *);
ssh_audit_event_t audit_classify_auth(const char *);
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
--- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c 2011-02-28 22:39:02.000000000 +0100
++++ openssh-5.8p1/audit-linux.c 2011-03-04 14:16:25.000000000 +0100
@@ -35,13 +35,20 @@
#include "log.h"
@@ -89,7 +137,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
NULL, "login", username ? username : "(unknown)",
username == NULL ? uid : -1, hostname, ip, ttyn, success);
saved_errno = errno;
-@@ -65,35 +72,112 @@ linux_audit_record_event(int uid, const
+@@ -65,35 +72,119 @@ linux_audit_record_event(int uid, const
if ((rc == -EPERM) && (geteuid() != 0))
rc = 0;
errno = saved_errno;
@@ -163,7 +211,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
/* not implemented */
+}
- void
+-void
++int
audit_run_command(const char *command)
{
- /* not implemented */
@@ -172,16 +221,23 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
+ NULL, "ssh", 1, AUDIT_USER_LOGIN);
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_START);
++ return 0;
+}
+
+void
-+audit_end_command(const char *command)
++audit_end_command(int handle, const char *command)
+{
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_END);
+ if (user_login_count && !--user_login_count)
+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
+ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
++}
++
++void
++audit_count_session_open(void)
++{
++ user_login_count++;
}
void
@@ -209,7 +265,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
}
void
-@@ -101,21 +185,43 @@ audit_event(ssh_audit_event_t event)
+@@ -101,21 +192,43 @@ audit_event(ssh_audit_event_t event)
{
switch(event) {
case SSH_AUTH_SUCCESS:
@@ -259,7 +315,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c
default:
diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c
--- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200
-+++ openssh-5.8p1/monitor.c 2011-02-28 22:39:02.000000000 +0100
++++ openssh-5.8p1/monitor.c 2011-03-04 14:16:25.000000000 +0100
@@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer *
#ifdef SSH_AUDIT_EVENTS
int mm_answer_audit_event(int, Buffer *);
@@ -284,126 +340,295 @@ diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c
#endif
{0, 0, NULL}
};
-@@ -1618,6 +1621,20 @@ mm_answer_audit_command(int socket, Buff
- xfree(cmd);
- return (0);
+@@ -1288,6 +1291,12 @@ mm_session_close(Session *s)
+ debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
+ session_pty_cleanup2(s);
+ }
++#ifdef SSH_AUDIT_EVENTS
++ if (s->command != NULL) {
++ debug3("%s: command %d", __func__, s->command_handle);
++ session_end_command2(s);
++ }
++#endif
+ session_unused(s->self);
}
+
+@@ -1610,11 +1619,44 @@ mm_answer_audit_command(int socket, Buff
+ {
+ u_int len;
+ char *cmd;
++ Session *s;
+
+ debug3("%s entering", __func__);
+ cmd = buffer_get_string(m, &len);
++
+ /* sanity check command, if so how? */
+- audit_run_command(cmd);
++ s = session_new();
++ if (s == NULL)
++ fatal("%s: error allocating a session", __func__);
++ s->command = cmd;
++ s->command_handle = audit_run_command(cmd);
++
++ buffer_clear(m);
++ buffer_put_int(m, s->self);
++
++ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
++
++ return (0);
++}
+
+int
+mm_answer_audit_end_command(int socket, Buffer *m)
+{
++ int handle;
+ u_int len;
+ char *cmd;
++ Session *s;
+
+ debug3("%s entering", __func__);
++ handle = buffer_get_int(m);
+ cmd = buffer_get_string(m, &len);
-+ /* sanity check command, if so how? */
-+ audit_end_command(cmd);
-+ xfree(cmd);
-+ return (0);
-+}
- #endif /* SSH_AUDIT_EVENTS */
-
- void
++
++ s = session_by_id(handle);
++ if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
++ strcmp(s->command, cmd) != 0)
++ fatal("%s: invalid handle", __func__);
++ mm_session_close(s);
++
+ xfree(cmd);
+ return (0);
+ }
diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h
--- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100
-+++ openssh-5.8p1/monitor.h 2011-02-28 22:39:02.000000000 +0100
++++ openssh-5.8p1/monitor.h 2011-03-04 14:16:25.000000000 +0100
@@ -60,6 +60,7 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
-+ MONITOR_REQ_AUDIT_END_COMMAND,
++ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
MONITOR_REQ_TERM,
MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c
--- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200
-+++ openssh-5.8p1/monitor_wrap.c 2011-02-28 22:39:02.000000000 +0100
-@@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
++++ openssh-5.8p1/monitor_wrap.c 2011-03-04 14:16:25.000000000 +0100
+@@ -1150,10 +1150,11 @@ mm_audit_event(ssh_audit_event_t event)
buffer_free(&m);
}
+
+-void
++int
+ mm_audit_run_command(const char *command)
+ {
+ Buffer m;
++ int handle;
+
+ debug3("%s entering command %s", __func__, command);
+
+@@ -1161,6 +1162,26 @@ mm_audit_run_command(const char *command
+ buffer_put_cstring(&m, command);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m);
++
++ handle = buffer_get_int(&m);
++ buffer_free(&m);
++
++ return (handle);
++}
+
+void
-+mm_audit_end_command(const char *command)
++mm_audit_end_command(int handle, const char *command)
+{
+ Buffer m;
+
+ debug3("%s entering command %s", __func__, command);
+
+ buffer_init(&m);
++ buffer_put_int(&m, handle);
+ buffer_put_cstring(&m, command);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m);
-+ buffer_free(&m);
-+}
+ buffer_free(&m);
+ }
#endif /* SSH_AUDIT_EVENTS */
-
- #ifdef GSSAPI
diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h
--- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h 2011-02-28 22:39:02.000000000 +0100
-@@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *);
++++ openssh-5.8p1/monitor_wrap.h 2011-03-04 14:16:25.000000000 +0100
+@@ -73,7 +73,8 @@ void mm_sshpam_free_ctx(void *);
+ #ifdef SSH_AUDIT_EVENTS
#include "audit.h"
void mm_audit_event(ssh_audit_event_t);
- void mm_audit_run_command(const char *);
-+void mm_audit_end_command(const char *);
+-void mm_audit_run_command(const char *);
++int mm_audit_run_command(const char *);
++void mm_audit_end_command(int, const char *);
#endif
struct Session;
diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100
-+++ openssh-5.8p1/session.c 2011-02-28 22:39:02.000000000 +0100
-@@ -809,14 +809,16 @@ do_exec(Session *s, const char *command)
++++ openssh-5.8p1/session.c 2011-03-04 14:16:25.000000000 +0100
+@@ -738,6 +738,14 @@ do_exec_pty(Session *s, const char *comm
+ /* Parent. Close the slave side of the pseudo tty. */
+ close(ttyfd);
+
++#ifndef HAVE_OSF_SIA
++ /* do_login in the child did not affect state in this process,
++ compensate. From an architectural standpoint, this is extremely
++ ugly. */
++ if (!(options.use_login && command == NULL))
++ audit_count_session_open();
++#endif
++
+ /* Enter interactive session. */
+ s->ptymaster = ptymaster;
+ packet_set_interactive(1,
+@@ -809,15 +817,19 @@ do_exec(Session *s, const char *command)
}
#ifdef SSH_AUDIT_EVENTS
-- if (command != NULL)
-+ if (command != NULL) {
- PRIVSEP(audit_run_command(command));
-- else if (s->ttyfd == -1) {
++ if (s->command != NULL || s->command_handle != -1)
++ fatal("do_exec: command already set");
+ if (command != NULL)
+- PRIVSEP(audit_run_command(command));
+ s->command = xstrdup(command);
-+ } else if (s->ttyfd == -1) {
+ else if (s->ttyfd == -1) {
char *shell = s->pw->pw_shell;
if (shell[0] == '\0') /* empty shell means /bin/sh */
shell =_PATH_BSHELL;
- PRIVSEP(audit_run_command(shell));
+- PRIVSEP(audit_run_command(shell));
+ s->command = xstrdup(shell);
}
++ if (s->command != NULL)
++ s->command_handle = PRIVSEP(audit_run_command(s->command));
#endif
if (s->ttyfd != -1)
-@@ -2456,6 +2458,12 @@ session_close(Session *s)
+ ret = do_exec_pty(s, command);
+@@ -1841,6 +1853,7 @@ session_unused(int id)
+ sessions[id].ttyfd = -1;
+ sessions[id].ptymaster = -1;
+ sessions[id].x11_chanids = NULL;
++ sessions[id].command_handle = -1;
+ sessions[id].next_unused = sessions_first_unused;
+ sessions_first_unused = id;
+ }
+@@ -1923,6 +1936,19 @@ session_open(Authctxt *authctxt, int cha
+ }
+
+ Session *
++session_by_id(int id)
++{
++ if (id >= 0 && id < sessions_nalloc) {
++ Session *s = &sessions[id];
++ if (s->used)
++ return s;
++ }
++ debug("session_by_id: unknown id %d", id);
++ session_dump();
++ return NULL;
++}
++
++Session *
+ session_by_tty(char *tty)
+ {
+ int i;
+@@ -2448,6 +2474,30 @@ session_exit_message(Session *s, int sta
+ chan_write_failed(c);
+ }
+
++#ifdef SSH_AUDIT_EVENTS
++void
++session_end_command2(Session *s)
++{
++ if (s->command != NULL) {
++ audit_end_command(s->command_handle, s->command);
++ xfree(s->command);
++ s->command = NULL;
++ s->command_handle = -1;
++ }
++}
++
++static void
++session_end_command(Session *s)
++{
++ if (s->command != NULL) {
++ PRIVSEP(audit_end_command(s->command_handle, s->command));
++ xfree(s->command);
++ s->command = NULL;
++ s->command_handle = -1;
++ }
++}
++#endif
++
+ void
+ session_close(Session *s)
+ {
+@@ -2456,6 +2506,10 @@ session_close(Session *s)
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
if (s->ttyfd != -1)
session_pty_cleanup(s);
+#ifdef SSH_AUDIT_EVENTS
-+ if (s->command) {
-+ PRIVSEP(audit_end_command(s->command));
-+ xfree(s->command);
-+ }
++ if (s->command)
++ session_end_command(s);
+#endif
if (s->term)
xfree(s->term);
if (s->display)
+@@ -2675,6 +2729,15 @@ do_authenticated2(Authctxt *authctxt)
+ server_loop2(authctxt);
+ }
+
++static void
++do_cleanup_one_session(Session *s)
++{
++ session_pty_cleanup2(s);
++#ifdef SSH_AUDIT_EVENTS
++ session_end_command2(s);
++#endif
++}
++
+ void
+ do_cleanup(Authctxt *authctxt)
+ {
+@@ -2723,5 +2786,5 @@ do_cleanup(Authctxt *authctxt)
+ * or if running in monitor.
+ */
+ if (!use_privsep || mm_is_monitor())
+- session_destroy_all(session_pty_cleanup2);
++ session_destroy_all(do_cleanup_one_session);
+ }
diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h
--- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200
-+++ openssh-5.8p1/session.h 2011-02-28 22:39:02.000000000 +0100
-@@ -60,6 +60,11 @@ struct Session {
++++ openssh-5.8p1/session.h 2011-03-04 14:16:25.000000000 +0100
+@@ -60,6 +60,12 @@ struct Session {
char *name;
char *val;
} *env;
+
+ /* exec */
+#ifdef SSH_AUDIT_EVENTS
++ int command_handle;
+ char *command;
+#endif
};
void do_authenticated(Authctxt *);
+@@ -72,8 +78,10 @@ void session_close_by_pid(pid_t, int);
+ void session_close_by_channel(int, void *);
+ void session_destroy_all(void (*)(Session *));
+ void session_pty_cleanup2(Session *);
++void session_end_command2(Session *);
+
+ Session *session_new(void);
++Session *session_by_id(int);
+ Session *session_by_tty(char *);
+ void session_close(Session *);
+ void do_setusercontext(struct passwd *);
diff -up openssh-5.8p1/sshd.c.audit1 openssh-5.8p1/sshd.c
--- openssh-5.8p1/sshd.c.audit1 2011-01-11 07:20:31.000000000 +0100
-+++ openssh-5.8p1/sshd.c 2011-02-28 22:39:02.000000000 +0100
++++ openssh-5.8p1/sshd.c 2011-03-04 14:16:25.000000000 +0100
@@ -2342,7 +2342,8 @@ cleanup_exit(int i)
do_cleanup(the_authctxt);
#ifdef SSH_AUDIT_EVENTS
diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch
index 850f51b..e69de29 100644
--- a/openssh-5.8p1-audit1a.patch
+++ b/openssh-5.8p1-audit1a.patch
@@ -1,429 +0,0 @@
-diff -up openssh-5.8p1/audit-bsm.c.audit1a openssh-5.8p1/audit-bsm.c
---- openssh-5.8p1/audit-bsm.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c 2011-03-02 09:37:14.000000000 +0100
-@@ -298,19 +298,26 @@ audit_connection_from(const char *host,
- #endif
- }
-
--void
-+int
- audit_run_command(const char *command)
- {
- /* not implemented */
-+ return 0;
- }
-
- void
--audit_end_command(const char *command)
-+audit_end_command(int handle, const char *command)
- {
- /* not implemented */
- }
-
- void
-+audit_count_session_open(void)
-+{
-+ /* not necessary */
-+}
-+
-+void
- audit_session_open(struct logininfo *li)
- {
- /* not implemented */
-diff -up openssh-5.8p1/audit.c.audit1a openssh-5.8p1/audit.c
---- openssh-5.8p1/audit.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/audit.c 2011-03-02 09:37:14.000000000 +0100
-@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
- }
-
- /*
-+ * Called when a child process has called, or will soon call,
-+ * audit_session_open.
-+ */
-+void
-+audit_count_session_open(void)
-+{
-+ debug("audit count session open euid %d user %s", geteuid(),
-+ audit_username());
-+}
-+
-+/*
- * Called when a user session is started. Argument is the tty allocated to
- * the session, or NULL if no tty was allocated.
- *
-@@ -174,22 +185,25 @@ audit_session_close(struct logininfo *li
- /*
- * This will be called when a user runs a non-interactive command. Note that
- * it may be called multiple times for a single connection since SSH2 allows
-- * multiple sessions within a single connection.
-+ * multiple sessions within a single connection. Returns a "handle" for
-+ * audit_end_command.
- */
--void
-+int
- audit_run_command(const char *command)
- {
- debug("audit run command euid %d user %s command '%.200s'", geteuid(),
- audit_username(), command);
-+ return 0;
- }
-
- /*
- * This will be called when the non-interactive command finishes. Note that
- * it may be called multiple times for a single connection since SSH2 allows
-- * multiple sessions within a single connection.
-+ * multiple sessions within a single connection. "handle" should come from
-+ * the corresponding audit_run_command.
- */
- void
--audit_end_command(const char *command)
-+audit_end_command(int handle, const char *command)
- {
- debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(),
- audit_username(), command);
-diff -up openssh-5.8p1/audit.h.audit1a openssh-5.8p1/audit.h
---- openssh-5.8p1/audit.h.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/audit.h 2011-03-02 09:37:14.000000000 +0100
-@@ -49,10 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
-
- void audit_connection_from(const char *, int);
- void audit_event(ssh_audit_event_t);
-+void audit_count_session_open(void);
- void audit_session_open(struct logininfo *);
- void audit_session_close(struct logininfo *);
--void audit_run_command(const char *);
--void audit_end_command(const char *);
-+int audit_run_command(const char *);
-+void audit_end_command(int, const char *);
- ssh_audit_event_t audit_classify_auth(const char *);
-
- #endif /* _SSH_AUDIT_H */
-diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c
---- openssh-5.8p1/audit-linux.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c 2011-03-02 09:37:14.000000000 +0100
-@@ -140,7 +140,7 @@ audit_connection_from(const char *host,
- /* not implemented */
- }
-
--void
-+int
- audit_run_command(const char *command)
- {
- if (!user_login_count++)
-@@ -148,10 +148,11 @@ audit_run_command(const char *command)
- NULL, "ssh", 1, AUDIT_USER_LOGIN);
- linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
- NULL, "ssh", 1, AUDIT_USER_START);
-+ return 0;
- }
-
- void
--audit_end_command(const char *command)
-+audit_end_command(int handle, const char *command)
- {
- linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
- NULL, "ssh", 1, AUDIT_USER_END);
-@@ -161,6 +162,12 @@ audit_end_command(const char *command)
- }
-
- void
-+audit_count_session_open(void)
-+{
-+ user_login_count++;
-+}
-+
-+void
- audit_session_open(struct logininfo *li)
- {
- if (!user_login_count++)
-diff -up openssh-5.8p1/monitor.c.audit1a openssh-5.8p1/monitor.c
---- openssh-5.8p1/monitor.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/monitor.c 2011-03-02 09:37:14.000000000 +0100
-@@ -1291,6 +1291,12 @@ mm_session_close(Session *s)
- debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
- session_pty_cleanup2(s);
- }
-+#ifdef SSH_AUDIT_EVENTS
-+ if (s->command != NULL) {
-+ debug3("%s: command %d", __func__, s->command_handle);
-+ session_end_command2(s);
-+ }
-+#endif
- session_unused(s->self);
- }
-
-@@ -1613,25 +1619,44 @@ mm_answer_audit_command(int socket, Buff
- {
- u_int len;
- char *cmd;
-+ Session *s;
-
- debug3("%s entering", __func__);
- cmd = buffer_get_string(m, &len);
-+
- /* sanity check command, if so how? */
-- audit_run_command(cmd);
-- xfree(cmd);
-+ s = session_new();
-+ if (s == NULL)
-+ fatal("%s: error allocating a session", __func__);
-+ s->command = cmd;
-+ s->command_handle = audit_run_command(cmd);
-+
-+ buffer_clear(m);
-+ buffer_put_int(m, s->self);
-+
-+ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
-+
- return (0);
- }
-
- int
- mm_answer_audit_end_command(int socket, Buffer *m)
- {
-+ int handle;
- u_int len;
- char *cmd;
-+ Session *s;
-
- debug3("%s entering", __func__);
-+ handle = buffer_get_int(m);
- cmd = buffer_get_string(m, &len);
-- /* sanity check command, if so how? */
-- audit_end_command(cmd);
-+
-+ s = session_by_id(handle);
-+ if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
-+ strcmp(s->command, cmd) != 0)
-+ fatal("%s: invalid handle", __func__);
-+ mm_session_close(s);
-+
- xfree(cmd);
- return (0);
- }
-diff -up openssh-5.8p1/monitor.h.audit1a openssh-5.8p1/monitor.h
---- openssh-5.8p1/monitor.h.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/monitor.h 2011-03-02 09:37:15.000000000 +0100
-@@ -60,7 +60,7 @@ enum monitor_reqtype {
- MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
- MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
- MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
-- MONITOR_REQ_AUDIT_END_COMMAND,
-+ MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
- MONITOR_REQ_TERM,
- MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
- MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
-diff -up openssh-5.8p1/monitor_wrap.c.audit1a openssh-5.8p1/monitor_wrap.c
---- openssh-5.8p1/monitor_wrap.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.c 2011-03-02 09:37:15.000000000 +0100
-@@ -1150,10 +1150,11 @@ mm_audit_event(ssh_audit_event_t event)
- buffer_free(&m);
- }
-
--void
-+int
- mm_audit_run_command(const char *command)
- {
- Buffer m;
-+ int handle;
-
- debug3("%s entering command %s", __func__, command);
-
-@@ -1161,17 +1162,23 @@ mm_audit_run_command(const char *command
- buffer_put_cstring(&m, command);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
-+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m);
-+
-+ handle = buffer_get_int(&m);
- buffer_free(&m);
-+
-+ return (handle);
- }
-
- void
--mm_audit_end_command(const char *command)
-+mm_audit_end_command(int handle, const char *command)
- {
- Buffer m;
-
- debug3("%s entering command %s", __func__, command);
-
- buffer_init(&m);
-+ buffer_put_int(&m, handle);
- buffer_put_cstring(&m, command);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m);
-diff -up openssh-5.8p1/monitor_wrap.h.audit1a openssh-5.8p1/monitor_wrap.h
---- openssh-5.8p1/monitor_wrap.h.audit1a 2011-03-02 09:41:17.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h 2011-03-02 09:44:35.000000000 +0100
-@@ -73,8 +73,8 @@ void mm_sshpam_free_ctx(void *);
- #ifdef SSH_AUDIT_EVENTS
- #include "audit.h"
- void mm_audit_event(ssh_audit_event_t);
--void mm_audit_run_command(const char *);
--void mm_audit_end_command(const char *);
-+int mm_audit_run_command(const char *);
-+void mm_audit_end_command(int, const char *);
- #endif
-
- struct Session;
-diff -up openssh-5.8p1/session.c.audit1a openssh-5.8p1/session.c
---- openssh-5.8p1/session.c.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/session.c 2011-03-02 09:37:15.000000000 +0100
-@@ -738,6 +738,14 @@ do_exec_pty(Session *s, const char *comm
- /* Parent. Close the slave side of the pseudo tty. */
- close(ttyfd);
-
-+#ifndef HAVE_OSF_SIA
-+ /* do_login in the child did not affect state in this process,
-+ compensate. From an architectural standpoint, this is extremely
-+ ugly. */
-+ if (!(options.use_login && command == NULL))
-+ audit_count_session_open();
-+#endif
-+
- /* Enter interactive session. */
- s->ptymaster = ptymaster;
- packet_set_interactive(1,
-@@ -809,17 +817,19 @@ do_exec(Session *s, const char *command)
- }
-
- #ifdef SSH_AUDIT_EVENTS
-- if (command != NULL) {
-- PRIVSEP(audit_run_command(command));
-+ if (s->command != NULL || s->command_handle != -1)
-+ fatal("do_exec: command already set");
-+ if (command != NULL)
- s->command = xstrdup(command);
-- } else if (s->ttyfd == -1) {
-+ else if (s->ttyfd == -1) {
- char *shell = s->pw->pw_shell;
-
- if (shell[0] == '\0') /* empty shell means /bin/sh */
- shell =_PATH_BSHELL;
-- PRIVSEP(audit_run_command(shell));
- s->command = xstrdup(shell);
- }
-+ if (s->command != NULL)
-+ s->command_handle = PRIVSEP(audit_run_command(s->command));
- #endif
- if (s->ttyfd != -1)
- ret = do_exec_pty(s, command);
-@@ -1843,6 +1853,7 @@ session_unused(int id)
- sessions[id].ttyfd = -1;
- sessions[id].ptymaster = -1;
- sessions[id].x11_chanids = NULL;
-+ sessions[id].command_handle = -1;
- sessions[id].next_unused = sessions_first_unused;
- sessions_first_unused = id;
- }
-@@ -1925,6 +1936,19 @@ session_open(Authctxt *authctxt, int cha
- }
-
- Session *
-+session_by_id(int id)
-+{
-+ if (id >= 0 && id < sessions_nalloc) {
-+ Session *s = &sessions[id];
-+ if (s->used)
-+ return s;
-+ }
-+ debug("session_by_id: unknown id %d", id);
-+ session_dump();
-+ return NULL;
-+}
-+
-+Session *
- session_by_tty(char *tty)
- {
- int i;
-@@ -2450,6 +2474,30 @@ session_exit_message(Session *s, int sta
- chan_write_failed(c);
- }
-
-+#ifdef SSH_AUDIT_EVENTS
-+void
-+session_end_command2(Session *s)
-+{
-+ if (s->command != NULL) {
-+ audit_end_command(s->command_handle, s->command);
-+ xfree(s->command);
-+ s->command = NULL;
-+ s->command_handle = -1;
-+ }
-+}
-+
-+static void
-+session_end_command(Session *s)
-+{
-+ if (s->command != NULL) {
-+ PRIVSEP(audit_end_command(s->command_handle, s->command));
-+ xfree(s->command);
-+ s->command = NULL;
-+ s->command_handle = -1;
-+ }
-+}
-+#endif
-+
- void
- session_close(Session *s)
- {
-@@ -2459,10 +2507,8 @@ session_close(Session *s)
- if (s->ttyfd != -1)
- session_pty_cleanup(s);
- #ifdef SSH_AUDIT_EVENTS
-- if (s->command) {
-- PRIVSEP(audit_end_command(s->command));
-- xfree(s->command);
-- }
-+ if (s->command)
-+ session_end_command(s);
- #endif
- if (s->term)
- xfree(s->term);
-@@ -2683,6 +2729,15 @@ do_authenticated2(Authctxt *authctxt)
- server_loop2(authctxt);
- }
-
-+static void
-+do_cleanup_one_session(Session *s)
-+{
-+ session_pty_cleanup2(s);
-+#ifdef SSH_AUDIT_EVENTS
-+ session_end_command2(s);
-+#endif
-+}
-+
- void
- do_cleanup(Authctxt *authctxt)
- {
-@@ -2731,5 +2786,5 @@ do_cleanup(Authctxt *authctxt)
- * or if running in monitor.
- */
- if (!use_privsep || mm_is_monitor())
-- session_destroy_all(session_pty_cleanup2);
-+ session_destroy_all(do_cleanup_one_session);
- }
-diff -up openssh-5.8p1/session.h.audit1a openssh-5.8p1/session.h
---- openssh-5.8p1/session.h.audit1a 2011-03-02 09:37:14.000000000 +0100
-+++ openssh-5.8p1/session.h 2011-03-02 09:37:15.000000000 +0100
-@@ -63,6 +63,7 @@ struct Session {
-
- /* exec */
- #ifdef SSH_AUDIT_EVENTS
-+ int command_handle;
- char *command;
- #endif
- };
-@@ -77,8 +78,10 @@ void session_close_by_pid(pid_t, int);
- void session_close_by_channel(int, void *);
- void session_destroy_all(void (*)(Session *));
- void session_pty_cleanup2(Session *);
-+void session_end_command2(Session *);
-
- Session *session_new(void);
-+Session *session_by_id(int);
- Session *session_by_tty(char *);
- void session_close(Session *);
- void do_setusercontext(struct passwd *);
diff --git a/openssh-5.8p1-audit2.patch b/openssh-5.8p1-audit2.patch
index 8568daa..c832593 100644
--- a/openssh-5.8p1-audit2.patch
+++ b/openssh-5.8p1-audit2.patch
@@ -1,6 +1,6 @@
diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
---- openssh-5.8p1/audit-bsm.c.audit2 2011-03-02 08:23:54.000000000 +0100
-+++ openssh-5.8p1/audit-bsm.c 2011-03-02 08:23:54.000000000 +0100
+--- openssh-5.8p1/audit-bsm.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/audit-bsm.c 2011-03-04 14:28:17.000000000 +0100
@@ -329,6 +329,12 @@ audit_session_close(struct logininfo *li
/* not implemented */
}
@@ -15,8 +15,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit2 openssh-5.8p1/audit-bsm.c
audit_event(ssh_audit_event_t event)
{
diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
---- openssh-5.8p1/audit.c.audit2 2011-03-02 08:23:54.000000000 +0100
-+++ openssh-5.8p1/audit.c 2011-03-02 08:23:55.000000000 +0100
+--- openssh-5.8p1/audit.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/audit.c 2011-03-04 14:28:17.000000000 +0100
@@ -36,6 +36,7 @@
#include "key.h"
#include "hostfile.h"
@@ -67,8 +67,8 @@ diff -up openssh-5.8p1/audit.c.audit2 openssh-5.8p1/audit.c
# endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
#endif /* SSH_AUDIT_EVENTS */
diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
---- openssh-5.8p1/audit.h.audit2 2011-03-02 08:23:54.000000000 +0100
-+++ openssh-5.8p1/audit.h 2011-03-02 08:25:02.000000000 +0100
+--- openssh-5.8p1/audit.h.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/audit.h 2011-03-04 14:28:17.000000000 +0100
@@ -28,6 +28,7 @@
# define _SSH_AUDIT_H
@@ -86,8 +86,8 @@ diff -up openssh-5.8p1/audit.h.audit2 openssh-5.8p1/audit.h
#endif /* _SSH_AUDIT_H */
diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
---- openssh-5.8p1/audit-linux.c.audit2 2011-03-02 08:23:54.000000000 +0100
-+++ openssh-5.8p1/audit-linux.c 2011-03-02 08:23:55.000000000 +0100
+--- openssh-5.8p1/audit-linux.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/audit-linux.c 2011-03-04 14:28:17.000000000 +0100
@@ -41,6 +41,8 @@
#include "servconf.h"
#include "canohost.h"
@@ -136,14 +136,23 @@ diff -up openssh-5.8p1/audit-linux.c.audit2 openssh-5.8p1/audit-linux.c
/* Below is the sshd audit API code */
diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
---- openssh-5.8p1/auth2-hostbased.c.audit2 2011-03-02 08:23:53.000000000 +0100
-+++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:23:55.000000000 +0100
+--- openssh-5.8p1/auth2-hostbased.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/auth2-hostbased.c 2011-03-04 14:28:17.000000000 +0100
+@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt)
+ /* test for allowed key and correct signature */
+ authenticated = 0;
+ if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
+- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
++ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+
@@ -136,6 +136,18 @@ done:
return authenticated;
}
+int
-+hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
++hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
+{
+ int rv;
+
@@ -158,14 +167,23 @@ diff -up openssh-5.8p1/auth2-hostbased.c.audit2 openssh-5.8p1/auth2-hostbased.c
int
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
---- openssh-5.8p1/auth2-pubkey.c.audit2 2011-03-02 08:23:53.000000000 +0100
-+++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:23:55.000000000 +0100
+--- openssh-5.8p1/auth2-pubkey.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/auth2-pubkey.c 2011-03-04 14:28:17.000000000 +0100
+@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt)
+ /* test for correct signature */
+ authenticated = 0;
+ if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
+- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
++ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+ buffer_free(&b);
@@ -177,6 +177,18 @@ done:
return authenticated;
}
+int
-+pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
++user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
+{
+ int rv;
+
@@ -181,12 +199,12 @@ diff -up openssh-5.8p1/auth2-pubkey.c.audit2 openssh-5.8p1/auth2-pubkey.c
{
diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
--- openssh-5.8p1/auth.h.audit2 2010-05-10 03:58:03.000000000 +0200
-+++ openssh-5.8p1/auth.h 2011-03-02 08:23:55.000000000 +0100
++++ openssh-5.8p1/auth.h 2011-03-04 14:28:17.000000000 +0100
@@ -170,6 +170,7 @@ void abandon_challenge_response(Authctxt
char *authorized_keys_file(struct passwd *);
char *authorized_keys_file2(struct passwd *);
char *authorized_principals_file(struct passwd *);
-+int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
++int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
FILE *auth_openkeyfile(const char *, struct passwd *, int);
FILE *auth_openprincipals(const char *, struct passwd *, int);
@@ -194,13 +212,13 @@ diff -up openssh-5.8p1/auth.h.audit2 openssh-5.8p1/auth.h
Key *get_hostkey_private_by_type(int);
int get_hostkey_index(Key *);
int ssh1_session_key(BIGNUM *);
-+int hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
++int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
/* debug messages during authentication */
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
---- openssh-5.8p1/auth-rsa.c.audit2 2011-03-02 08:23:53.000000000 +0100
-+++ openssh-5.8p1/auth-rsa.c 2011-03-02 08:23:55.000000000 +0100
+--- openssh-5.8p1/auth-rsa.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/auth-rsa.c 2011-03-04 14:28:17.000000000 +0100
@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNU
{
u_char buf[32], mdbuf[16];
@@ -238,19 +256,40 @@ diff -up openssh-5.8p1/auth-rsa.c.audit2 openssh-5.8p1/auth-rsa.c
/*
diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
---- openssh-5.8p1/monitor.c.audit2 2011-03-02 08:23:54.000000000 +0100
-+++ openssh-5.8p1/monitor.c 2011-03-02 08:23:55.000000000 +0100
-@@ -1238,7 +1238,17 @@ mm_answer_keyverify(int sock, Buffer *m)
+--- openssh-5.8p1/monitor.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/monitor.c 2011-03-04 14:28:17.000000000 +0100
+@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m)
+ Key *key;
+ u_char *signature, *data, *blob;
+ u_int signaturelen, datalen, bloblen;
++ int type = 0;
+ int verified = 0;
+ int valid_data = 0;
+
++ type = buffer_get_int(m);
+ blob = buffer_get_string(m, &bloblen);
+ signature = buffer_get_string(m, &signaturelen);
+ data = buffer_get_string(m, &datalen);
+@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m)
+ if (hostbased_cuser == NULL || hostbased_chost == NULL ||
+ !monitor_allowed_key(blob, bloblen))
+ fatal("%s: bad key, not previously allowed", __func__);
++ if (type != key_blobtype)
++ fatal("%s: bad key type", __func__);
+
+ key = key_from_blob(blob, bloblen);
+ if (key == NULL)
+@@ -1238,7 +1242,17 @@ mm_answer_keyverify(int sock, Buffer *m)
if (!valid_data)
fatal("%s: bad signature data blob", __func__);
- verified = key_verify(key, signature, signaturelen, data, datalen);
+ switch (key_blobtype) {
+ case MM_USERKEY:
-+ verified = pubkey_key_verify(key, signature, signaturelen, data, datalen);
++ verified = user_key_verify(key, signature, signaturelen, data, datalen);
+ break;
+ case MM_HOSTKEY:
-+ verified = hostkey_key_verify(key, signature, signaturelen, data, datalen);
++ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen);
+ break;
+ default:
+ verified = 0;
@@ -259,3 +298,56 @@ diff -up openssh-5.8p1/monitor.c.audit2 openssh-5.8p1/monitor.c
debug3("%s: key %p signature %s",
__func__, key, (verified == 1) ? "verified" : "unverified");
+diff -up openssh-5.8p1/monitor_wrap.c.audit2 openssh-5.8p1/monitor_wrap.c
+--- openssh-5.8p1/monitor_wrap.c.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/monitor_wrap.c 2011-03-04 14:28:17.000000000 +0100
+@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha
+ */
+
+ int
+-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+ {
+ Buffer m;
+ u_char *blob;
+@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i
+ return (0);
+
+ buffer_init(&m);
++ buffer_put_int(&m, type);
+ buffer_put_string(&m, blob, len);
+ buffer_put_string(&m, sig, siglen);
+ buffer_put_string(&m, data, datalen);
+@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i
+ return (verified);
+ }
+
++int
++mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++{
++ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
++}
++
++int
++mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++{
++ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
++}
++
++
+ /* Export key state after authentication */
+ Newkeys *
+ mm_newkeys_from_blob(u_char *blob, int blen)
+diff -up openssh-5.8p1/monitor_wrap.h.audit2 openssh-5.8p1/monitor_wrap.h
+--- openssh-5.8p1/monitor_wrap.h.audit2 2011-03-04 14:28:16.000000000 +0100
++++ openssh-5.8p1/monitor_wrap.h 2011-03-04 14:28:17.000000000 +0100
+@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char
+ int mm_user_key_allowed(struct passwd *, Key *);
+ int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
+ int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
+-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
++int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int);
++int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int);
+ int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
+ int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
+ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
diff --git a/openssh-5.8p1-audit2a.patch b/openssh-5.8p1-audit2a.patch
index 4a7ce0a..e69de29 100644
--- a/openssh-5.8p1-audit2a.patch
+++ b/openssh-5.8p1-audit2a.patch
@@ -1,153 +0,0 @@
-diff -up openssh-5.8p1/auth2-hostbased.c.audit2a openssh-5.8p1/auth2-hostbased.c
---- openssh-5.8p1/auth2-hostbased.c.audit2a 2011-03-02 08:26:16.000000000 +0100
-+++ openssh-5.8p1/auth2-hostbased.c 2011-03-02 08:26:17.000000000 +0100
-@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt)
- /* test for allowed key and correct signature */
- authenticated = 0;
- if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
-- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-+ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b))) == 1)
- authenticated = 1;
-
-@@ -137,7 +137,7 @@ done:
- }
-
- int
--hostkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
-+hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
- {
- int rv;
-
-diff -up openssh-5.8p1/auth2-pubkey.c.audit2a openssh-5.8p1/auth2-pubkey.c
---- openssh-5.8p1/auth2-pubkey.c.audit2a 2011-03-02 08:26:16.000000000 +0100
-+++ openssh-5.8p1/auth2-pubkey.c 2011-03-02 08:26:17.000000000 +0100
-@@ -140,7 +140,7 @@ userauth_pubkey(Authctxt *authctxt)
- /* test for correct signature */
- authenticated = 0;
- if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
-- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
-+ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
- buffer_len(&b))) == 1)
- authenticated = 1;
- buffer_free(&b);
-@@ -178,7 +178,7 @@ done:
- }
-
- int
--pubkey_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
-+user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
- {
- int rv;
-
-diff -up openssh-5.8p1/auth.h.audit2a openssh-5.8p1/auth.h
---- openssh-5.8p1/auth.h.audit2a 2011-03-02 08:26:16.000000000 +0100
-+++ openssh-5.8p1/auth.h 2011-03-02 08:26:17.000000000 +0100
-@@ -170,7 +170,7 @@ void abandon_challenge_response(Authctxt
- char *authorized_keys_file(struct passwd *);
- char *authorized_keys_file2(struct passwd *);
- char *authorized_principals_file(struct passwd *);
--int pubkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-+int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-
- FILE *auth_openkeyfile(const char *, struct passwd *, int);
- FILE *auth_openprincipals(const char *, struct passwd *, int);
-@@ -186,7 +186,7 @@ Key *get_hostkey_public_by_type(int);
- Key *get_hostkey_private_by_type(int);
- int get_hostkey_index(Key *);
- int ssh1_session_key(BIGNUM *);
--int hostkey_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-+int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-
- /* debug messages during authentication */
- void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-diff -up openssh-5.8p1/monitor.c.audit2a openssh-5.8p1/monitor.c
---- openssh-5.8p1/monitor.c.audit2a 2011-03-02 08:26:17.000000000 +0100
-+++ openssh-5.8p1/monitor.c 2011-03-02 08:26:17.000000000 +0100
-@@ -1208,9 +1208,11 @@ mm_answer_keyverify(int sock, Buffer *m)
- Key *key;
- u_char *signature, *data, *blob;
- u_int signaturelen, datalen, bloblen;
-+ int type = 0;
- int verified = 0;
- int valid_data = 0;
-
-+ type = buffer_get_int(m);
- blob = buffer_get_string(m, &bloblen);
- signature = buffer_get_string(m, &signaturelen);
- data = buffer_get_string(m, &datalen);
-@@ -1218,6 +1220,8 @@ mm_answer_keyverify(int sock, Buffer *m)
- if (hostbased_cuser == NULL || hostbased_chost == NULL ||
- !monitor_allowed_key(blob, bloblen))
- fatal("%s: bad key, not previously allowed", __func__);
-+ if (type != key_blobtype)
-+ fatal("%s: bad key type", __func__);
-
- key = key_from_blob(blob, bloblen);
- if (key == NULL)
-@@ -1240,10 +1244,10 @@ mm_answer_keyverify(int sock, Buffer *m)
-
- switch (key_blobtype) {
- case MM_USERKEY:
-- verified = pubkey_key_verify(key, signature, signaturelen, data, datalen);
-+ verified = user_key_verify(key, signature, signaturelen, data, datalen);
- break;
- case MM_HOSTKEY:
-- verified = hostkey_key_verify(key, signature, signaturelen, data, datalen);
-+ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen);
- break;
- default:
- verified = 0;
-diff -up openssh-5.8p1/monitor_wrap.c.audit2a openssh-5.8p1/monitor_wrap.c
---- openssh-5.8p1/monitor_wrap.c.audit2a 2011-03-02 08:26:16.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.c 2011-03-02 08:26:17.000000000 +0100
-@@ -393,7 +393,7 @@ mm_key_allowed(enum mm_keytype type, cha
- */
-
- int
--mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
-+mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
- {
- Buffer m;
- u_char *blob;
-@@ -407,6 +407,7 @@ mm_key_verify(Key *key, u_char *sig, u_i
- return (0);
-
- buffer_init(&m);
-+ buffer_put_int(&m, type);
- buffer_put_string(&m, blob, len);
- buffer_put_string(&m, sig, siglen);
- buffer_put_string(&m, data, datalen);
-@@ -424,6 +425,19 @@ mm_key_verify(Key *key, u_char *sig, u_i
- return (verified);
- }
-
-+int
-+mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
-+{
-+ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
-+}
-+
-+int
-+mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
-+{
-+ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
-+}
-+
-+
- /* Export key state after authentication */
- Newkeys *
- mm_newkeys_from_blob(u_char *blob, int blen)
-diff -up openssh-5.8p1/monitor_wrap.h.audit2a openssh-5.8p1/monitor_wrap.h
---- openssh-5.8p1/monitor_wrap.h.audit2a 2011-03-02 08:26:16.000000000 +0100
-+++ openssh-5.8p1/monitor_wrap.h 2011-03-02 08:26:17.000000000 +0100
-@@ -48,7 +48,8 @@ int mm_key_allowed(enum mm_keytype, char
- int mm_user_key_allowed(struct passwd *, Key *);
- int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
- int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
--int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
-+int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int);
-+int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int);
- int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
- int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
- BIGNUM *mm_auth_rsa_generate_challenge(Key *);
diff --git a/openssh-5.8p1-keycat.patch b/openssh-5.8p1-keycat.patch
index 53d7ec2..80707e9 100644
--- a/openssh-5.8p1-keycat.patch
+++ b/openssh-5.8p1-keycat.patch
@@ -1,6 +1,41 @@
+diff -up openssh-5.8p1/auth2-pubkey.c.keycat openssh-5.8p1/auth2-pubkey.c
+--- openssh-5.8p1/auth2-pubkey.c.keycat 2011-03-04 14:40:23.000000000 +0100
++++ openssh-5.8p1/auth2-pubkey.c 2011-03-04 14:40:23.000000000 +0100
+@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas
+ close(i);
+ }
+
++#ifdef WITH_SELINUX
++ if (ssh_selinux_setup_env_variables() < 0) {
++ error ("failed to copy environment: %s",
++ strerror(errno));
++ _exit(127);
++ }
++#endif
++
+ execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL);
+
+ /* if we got here, it didn't work */
+diff -up openssh-5.8p1/HOWTO.ssh-keycat.keycat openssh-5.8p1/HOWTO.ssh-keycat
+--- openssh-5.8p1/HOWTO.ssh-keycat.keycat 2011-03-04 14:53:14.000000000 +0100
++++ openssh-5.8p1/HOWTO.ssh-keycat 2011-03-04 14:56:39.000000000 +0100
+@@ -0,0 +1,13 @@
++
++The ssh-keycat returns the content of the ~/.ssh/authorized_keys
++in the stdandard out of any user in any environment, including
++polyinstatination and mls.
++
++To use it set:
++ AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
++ AuthorizedKeysCommandRunAs root
++
++Do not forget to set
++ PubkeyAuthentication yes
++
++
diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in
---- openssh-5.8p1/Makefile.in.keycat 2011-02-28 12:06:55.000000000 +0100
-+++ openssh-5.8p1/Makefile.in 2011-02-28 12:11:18.000000000 +0100
+--- openssh-5.8p1/Makefile.in.keycat 2011-03-04 14:40:23.000000000 +0100
++++ openssh-5.8p1/Makefile.in 2011-03-04 14:40:23.000000000 +0100
@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
@@ -18,7 +53,7 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-@@ -173,6 +174,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
+@@ -172,6 +173,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
@@ -28,7 +63,7 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
-@@ -281,6 +285,7 @@ install-files:
+@@ -280,6 +284,7 @@ install-files:
$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
fi
@@ -36,10 +71,67 @@ diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat openssh-5.8p1/openbsd-compat/port-linux.c
+--- openssh-5.8p1/openbsd-compat/port-linux.c.keycat 2011-03-04 14:40:23.000000000 +0100
++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-03-04 14:40:23.000000000 +0100
+@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname,
+
+ /* Setup environment variables for pam_selinux */
+ static int
+-ssh_selinux_setup_pam_variables(void)
++ssh_selinux_setup_variables(int(*set_it)(const char *, const char *))
+ {
+ const char *reqlvl;
+ char *role;
+@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void)
+
+ ssh_selinux_get_role_level(&role, &reqlvl);
+
+- rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
++ rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
+
+ if (inetd_flag && !rexeced_flag) {
+ use_current = "1";
+ } else {
+ use_current = "";
+- rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
++ rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
+ }
+
+- rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
++ rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current);
+
+ if (role != NULL)
+ xfree(role);
+@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void)
+ return rv;
+ }
+
++static int
++ssh_selinux_setup_pam_variables(void)
++{
++ return ssh_selinux_setup_variables(do_pam_putenv);
++}
++
++static int
++do_setenv(char *name, char *value)
++{
++ return setenv(name, value, 1);
++}
++
++int
++ssh_selinux_setup_env_variables(void)
++{
++ return ssh_selinux_setup_variables(do_setenv);
++}
++
+ /* Set the execution context to the default for the specified user */
+ void
+ ssh_selinux_setup_exec_context(char *pwname)
diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c
---- openssh-5.8p1/ssh-keycat.c.keycat 2011-02-28 12:06:28.000000000 +0100
-+++ openssh-5.8p1/ssh-keycat.c 2011-02-25 18:46:31.000000000 +0100
-@@ -0,0 +1,205 @@
+--- openssh-5.8p1/ssh-keycat.c.keycat 2011-03-04 14:40:23.000000000 +0100
++++ openssh-5.8p1/ssh-keycat.c 2011-03-04 14:40:23.000000000 +0100
+@@ -0,0 +1,238 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
@@ -107,6 +199,7 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c
+#define ERR_FDOPEN 10
+#define ERR_STAT 11
+#define ERR_WRITE 12
++#define ERR_PAM_PUTENV 13
+#define BUFLEN 4096
+
+/* Just ignore the messages in the conversation function */
@@ -208,6 +301,34 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c
+ return rv;
+}
+
++static const char *env_names[] = { "SELINUX_ROLE_REQUESTED",
++ "SELINUX_LEVEL_REQUESTED",
++ "SELINUX_USE_CURRENT_RANGE"
++};
++
++extern char **environ;
++
++int
++set_pam_environment(pam_handle_t *pamh)
++{
++ int i;
++ size_t j;
++
++ for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) {
++ int len = strlen(env_names[j]);
++
++ for (i = 0; environ[i] != NULL; ++i) {
++ if (strncmp(env_names[j], environ[i], len) == 0 &&
++ environ[i][len] == '=') {
++ if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS)
++ return ERR_PAM_PUTENV;
++ }
++ }
++ }
++
++ return 0;
++}
++
+int
+main(int argc, char *argv[])
+{
@@ -225,6 +346,10 @@ diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c
+ return ERR_PAM_START;
+ }
+
++ ev = set_pam_environment(pamh);
++ if (ev != 0)
++ goto finish;
++
+ retval = pam_open_session(pamh, PAM_SILENT);
+ if (retval != PAM_SUCCESS) {
+ ev = ERR_OPEN_SESSION;
diff --git a/openssh-5.8p1-keycat2.patch b/openssh-5.8p1-keycat2.patch
index 9a88c9a..e69de29 100644
--- a/openssh-5.8p1-keycat2.patch
+++ b/openssh-5.8p1-keycat2.patch
@@ -1,132 +0,0 @@
-diff -up openssh-5.8p1/auth2-pubkey.c.keycat2 openssh-5.8p1/auth2-pubkey.c
---- openssh-5.8p1/auth2-pubkey.c.keycat2 2011-03-01 06:57:03.000000000 +0100
-+++ openssh-5.8p1/auth2-pubkey.c 2011-03-01 07:25:04.000000000 +0100
-@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas
- close(i);
- }
-
-+#ifdef WITH_SELINUX
-+ if (ssh_selinux_setup_env_variables() < 0) {
-+ error ("failed to copy environment: %s",
-+ strerror(errno));
-+ _exit(127);
-+ }
-+#endif
-+
- execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL);
-
- /* if we got here, it didn't work */
-diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 openssh-5.8p1/openbsd-compat/port-linux.c
---- openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 2011-03-01 07:00:32.000000000 +0100
-+++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-03-01 07:23:13.000000000 +0100
-@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname,
-
- /* Setup environment variables for pam_selinux */
- static int
--ssh_selinux_setup_pam_variables(void)
-+ssh_selinux_setup_variables(int(*set_it)(const char *, const char *))
- {
- const char *reqlvl;
- char *role;
-@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void)
-
- ssh_selinux_get_role_level(&role, &reqlvl);
-
-- rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
-+ rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
-
- if (inetd_flag && !rexeced_flag) {
- use_current = "1";
- } else {
- use_current = "";
-- rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
-+ rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
- }
-
-- rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
-+ rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current);
-
- if (role != NULL)
- xfree(role);
-@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void)
- return rv;
- }
-
-+static int
-+ssh_selinux_setup_pam_variables(void)
-+{
-+ return ssh_selinux_setup_variables(do_pam_putenv);
-+}
-+
-+static int
-+do_setenv(char *name, char *value)
-+{
-+ return setenv(name, value, 1);
-+}
-+
-+int
-+ssh_selinux_setup_env_variables(void)
-+{
-+ return ssh_selinux_setup_variables(do_setenv);
-+}
-+
- /* Set the execution context to the default for the specified user */
- void
- ssh_selinux_setup_exec_context(char *pwname)
-diff -up openssh-5.8p1/ssh-keycat.c.keycat2 openssh-5.8p1/ssh-keycat.c
---- openssh-5.8p1/ssh-keycat.c.keycat2 2011-03-01 06:56:02.000000000 +0100
-+++ openssh-5.8p1/ssh-keycat.c 2011-03-01 06:56:02.000000000 +0100
-@@ -65,6 +65,7 @@
- #define ERR_FDOPEN 10
- #define ERR_STAT 11
- #define ERR_WRITE 12
-+#define ERR_PAM_PUTENV 13
- #define BUFLEN 4096
-
- /* Just ignore the messages in the conversation function */
-@@ -166,6 +167,34 @@ fail:
- return rv;
- }
-
-+static const char *env_names[] = { "SELINUX_ROLE_REQUESTED",
-+ "SELINUX_LEVEL_REQUESTED",
-+ "SELINUX_USE_CURRENT_RANGE"
-+};
-+
-+extern char **environ;
-+
-+int
-+set_pam_environment(pam_handle_t *pamh)
-+{
-+ int i;
-+ size_t j;
-+
-+ for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) {
-+ int len = strlen(env_names[j]);
-+
-+ for (i = 0; environ[i] != NULL; ++i) {
-+ if (strncmp(env_names[j], environ[i], len) == 0 &&
-+ environ[i][len] == '=') {
-+ if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS)
-+ return ERR_PAM_PUTENV;
-+ }
-+ }
-+ }
-+
-+ return 0;
-+}
-+
- int
- main(int argc, char *argv[])
- {
-@@ -183,6 +212,10 @@ main(int argc, char *argv[])
- return ERR_PAM_START;
- }
-
-+ ev = set_pam_environment(pamh);
-+ if (ev != 0)
-+ goto finish;
-+
- retval = pam_open_session(pamh, PAM_SILENT);
- if (retval != PAM_SUCCESS) {
- ev = ERR_OPEN_SESSION;
diff --git a/openssh.spec b/openssh.spec
index c2e0d46..aa54611 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.8p1
-%define openssh_rel 13
+%define openssh_rel 14
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 30
@@ -628,6 +628,7 @@ fi
%files keycat
%defattr(-,root,root)
+%doc HOWTO.ssh-keycat
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
@@ -648,6 +649,9 @@ fi
%endif
%changelog
+* Fri Mar 4 2011 Jan F. Chadima <jchadima at redhat.com> - 5.8p1-14 + 0.9.2-30
+- improove ssk-keycat (documentation)
+
* Thu Mar 3 2011 Jan F. Chadima <jchadima at redhat.com> - 5.8p1-13 + 0.9.2-30
- improve audit of logins and auths
diff --git a/ssh-keycat.pam b/ssh-keycat.pam
index fac9f37..d7a3f67 100644
--- a/ssh-keycat.pam
+++ b/ssh-keycat.pam
@@ -2,7 +2,7 @@
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
-# pam_selinux.so open should only be followed by sessions to be executed in the
-user context
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
+
More information about the scm-commits
mailing list