[openssh] merge all -audit* patches together
plautrba
plautrba at fedoraproject.org
Mon Apr 8 22:01:12 UTC 2013
commit d3d59da0b5ea203cf2ada930475a16aa0ed27c6f
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Mon Apr 8 17:17:10 2013 +0200
merge all -audit* patches together
openssh-6.2p1-audit.patch | 2286 +++++++++++++++++++++++++++++++++++++++++++++
openssh.spec | 36 +-
2 files changed, 2305 insertions(+), 17 deletions(-)
---
diff --git a/openssh-6.2p1-audit.patch b/openssh-6.2p1-audit.patch
new file mode 100644
index 0000000..83a3914
--- /dev/null
+++ b/openssh-6.2p1-audit.patch
@@ -0,0 +1,2286 @@
+diff --git a/Makefile.in b/Makefile.in
+index d327787..85903be 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -73,7 +73,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+ kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+- jpake.o schnorr.o ssh-pkcs11.o krl.o
++ jpake.o schnorr.o ssh-pkcs11.o krl.o auditstub.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o mux.o \
+diff --git a/audit-bsm.c b/audit-bsm.c
+index 6135591..5160869 100644
+--- a/audit-bsm.c
++++ b/audit-bsm.c
+@@ -375,10 +375,23 @@ audit_connection_from(const char *host, int port)
+ #endif
+ }
+
+-void
++int
+ audit_run_command(const char *command)
+ {
+ /* not implemented */
++ return 0;
++}
++
++void
++audit_end_command(int handle, const char *command)
++{
++ /* not implemented */
++}
++
++void
++audit_count_session_open(void)
++{
++ /* not necessary */
+ }
+
+ void
+@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li)
+ /* not implemented */
+ }
+
++int
++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
++{
++ /* not implemented */
++}
++
+ void
+ audit_event(ssh_audit_event_t event)
+ {
+@@ -454,4 +473,40 @@ audit_event(ssh_audit_event_t event)
+ debug("%s: unhandled event %d", __func__, event);
+ }
+ }
++
++void
++audit_unsupported_body(int what)
++{
++ /* not implemented */
++}
++
++void
++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid, uid_t uid)
++{
++ /* not implemented */
++}
++
++void
++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
++{
++ /* not implemented */
++}
++
++void
++audit_destroy_sensitive_data(const char *fp)
++{
++ /* not implemented */
++}
++
++void
++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
++{
++ /* not implemented */
++}
++
++void
++audit_generate_ephemeral_server_key(const char *fp)
++{
++ /* not implemented */
++}
+ #endif /* BSM */
+diff --git a/audit-linux.c b/audit-linux.c
+index b3ee2f4..115e2be 100644
+--- a/audit-linux.c
++++ b/audit-linux.c
+@@ -35,13 +35,24 @@
+
+ #include "log.h"
+ #include "audit.h"
++#include "key.h"
++#include "hostfile.h"
++#include "auth.h"
++#include "servconf.h"
+ #include "canohost.h"
++#include "packet.h"
++#include "cipher.h"
+
++#define AUDIT_LOG_SIZE 128
++
++extern ServerOptions options;
++extern Authctxt *the_authctxt;
++extern u_int utmp_len;
+ const char* audit_username(void);
+
+-int
+-linux_audit_record_event(int uid, const char *username,
+- const char *hostname, const char *ip, const char *ttyn, int success)
++static void
++linux_audit_user_logxxx(int uid, const char *username,
++ const char *hostname, const char *ip, const char *ttyn, int success, int event)
+ {
+ int audit_fd, rc, saved_errno;
+
+@@ -49,11 +60,11 @@ linux_audit_record_event(int uid, const char *username,
+ if (audit_fd < 0) {
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT)
+- return 1; /* No audit support in kernel */
++ return; /* No audit support in kernel */
+ else
+- return 0; /* Must prevent login */
++ goto fatal_report; /* Must prevent login */
+ }
+- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
++ rc = audit_log_acct_message(audit_fd, event,
+ NULL, "login", username ? username : "(unknown)",
+ username == NULL ? uid : -1, hostname, ip, ttyn, success);
+ saved_errno = errno;
+@@ -65,35 +76,150 @@ linux_audit_record_event(int uid, const char *username,
+ if ((rc == -EPERM) && (geteuid() != 0))
+ rc = 0;
+ errno = saved_errno;
+- return (rc >= 0);
++ if (rc < 0) {
++fatal_report:
++ fatal("linux_audit_write_entry failed: %s", strerror(errno));
++ }
+ }
+
++static void
++linux_audit_user_auth(int uid, const char *username,
++ const char *hostname, const char *ip, const char *ttyn, int success, int event)
++{
++ int audit_fd, rc, saved_errno;
++ static const char *event_name[] = {
++ "maxtries exceeded",
++ "root denied",
++ "success",
++ "none",
++ "password",
++ "challenge-response",
++ "pubkey",
++ "hostbased",
++ "gssapi",
++ "invalid user",
++ "nologin",
++ "connection closed",
++ "connection abandoned",
++ "unknown"
++ };
++
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return; /* No audit support in kernel */
++ else
++ goto fatal_report; /* Must prevent login */
++ }
++
++ if ((event < 0) || (event > SSH_AUDIT_UNKNOWN))
++ event = SSH_AUDIT_UNKNOWN;
++
++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH,
++ NULL, event_name[event], username ? username : "(unknown)",
++ username == NULL ? uid : -1, hostname, ip, ttyn, success);
++ saved_errno = errno;
++ close(audit_fd);
++ /*
++ * Do not report error if the error is EPERM and sshd is run as non
++ * root user.
++ */
++ if ((rc == -EPERM) && (geteuid() != 0))
++ rc = 0;
++ errno = saved_errno;
++ if (rc < 0) {
++fatal_report:
++ fatal("linux_audit_write_entry failed: %s", strerror(errno));
++ }
++}
++
++int
++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, rc, saved_errno;
++
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return 1; /* No audit support in kernel */
++ else
++ return 0; /* Must prevent login */
++ }
++ snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "pubkey" : "hostbased", get_remote_port());
++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
++ if ((rc < 0) && ((rc != -1) || (getuid() == 0)))
++ goto out;
++ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s%s rport=%d",
++ type, bits, key_fingerprint_prefix(), fp, get_remote_port());
++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL,
++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv);
++out:
++ saved_errno = errno;
++ audit_close(audit_fd);
++ errno = saved_errno;
++ /* do not report error if the error is EPERM and sshd is run as non root user */
++ return (rc >= 0) || ((rc == -EPERM) && (getuid() != 0));
++}
++
++static int user_login_count = 0;
++
+ /* Below is the sshd audit API code */
+
+ void
+ audit_connection_from(const char *host, int port)
+ {
+-}
+ /* not implemented */
++}
+
+-void
++int
+ audit_run_command(const char *command)
+ {
+- /* not implemented */
++ if (!user_login_count++)
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_LOGIN);
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_START);
++ return 0;
++}
++
++void
++audit_end_command(int handle, const char *command)
++{
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_END);
++ if (user_login_count && !--user_login_count)
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
++}
++
++void
++audit_count_session_open(void)
++{
++ user_login_count++;
+ }
+
+ void
+ audit_session_open(struct logininfo *li)
+ {
+- if (linux_audit_record_event(li->uid, NULL, li->hostname,
+- NULL, li->line, 1) == 0)
+- fatal("linux_audit_write_entry failed: %s", strerror(errno));
++ if (!user_login_count++)
++ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
++ NULL, li->line, 1, AUDIT_USER_LOGIN);
++ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
++ NULL, li->line, 1, AUDIT_USER_START);
+ }
+
+ void
+ audit_session_close(struct logininfo *li)
+ {
+- /* not implemented */
++ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
++ NULL, li->line, 1, AUDIT_USER_END);
++ if (user_login_count && !--user_login_count)
++ linux_audit_user_logxxx(li->uid, NULL, li->hostname,
++ NULL, li->line, 1, AUDIT_USER_LOGOUT);
+ }
+
+ void
+@@ -101,21 +227,43 @@ audit_event(ssh_audit_event_t event)
+ {
+ switch(event) {
+ case SSH_AUTH_SUCCESS:
+- case SSH_CONNECTION_CLOSE:
++ linux_audit_user_auth(-1, audit_username(), NULL,
++ get_remote_ipaddr(), "ssh", 1, event);
++ break;
++
+ case SSH_NOLOGIN:
+- case SSH_LOGIN_EXCEED_MAXTRIES:
+ case SSH_LOGIN_ROOT_DENIED:
++ linux_audit_user_auth(-1, audit_username(), NULL,
++ get_remote_ipaddr(), "ssh", 0, event);
++ linux_audit_user_logxxx(-1, audit_username(), NULL,
++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
+ break;
+
++ case SSH_LOGIN_EXCEED_MAXTRIES:
+ case SSH_AUTH_FAIL_NONE:
+ case SSH_AUTH_FAIL_PASSWD:
+ case SSH_AUTH_FAIL_KBDINT:
+ case SSH_AUTH_FAIL_PUBKEY:
+ case SSH_AUTH_FAIL_HOSTBASED:
+ case SSH_AUTH_FAIL_GSSAPI:
++ linux_audit_user_auth(-1, audit_username(), NULL,
++ get_remote_ipaddr(), "ssh", 0, event);
++ break;
++
++ case SSH_CONNECTION_CLOSE:
++ if (user_login_count) {
++ while (user_login_count--)
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_END);
++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns),
++ NULL, "ssh", 1, AUDIT_USER_LOGOUT);
++ }
++ break;
++
++ case SSH_CONNECTION_ABANDON:
+ case SSH_INVALID_USER:
+- linux_audit_record_event(-1, audit_username(), NULL,
+- get_remote_ipaddr(), "sshd", 0);
++ linux_audit_user_logxxx(-1, audit_username(), NULL,
++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN);
+ break;
+
+ default:
+@@ -123,4 +271,135 @@ audit_event(ssh_audit_event_t event)
+ }
+ }
+
++void
++audit_unsupported_body(int what)
++{
++#ifdef AUDIT_CRYPTO_SESSION
++ char buf[AUDIT_LOG_SIZE];
++ const static char *name[] = { "cipher", "mac", "comp" };
++ char *s;
++ int audit_fd;
++
++ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ",
++ name[what], get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())),
++ get_local_port());
++ xfree(s);
++ audit_fd = audit_open();
++ if (audit_fd < 0)
++ /* no problem, the next instruction will be fatal() */
++ return;
++ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
++ buf, NULL, get_remote_ipaddr(), NULL, 0);
++ audit_close(audit_fd);
++#endif
++}
++
++const static char *direction[] = { "from-server", "from-client", "both" };
++
++void
++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
++ uid_t uid)
++{
++#ifdef AUDIT_CRYPTO_SESSION
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, audit_ok;
++ Cipher *cipher = cipher_by_name(enc);
++ char *s;
++
++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
++ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0,
++ (intmax_t)pid, (intmax_t)uid,
++ get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port());
++ xfree(s);
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return; /* No audit support in kernel */
++ else
++ fatal("cannot open audit"); /* Must prevent login */
++ }
++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION,
++ buf, NULL, get_remote_ipaddr(), NULL, 1);
++ audit_close(audit_fd);
++ /* do not abort if the error is EPERM and sshd is run as non root user */
++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++ fatal("cannot write into audit"); /* Must prevent login */
++#endif
++}
++
++void
++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, audit_ok;
++ char *s;
++
++ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ",
++ direction[ctos], (intmax_t)pid, (intmax_t)uid,
++ get_remote_port(),
++ (s = get_local_ipaddr(packet_get_connection_in())),
++ get_local_port());
++ xfree(s);
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
++ errno != EAFNOSUPPORT)
++ error("cannot open audit");
++ return;
++ }
++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
++ buf, NULL, get_remote_ipaddr(), NULL, 1);
++ audit_close(audit_fd);
++ /* do not abort if the error is EPERM and sshd is run as non root user */
++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++ error("cannot write into audit");
++}
++
++void
++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, audit_ok;
++
++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd ",
++ fp, (intmax_t)pid, (intmax_t)uid);
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
++ errno != EAFNOSUPPORT)
++ error("cannot open audit");
++ return;
++ }
++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
++ buf, NULL,
++ listening_for_clients() ? NULL : get_remote_ipaddr(),
++ NULL, 1);
++ audit_close(audit_fd);
++ /* do not abort if the error is EPERM and sshd is run as non root user */
++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++ error("cannot write into audit");
++}
++
++void
++audit_generate_ephemeral_server_key(const char *fp)
++{
++ char buf[AUDIT_LOG_SIZE];
++ int audit_fd, audit_ok;
++
++ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp);
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ if (errno != EINVAL && errno != EPROTONOSUPPORT &&
++ errno != EAFNOSUPPORT)
++ error("cannot open audit");
++ return;
++ }
++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER,
++ buf, NULL, 0, NULL, 1);
++ audit_close(audit_fd);
++ /* do not abort if the error is EPERM and sshd is run as non root user */
++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0)))
++ error("cannot write into audit");
++}
+ #endif /* USE_LINUX_AUDIT */
+diff --git a/audit.c b/audit.c
+index ced57fa..1ccc9e9 100644
+--- a/audit.c
++++ b/audit.c
+@@ -28,6 +28,7 @@
+
+ #include <stdarg.h>
+ #include <string.h>
++#include <unistd.h>
+
+ #ifdef SSH_AUDIT_EVENTS
+
+@@ -36,6 +37,9 @@
+ #include "key.h"
+ #include "hostfile.h"
+ #include "auth.h"
++#include "ssh-gss.h"
++#include "monitor_wrap.h"
++#include "xmalloc.h"
+
+ /*
+ * Care must be taken when using this since it WILL NOT be initialized when
+@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev)
+ return(event_lookup[i].name);
+ }
+
++void
++audit_key(int host_user, int *rv, const Key *key)
++{
++ char *fp;
++ const char *crypto_name;
++
++ fp = key_selected_fingerprint(key, SSH_FP_HEX);
++ if (key->type == KEY_RSA1)
++ crypto_name = "ssh-rsa1";
++ else
++ crypto_name = key_ssh_name(key);
++ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0)
++ *rv = 0;
++ xfree(fp);
++}
++
++void
++audit_unsupported(int what)
++{
++ PRIVSEP(audit_unsupported_body(what));
++}
++
++void
++audit_kex(int ctos, char *enc, char *mac, char *comp)
++{
++ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
++}
++
++void
++audit_session_key_free(int ctos)
++{
++ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid()));
++}
++
+ # ifndef CUSTOM_SSH_AUDIT_EVENTS
+ /*
+ * Null implementations of audit functions.
+@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event)
+ }
+
+ /*
++ * Called when a child process has called, or will soon call,
++ * audit_session_open.
++ */
++void
++audit_count_session_open(void)
++{
++ debug("audit count session open euid %d user %s", geteuid(),
++ audit_username());
++}
++
++/*
+ * Called when a user session is started. Argument is the tty allocated to
+ * the session, or NULL if no tty was allocated.
+ *
+@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li)
+ /*
+ * This will be called when a user runs a non-interactive command. Note that
+ * it may be called multiple times for a single connection since SSH2 allows
+- * multiple sessions within a single connection.
++ * multiple sessions within a single connection. Returns a "handle" for
++ * audit_end_command.
+ */
+-void
++int
+ audit_run_command(const char *command)
+ {
+ debug("audit run command euid %d user %s command '%.200s'", geteuid(),
+ audit_username(), command);
++ return 0;
++}
++
++/*
++ * This will be called when the non-interactive command finishes. Note that
++ * it may be called multiple times for a single connection since SSH2 allows
++ * multiple sessions within a single connection. "handle" should come from
++ * the corresponding audit_run_command.
++ */
++void
++audit_end_command(int handle, const char *command)
++{
++ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(),
++ audit_username(), command);
++}
++
++/*
++ * This will be called when user is successfully autherized by the RSA1/RSA/DSA key.
++ *
++ * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key.
++ */
++int
++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv)
++{
++ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d",
++ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits,
++ key_fingerprint_prefix(), fp, rv);
++}
++
++/*
++ * This will be called when the protocol negotiation fails.
++ */
++void
++audit_unsupported_body(int what)
++{
++ debug("audit unsupported protocol euid %d type %d", geteuid(), what);
++}
++
++/*
++ * This will be called on succesfull protocol negotiation.
++ */
++void
++audit_kex_body(int ctos, char *enc, char *mac, char *compress, pid_t pid,
++ uid_t uid)
++{
++ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s from pid %ld uid %u",
++ (unsigned)geteuid(), ctos, enc, mac, compress, (long)pid,
++ (unsigned)uid);
++}
++
++/*
++ * This will be called on succesfull session key discard
++ */
++void
++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
++{
++ debug("audit session key discard euid %u direction %d from pid %ld uid %u",
++ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
++}
++
++/*
++ * This will be called on destroy private part of the server key
++ */
++void
++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
++{
++ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
++ geteuid(), fp, (long)pid, (unsigned)uid);
++}
++
++/*
++ * This will be called on generation of the ephemeral server key
++ */
++void
++audit_generate_ephemeral_server_key(const char *)
++{
++ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
+ }
+ # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */
+ #endif /* SSH_AUDIT_EVENTS */
+diff --git a/audit.h b/audit.h
+index 92ede5b..a2dc3ff 100644
+--- a/audit.h
++++ b/audit.h
+@@ -28,6 +28,7 @@
+ # define _SSH_AUDIT_H
+
+ #include "loginrec.h"
++#include "key.h"
+
+ enum ssh_audit_event_type {
+ SSH_LOGIN_EXCEED_MAXTRIES,
+@@ -47,11 +48,25 @@ enum ssh_audit_event_type {
+ };
+ typedef enum ssh_audit_event_type ssh_audit_event_t;
+
++int listening_for_clients(void);
++
+ void audit_connection_from(const char *, int);
+ void audit_event(ssh_audit_event_t);
++void audit_count_session_open(void);
+ void audit_session_open(struct logininfo *);
+ void audit_session_close(struct logininfo *);
+-void audit_run_command(const char *);
++int audit_run_command(const char *);
++void audit_end_command(int, const char *);
+ ssh_audit_event_t audit_classify_auth(const char *);
++int audit_keyusage(int, const char *, unsigned, char *, int);
++void audit_key(int, int *, const Key *);
++void audit_unsupported(int);
++void audit_kex(int, char *, char *, char *);
++void audit_unsupported_body(int);
++void audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
++void audit_session_key_free(int ctos);
++void audit_session_key_free_body(int ctos, pid_t, uid_t);
++void audit_destroy_sensitive_data(const char *, pid_t, uid_t);
++void audit_generate_ephemeral_server_key(const char *);
+
+ #endif /* _SSH_AUDIT_H */
+diff --git a/auditstub.c b/auditstub.c
+new file mode 100644
+index 0000000..45817e0
+--- /dev/null
++++ b/auditstub.c
+@@ -0,0 +1,50 @@
++/* $Id: auditstub.c,v 1.1 jfch Exp $ */
++
++/*
++ * Copyright 2010 Red Hat, Inc. All rights reserved.
++ * Use is subject to license terms.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ * Red Hat author: Jan F. Chadima <jchadima at redhat.com>
++ */
++
++#include <sys/types.h>
++
++void
++audit_unsupported(int n)
++{
++}
++
++void
++audit_kex(int ctos, char *enc, char *mac, char *comp)
++{
++}
++
++void
++audit_session_key_free(int ctos)
++{
++}
++
++void
++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
++{
++}
+diff --git a/auth-rsa.c b/auth-rsa.c
+index de7c369..7fdd0ae 100644
+--- a/auth-rsa.c
++++ b/auth-rsa.c
+@@ -92,7 +92,10 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
+ {
+ u_char buf[32], mdbuf[16];
+ MD5_CTX md;
+- int len;
++ int len, rv;
++#ifdef SSH_AUDIT_EVENTS
++ char *fp;
++#endif
+
+ /* don't allow short keys */
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+@@ -113,12 +116,18 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16])
+ MD5_Final(mdbuf, &md);
+
+ /* Verify that the response is the original challenge. */
+- if (timingsafe_bcmp(response, mdbuf, 16) != 0) {
+- /* Wrong answer. */
+- return (0);
++ rv = timingsafe_bcmp(response, mdbuf, 16) == 0;
++
++#ifdef SSH_AUDIT_EVENTS
++ fp = key_selected_fingerprint(key, SSH_FP_HEX);
++ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) {
++ debug("unsuccessful audit");
++ rv = 0;
+ }
+- /* Correct answer. */
+- return (1);
++ xfree(fp);
++#endif
++
++ return rv;
+ }
+
+ /*
+diff --git a/auth.h b/auth.h
+index c6fe847..9ecc405 100644
+--- a/auth.h
++++ b/auth.h
+@@ -181,6 +181,7 @@ void abandon_challenge_response(Authctxt *);
+
+ char *expand_authorized_keys(const char *, struct passwd *pw);
+ char *authorized_principals_file(struct passwd *);
++int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+
+ FILE *auth_openkeyfile(const char *, struct passwd *, int);
+ FILE *auth_openprincipals(const char *, struct passwd *, int);
+@@ -196,6 +197,7 @@ Key *get_hostkey_public_by_type(int);
+ Key *get_hostkey_private_by_type(int);
+ int get_hostkey_index(Key *);
+ int ssh1_session_key(BIGNUM *);
++int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
+
+ /* debug messages during authentication */
+ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+diff --git a/auth2-hostbased.c b/auth2-hostbased.c
+index 69b849b..e535680 100644
+--- a/auth2-hostbased.c
++++ b/auth2-hostbased.c
+@@ -119,7 +119,7 @@ userauth_hostbased(Authctxt *authctxt)
+ /* test for allowed key and correct signature */
+ authenticated = 0;
+ if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
+- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
++ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+
+@@ -136,6 +136,18 @@ done:
+ return authenticated;
+ }
+
++int
++hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
++{
++ int rv;
++
++ rv = key_verify(key, sig, slen, data, datalen);
++#ifdef SSH_AUDIT_EVENTS
++ audit_key(0, &rv, key);
++#endif
++ return rv;
++}
++
+ /* return 1 if given hostkey is allowed */
+ int
+ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
+diff --git a/auth2-pubkey.c b/auth2-pubkey.c
+index d78381a..8f913ab 100644
+--- a/auth2-pubkey.c
++++ b/auth2-pubkey.c
+@@ -146,7 +146,7 @@ userauth_pubkey(Authctxt *authctxt)
+ /* test for correct signature */
+ authenticated = 0;
+ if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
+- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b),
++ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b),
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+ buffer_free(&b);
+@@ -183,6 +183,18 @@ done:
+ return authenticated;
+ }
+
++int
++user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen)
++{
++ int rv;
++
++ rv = key_verify(key, sig, slen, data, datalen);
++#ifdef SSH_AUDIT_EVENTS
++ audit_key(1, &rv, key);
++#endif
++ return rv;
++}
++
+ static int
+ match_principals_option(const char *principal_list, struct KeyCert *cert)
+ {
+diff --git a/auth2.c b/auth2.c
+index e367a10..c28638b 100644
+--- a/auth2.c
++++ b/auth2.c
+@@ -242,9 +242,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+ } else {
+ logit("input_userauth_request: invalid user %s", user);
+ authctxt->pw = fakepw();
+-#ifdef SSH_AUDIT_EVENTS
+- PRIVSEP(audit_event(SSH_INVALID_USER));
+-#endif
+ }
+ #ifdef USE_PAM
+ if (options.use_pam)
+diff --git a/cipher.c b/cipher.c
+index 9ca1d00..e1d716a 100644
+--- a/cipher.c
++++ b/cipher.c
+@@ -55,17 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(void);
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+ extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+
+-struct Cipher {
+- char *name;
+- int number; /* for ssh1 only */
+- u_int block_size;
+- u_int key_len;
+- u_int iv_len; /* defaults to block_size */
+- u_int auth_len;
+- u_int discard_len;
+- u_int cbc_mode;
+- const EVP_CIPHER *(*evptype)(void);
+-} ciphers[] = {
++struct Cipher ciphers[] = {
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+ { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+diff --git a/cipher.h b/cipher.h
+index 8cb57c3..89b2dc9 100644
+--- a/cipher.h
++++ b/cipher.h
+@@ -61,7 +61,18 @@
+ typedef struct Cipher Cipher;
+ typedef struct CipherContext CipherContext;
+
+-struct Cipher;
++struct Cipher {
++ char *name;
++ int number; /* for ssh1 only */
++ u_int block_size;
++ u_int key_len;
++ u_int iv_len; /* defaults to block_size */
++ u_int auth_len;
++ u_int discard_len;
++ u_int cbc_mode;
++ const EVP_CIPHER *(*evptype)(void);
++};
++
+ struct CipherContext {
+ int plaintext;
+ int encrypt;
+diff --git a/kex.c b/kex.c
+index 57a79dd..922cf9d 100644
+--- a/kex.c
++++ b/kex.c
+@@ -49,6 +49,7 @@
+ #include "dispatch.h"
+ #include "monitor.h"
+ #include "roaming.h"
++#include "audit.h"
+
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ # if defined(HAVE_EVP_SHA256)
+@@ -296,9 +297,13 @@ static void
+ choose_enc(Enc *enc, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef SSH_AUDIT_EVENTS
++ audit_unsupported(0);
++#endif
+ fatal("no matching cipher found: client %s server %s",
+ client, server);
++ }
+ if ((enc->cipher = cipher_by_name(name)) == NULL)
+ fatal("matching cipher is not supported: %s", name);
+ enc->name = name;
+@@ -314,9 +319,13 @@ static void
+ choose_mac(Mac *mac, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef SSH_AUDIT_EVENTS
++ audit_unsupported(1);
++#endif
+ fatal("no matching mac found: client %s server %s",
+ client, server);
++ }
+ if (mac_setup(mac, name) < 0)
+ fatal("unsupported mac %s", name);
+ /* truncate the key */
+@@ -331,8 +340,12 @@ static void
+ choose_comp(Comp *comp, char *client, char *server)
+ {
+ char *name = match_list(client, server, NULL);
+- if (name == NULL)
++ if (name == NULL) {
++#ifdef SSH_AUDIT_EVENTS
++ audit_unsupported(2);
++#endif
+ fatal("no matching comp found: client %s server %s", client, server);
++ }
+ if (strcmp(name, "zlib at openssh.com") == 0) {
+ comp->type = COMP_DELAYED;
+ } else if (strcmp(name, "zlib") == 0) {
+@@ -460,6 +473,9 @@ kex_choose_conf(Kex *kex)
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
++#ifdef SSH_AUDIT_EVENTS
++ audit_kex(ctos, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name);
++#endif
+ }
+ choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
+ choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+@@ -624,3 +640,34 @@ dump_digest(char *msg, u_char *digest, int len)
+ fprintf(stderr, "\n");
+ }
+ #endif
++
++static void
++enc_destroy(Enc *enc)
++{
++ if (enc == NULL)
++ return;
++
++ if (enc->key) {
++ memset(enc->key, 0, enc->key_len);
++ xfree(enc->key);
++ }
++
++ if (enc->iv) {
++ memset(enc->iv, 0, enc->block_size);
++ xfree(enc->iv);
++ }
++
++ memset(enc, 0, sizeof(*enc));
++}
++
++void
++newkeys_destroy(Newkeys *newkeys)
++{
++ if (newkeys == NULL)
++ return;
++
++ enc_destroy(&newkeys->enc);
++ mac_destroy(&newkeys->mac);
++ memset(&newkeys->comp, 0, sizeof(newkeys->comp));
++}
++
+diff --git a/kex.h b/kex.h
+index 46731fa..8a59114 100644
+--- a/kex.h
++++ b/kex.h
+@@ -158,6 +158,8 @@ void kexgex_server(Kex *);
+ void kexecdh_client(Kex *);
+ void kexecdh_server(Kex *);
+
++void newkeys_destroy(Newkeys *newkeys);
++
+ void
+ kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
+diff --git a/key.c b/key.c
+index a30e6d1..9d04f11 100644
+--- a/key.c
++++ b/key.c
+@@ -1809,6 +1809,30 @@ key_demote(const Key *k)
+ }
+
+ int
++key_is_private(const Key *k)
++{
++ switch (k->type) {
++ case KEY_RSA_CERT_V00:
++ case KEY_RSA_CERT:
++ case KEY_RSA1:
++ case KEY_RSA:
++ return k->rsa->d != NULL;
++ case KEY_DSA_CERT_V00:
++ case KEY_DSA_CERT:
++ case KEY_DSA:
++ return k->dsa->priv_key != NULL;
++#ifdef OPENSSL_HAS_ECC
++ case KEY_ECDSA_CERT:
++ case KEY_ECDSA:
++ return EC_KEY_get0_private_key(k->ecdsa) != NULL;
++#endif
++ default:
++ fatal("key_is_private: bad key type %d", k->type);
++ return 1;
++ }
++}
++
++int
+ key_is_cert(const Key *k)
+ {
+ if (k == NULL)
+diff --git a/key.h b/key.h
+index 09f7b7d..8d9be57 100644
+--- a/key.h
++++ b/key.h
+@@ -110,6 +110,7 @@ Key *key_generate(int, u_int);
+ Key *key_from_private(const Key *);
+ int key_type_from_name(char *);
+ int key_is_cert(const Key *);
++int key_is_private(const Key *k);
+ int key_type_plain(int);
+ int key_to_certified(Key *, int);
+ int key_drop_cert(Key *);
+diff --git a/mac.c b/mac.c
+index 3f2dc6f..a1e61be 100644
+--- a/mac.c
++++ b/mac.c
+@@ -199,6 +199,20 @@ mac_clear(Mac *mac)
+ mac->umac_ctx = NULL;
+ }
+
++void
++mac_destroy(Mac *mac)
++{
++ if (mac == NULL)
++ return;
++
++ if (mac->key) {
++ memset(mac->key, 0, mac->key_len);
++ xfree(mac->key);
++ }
++
++ memset(mac, 0, sizeof(*mac));
++}
++
+ /* XXX copied from ciphers_valid */
+ #define MAC_SEP ","
+ int
+diff --git a/mac.h b/mac.h
+index 39f564d..640db0f 100644
+--- a/mac.h
++++ b/mac.h
+@@ -28,3 +28,4 @@ int mac_setup(Mac *, char *);
+ int mac_init(Mac *);
+ u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
+ void mac_clear(Mac *);
++void mac_destroy(Mac *);
+diff --git a/monitor.c b/monitor.c
+index 7816a8f..f1c0ba1 100644
+--- a/monitor.c
++++ b/monitor.c
+@@ -97,6 +97,7 @@
+ #include "ssh2.h"
+ #include "jpake.h"
+ #include "roaming.h"
++#include "audit.h"
+
+ #ifdef GSSAPI
+ static Gssctxt *gsscontext = NULL;
+@@ -113,6 +114,8 @@ extern Buffer auth_debug;
+ extern int auth_debug_init;
+ extern Buffer loginmsg;
+
++extern void destroy_sensitive_data(int);
++
+ /* State exported from the child */
+
+ struct {
+@@ -185,6 +188,11 @@ int mm_answer_gss_checkmic(int, Buffer *);
+ #ifdef SSH_AUDIT_EVENTS
+ int mm_answer_audit_event(int, Buffer *);
+ int mm_answer_audit_command(int, Buffer *);
++int mm_answer_audit_end_command(int, Buffer *);
++int mm_answer_audit_unsupported_body(int, Buffer *);
++int mm_answer_audit_kex_body(int, Buffer *);
++int mm_answer_audit_session_key_free_body(int, Buffer *);
++int mm_answer_audit_server_key_free(int, Buffer *);
+ #endif
+
+ static int monitor_read_log(struct monitor *);
+@@ -236,6 +244,10 @@ struct mon_table mon_dispatch_proto20[] = {
+ #endif
+ #ifdef SSH_AUDIT_EVENTS
+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free},
+ #endif
+ #ifdef BSD_AUTH
+ {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
+@@ -272,6 +284,11 @@ struct mon_table mon_dispatch_postauth20[] = {
+ #ifdef SSH_AUDIT_EVENTS
+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+ {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free},
+ #endif
+ {0, 0, NULL}
+ };
+@@ -303,6 +320,10 @@ struct mon_table mon_dispatch_proto15[] = {
+ #endif
+ #ifdef SSH_AUDIT_EVENTS
+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free},
+ #endif
+ {0, 0, NULL}
+ };
+@@ -314,6 +335,11 @@ struct mon_table mon_dispatch_postauth15[] = {
+ #ifdef SSH_AUDIT_EVENTS
+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
+ {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command},
++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free},
+ #endif
+ {0, 0, NULL}
+ };
+@@ -1350,9 +1376,11 @@ mm_answer_keyverify(int sock, Buffer *m)
+ Key *key;
+ u_char *signature, *data, *blob;
+ u_int signaturelen, datalen, bloblen;
++ int type = 0;
+ int verified = 0;
+ int valid_data = 0;
+
++ type = buffer_get_int(m);
+ blob = buffer_get_string(m, &bloblen);
+ signature = buffer_get_string(m, &signaturelen);
+ data = buffer_get_string(m, &datalen);
+@@ -1360,6 +1388,8 @@ mm_answer_keyverify(int sock, Buffer *m)
+ if (hostbased_cuser == NULL || hostbased_chost == NULL ||
+ !monitor_allowed_key(blob, bloblen))
+ fatal("%s: bad key, not previously allowed", __func__);
++ if (type != key_blobtype)
++ fatal("%s: bad key type", __func__);
+
+ key = key_from_blob(blob, bloblen);
+ if (key == NULL)
+@@ -1380,7 +1410,17 @@ mm_answer_keyverify(int sock, Buffer *m)
+ if (!valid_data)
+ fatal("%s: bad signature data blob", __func__);
+
+- verified = key_verify(key, signature, signaturelen, data, datalen);
++ switch (key_blobtype) {
++ case MM_USERKEY:
++ verified = user_key_verify(key, signature, signaturelen, data, datalen);
++ break;
++ case MM_HOSTKEY:
++ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen);
++ break;
++ default:
++ verified = 0;
++ break;
++ }
+ debug3("%s: key %p signature %s",
+ __func__, key, (verified == 1) ? "verified" : "unverified");
+
+@@ -1433,6 +1473,12 @@ mm_session_close(Session *s)
+ debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
+ session_pty_cleanup2(s);
+ }
++#ifdef SSH_AUDIT_EVENTS
++ if (s->command != NULL) {
++ debug3("%s: command %d", __func__, s->command_handle);
++ session_end_command2(s);
++ }
++#endif
+ session_unused(s->self);
+ }
+
+@@ -1713,6 +1759,8 @@ mm_answer_term(int sock, Buffer *req)
+ sshpam_cleanup();
+ #endif
+
++ destroy_sensitive_data(0);
++
+ while (waitpid(pmonitor->m_pid, &status, 0) == -1)
+ if (errno != EINTR)
+ exit(1);
+@@ -1755,11 +1803,44 @@ mm_answer_audit_command(int socket, Buffer *m)
+ {
+ u_int len;
+ char *cmd;
++ Session *s;
+
+ debug3("%s entering", __func__);
+ cmd = buffer_get_string(m, &len);
++
+ /* sanity check command, if so how? */
+- audit_run_command(cmd);
++ s = session_new();
++ if (s == NULL)
++ fatal("%s: error allocating a session", __func__);
++ s->command = cmd;
++ s->command_handle = audit_run_command(cmd);
++
++ buffer_clear(m);
++ buffer_put_int(m, s->self);
++
++ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m);
++
++ return (0);
++}
++
++int
++mm_answer_audit_end_command(int socket, Buffer *m)
++{
++ int handle;
++ u_int len;
++ char *cmd;
++ Session *s;
++
++ debug3("%s entering", __func__);
++ handle = buffer_get_int(m);
++ cmd = buffer_get_string(m, &len);
++
++ s = session_by_id(handle);
++ if (s == NULL || s->ttyfd != -1 || s->command == NULL ||
++ strcmp(s->command, cmd) != 0)
++ fatal("%s: invalid handle", __func__);
++ mm_session_close(s);
++
+ xfree(cmd);
+ return (0);
+ }
+@@ -1890,11 +1971,13 @@ mm_get_keystate(struct monitor *pmonitor)
+
+ blob = buffer_get_string(&m, &bloblen);
+ current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
++ memset(blob, 0, bloblen);
+ xfree(blob);
+
+ debug3("%s: Waiting for second key", __func__);
+ blob = buffer_get_string(&m, &bloblen);
+ current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
++ memset(blob, 0, bloblen);
+ xfree(blob);
+
+ /* Now get sequence numbers for the packets */
+@@ -1940,6 +2023,21 @@ mm_get_keystate(struct monitor *pmonitor)
+ }
+
+ buffer_free(&m);
++
++#ifdef SSH_AUDIT_EVENTS
++ if (compat20) {
++ buffer_init(&m);
++ mm_request_receive_expect(pmonitor->m_sendfd,
++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
++ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m);
++ buffer_free(&m);
++ }
++#endif
++
++ /* Drain any buffered messages from the child */
++ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
++ ;
++
+ }
+
+
+@@ -2341,3 +2439,86 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
+ }
+
+ #endif /* JPAKE */
++
++#ifdef SSH_AUDIT_EVENTS
++int
++mm_answer_audit_unsupported_body(int sock, Buffer *m)
++{
++ int what;
++
++ what = buffer_get_int(m);
++
++ audit_unsupported_body(what);
++
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m);
++ return 0;
++}
++
++int
++mm_answer_audit_kex_body(int sock, Buffer *m)
++{
++ int ctos, len;
++ char *cipher, *mac, *compress;
++ pid_t pid;
++ uid_t uid;
++
++ ctos = buffer_get_int(m);
++ cipher = buffer_get_string(m, &len);
++ mac = buffer_get_string(m, &len);
++ compress = buffer_get_string(m, &len);
++ pid = buffer_get_int64(m);
++ uid = buffer_get_int64(m);
++
++ audit_kex_body(ctos, cipher, mac, compress, pid, uid);
++
++ xfree(cipher);
++ xfree(mac);
++ xfree(compress);
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m);
++ return 0;
++}
++
++int
++mm_answer_audit_session_key_free_body(int sock, Buffer *m)
++{
++ int ctos;
++ pid_t pid;
++ uid_t uid;
++
++ ctos = buffer_get_int(m);
++ pid = buffer_get_int64(m);
++ uid = buffer_get_int64(m);
++
++ audit_session_key_free_body(ctos, pid, uid);
++
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
++ return 0;
++}
++
++int
++mm_answer_audit_server_key_free(int sock, Buffer *m)
++{
++ int len;
++ char *fp;
++ pid_t pid;
++ uid_t uid;
++
++ fp = buffer_get_string(m, &len);
++ pid = buffer_get_int64(m);
++ uid = buffer_get_int64(m);
++
++ audit_destroy_sensitive_data(fp, pid, uid);
++
++ xfree(fp);
++ buffer_clear(m);
++
++ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m);
++ return 0;
++}
++#endif /* SSH_AUDIT_EVENTS */
+diff --git a/monitor.h b/monitor.h
+index 2caa469..1a15066 100644
+--- a/monitor.h
++++ b/monitor.h
+@@ -68,7 +68,13 @@ enum monitor_reqtype {
+ MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107,
+ MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109,
+ MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
+- MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
++ MONITOR_REQ_AUDIT_EVENT = 112,
++ MONITOR_REQ_AUDIT_COMMAND = 114, MONITOR_ANS_AUDIT_COMMAND = 115,
++ MONITOR_REQ_AUDIT_END_COMMAND = 116,
++ MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119,
++ MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121,
++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 122, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 123,
++ MONITOR_REQ_AUDIT_SERVER_KEY_FREE = 124, MONITOR_ANS_AUDIT_SERVER_KEY_FREE = 125
+
+ };
+
+diff --git a/monitor_wrap.c b/monitor_wrap.c
+index 350c960..5f32844 100644
+--- a/monitor_wrap.c
++++ b/monitor_wrap.c
+@@ -431,7 +431,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
+ */
+
+ int
+-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+ {
+ Buffer m;
+ u_char *blob;
+@@ -445,6 +445,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+ return (0);
+
+ buffer_init(&m);
++ buffer_put_int(&m, type);
+ buffer_put_string(&m, blob, len);
+ buffer_put_string(&m, sig, siglen);
+ buffer_put_string(&m, data, datalen);
+@@ -462,6 +463,19 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
+ return (verified);
+ }
+
++int
++mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++{
++ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen);
++}
++
++int
++mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
++{
++ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen);
++}
++
++
+ /* Export key state after authentication */
+ Newkeys *
+ mm_newkeys_from_blob(u_char *blob, int blen)
+@@ -640,12 +654,14 @@ mm_send_keystate(struct monitor *monitor)
+ fatal("%s: conversion of newkeys failed", __func__);
+
+ buffer_put_string(&m, blob, bloblen);
++ memset(blob, 0, bloblen);
+ xfree(blob);
+
+ if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
+ fatal("%s: conversion of newkeys failed", __func__);
+
+ buffer_put_string(&m, blob, bloblen);
++ memset(blob, 0, bloblen);
+ xfree(blob);
+
+ packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
+@@ -1189,10 +1205,11 @@ mm_audit_event(ssh_audit_event_t event)
+ buffer_free(&m);
+ }
+
+-void
++int
+ mm_audit_run_command(const char *command)
+ {
+ Buffer m;
++ int handle;
+
+ debug3("%s entering command %s", __func__, command);
+
+@@ -1200,6 +1217,26 @@ mm_audit_run_command(const char *command)
+ buffer_put_cstring(&m, command);
+
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m);
++
++ handle = buffer_get_int(&m);
++ buffer_free(&m);
++
++ return (handle);
++}
++
++void
++mm_audit_end_command(int handle, const char *command)
++{
++ Buffer m;
++
++ debug3("%s entering command %s", __func__, command);
++
++ buffer_init(&m);
++ buffer_put_int(&m, handle);
++ buffer_put_cstring(&m, command);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m);
+ buffer_free(&m);
+ }
+ #endif /* SSH_AUDIT_EVENTS */
+@@ -1451,3 +1488,72 @@ mm_jpake_check_confirm(const BIGNUM *k,
+ return success;
+ }
+ #endif /* JPAKE */
++
++#ifdef SSH_AUDIT_EVENTS
++void
++mm_audit_unsupported_body(int what)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_int(&m, what);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED,
++ &m);
++
++ buffer_free(&m);
++}
++
++void
++mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, pid_t pid,
++ uid_t uid)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_int(&m, ctos);
++ buffer_put_cstring(&m, cipher);
++ buffer_put_cstring(&m, mac);
++ buffer_put_cstring(&m, compress);
++ buffer_put_int64(&m, pid);
++ buffer_put_int64(&m, uid);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX,
++ &m);
++
++ buffer_free(&m);
++}
++
++void
++mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_int(&m, ctos);
++ buffer_put_int64(&m, pid);
++ buffer_put_int64(&m, uid);
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE,
++ &m);
++ buffer_free(&m);
++}
++
++void
++mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
++{
++ Buffer m;
++
++ buffer_init(&m);
++ buffer_put_cstring(&m, fp);
++ buffer_put_int64(&m, pid);
++ buffer_put_int64(&m, uid);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE,
++ &m);
++ buffer_free(&m);
++}
++#endif /* SSH_AUDIT_EVENTS */
+diff --git a/monitor_wrap.h b/monitor_wrap.h
+index 0c7f2e3..f47c7df 100644
+--- a/monitor_wrap.h
++++ b/monitor_wrap.h
+@@ -49,7 +49,8 @@ int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
+ int mm_user_key_allowed(struct passwd *, Key *);
+ int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *);
+ int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
+-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
++int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int);
++int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int);
+ int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
+ int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
+ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
+@@ -74,7 +75,12 @@ void mm_sshpam_free_ctx(void *);
+ #ifdef SSH_AUDIT_EVENTS
+ #include "audit.h"
+ void mm_audit_event(ssh_audit_event_t);
+-void mm_audit_run_command(const char *);
++int mm_audit_run_command(const char *);
++void mm_audit_end_command(int, const char *);
++void mm_audit_unsupported_body(int);
++void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
++void mm_audit_session_key_free_body(int, pid_t, uid_t);
++void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t);
+ #endif
+
+ struct Session;
+diff --git a/packet.c b/packet.c
+index a51c1f2..0756a59 100644
+--- a/packet.c
++++ b/packet.c
+@@ -60,6 +60,7 @@
+ #include <signal.h>
+
+ #include "xmalloc.h"
++#include "audit.h"
+ #include "buffer.h"
+ #include "packet.h"
+ #include "crc32.h"
+@@ -470,6 +471,13 @@ packet_get_connection_out(void)
+ return active_state->connection_out;
+ }
+
++static int
++packet_state_has_keys (const struct session_state *state)
++{
++ return state != NULL &&
++ (state->newkeys[MODE_IN] != NULL || state->newkeys[MODE_OUT] != NULL);
++}
++
+ /* Closes the connection and clears and frees internal data structures. */
+
+ void
+@@ -478,13 +486,6 @@ packet_close(void)
+ if (!active_state->initialized)
+ return;
+ active_state->initialized = 0;
+- if (active_state->connection_in == active_state->connection_out) {
+- shutdown(active_state->connection_out, SHUT_RDWR);
+- close(active_state->connection_out);
+- } else {
+- close(active_state->connection_in);
+- close(active_state->connection_out);
+- }
+ buffer_free(&active_state->input);
+ buffer_free(&active_state->output);
+ buffer_free(&active_state->outgoing_packet);
+@@ -493,8 +494,18 @@ packet_close(void)
+ buffer_free(&active_state->compression_buffer);
+ buffer_compress_uninit();
+ }
+- cipher_cleanup(&active_state->send_context);
+- cipher_cleanup(&active_state->receive_context);
++ if (packet_state_has_keys(active_state)) {
++ cipher_cleanup(&active_state->send_context);
++ cipher_cleanup(&active_state->receive_context);
++ audit_session_key_free(2);
++ }
++ if (active_state->connection_in == active_state->connection_out) {
++ shutdown(active_state->connection_out, SHUT_RDWR);
++ close(active_state->connection_out);
++ } else {
++ close(active_state->connection_in);
++ close(active_state->connection_out);
++ }
+ }
+
+ /* Sets remote side protocol flags. */
+@@ -729,6 +740,23 @@ packet_send1(void)
+ */
+ }
+
++static void
++newkeys_destroy_and_free(Newkeys *newkeys)
++{
++ if (newkeys == NULL)
++ return;
++
++ xfree(newkeys->enc.name);
++
++ mac_clear(&newkeys->mac);
++ xfree(newkeys->mac.name);
++
++ xfree(newkeys->comp.name);
++
++ newkeys_destroy(newkeys);
++ xfree(newkeys);
++}
++
+ void
+ set_newkeys(int mode)
+ {
+@@ -754,21 +782,9 @@ set_newkeys(int mode)
+ }
+ if (active_state->newkeys[mode] != NULL) {
+ debug("set_newkeys: rekeying");
++ audit_session_key_free(mode);
+ cipher_cleanup(cc);
+- enc = &active_state->newkeys[mode]->enc;
+- mac = &active_state->newkeys[mode]->mac;
+- comp = &active_state->newkeys[mode]->comp;
+- mac_clear(mac);
+- memset(enc->iv, 0, enc->iv_len);
+- memset(enc->key, 0, enc->key_len);
+- memset(mac->key, 0, mac->key_len);
+- xfree(enc->name);
+- xfree(enc->iv);
+- xfree(enc->key);
+- xfree(mac->name);
+- xfree(mac->key);
+- xfree(comp->name);
+- xfree(active_state->newkeys[mode]);
++ newkeys_destroy_and_free(active_state->newkeys[mode]);
+ }
+ active_state->newkeys[mode] = kex_get_newkeys(mode);
+ if (active_state->newkeys[mode] == NULL)
+@@ -1971,6 +1987,47 @@ packet_get_newkeys(int mode)
+ return (void *)active_state->newkeys[mode];
+ }
+
++static void
++packet_destroy_state(struct session_state *state)
++{
++ if (state == NULL)
++ return;
++
++ cipher_cleanup(&state->receive_context);
++ cipher_cleanup(&state->send_context);
++
++ buffer_free(&state->input);
++ buffer_free(&state->output);
++ buffer_free(&state->outgoing_packet);
++ buffer_free(&state->incoming_packet);
++ buffer_free(&state->compression_buffer);
++ newkeys_destroy_and_free(state->newkeys[MODE_IN]);
++ state->newkeys[MODE_IN] = NULL;
++ newkeys_destroy_and_free(state->newkeys[MODE_OUT]);
++ state->newkeys[MODE_OUT] = NULL;
++ mac_destroy(state->packet_discard_mac);
++// TAILQ_HEAD(, packet) outgoing;
++// memset(state, 0, sizeof(state));
++}
++
++void
++packet_destroy_all(int audit_it, int privsep)
++{
++ if (audit_it)
++ audit_it = packet_state_has_keys (active_state) ||
++ packet_state_has_keys (backup_state);
++ packet_destroy_state(active_state);
++ packet_destroy_state(backup_state);
++ if (audit_it) {
++#ifdef SSH_AUDIT_EVENTS
++ if (privsep)
++ audit_session_key_free(2);
++ else
++ audit_session_key_free_body(2, getpid(), getuid());
++#endif
++ }
++}
++
+ /*
+ * Save the state for the real connection, and use a separate state when
+ * resuming a suspended connection.
+@@ -1978,18 +2035,12 @@ packet_get_newkeys(int mode)
+ void
+ packet_backup_state(void)
+ {
+- struct session_state *tmp;
+-
+ close(active_state->connection_in);
+ active_state->connection_in = -1;
+ close(active_state->connection_out);
+ active_state->connection_out = -1;
+- if (backup_state)
+- tmp = backup_state;
+- else
+- tmp = alloc_session_state();
+ backup_state = active_state;
+- active_state = tmp;
++ active_state = alloc_session_state();
+ }
+
+ /*
+@@ -2006,9 +2057,7 @@ packet_restore_state(void)
+ backup_state = active_state;
+ active_state = tmp;
+ active_state->connection_in = backup_state->connection_in;
+- backup_state->connection_in = -1;
+ active_state->connection_out = backup_state->connection_out;
+- backup_state->connection_out = -1;
+ len = buffer_len(&backup_state->input);
+ if (len > 0) {
+ buf = buffer_ptr(&backup_state->input);
+@@ -2016,4 +2065,10 @@ packet_restore_state(void)
+ buffer_clear(&backup_state->input);
+ add_recv_bytes(len);
+ }
++ backup_state->connection_in = -1;
++ backup_state->connection_out = -1;
++ packet_destroy_state(backup_state);
++ xfree(backup_state);
++ backup_state = NULL;
+ }
++
+diff --git a/packet.h b/packet.h
+index 09ba079..0742f74 100644
+--- a/packet.h
++++ b/packet.h
+@@ -123,4 +123,5 @@ void packet_restore_state(void);
+ void *packet_get_input(void);
+ void *packet_get_output(void);
+
++void packet_destroy_all(int, int);
+ #endif /* PACKET_H */
+diff --git a/session.c b/session.c
+index 19eaa20..dc0a2e2 100644
+--- a/session.c
++++ b/session.c
+@@ -136,7 +136,7 @@ extern int log_stderr;
+ extern int debug_flag;
+ extern u_int utmp_len;
+ extern int startup_pipe;
+-extern void destroy_sensitive_data(void);
++extern void destroy_sensitive_data(int);
+ extern Buffer loginmsg;
+
+ /* original command from peer. */
+@@ -745,6 +745,14 @@ do_exec_pty(Session *s, const char *command)
+ /* Parent. Close the slave side of the pseudo tty. */
+ close(ttyfd);
+
++#ifndef HAVE_OSF_SIA
++ /* do_login in the child did not affect state in this process,
++ compensate. From an architectural standpoint, this is extremely
++ ugly. */
++ if (!(options.use_login && command == NULL))
++ audit_count_session_open();
++#endif
++
+ /* Enter interactive session. */
+ s->ptymaster = ptymaster;
+ packet_set_interactive(1,
+@@ -816,15 +824,19 @@ do_exec(Session *s, const char *command)
+ }
+
+ #ifdef SSH_AUDIT_EVENTS
++ if (s->command != NULL || s->command_handle != -1)
++ fatal("do_exec: command already set");
+ if (command != NULL)
+- PRIVSEP(audit_run_command(command));
++ s->command = xstrdup(command);
+ else if (s->ttyfd == -1) {
+ char *shell = s->pw->pw_shell;
+
+ if (shell[0] == '\0') /* empty shell means /bin/sh */
+ shell =_PATH_BSHELL;
+- PRIVSEP(audit_run_command(shell));
++ s->command = xstrdup(shell);
+ }
++ if (s->command != NULL)
++ s->command_handle = PRIVSEP(audit_run_command(s->command));
+ #endif
+ if (s->ttyfd != -1)
+ ret = do_exec_pty(s, command);
+@@ -1629,7 +1641,10 @@ do_child(Session *s, const char *command)
+ int r = 0;
+
+ /* remove hostkey from the child's memory */
+- destroy_sensitive_data();
++ destroy_sensitive_data(1);
++ /* Don't audit this - both us and the parent would be talking to the
++ monitor over a single socket, with no synchronization. */
++ packet_destroy_all(0, 1);
+
+ /* Force a password change */
+ if (s->authctxt->force_pwchange) {
+@@ -1856,6 +1871,7 @@ session_unused(int id)
+ sessions[id].ttyfd = -1;
+ sessions[id].ptymaster = -1;
+ sessions[id].x11_chanids = NULL;
++ sessions[id].command_handle = -1;
+ sessions[id].next_unused = sessions_first_unused;
+ sessions_first_unused = id;
+ }
+@@ -1938,6 +1954,19 @@ session_open(Authctxt *authctxt, int chanid)
+ }
+
+ Session *
++session_by_id(int id)
++{
++ if (id >= 0 && id < sessions_nalloc) {
++ Session *s = &sessions[id];
++ if (s->used)
++ return s;
++ }
++ debug("session_by_id: unknown id %d", id);
++ session_dump();
++ return NULL;
++}
++
++Session *
+ session_by_tty(char *tty)
+ {
+ int i;
+@@ -2463,6 +2492,30 @@ session_exit_message(Session *s, int status)
+ chan_write_failed(c);
+ }
+
++#ifdef SSH_AUDIT_EVENTS
++void
++session_end_command2(Session *s)
++{
++ if (s->command != NULL) {
++ audit_end_command(s->command_handle, s->command);
++ xfree(s->command);
++ s->command = NULL;
++ s->command_handle = -1;
++ }
++}
++
++static void
++session_end_command(Session *s)
++{
++ if (s->command != NULL) {
++ PRIVSEP(audit_end_command(s->command_handle, s->command));
++ xfree(s->command);
++ s->command = NULL;
++ s->command_handle = -1;
++ }
++}
++#endif
++
+ void
+ session_close(Session *s)
+ {
+@@ -2471,6 +2524,10 @@ session_close(Session *s)
+ debug("session_close: session %d pid %ld", s->self, (long)s->pid);
+ if (s->ttyfd != -1)
+ session_pty_cleanup(s);
++#ifdef SSH_AUDIT_EVENTS
++ if (s->command)
++ session_end_command(s);
++#endif
+ if (s->term)
+ xfree(s->term);
+ if (s->display)
+@@ -2690,6 +2747,15 @@ do_authenticated2(Authctxt *authctxt)
+ server_loop2(authctxt);
+ }
+
++static void
++do_cleanup_one_session(Session *s)
++{
++ session_pty_cleanup2(s);
++#ifdef SSH_AUDIT_EVENTS
++ session_end_command2(s);
++#endif
++}
++
+ void
+ do_cleanup(Authctxt *authctxt)
+ {
+@@ -2738,5 +2804,5 @@ do_cleanup(Authctxt *authctxt)
+ * or if running in monitor.
+ */
+ if (!use_privsep || mm_is_monitor())
+- session_destroy_all(session_pty_cleanup2);
++ session_destroy_all(do_cleanup_one_session);
+ }
+diff --git a/session.h b/session.h
+index cbb8e3a..fc6a7d3 100644
+--- a/session.h
++++ b/session.h
+@@ -60,6 +60,12 @@ struct Session {
+ char *name;
+ char *val;
+ } *env;
++
++ /* exec */
++#ifdef SSH_AUDIT_EVENTS
++ int command_handle;
++ char *command;
++#endif
+ };
+
+ void do_authenticated(Authctxt *);
+@@ -72,8 +78,10 @@ void session_close_by_pid(pid_t, int);
+ void session_close_by_channel(int, void *);
+ void session_destroy_all(void (*)(Session *));
+ void session_pty_cleanup2(Session *);
++void session_end_command2(Session *);
+
+ Session *session_new(void);
++Session *session_by_id(int);
+ Session *session_by_tty(char *);
+ void session_close(Session *);
+ void do_setusercontext(struct passwd *);
+diff --git a/sshd.c b/sshd.c
+index 740ef4b..9aff64c 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -118,6 +118,7 @@
+ #endif
+ #include "monitor_wrap.h"
+ #include "roaming.h"
++#include "audit.h"
+ #include "ssh-sandbox.h"
+ #include "version.h"
+
+@@ -254,7 +255,7 @@ Buffer loginmsg;
+ struct passwd *privsep_pw = NULL;
+
+ /* Prototypes for various functions defined later in this file. */
+-void destroy_sensitive_data(void);
++void destroy_sensitive_data(int);
+ void demote_sensitive_data(void);
+
+ static void do_ssh1_kex(void);
+@@ -273,6 +274,15 @@ close_listen_socks(void)
+ num_listen_socks = -1;
+ }
+
++/*
++ * Is this process listening for clients (i.e. not specific to any specific
++ * client connection?)
++ */
++int listening_for_clients(void)
++{
++ return num_listen_socks > 0;
++}
++
+ static void
+ close_startup_pipes(void)
+ {
+@@ -544,22 +554,47 @@ sshd_exchange_identification(int sock_in, int sock_out)
+ }
+ }
+
+-/* Destroy the host and server keys. They will no longer be needed. */
++/*
++ * Destroy the host and server keys. They will no longer be needed. Careful,
++ * this can be called from cleanup_exit() - i.e. from just about anywhere.
++ */
+ void
+-destroy_sensitive_data(void)
++destroy_sensitive_data(int privsep)
+ {
+ int i;
++ pid_t pid;
++ uid_t uid;
+
+ if (sensitive_data.server_key) {
+ key_free(sensitive_data.server_key);
+ sensitive_data.server_key = NULL;
+ }
++ pid = getpid();
++ uid = getuid();
+ for (i = 0; i < options.num_host_key_files; i++) {
+ if (sensitive_data.host_keys[i]) {
++ char *fp;
++
++ if (key_is_private(sensitive_data.host_keys[i]))
++ fp = key_fingerprint(sensitive_data.host_keys[i],
++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
++ SSH_FP_HEX);
++ else
++ fp = NULL;
+ key_free(sensitive_data.host_keys[i]);
+ sensitive_data.host_keys[i] = NULL;
++ if (fp != NULL) {
++ if (privsep)
++ PRIVSEP(audit_destroy_sensitive_data(fp,
++ pid, uid));
++ else
++ audit_destroy_sensitive_data(fp,
++ pid, uid);
++ xfree(fp);
++ }
+ }
+- if (sensitive_data.host_certificates[i]) {
++ if (sensitive_data.host_certificates
++ && sensitive_data.host_certificates[i]) {
+ key_free(sensitive_data.host_certificates[i]);
+ sensitive_data.host_certificates[i] = NULL;
+ }
+@@ -573,6 +608,8 @@ void
+ demote_sensitive_data(void)
+ {
+ Key *tmp;
++ pid_t pid;
++ uid_t uid;
+ int i;
+
+ if (sensitive_data.server_key) {
+@@ -581,13 +618,27 @@ demote_sensitive_data(void)
+ sensitive_data.server_key = tmp;
+ }
+
++ pid = getpid();
++ uid = getuid();
+ for (i = 0; i < options.num_host_key_files; i++) {
+ if (sensitive_data.host_keys[i]) {
++ char *fp;
++
++ if (key_is_private(sensitive_data.host_keys[i]))
++ fp = key_fingerprint(sensitive_data.host_keys[i],
++ FIPS_mode() ? SSH_FP_SHA1 : SSH_FP_MD5,
++ SSH_FP_HEX);
++ else
++ fp = NULL;
+ tmp = key_demote(sensitive_data.host_keys[i]);
+ key_free(sensitive_data.host_keys[i]);
+ sensitive_data.host_keys[i] = tmp;
+ if (tmp->type == KEY_RSA1)
+ sensitive_data.ssh1_host_key = tmp;
++ if (fp != NULL) {
++ audit_destroy_sensitive_data(fp, pid, uid);
++ xfree(fp);
++ }
+ }
+ /* Certs do not need demotion */
+ }
+@@ -700,6 +751,8 @@ privsep_preauth(Authctxt *authctxt)
+ }
+ }
+
++extern Newkeys *current_keys[];
++
+ static void
+ privsep_postauth(Authctxt *authctxt)
+ {
+@@ -724,6 +777,10 @@ privsep_postauth(Authctxt *authctxt)
+ else if (pmonitor->m_pid != 0) {
+ verbose("User child is on pid %ld", (long)pmonitor->m_pid);
+ buffer_clear(&loginmsg);
++ newkeys_destroy(current_keys[MODE_OUT]);
++ newkeys_destroy(current_keys[MODE_IN]);
++ audit_session_key_free_body(2, getpid(), getuid());
++ packet_destroy_all(0, 0);
+ monitor_child_postauth(pmonitor);
+
+ /* NEVERREACHED */
+@@ -1153,6 +1210,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+ if (received_sigterm) {
+ logit("Received signal %d; terminating.",
+ (int) received_sigterm);
++ destroy_sensitive_data(0);
+ close_listen_socks();
+ unlink(options.pid_file);
+ exit(received_sigterm == SIGTERM ? 0 : 255);
+@@ -2032,6 +2090,7 @@ main(int ac, char **av)
+ */
+ if (use_privsep) {
+ mm_send_keystate(pmonitor);
++ packet_destroy_all(1, 1);
+ exit(0);
+ }
+
+@@ -2074,7 +2133,7 @@ main(int ac, char **av)
+ privsep_postauth(authctxt);
+ /* the monitor process [priv] will not return */
+ if (!compat20)
+- destroy_sensitive_data();
++ destroy_sensitive_data(0);
+ }
+
+ packet_set_timeout(options.client_alive_interval,
+@@ -2084,6 +2143,9 @@ main(int ac, char **av)
+ do_authenticated(authctxt);
+
+ /* The connection has been terminated. */
++ packet_destroy_all(1, 1);
++ destroy_sensitive_data(1);
++
+ packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
+ packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
+ verbose("Transferred: sent %llu, received %llu bytes",
+@@ -2241,6 +2303,10 @@ do_ssh1_kex(void)
+ if (cookie[i] != packet_get_char())
+ packet_disconnect("IP Spoofing check bytes do not match.");
+
++#ifdef SSH_AUDIT_EVENTS
++ audit_kex(2, cipher_name(cipher_type), "crc", "none");
++#endif
++
+ debug("Encryption type: %.200s", cipher_name(cipher_type));
+
+ /* Get the encrypted integer. */
+@@ -2307,7 +2373,7 @@ do_ssh1_kex(void)
+ session_id[i] = session_key[i] ^ session_key[i + 16];
+ }
+ /* Destroy the private and public keys. No longer. */
+- destroy_sensitive_data();
++ destroy_sensitive_data(0);
+
+ if (use_privsep)
+ mm_ssh1_session_id(session_id);
+@@ -2397,6 +2463,16 @@ do_ssh2_kex(void)
+ void
+ cleanup_exit(int i)
+ {
++ static int in_cleanup = 0;
++ int is_privsep_child;
++
++ /* cleanup_exit can be called at the very least from the privsep
++ wrappers used for auditing. Make sure we don't recurse
++ indefinitely. */
++ if (in_cleanup)
++ _exit(i);
++ in_cleanup = 1;
++
+ if (the_authctxt) {
+ do_cleanup(the_authctxt);
+ if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
+@@ -2407,9 +2483,14 @@ cleanup_exit(int i)
+ pmonitor->m_pid, strerror(errno));
+ }
+ }
++ is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
++ if (sensitive_data.host_keys != NULL)
++ destroy_sensitive_data(is_privsep_child);
++ packet_destroy_all(1, is_privsep_child);
+ #ifdef SSH_AUDIT_EVENTS
+ /* done after do_cleanup so it can cancel the PAM auth 'thread' */
+- if (!use_privsep || mm_is_monitor())
++ if ((the_authctxt == NULL || !the_authctxt->authenticated) &&
++ (!use_privsep || mm_is_monitor()))
+ audit_event(SSH_CONNECTION_ABANDON);
+ #endif
+ _exit(i);
diff --git a/openssh.spec b/openssh.spec
index b5d077e..226e25e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -111,17 +111,18 @@ Patch103: openssh-5.8p1-packet.patch
Patch104: openssh-6.1p1-authenticationmethods.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
-Patch200: openssh-5.8p1-audit0.patch
-# -"-
-Patch201: openssh-6.2p1-audit1.patch
-# -"-
-Patch202: openssh-5.9p1-audit2.patch
-# -"-
-Patch203: openssh-6.2p1-audit3.patch
-# -"-
-Patch204: openssh-6.2p1-audit4.patch
-# -"-
-Patch205: openssh-6.2p1-audit5.patch
+Patch200: openssh-6.2p1-audit.patch
+# Patch200: openssh-5.8p1-audit0.patch
+# # -"-
+# Patch201: openssh-6.2p1-audit1.patch
+# # -"-
+# Patch202: openssh-5.9p1-audit2.patch
+# # -"-
+# Patch203: openssh-6.2p1-audit3.patch
+# # -"-
+# Patch204: openssh-6.2p1-audit4.patch
+# # -"-
+# Patch205: openssh-6.2p1-audit5.patch
# --- pam_ssh-agent ---
# make it build reusing the openssh sources
@@ -398,12 +399,13 @@ The module is most useful for su and sudo service stacks.
%patch103 -p1 -b .packet
# %patch104 -p1 -b .authenticationmethods
-%patch200 -p1 -b .audit0
-%patch201 -p1 -b .audit1
-%patch202 -p1 -b .audit2
-%patch203 -p1 -b .audit3
-%patch204 -p1 -b .audit4
-%patch205 -p1 -b .audit5
+%patch200 -p1 -b .audit
+# %patch200 -p1 -b .audit0
+# %patch201 -p1 -b .audit1
+# %patch202 -p1 -b .audit2
+# %patch203 -p1 -b .audit3
+# %patch204 -p1 -b .audit4
+# %patch205 -p1 -b .audit5
%if %{pam_ssh_agent}
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
More information about the scm-commits
mailing list