From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] openssh: Update to 7.3p1. Date: Wed, 22 Feb 2017 10:04:54 +0000 Message-ID: <1487757894.24657.209.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4242799395951691228==" List-Id: --===============4242799395951691228== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Fred, you are referring to IPFire 3 here, but I suppose that you are rather using IPFire 2 in production. This version of IPFire comes with OpenSSH 7.3p1: http://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dlfs/openssh;h=3D371d= 0df4ac09c4106f761886fa4e3f6107bd2265;hb=3DHEAD It would be helpful if you could give us some more context about your environment, why PCI compliance is required and what other things probably ne= ed to be mended to comply or even comply better. Best, -Michael On Tue, 2017-02-21 at 14:39 -0500, Kienker, Fred wrote: > FYI: >=20 > This is no longer considered "current" enough to pass a PCI Compliance=C2=A0 > audit. Only a version > 7.4 will now pass due to CVE-2016-10009.=C2=A0 > Anyone using an IPFire firewall system who has to pass a PCI Compliance=C2= =A0 > audit will have to disable ssh access until this is updated to at least=C2= =A0 > 7.4. >=20 > Fred Kienker >=20 > -----Original Message----- > From: Stefan Schantl [mailto:stefan.schantl(a)ipfire.org]=C2=A0 > Sent: Wednesday, November 30, 2016 7:02 AM > To: development(a)lists.ipfire.org > Subject: [PATCH] openssh: Update to 7.3p1. >=20 > This is a major update to the latest stable version of OpenSSH. >=20 > * Drop not longer required patches. > * Drop SElinux support. >=20 > Fixes #11218. >=20 > Signed-off-by: Stefan Schantl > --- > =C2=A0openssh/openssh.nm=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0|=C2= =A0=C2=A0=C2=A0=C2=A08 +- > =C2=A0openssh/patches/openssh-6.7p1-audit.patch=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 2332=C2=A0 > -------------------- > =C2=A0.../patches/openssh-6.7p1-seccomp-aarch64.patch=C2=A0=C2=A0=C2=A0=C2= =A0|=C2=A0=C2=A0=C2=A066 - > =C2=A03 files changed, 3 insertions(+), 2403 deletions(-) > =C2=A0delete mode 100644 openssh/patches/openssh-6.7p1-audit.patch > =C2=A0delete mode 100644 openssh/patches/openssh-6.7p1-seccomp-aarch64.patch >=20 > diff --git a/openssh/openssh.nm b/openssh/openssh.nm > index 8489438..2e8de76 100644 > --- a/openssh/openssh.nm > +++ b/openssh/openssh.nm > @@ -4,8 +4,8 @@ > =C2=A0#####################################################################= ## > ######## > =C2=A0 > =C2=A0name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D openssh > -version=C2=A0=C2=A0=C2=A0=C2=A0=3D 6.8p1 > -release=C2=A0=C2=A0=C2=A0=C2=A0=3D 2 > +version=C2=A0=C2=A0=C2=A0=C2=A0=3D 7.3p1 > +release=C2=A0=C2=A0=C2=A0=C2=A0=3D 1 > =C2=A0 > =C2=A0groups=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D Application/Internet > =C2=A0url=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D http://www.ope= nssh.com/portable.html > @@ -28,10 +28,9 @@ build > =C2=A0 automake > =C2=A0 groff > =C2=A0 libedit-devel > - libselinux-devel > =C2=A0 ncurses-devel > =C2=A0 openldap-devel > - openssl-devel >=3D 1.0.0d-2 > + openssl-devel >=3D 1.0.2 > =C2=A0 pam-devel > =C2=A0 util-linux > =C2=A0 zlib-devel > @@ -51,7 +50,6 @@ build > =C2=A0 --with-ipaddr-display \ > =C2=A0 --with-pam \ > =C2=A0 --with-libedit \ > - --with-selinux \ > =C2=A0 --with-audit=3Dlinux > =C2=A0 > =C2=A0 prepare_cmds > diff --git a/openssh/patches/openssh-6.7p1-audit.patch=C2=A0 > b/openssh/patches/openssh-6.7p1-audit.patch > deleted file mode 100644 > index 213ca67..0000000 > --- a/openssh/patches/openssh-6.7p1-audit.patch > +++ /dev/null > @@ -1,2332 +0,0 @@ > -diff -up openssh-6.8p1/Makefile.in.audit openssh-6.8p1/Makefile.in > ---- openssh-6.8p1/Makefile.in.audit 2015-03-20 13:41:15.065883826=C2=A0 > +0100 > -+++ openssh-6.8p1/Makefile.in 2015-03-20 13:41:15.100883769 +0100 > -@@ -98,7 +98,7 @@ LIBSSH_OBJS=3D${LIBOPENSSH_OBJS} \ > -=C2=A0 sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o=C2= =A0 > \ > -=C2=A0 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ > -=C2=A0 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ > -- kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o > -+ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o auditstub.o > -=C2=A0 > - SSHOBJS=3D ssh.o readconf.o clientloop.o sshtty.o \ > -=C2=A0 sshconnect.o sshconnect1.o sshconnect2.o mux.o \ > -diff -up openssh-6.8p1/audit-bsm.c.audit openssh-6.8p1/audit-bsm.c > ---- openssh-6.8p1/audit-bsm.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/audit-bsm.c 2015-03-20 13:41:15.092883782 +0100 > -@@ -375,10 +375,23 @@ audit_connection_from(const char *host, > - #endif > - } > -=C2=A0 > --void > -+int > - audit_run_command(const char *command) > - { > -=C2=A0 /* not implemented */ > -+ return 0; > -+} > -+ > -+void > -+audit_end_command(int handle, const char *command) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_count_session_open(void) > -+{ > -+ /* not necessary */ > - } > -=C2=A0 > - void > -@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li) > -=C2=A0 /* not implemented */ > - } > -=C2=A0 > -+int > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2=A0 > *fp, int rv) > -+{ > -+ /* not implemented */ > -+} > -+ > - void > - audit_event(ssh_audit_event_t event) > - { > -@@ -454,4 +473,40 @@ audit_event(ssh_audit_event_t event) > -=C2=A0 debug("%s: unhandled event %d", __func__, event); > -=C2=A0 } > - } > -+ > -+void > -+audit_unsupported_body(int what) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2=A0 > *pfs, pid_t pid, uid_t uid) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_destroy_sensitive_data(const char *fp) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > -+{ > -+ /* not implemented */ > -+} > -+ > -+void > -+audit_generate_ephemeral_server_key(const char *fp) > -+{ > -+ /* not implemented */ > -+} > - #endif /* BSM */ > -diff -up openssh-6.8p1/audit-linux.c.audit openssh-6.8p1/audit-linux.c > ---- openssh-6.8p1/audit-linux.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/audit-linux.c 2015-03-20 13:41:15.093883780 +0100 > -@@ -35,13 +35,25 @@ > -=C2=A0 > - #include "log.h" > - #include "audit.h" > -+#include "key.h" > -+#include "hostfile.h" > -+#include "auth.h" > -+#include "misc.h"=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/* servconf.h needs = misc.h for struct=C2=A0 > ForwardOptions */ > -+#include "servconf.h" > - #include "canohost.h" > -+#include "packet.h" > -+#include "cipher.h" > -=C2=A0 > -+#define AUDIT_LOG_SIZE 256 > -+ > -+extern ServerOptions options; > -+extern Authctxt *the_authctxt; > -+extern u_int utmp_len; > - const char* audit_username(void); > -=C2=A0 > --int > --linux_audit_record_event(int uid, const char *username, > --=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const char = *ttyn, int=C2=A0 > success) > -+static void > -+linux_audit_user_logxxx(int uid, const char *username, > -+=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const char = *ttyn, int=C2=A0 > success, int event) > - { > -=C2=A0 int audit_fd, rc, saved_errno; > -=C2=A0 > -@@ -49,11 +61,11 @@ linux_audit_record_event(int uid, const char=C2=A0 > *username, > -=C2=A0 if (audit_fd < 0) { > -=C2=A0 if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0errno =3D=3D EAFNOSUPPORT) > -- return 1; /* No audit support in kernel */ > -+ return; /* No audit support in kernel */ > -=C2=A0 else > -- return 0; /* Must prevent login */ > -+ goto fatal_report; /* Must prevent login */ > -=C2=A0 } > -- rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, > -+ rc =3D audit_log_acct_message(audit_fd, event, > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0NULL, "login", username ? username : "(unkn= own)", > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0username =3D=3D NULL ? uid : -1, hostname, = ip, ttyn, success); > -=C2=A0 saved_errno =3D errno; > -@@ -65,35 +77,154 @@ linux_audit_record_event(int uid, const char=C2=A0 > *username, > -=C2=A0 if ((rc =3D=3D -EPERM) && (geteuid() !=3D 0)) > -=C2=A0 rc =3D 0; > -=C2=A0 errno =3D saved_errno; > -- return (rc >=3D 0); > -+ if (rc < 0) { > -+fatal_report: > -+ fatal("linux_audit_write_entry failed: %s",=C2=A0 > strerror(errno)); > -+ } > - } > -=C2=A0 > -+static void > -+linux_audit_user_auth(int uid, const char *username, > -+=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const char = *ttyn, int=C2=A0 > success, int event) > -+{ > -+ int audit_fd, rc, saved_errno; > -+ static const char *event_name[] =3D { > -+ "maxtries exceeded", > -+ "root denied", > -+ "success", > -+ "none", > -+ "password", > -+ "challenge-response", > -+ "pubkey", > -+ "hostbased", > -+ "gssapi", > -+ "invalid user", > -+ "nologin", > -+ "connection closed", > -+ "connection abandoned", > -+ "unknown" > -+ }; > -+ > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > -+ =C2=A0=C2=A0=C2=A0=C2=A0errno =3D=3D EAFNOSUPPORT) > -+ return; /* No audit support in kernel */ > -+ else > -+ goto fatal_report; /* Must prevent login */ > -+ } > -+=09 > -+ if ((event < 0) || (event > SSH_AUDIT_UNKNOWN)) > -+ event =3D SSH_AUDIT_UNKNOWN; > -+ > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, event_name[event], username ? username : "= (unknown)", > -+ =C2=A0=C2=A0=C2=A0=C2=A0username =3D=3D NULL ? uid : -1, hostname, ip, t= tyn, success); > -+ saved_errno =3D errno; > -+ close(audit_fd); > -+ /* > -+ =C2=A0* Do not report error if the error is EPERM and sshd is run as=C2= =A0 > non > -+ =C2=A0* root user. > -+ =C2=A0*/ > -+ if ((rc =3D=3D -EPERM) && (geteuid() !=3D 0)) > -+ rc =3D 0; > -+ errno =3D saved_errno; > -+ if (rc < 0) { > -+fatal_report: > -+ fatal("linux_audit_write_entry failed: %s",=C2=A0 > strerror(errno)); > -+ } > -+} > -+ > -+int > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2=A0 > *fp, int rv) > -+{ > -+ char buf[AUDIT_LOG_SIZE]; > -+ int audit_fd, rc, saved_errno; > -+ > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > -+ =C2=A0errno =3D=3D EAFNOSUPPORT) > -+ return 1; /* No audit support in kernel */ > -+ else=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > -+ return 0; /* Must prevent login */ > -+ } > -+ snprintf(buf, sizeof(buf), "%s_auth rport=3D%d", host_user ?=C2=A0 > "pubkey" : "hostbased", get_remote_port()); > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, > -+ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL,=C2=A0 > rv); > -+ if ((rc < 0) && ((rc !=3D -1) || (getuid() =3D=3D 0))) > -+ goto out; > -+ /* is the fingerprint_prefix() still needed?=C2=A0 > -+ snprintf(buf, sizeof(buf), "key algo=3D%s size=3D%d fp=3D%s%s=C2=A0 > rport=3D%d", > -+ type, bits, sshkey_fingerprint_prefix(), fp,=C2=A0 > get_remote_port()); > -+ */ > -+ snprintf(buf, sizeof(buf), "key algo=3D%s size=3D%d fp=3D%s rport=3D%d", > -+ type, bits, fp, get_remote_port()); > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, > -+ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL,=C2=A0 > rv); > -+out: > -+ saved_errno =3D errno; > -+ audit_close(audit_fd); > -+ errno =3D saved_errno; > -+ /* do not report error if the error is EPERM and sshd is run as=C2=A0 > non root user */ > -+ return (rc >=3D 0) || ((rc =3D=3D -EPERM) && (getuid() !=3D 0)); > -+} > -+ > -+static int user_login_count =3D 0; > -+ > - /* Below is the sshd audit API code */ > -=C2=A0 > - void > - audit_connection_from(const char *host, int port) > - { > --} > -=C2=A0 /* not implemented */ > -+} > -=C2=A0 > --void > -+int > - audit_run_command(const char *command) > - { > -- /* not implemented */ > -+ if (!user_login_count++)=C2=A0 > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGIN); > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_START); > -+ return 0; > -+} > -+ > -+void > -+audit_end_command(int handle, const char *command) > -+{ > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_END); > -+ if (user_login_count && !--user_login_count)=C2=A0 > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGOUT); > -+} > -+ > -+void > -+audit_count_session_open(void) > -+{ > -+ user_login_count++; > - } > -=C2=A0 > - void > - audit_session_open(struct logininfo *li) > - { > -- if (linux_audit_record_event(li->uid, NULL, li->hostname, > -- =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1) =3D=3D 0) > -- fatal("linux_audit_write_entry failed: %s",=C2=A0 > strerror(errno)); > -+ if (!user_login_count++)=C2=A0 > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_LOGIN); > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_START); > - } > -=C2=A0 > - void > - audit_session_close(struct logininfo *li) > - { > -- /* not implemented */ > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_END); > -+ if (user_login_count && !--user_login_count)=C2=A0 > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_LOGOUT); > - } > -=C2=A0 > - void > -@@ -101,21 +232,43 @@ audit_event(ssh_audit_event_t event) > - { > -=C2=A0 switch(event) { > -=C2=A0 case SSH_AUTH_SUCCESS: > -- case SSH_CONNECTION_CLOSE: > -+ linux_audit_user_auth(-1, audit_username(), NULL, > -+ get_remote_ipaddr(), "ssh", 1, event); > -+ break; > -+ > -=C2=A0 case SSH_NOLOGIN: > -- case SSH_LOGIN_EXCEED_MAXTRIES: > -=C2=A0 case SSH_LOGIN_ROOT_DENIED: > -+ linux_audit_user_auth(-1, audit_username(), NULL, > -+ get_remote_ipaddr(), "ssh", 0, event); > -+ linux_audit_user_logxxx(-1, audit_username(), NULL, > -+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); > -=C2=A0 break; > -=C2=A0 > -+ case SSH_LOGIN_EXCEED_MAXTRIES: > -=C2=A0 case SSH_AUTH_FAIL_NONE: > -=C2=A0 case SSH_AUTH_FAIL_PASSWD: > -=C2=A0 case SSH_AUTH_FAIL_KBDINT: > -=C2=A0 case SSH_AUTH_FAIL_PUBKEY: > -=C2=A0 case SSH_AUTH_FAIL_HOSTBASED: > -=C2=A0 case SSH_AUTH_FAIL_GSSAPI: > -+ linux_audit_user_auth(-1, audit_username(), NULL, > -+ get_remote_ipaddr(), "ssh", 0, event); > -+ break; > -+ > -+ case SSH_CONNECTION_CLOSE: > -+ if (user_login_count) { > -+ while (user_login_count--) > -+ linux_audit_user_logxxx(the_authctxt->pw- > >pw_uid,=C2=A0 > NULL, get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_END); > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, > NULL,=C2=A0 > get_remote_name_or_ip(utmp_len, options.use_dns), > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGOUT); > -+ } > -+ break; > -+ > -+ case SSH_CONNECTION_ABANDON: > -=C2=A0 case SSH_INVALID_USER: > -- linux_audit_record_event(-1, audit_username(), NULL, > -- get_remote_ipaddr(), "sshd", 0); > -+ linux_audit_user_logxxx(-1, audit_username(), NULL, > -+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); > -=C2=A0 break; > -=C2=A0 > -=C2=A0 default: > -@@ -123,4 +276,135 @@ audit_event(ssh_audit_event_t event) > -=C2=A0 } > - } > -=C2=A0 > -+void > -+audit_unsupported_body(int what) > -+{ > -+#ifdef AUDIT_CRYPTO_SESSION > -+ char buf[AUDIT_LOG_SIZE]; > -+ const static char *name[] =3D { "cipher", "mac", "comp" }; > -+ char *s; > -+ int audit_fd; > -+ > -+ snprintf(buf, sizeof(buf), "op=3Dunsupported-%s direction=3D?=C2=A0 > cipher=3D? ksize=3D? rport=3D%d laddr=3D%s lport=3D%d ", > -+ name[what], get_remote_port(), (s =3D=C2=A0 > get_local_ipaddr(packet_get_connection_in())), > -+ get_local_port()); > -+ free(s); > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) > -+ /* no problem, the next instruction will be fatal() */ > -+ return; > -+ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, > -+ buf, NULL, get_remote_ipaddr(), NULL, 0); > -+ audit_close(audit_fd); > -+#endif > -+} > -+ > -+const static char *direction[] =3D { "from-server", "from-client",=C2=A0 > "both" }; > -+ > -+void > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2=A0 > *pfs, pid_t pid, > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0uid_t uid) > -+{ > -+#ifdef AUDIT_CRYPTO_SESSION > -+ char buf[AUDIT_LOG_SIZE]; > -+ int audit_fd, audit_ok; > -+ const Cipher *cipher =3D cipher_by_name(enc); > -+ char *s; > -+ > -+ snprintf(buf, sizeof(buf), "op=3Dstart direction=3D%s cipher=3D%s=C2=A0 > ksize=3D%d mac=3D%s pfs=3D%s spid=3D%jd suid=3D%jd rport=3D%d laddr=3D%s lp= ort=3D%d ", > -+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, > mac,=C2=A0 > pfs, > -+ (intmax_t)pid, (intmax_t)uid, > -+ get_remote_port(), (s =3D=C2=A0 > get_local_ipaddr(packet_get_connection_in())), get_local_port()); > -+ free(s); > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > -+ =C2=A0errno =3D=3D EAFNOSUPPORT) > -+ return; /* No audit support in kernel */ > -+ else=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > -+ fatal("cannot open audit"); /* Must prevent login */ > -+ } > -+ audit_ok =3D audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, > -+ buf, NULL, get_remote_ipaddr(), NULL, 1); > -+ audit_close(audit_fd); > -+ /* do not abort if the error is EPERM and sshd is run as non root=C2=A0 > user */ > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > -+ fatal("cannot write into audit"); /* Must prevent login */ > -+#endif > -+} > -+ > -+void > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > -+{ > -+ char buf[AUDIT_LOG_SIZE]; > -+ int audit_fd, audit_ok; > -+ char *s; > -+ > -+ snprintf(buf, sizeof(buf), "op=3Ddestroy kind=3Dsession fp=3D?=C2=A0 > direction=3D%s spid=3D%jd suid=3D%jd rport=3D%d laddr=3D%s lport=3D%d ", > -+ =C2=A0direction[ctos], (intmax_t)pid, (intmax_t)uid, > -+ =C2=A0get_remote_port(), > -+ =C2=A0(s =3D get_local_ipaddr(packet_get_connection_in())), > -+ =C2=A0get_local_port()); > -+ free(s); > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > -+ =C2=A0errno !=3D EAFNOSUPPORT) > -+ error("cannot open audit"); > -+ return; > -+ } > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > AUDIT_CRYPTO_KEY_USER, > -+ buf, NULL, get_remote_ipaddr(), NULL, 1); > -+ audit_close(audit_fd); > -+ /* do not abort if the error is EPERM and sshd is run as non root=C2=A0 > user */ > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > -+ error("cannot write into audit"); > -+} > -+ > -+void > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > -+{ > -+ char buf[AUDIT_LOG_SIZE]; > -+ int audit_fd, audit_ok; > -+ > -+ snprintf(buf, sizeof(buf), "op=3Ddestroy kind=3Dserver fp=3D%s=C2=A0 > direction=3D? spid=3D%jd suid=3D%jd ", > -+ fp, (intmax_t)pid, (intmax_t)uid); > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > -+ =C2=A0errno !=3D EAFNOSUPPORT) > -+ error("cannot open audit"); > -+ return; > -+ } > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > AUDIT_CRYPTO_KEY_USER, > -+ buf, NULL, > -+ listening_for_clients() ? get_remote_ipaddr() : > NULL, > -+ NULL, 1); > -+ audit_close(audit_fd); > -+ /* do not abort if the error is EPERM and sshd is run as non root=C2=A0 > user */ > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > -+ error("cannot write into audit"); > -+} > -+ > -+void > -+audit_generate_ephemeral_server_key(const char *fp) > -+{ > -+ char buf[AUDIT_LOG_SIZE]; > -+ int audit_fd, audit_ok; > -+ > -+ snprintf(buf, sizeof(buf), "op=3Dcreate kind=3Dserver fp=3D%s=C2=A0 > direction=3D? ", fp); > -+ audit_fd =3D audit_open(); > -+ if (audit_fd < 0) { > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > -+ =C2=A0errno !=3D EAFNOSUPPORT) > -+ error("cannot open audit"); > -+ return; > -+ } > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > AUDIT_CRYPTO_KEY_USER, > -+ buf, NULL, 0, NULL, 1); > -+ audit_close(audit_fd); > -+ /* do not abort if the error is EPERM and sshd is run as non root=C2=A0 > user */ > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > -+ error("cannot write into audit"); > -+} > - #endif /* USE_LINUX_AUDIT */ > -diff -up openssh-6.8p1/audit.c.audit openssh-6.8p1/audit.c > ---- openssh-6.8p1/audit.c.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/audit.c 2015-03-20 13:41:15.093883780 +0100 > -@@ -28,6 +28,7 @@ > -=C2=A0 > - #include > - #include > -+#include > -=C2=A0 > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0 > -@@ -36,6 +37,11 @@ > - #include "key.h" > - #include "hostfile.h" > - #include "auth.h" > -+#include "ssh-gss.h" > -+#include "monitor_wrap.h" > -+#include "xmalloc.h" > -+#include "misc.h" > -+#include "servconf.h" > -=C2=A0 > - /* > -=C2=A0=C2=A0* Care must be taken when using this since it WILL NOT be init= ialized=C2=A0 > when > -@@ -43,6 +49,7 @@ > -=C2=A0=C2=A0* audit_event(CONNECTION_ABANDON) is called.=C2=A0=C2=A0Test f= or NULL before=C2=A0 > using. > -=C2=A0=C2=A0*/ > - extern Authctxt *the_authctxt; > -+extern ServerOptions options; > -=C2=A0 > - /* Maybe add the audit class to struct Authmethod? */ > - ssh_audit_event_t > -@@ -71,13 +78,10 @@ audit_classify_auth(const char *method) > - const char * > - audit_username(void) > - { > -- static const char unknownuser[] =3D "(unknown user)"; > -- static const char invaliduser[] =3D "(invalid user)"; > -+ static const char unknownuser[] =3D "(unknown)"; > -=C2=A0 > -- if (the_authctxt =3D=3D NULL || the_authctxt->user =3D=3D NULL) > -+ if (the_authctxt =3D=3D NULL || the_authctxt->user =3D=3D NULL ||=C2=A0 > !the_authctxt->valid) > -=C2=A0 return (unknownuser); > -- if (!the_authctxt->valid) > -- return (invaliduser); > -=C2=A0 return (the_authctxt->user); > - } > -=C2=A0 > -@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev) > -=C2=A0 return(event_lookup[i].name); > - } > -=C2=A0 > -+void > -+audit_key(int host_user, int *rv, const Key *key) > -+{ > -+ char *fp; > -+ const char *crypto_name; > -+ > -+ fp =3D sshkey_fingerprint(key, options.fingerprint_hash,=C2=A0 > SSH_FP_HEX); > -+ if (key->type =3D=3D KEY_RSA1) > -+ crypto_name =3D "ssh-rsa1"; > -+ else > -+ crypto_name =3D key_ssh_name(key); > -+ if (audit_keyusage(host_user, crypto_name, key_size(key), fp,=C2=A0 > *rv) =3D=3D 0) > -+ *rv =3D 0; > -+ free(fp); > -+} > -+ > -+void > -+audit_unsupported(int what) > -+{ > -+ PRIVSEP(audit_unsupported_body(what)); > -+} > -+ > -+void > -+audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) > -+{ > -+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, pfs, getpid(),=C2=A0 > getuid())); > -+} > -+ > -+void > -+audit_session_key_free(int ctos) > -+{ > -+ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); > -+} > -+ > - # ifndef CUSTOM_SSH_AUDIT_EVENTS > - /* > -=C2=A0=C2=A0* Null implementations of audit functions. > -@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event) > - } > -=C2=A0 > - /* > -+ * Called when a child process has called, or will soon call, > -+ * audit_session_open. > -+ */ > -+void > -+audit_count_session_open(void) > -+{ > -+ debug("audit count session open euid %d user %s", geteuid(), > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0audit_username()); > -+} > -+ > -+/* > -=C2=A0=C2=A0* Called when a user session is started.=C2=A0=C2=A0Argument i= s the tty=C2=A0 > allocated to > -=C2=A0=C2=A0* the session, or NULL if no tty was allocated. > -=C2=A0=C2=A0* > -@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li) > - /* > -=C2=A0=C2=A0* This will be called when a user runs a non-interactive comma= nd.=C2=A0=C2=A0 > Note that > -=C2=A0=C2=A0* it may be called multiple times for a single connection sinc= e SSH2=C2=A0 > allows > -- * multiple sessions within a single connection. > -+ * multiple sessions within a single connection.=C2=A0=C2=A0Returns a "ha= ndle"=C2=A0 > for > -+ * audit_end_command. > -=C2=A0=C2=A0*/ > --void > -+int > - audit_run_command(const char *command) > - { > -=C2=A0 debug("audit run command euid %d user %s command '%.200s'",=C2=A0 > geteuid(), > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0audit_username(), command); > -+ return 0; > -+} > -+ > -+/* > -+ * This will be called when the non-interactive command finishes.=C2=A0= =C2=A0 > Note that > -+ * it may be called multiple times for a single connection since SSH2=C2= =A0 > allows > -+ * multiple sessions within a single connection.=C2=A0=C2=A0"handle" shou= ld come=C2=A0 > from > -+ * the corresponding audit_run_command. > -+ */ > -+void > -+audit_end_command(int handle, const char *command) > -+{ > -+ debug("audit end nopty exec=C2=A0=C2=A0euid %d user %s command '%.200s'"= ,=C2=A0 > geteuid(), > -+ =C2=A0=C2=A0=C2=A0=C2=A0audit_username(), command); > -+} > -+ > -+/* > -+ * This will be called when user is successfully autherized by the=C2=A0 > RSA1/RSA/DSA key. > -+ * > -+ * Type is the key type, len is the key length(byte) and fp is the=C2=A0 > fingerprint of the key. > -+ */ > -+int > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2=A0 > *fp, int rv) > -+{ > -+ debug("audit %s key usage euid %d user %s key type %s key length=C2=A0 > %d fingerprint %s%s, result %d",=C2=A0 > -+ host_user ? "pubkey" : "hostbased", geteuid(),=C2=A0 > audit_username(), type, bits, > -+ sshkey_fingerprint_prefix(), fp, rv); > -+} > -+ > -+/* > -+ * This will be called when the protocol negotiation fails. > -+ */ > -+void > -+audit_unsupported_body(int what) > -+{ > -+ debug("audit unsupported protocol euid %d type %d", geteuid(),=C2=A0 > what); > -+} > -+ > -+/* > -+ * This will be called on succesfull protocol negotiation. > -+ */ > -+void > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2=A0 > *pfs, pid_t pid, > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0uid_t uid) > -+{ > -+ debug("audit protocol negotiation euid %d direction %d cipher %s=C2=A0 > mac %s compresion %s pfs %s from pid %ld uid %u", > -+ (unsigned)geteuid(), ctos, enc, mac, compress, pfs,=C2=A0 > (long)pid, > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0(unsigned)uid); > -+} > -+ > -+/* > -+ * This will be called on succesfull session key discard > -+ */ > -+void > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > -+{ > -+ debug("audit session key discard euid %u direction %d from pid=C2=A0 > %ld uid %u", > -+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); > -+} > -+ > -+/* > -+ * This will be called on destroy private part of the server key > -+ */ > -+void > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > -+{ > -+ debug("audit destroy sensitive data euid %d fingerprint %s from=C2=A0 > pid %ld uid %u", > -+ geteuid(), fp, (long)pid, (unsigned)uid); > -+} > -+ > -+/* > -+ * This will be called on generation of the ephemeral server key > -+ */ > -+void > -+audit_generate_ephemeral_server_key(const char *) > -+{ > -+ debug("audit create ephemeral server key euid %d fingerprint %s",=C2=A0 > geteuid(), fp); > - } > - # endif=C2=A0=C2=A0/* !defined CUSTOM_SSH_AUDIT_EVENTS */ > - #endif /* SSH_AUDIT_EVENTS */ > -diff -up openssh-6.8p1/audit.h.audit openssh-6.8p1/audit.h > ---- openssh-6.8p1/audit.h.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/audit.h 2015-03-20 13:41:15.093883780 +0100 > -@@ -28,6 +28,7 @@ > - # define _SSH_AUDIT_H > -=C2=A0 > - #include "loginrec.h" > -+#include "key.h" > -=C2=A0 > - enum ssh_audit_event_type { > -=C2=A0 SSH_LOGIN_EXCEED_MAXTRIES, > -@@ -47,11 +48,25 @@ enum ssh_audit_event_type { > - }; > - typedef enum ssh_audit_event_type ssh_audit_event_t; > -=C2=A0 > -+int listening_for_clients(void); > -+ > - void audit_connection_from(const char *, int); > - void audit_event(ssh_audit_event_t); > -+void audit_count_session_open(void); > - void audit_session_open(struct logininfo *); > - void audit_session_close(struct logininfo *); > --void audit_run_command(const char *); > -+int audit_run_command(const char *); > -+void=C2=A0 audit_end_command(int, const char *); > - ssh_audit_event_t audit_classify_auth(const char *); > -+int audit_keyusage(int, const char *, unsigned, char *, int); > -+void audit_key(int, int *, const Key *); > -+void audit_unsupported(int); > -+void audit_kex(int, char *, char *, char *, char *); > -+void audit_unsupported_body(int); > -+void audit_kex_body(int, char *, char *, char *, char *, pid_t,=C2=A0 > uid_t); > -+void audit_session_key_free(int ctos); > -+void audit_session_key_free_body(int ctos, pid_t, uid_t); > -+void audit_destroy_sensitive_data(const char *, pid_t, uid_t); > -+void audit_generate_ephemeral_server_key(const char *); > -=C2=A0 > - #endif /* _SSH_AUDIT_H */ > -diff -up openssh-6.8p1/auditstub.c.audit openssh-6.8p1/auditstub.c > ---- openssh-6.8p1/auditstub.c.audit 2015-03-20 13:41:15.093883780=C2=A0 > +0100 > -+++ openssh-6.8p1/auditstub.c 2015-03-20 13:41:15.093883780 +0100 > -@@ -0,0 +1,50 @@ > -+/* $Id: auditstub.c,v 1.1 jfch Exp $ */ > -+ > -+/* > -+ * Copyright 2010 Red Hat, Inc.=C2=A0=C2=A0All rights reserved. > -+ * Use is subject to license terms. > -+ * > -+ * Redistribution and use in source and binary forms, with or without > -+ * modification, are permitted provided that the following conditions > -+ * are met: > -+ * 1. Redistributions of source code must retain the above copyright > -+ *=C2=A0=C2=A0=C2=A0=C2=A0notice, this list of conditions and the followi= ng disclaimer. > -+ * 2. Redistributions in binary form must reproduce the above=C2=A0 > copyright > -+ *=C2=A0=C2=A0=C2=A0=C2=A0notice, this list of conditions and the followi= ng disclaimer in=C2=A0 > the > -+ *=C2=A0=C2=A0=C2=A0=C2=A0documentation and/or other materials provided w= ith the=C2=A0 > distribution. > -+ * > -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS=C2=A0 > OR > -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED=C2=A0 > WARRANTIES > -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE=C2=A0 > DISCLAIMED. > -+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, > -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES=C2=A0 > (INCLUDING, BUT > -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS=C2=A0 > OF USE, > -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON=C2=A0 > ANY > -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE=C2=A0 > USE OF > -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > -+ * > -+ * Red Hat author: Jan F. Chadima > -+ */ > -+ > -+#include > -+ > -+void > -+audit_unsupported(int n) > -+{ > -+} > -+ > -+void > -+audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) > -+{ > -+} > -+ > -+void > -+audit_session_key_free(int ctos) > -+{ > -+} > -+ > -+void > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > -+{ > -+} > -diff -up openssh-6.8p1/auth-rsa.c.audit openssh-6.8p1/auth-rsa.c > ---- openssh-6.8p1/auth-rsa.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/auth-rsa.c 2015-03-20 13:41:15.094883779 +0100 > -@@ -95,7 +95,10 @@ auth_rsa_verify_response(Key *key, BIGNUM=C2=A0 > *challenge, u_char response[16]) > - { > -=C2=A0 u_char buf[32], mdbuf[16]; > -=C2=A0 struct ssh_digest_ctx *md; > -- int len; > -+ int len, rv; > -+#ifdef SSH_AUDIT_EVENTS > -+ char *fp; > -+#endif > -=C2=A0 > -=C2=A0 /* don't allow short keys */ > -=C2=A0 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { > -@@ -119,12 +122,18 @@ auth_rsa_verify_response(Key *key, BIGNUM=C2=A0 > *challenge, u_char response[16]) > -=C2=A0 ssh_digest_free(md); > -=C2=A0 > -=C2=A0 /* Verify that the response is the original challenge. */ > -- if (timingsafe_bcmp(response, mdbuf, 16) !=3D 0) { > -- /* Wrong answer. */ > -- return (0); > -+ rv =3D timingsafe_bcmp(response, mdbuf, 16) =3D=3D 0; > -+ > -+#ifdef SSH_AUDIT_EVENTS > -+ fp =3D sshkey_fingerprint(key, options.fingerprint_hash,=C2=A0 > SSH_FP_HEX); > -+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv)=C2=A0 > =3D=3D 0) { > -+ debug("unsuccessful audit"); > -+ rv =3D 0; > -=C2=A0 } > -- /* Correct answer. */ > -- return (1); > -+ free(fp); > -+#endif > -+ > -+ return rv; > - } > -=C2=A0 > - /* > -diff -up openssh-6.8p1/auth.c.audit openssh-6.8p1/auth.c > ---- openssh-6.8p1/auth.c.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/auth.c 2015-03-20 13:41:15.094883779 +0100 > -@@ -644,9 +644,6 @@ getpwnamallow(const char *user) > -=C2=A0 record_failed_login(user, > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0get_canonical_hostname(options.use_dns), "= ssh"); > - #endif > --#ifdef SSH_AUDIT_EVENTS > -- audit_event(SSH_INVALID_USER); > --#endif /* SSH_AUDIT_EVENTS */ > -=C2=A0 return (NULL); > -=C2=A0 } > -=C2=A0 if (!allowed_user(pw)) > -diff -up openssh-6.8p1/auth.h.audit openssh-6.8p1/auth.h > ---- openssh-6.8p1/auth.h.audit 2015-03-20 13:41:15.002883927 +0100 > -+++ openssh-6.8p1/auth.h 2015-03-20 13:41:15.094883779 +0100 > -@@ -195,6 +195,7 @@ void abandon_challenge_response(Authctxt > -=C2=A0 > - char *expand_authorized_keys(const char *, struct passwd *pw); > - char *authorized_principals_file(struct passwd *); > -+int =C2=A0user_key_verify(const Key *, const u_char *, u_int, const=C2=A0 > u_char *, u_int); > -=C2=A0 > - FILE *auth_openkeyfile(const char *, struct passwd *, int); > - FILE *auth_openprincipals(const char *, struct passwd *, int); > -@@ -213,6 +214,7 @@ int =C2=A0get_hostkey_index(Key *, int, struc > - int =C2=A0ssh1_session_key(BIGNUM *); > - int =C2=A0sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const u_char *, size_t, u_int); > -+int =C2=A0hostbased_key_verify(const Key *, const u_char *, u_int,=C2=A0 > const u_char *, u_int); > -=C2=A0 > - /* debug messages during authentication */ > - void =C2=A0auth_debug_add(const char *fmt,...)=C2=A0 > __attribute__((format(printf, 1, 2))); > -diff -up openssh-6.8p1/auth2-hostbased.c.audit=C2=A0 > openssh-6.8p1/auth2-hostbased.c > ---- openssh-6.8p1/auth2-hostbased.c.audit 2015-03-20=C2=A0 > 13:41:15.002883927 +0100 > -+++ openssh-6.8p1/auth2-hostbased.c 2015-03-20 13:41:15.093883780=C2=A0 > +0100 > -@@ -147,7 +147,7 @@ userauth_hostbased(Authctxt *authctxt) > -=C2=A0 /* test for allowed key and correct signature */ > -=C2=A0 authenticated =3D 0; > -=C2=A0 if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost,=C2=A0 > key)) && > -- =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b= ), > -+ =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(hostbased_key_verify(key, sig, slen, buf= fer_ptr(&b), > -=C2=A0 buffer_len(&b))) =3D=3D 1) > -=C2=A0 authenticated =3D 1; > -=C2=A0 > -@@ -164,6 +164,18 @@ done: > -=C2=A0 return authenticated; > - } > -=C2=A0 > -+int > -+hostbased_key_verify(const Key *key, const u_char *sig, u_int slen,=C2=A0 > const u_char *data, u_int datalen) > -+{ > -+ int rv; > -+ > -+ rv =3D key_verify(key, sig, slen, data, datalen); > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_key(0, &rv, key); > -+#endif > -+ return rv; > -+} > -+ > - /* return 1 if given hostkey is allowed */ > - int > - hostbased_key_allowed(struct passwd *pw, const char *cuser, char=C2=A0 > *chost, > -diff -up openssh-6.8p1/auth2-pubkey.c.audit=C2=A0 > openssh-6.8p1/auth2-pubkey.c > ---- openssh-6.8p1/auth2-pubkey.c.audit 2015-03-20=C2=A0 > 13:41:15.013883910 +0100 > -+++ openssh-6.8p1/auth2-pubkey.c 2015-03-20 13:41:15.094883779=C2=A0 > +0100 > -@@ -172,7 +172,7 @@ userauth_pubkey(Authctxt *authctxt) > -=C2=A0 /* test for correct signature */ > -=C2=A0 authenticated =3D 0; > -=C2=A0 if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && > -- =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&= b), > -+ =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(user_key_verify(key, sig, slen, buffer_= ptr(&b), > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0buffer_len(&b))) =3D=3D 1) { > -=C2=A0 authenticated =3D 1; > -=C2=A0 /* Record the successful key to prevent reuse */ > -@@ -250,6 +250,18 @@ pubkey_auth_info(Authctxt *authctxt, con > -=C2=A0 free(extra); > - } > -=C2=A0 > -+int > -+user_key_verify(const Key *key, const u_char *sig, u_int slen, const=C2=A0 > u_char *data, u_int datalen) > -+{ > -+ int rv; > -+ > -+ rv =3D key_verify(key, sig, slen, data, datalen); > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_key(1, &rv, key); > -+#endif > -+ return rv; > -+} > -+ > - static int > - match_principals_option(const char *principal_list, struct sshkey_cert=C2= =A0 > *cert) > - { > -diff -up openssh-6.8p1/auth2.c.audit openssh-6.8p1/auth2.c > ---- openssh-6.8p1/auth2.c.audit 2015-03-20 13:41:15.044883860 +0100 > -+++ openssh-6.8p1/auth2.c 2015-03-20 13:41:15.093883780 +0100 > -@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32 > -=C2=A0 } else { > -=C2=A0 logit("input_userauth_request: invalid user %s", > user); > -=C2=A0 authctxt->pw =3D fakepw(); > --#ifdef SSH_AUDIT_EVENTS > -- PRIVSEP(audit_event(SSH_INVALID_USER)); > --#endif > -=C2=A0 } > - #ifdef USE_PAM > -=C2=A0 if (options.use_pam) > -diff -up openssh-6.8p1/cipher.c.audit openssh-6.8p1/cipher.c > ---- openssh-6.8p1/cipher.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/cipher.c 2015-03-20 13:41:15.101883767 +0100 > -@@ -57,26 +59,6 @@ extern const EVP_CIPHER *evp_ssh1_3des(v > - extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); > - #endif > -=C2=A0 > --struct sshcipher { > -- char *name; > -- int number; /* for ssh1 only */ > -- u_int block_size; > -- u_int key_len; > -- u_int iv_len; /* defaults to block_size */ > -- u_int auth_len; > -- u_int discard_len; > -- u_int flags; > --#define CFLAG_CBC (1<<0) > --#define CFLAG_CHACHAPOLY (1<<1) > --#define CFLAG_AESCTR (1<<2) > --#define CFLAG_NONE (1<<3) > --#ifdef WITH_OPENSSL > -- const EVP_CIPHER *(*evptype)(void); > --#else > -- void *ignored; > --#endif > --}; > -- > - static const struct sshcipher ciphers[] =3D { > - #ifdef WITH_SSH1 > -=C2=A0 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, > -diff -up openssh-6.8p1/cipher.h.audit openssh-6.8p1/cipher.h > ---- openssh-6.8p1/cipher.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/cipher.h 2015-03-20 13:41:15.094883779 +0100 > -@@ -62,7 +62,26 @@ > - #define CIPHER_ENCRYPT 1 > - #define CIPHER_DECRYPT 0 > -=C2=A0 > --struct sshcipher; > -+struct sshcipher { > -+ char *name; > -+ int number; /* for ssh1 only */ > -+ u_int block_size; > -+ u_int key_len; > -+ u_int iv_len; /* defaults to block_size */ > -+ u_int auth_len; > -+ u_int discard_len; > -+ u_int flags; > -+#define CFLAG_CBC (1<<0) > -+#define CFLAG_CHACHAPOLY (1<<1) > -+#define CFLAG_AESCTR (1<<2) > -+#define CFLAG_NONE (1<<3) > -+#ifdef WITH_OPENSSL > -+ const EVP_CIPHER *(*evptype)(void); > -+#else > -+ void *ignored; > -+#endif > -+}; > -+ > - struct sshcipher_ctx { > -=C2=A0 int plaintext; > -=C2=A0 int encrypt; > -diff -up openssh-6.8p1/kex.c.audit openssh-6.8p1/kex.c > ---- openssh-6.8p1/kex.c.audit 2015-03-20 13:41:15.046883856 +0100 > -+++ openssh-6.8p1/kex.c 2015-03-20 13:41:15.101883767 +0100 > -@@ -54,6 +55,7 @@ > - #include "ssherr.h" > - #include "sshbuf.h" > - #include "digest.h" > -+#include "audit.h" > -=C2=A0 > - #ifdef GSSAPI > - #include "ssh-gss.h" > -@@ -484,8 +508,12 @@ choose_enc(struct sshenc *enc, char *cli > - { > -=C2=A0 char *name =3D match_list(client, server, NULL); > -=C2=A0 > -- if (name =3D=3D NULL) > -+ if (name =3D=3D NULL) { > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_unsupported(0); > -+#endif > -=C2=A0 return SSH_ERR_NO_CIPHER_ALG_MATCH; > -+ } > -=C2=A0 if ((enc->cipher =3D cipher_by_name(name)) =3D=3D NULL) > -=C2=A0 return SSH_ERR_INTERNAL_ERROR; > -=C2=A0 enc->name =3D name; > -@@ -503,8 +531,12 @@ choose_mac(struct ssh *ssh, struct sshma > - { > -=C2=A0 char *name =3D match_list(client, server, NULL); > -=C2=A0 > -- if (name =3D=3D NULL) > -+ if (name =3D=3D NULL) { > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_unsupported(1); > -+#endif > -=C2=A0 return SSH_ERR_NO_MAC_ALG_MATCH; > -+ } > -=C2=A0 if (mac_setup(mac, name) < 0) > -=C2=A0 return SSH_ERR_INTERNAL_ERROR; > -=C2=A0 /* truncate the key */ > -@@ -521,8 +553,12 @@ choose_comp(struct sshcomp *comp, char * > - { > -=C2=A0 char *name =3D match_list(client, server, NULL); > -=C2=A0 > -- if (name =3D=3D NULL) > -+ if (name =3D=3D NULL) { > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_unsupported(2); > -+#endif > -=C2=A0 return SSH_ERR_NO_COMPRESS_ALG_MATCH; > -+ } > -=C2=A0 if (strcmp(name, "zlib(a)openssh.com") =3D=3D 0) { > -=C2=A0 comp->type =3D COMP_DELAYED; > -=C2=A0 } else if (strcmp(name, "zlib") =3D=3D 0) { > -@@ -672,6 +708,10 @@ kex_choose_conf(struct ssh *ssh) > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->enc.block_size); > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->enc.iv_len); > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->mac.key_len); > -+ debug("kex: %s need=3D%d dh_need=3D%d", kex->name, need,=C2=A0 > dh_need); > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_kex(mode, newkeys->enc.name, newkeys->mac.name,=C2=A0 > newkeys->comp.name, kex->name); > -+#endif > -=C2=A0 } > -=C2=A0 /* XXX need runden? */ > -=C2=A0 kex->we_need =3D need; > -@@ -847,3 +887,34 @@ dump_digest(char *msg, u_char *digest, i > -=C2=A0 sshbuf_dump_data(digest, len, stderr); > - } > - #endif > -+ > -+static void > -+enc_destroy(struct sshenc *enc) > -+{ > -+ if (enc =3D=3D NULL) > -+ return; > -+ > -+ if (enc->key) { > -+ memset(enc->key, 0, enc->key_len); > -+ free(enc->key); > -+ } > -+ > -+ if (enc->iv) { > -+ memset(enc->iv,=C2=A0=C2=A00, enc->block_size); > -+ free(enc->iv); > -+ } > -+ > -+ memset(enc, 0, sizeof(*enc)); > -+} > -+ > -+void > -+newkeys_destroy(struct newkeys *newkeys) > -+{ > -+ if (newkeys =3D=3D NULL) > -+ return; > -+ > -+ enc_destroy(&newkeys->enc); > -+ mac_destroy(&newkeys->mac); > -+ memset(&newkeys->comp, 0, sizeof(newkeys->comp)); > -+} > -+ > -diff -up openssh-6.8p1/kex.h.audit openssh-6.8p1/kex.h > ---- openssh-6.8p1/kex.h.audit 2015-03-20 13:41:15.046883856 +0100 > -+++ openssh-6.8p1/kex.h 2015-03-20 13:41:15.095883777 +0100 > -@@ -199,6 +199,8 @@ int =C2=A0kexgss_client(struct ssh *); > - int =C2=A0kexgss_server(struct ssh *); > - #endif > -=C2=A0 > -+void newkeys_destroy(struct newkeys *newkeys); > -+ > - int =C2=A0kex_dh_hash(const char *, const char *, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const u_char *, size_t, const u_char *, size= _t, const u_char *,=C2=A0 > size_t, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const BIGNUM *, const BIGNUM *, const BIGNUM= *, u_char *, size_t=C2=A0 > *); > -diff -up openssh-6.8p1/key.h.audit openssh-6.8p1/key.h > ---- openssh-6.8p1/key.h.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/key.h 2015-03-20 13:41:15.095883777 +0100 > -@@ -50,6 +50,7 @@ typedef struct sshkey Key; > - #define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid > - #define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid > - #define key_is_cert sshkey_is_cert > -+#define key_is_private sshkey_is_private > - #define key_type_plain sshkey_type_plain > - #define key_cert_is_legacy sshkey_cert_is_legacy > - #define key_curve_name_to_nid sshkey_curve_name_to_nid > -diff -up openssh-6.8p1/mac.c.audit openssh-6.8p1/mac.c > ---- openssh-6.8p1/mac.c.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/mac.c 2015-03-20 13:41:15.102883766 +0100 > -@@ -226,6 +246,20 @@ mac_clear(struct sshmac *mac) > -=C2=A0 mac->umac_ctx =3D NULL; > - } > -=C2=A0 > -+void > -+mac_destroy(struct sshmac *mac) > -+{ > -+ if (mac =3D=3D NULL) > -+ return; > -+ > -+ if (mac->key) { > -+ memset(mac->key, 0, mac->key_len); > -+ free(mac->key); > -+ } > -+ > -+ memset(mac, 0, sizeof(*mac)); > -+} > -+ > - /* XXX copied from ciphers_valid */ > - #define MAC_SEP "," > - int > -diff -up openssh-6.8p1/mac.h.audit openssh-6.8p1/mac.h > ---- openssh-6.8p1/mac.h.audit 2015-03-17 06:49:20.000000000 +0100 > -+++ openssh-6.8p1/mac.h 2015-03-20 13:41:15.095883777 +0100 > -@@ -47,5 +47,6 @@ int =C2=A0mac_init(struct sshmac *); > - int =C2=A0mac_compute(struct sshmac *, u_int32_t, const u_char *, int, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0u_char *, size_t); > - void =C2=A0mac_clear(struct sshmac *); > -+void =C2=A0mac_destroy(struct sshmac *); > -=C2=A0 > - #endif /* SSHMAC_H */ > -diff -up openssh-6.8p1/monitor.c.audit openssh-6.8p1/monitor.c > ---- openssh-6.8p1/monitor.c.audit 2015-03-20 13:41:15.072883814=C2=A0 > +0100 > -+++ openssh-6.8p1/monitor.c 2015-03-20 13:41:15.107883758 +0100 > -@@ -102,6 +102,7 @@ > - #include "ssh2.h" > - #include "roaming.h" > - #include "authfd.h" > -+#include "audit.h" > - #include "match.h" > - #include "ssherr.h" > -=C2=A0 > -@@ -117,6 +118,8 @@ extern Buffer auth_debug; > - extern int auth_debug_init; > - extern Buffer loginmsg; > -=C2=A0 > -+extern void destroy_sensitive_data(int); > -+ > - /* State exported from the child */ > - static struct sshbuf *child_state; > -=C2=A0 > -@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe > - #ifdef SSH_AUDIT_EVENTS > - int mm_answer_audit_event(int, Buffer *); > - int mm_answer_audit_command(int, Buffer *); > -+int mm_answer_audit_end_command(int, Buffer *); > -+int mm_answer_audit_unsupported_body(int, Buffer *); > -+int mm_answer_audit_kex_body(int, Buffer *); > -+int mm_answer_audit_session_key_free_body(int, Buffer *); > -+int mm_answer_audit_server_key_free(int, Buffer *); > - #endif > -=C2=A0 > - static int monitor_read_log(struct monitor *); > -@@ -226,6 +234,10 @@ struct mon_table mon_dispatch_proto20[] > - #endif > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_ans= wer_audit_event}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2=A0 > mm_answer_audit_unsupported_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_aud= it_kex_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_session_key_free_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_server_key_free}, > - #endif > - #ifdef BSD_AUTH > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_an= swer_bsdauthquery}, > -@@ -264,6 +276,11 @@ struct mon_table mon_dispatch_postauth20 > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_ans= wer_audit_event}, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_a= nswer_audit_command}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT,=C2=A0 > mm_answer_audit_end_command}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2=A0 > mm_answer_audit_unsupported_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_aud= it_kex_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_session_key_free_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_server_key_free}, > - #endif > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > - }; > -@@ -296,6 +313,10 @@ struct mon_table mon_dispatch_proto15[] > - #endif > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_ans= wer_audit_event}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2=A0 > mm_answer_audit_unsupported_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_aud= it_kex_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_session_key_free_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_server_key_free}, > - #endif > - #endif /* WITH_SSH1 */ > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > -@@ -309,6 +330,11 @@ struct mon_table mon_dispatch_postauth15 > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_ans= wer_audit_event}, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_O= NCE,=C2=A0 > mm_answer_audit_command}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT,=C2=A0 > mm_answer_audit_end_command}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2=A0 > mm_answer_audit_unsupported_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_aud= it_kex_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_session_key_free_body}, > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > mm_answer_audit_server_key_free}, > - #endif > - #endif /* WITH_SSH1 */ > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > -@@ -1466,9 +1493,11 @@ mm_answer_keyverify(int sock, Buffer *m) > -=C2=A0 Key *key; > -=C2=A0 u_char *signature, *data, *blob; > -=C2=A0 u_int signaturelen, datalen, bloblen; > -+ int type =3D 0; > -=C2=A0 int verified =3D 0; > -=C2=A0 int valid_data =3D 0; > -=C2=A0 > -+ type =3D buffer_get_int(m); > -=C2=A0 blob =3D buffer_get_string(m, &bloblen); > -=C2=A0 signature =3D buffer_get_string(m, &signaturelen); > -=C2=A0 data =3D buffer_get_string(m, &datalen); > -@@ -1476,6 +1505,8 @@ mm_answer_keyverify(int sock, Buffer *m) > -=C2=A0 if (hostbased_cuser =3D=3D NULL || hostbased_chost =3D=3D NULL || > -=C2=A0 =C2=A0=C2=A0!monitor_allowed_key(blob, bloblen)) > -=C2=A0 fatal("%s: bad key, not previously allowed", __func__); > -+ if (type !=3D key_blobtype) > -+ fatal("%s: bad key type", __func__); > -=C2=A0 > -=C2=A0 key =3D key_from_blob(blob, bloblen); > -=C2=A0 if (key =3D=3D NULL) > -@@ -1496,7 +1527,17 @@ mm_answer_keyverify(int sock, Buffer *m) > -=C2=A0 if (!valid_data) > -=C2=A0 fatal("%s: bad signature data blob", __func__); > -=C2=A0 > -- verified =3D key_verify(key, signature, signaturelen, data,=C2=A0 > datalen); > -+ switch (key_blobtype) { > -+ case MM_USERKEY: > -+ verified =3D user_key_verify(key, signature, signaturelen,=C2=A0 > data, datalen); > -+ break; > -+ case MM_HOSTKEY: > -+ verified =3D hostbased_key_verify(key, signature,=C2=A0 > signaturelen, data, datalen); > -+ break; > -+ default: > -+ verified =3D 0; > -+ break; > -+ } > -=C2=A0 debug3("%s: key %p signature %s", > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0__func__, key, (verified =3D=3D 1) ? "verif= ied" : "unverified"); > -=C2=A0 > -@@ -1554,6 +1595,12 @@ mm_session_close(Session *s) > -=C2=A0 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); > -=C2=A0 session_pty_cleanup2(s); > -=C2=A0 } > -+#ifdef SSH_AUDIT_EVENTS > -+ if (s->command !=3D NULL) { > -+ debug3("%s: command %d", __func__, s->command_handle); > -+ session_end_command2(s); > -+ } > -+#endif > -=C2=A0 session_unused(s->self); > - } > -=C2=A0 > -@@ -1836,6 +1883,8 @@ mm_answer_term(int sock, Buffer *req) > -=C2=A0 sshpam_cleanup(); > - #endif > -=C2=A0 > -+ destroy_sensitive_data(0); > -+ > -=C2=A0 while (waitpid(pmonitor->m_pid, &status, 0) =3D=3D -1) > -=C2=A0 if (errno !=3D EINTR) > -=C2=A0 exit(1); > -@@ -1878,11 +1927,43 @@ mm_answer_audit_command(int socket, Buff > - { > -=C2=A0 u_int len; > -=C2=A0 char *cmd; > -+ Session *s; > -=C2=A0 > -=C2=A0 debug3("%s entering", __func__); > -=C2=A0 cmd =3D buffer_get_string(m, &len); > -+ > -=C2=A0 /* sanity check command, if so how? */ > -- audit_run_command(cmd); > -+ s =3D session_new(); > -+ if (s =3D=3D NULL) > -+ fatal("%s: error allocating a session", __func__); > -+ s->command =3D cmd; > -+ s->command_handle =3D audit_run_command(cmd); > -+ > -+ buffer_clear(m); > -+ buffer_put_int(m, s->self); > -+ > -+ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); > -+ > -+ return (0); > -+} > -+ > -+int > -+mm_answer_audit_end_command(int socket, Buffer *m) > -+{ > -+ int handle; > -+ u_int len; > -+ char *cmd; > -+ Session *s; > -+ > -+ debug3("%s entering", __func__); > -+ handle =3D buffer_get_int(m); > -+ cmd =3D buffer_get_string(m, &len); > -+ > -+ s =3D session_by_id(handle); > -+ if (s =3D=3D NULL || s->ttyfd !=3D -1 || s->command =3D=3D NULL || > -+ =C2=A0=C2=A0=C2=A0=C2=A0strcmp(s->command, cmd) !=3D 0) > -+ fatal("%s: invalid handle", __func__); > -+ mm_session_close(s); > -=C2=A0 free(cmd); > -=C2=A0 return (0); > - } > -@@ -1936,6 +2017,7 @@ > - void > - mm_get_keystate(struct monitor *pmonitor) > - { > -+ Buffer m; > -=C2=A0 debug3("%s: Waiting for new keys", __func__); > -=C2=A0 > -=C2=A0 if ((child_state =3D sshbuf_new()) =3D=3D NULL) > -@@ -1946,6 +2027,21 @@ mm_get_keystate(struct monitor *pmonitor > -=C2=A0 mm_request_receive_expect(pmonitor->m_sendfd,=C2=A0 > MONITOR_REQ_KEYEXPORT, > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0child_state); > -=C2=A0 debug3("%s: GOT new keys", __func__); > -+ > -+#ifdef SSH_AUDIT_EVENTS > -+ if (compat20) { > -+ buffer_init(&m); > -+ mm_request_receive_expect(pmonitor->m_sendfd, > -+ =C2=A0=C2=A0MONITOR_REQ_AUDIT_SESSION_KEY_FREE > , &m); > -+ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd,=C2=A0 > &m); > -+ buffer_free(&m); > -+ } > -+#endif > -+ > -+ /* Drain any buffered messages from the child */ > -+ while (pmonitor->m_log_recvfd >=3D 0 && monitor_read_log(pmonitor)=C2=A0 > =3D=3D 0) > -+ ; > -+ > - } > -=C2=A0 > -=C2=A0 > -@@ -2212,3 +2308,87 @@ mm_answer_gss_updatecreds(int socket, Bu > -=C2=A0 > - #endif /* GSSAPI */ > -=C2=A0 > -+#ifdef SSH_AUDIT_EVENTS > -+int > -+mm_answer_audit_unsupported_body(int sock, Buffer *m) > -+{ > -+ int what; > -+ > -+ what =3D buffer_get_int(m); > -+ > -+ audit_unsupported_body(what); > -+ > -+ buffer_clear(m); > -+ > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m); > -+ return 0; > -+} > -+ > -+int > -+mm_answer_audit_kex_body(int sock, Buffer *m) > -+{ > -+ int ctos, len; > -+ char *cipher, *mac, *compress, *pfs; > -+ pid_t pid; > -+ uid_t uid; > -+ > -+ ctos =3D buffer_get_int(m); > -+ cipher =3D buffer_get_string(m, &len); > -+ mac =3D buffer_get_string(m, &len); > -+ compress =3D buffer_get_string(m, &len); > -+ pfs =3D buffer_get_string(m, &len); > -+ pid =3D buffer_get_int64(m); > -+ uid =3D buffer_get_int64(m); > -+ > -+ audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid); > -+ > -+ free(cipher); > -+ free(mac); > -+ free(compress); > -+ free(pfs); > -+ buffer_clear(m); > -+ > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m); > -+ return 0; > -+} > -+ > -+int > -+mm_answer_audit_session_key_free_body(int sock, Buffer *m) > -+{ > -+ int ctos; > -+ pid_t pid; > -+ uid_t uid; > -+ > -+ ctos =3D buffer_get_int(m); > -+ pid =3D buffer_get_int64(m); > -+ uid =3D buffer_get_int64(m); > -+ > -+ audit_session_key_free_body(ctos, pid, uid); > -+ > -+ buffer_clear(m); > -+ > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); > -+ return 0; > -+} > -+ > -+int > -+mm_answer_audit_server_key_free(int sock, Buffer *m) > -+{ > -+ int len; > -+ char *fp; > -+ pid_t pid; > -+ uid_t uid; > -+ > -+ fp =3D buffer_get_string(m, &len); > -+ pid =3D buffer_get_int64(m); > -+ uid =3D buffer_get_int64(m); > -+ > -+ audit_destroy_sensitive_data(fp, pid, uid); > -+ > -+ free(fp); > -+ buffer_clear(m); > -+ > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m); > -+ return 0; > -+} > -+#endif /* SSH_AUDIT_EVENTS */ > -diff -up openssh-6.8p1/monitor.h.audit openssh-6.8p1/monitor.h > ---- openssh-6.8p1/monitor.h.audit 2015-03-20 13:41:15.072883814=C2=A0 > +0100 > -+++ openssh-6.8p1/monitor.h 2015-03-20 13:41:15.096883775 +0100 > -@@ -69,7 +69,13 @@ enum monitor_reqtype { > -=C2=A0 MONITOR_REQ_PAM_QUERY =3D 106, MONITOR_ANS_PAM_QUERY =3D 107, > -=C2=A0 MONITOR_REQ_PAM_RESPOND =3D 108, MONITOR_ANS_PAM_RESPOND =3D 109, > -=C2=A0 MONITOR_REQ_PAM_FREE_CTX =3D 110, MONITOR_ANS_PAM_FREE_CTX =3D 111, > -- MONITOR_REQ_AUDIT_EVENT =3D 112, MONITOR_REQ_AUDIT_COMMAND =3D 113, > -+ MONITOR_REQ_AUDIT_EVENT =3D 112, > -+ MONITOR_REQ_AUDIT_COMMAND =3D 114, MONITOR_ANS_AUDIT_COMMAND =3D 115, > -+ MONITOR_REQ_AUDIT_END_COMMAND =3D 116, > -+ MONITOR_REQ_AUDIT_UNSUPPORTED =3D 118,=C2=A0 > MONITOR_ANS_AUDIT_UNSUPPORTED =3D 119, > -+ MONITOR_REQ_AUDIT_KEX =3D 120, MONITOR_ANS_AUDIT_KEX =3D 121, > -+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE =3D 122,=C2=A0 > MONITOR_ANS_AUDIT_SESSION_KEY_FREE =3D 123, > -+ MONITOR_REQ_AUDIT_SERVER_KEY_FREE =3D 124,=C2=A0 > MONITOR_ANS_AUDIT_SERVER_KEY_FREE =3D 125 > -=C2=A0 > - }; > -=C2=A0 > -diff -up openssh-6.8p1/monitor_wrap.c.audit=C2=A0 > openssh-6.8p1/monitor_wrap.c > ---- openssh-6.8p1/monitor_wrap.c.audit 2015-03-20=C2=A0 > 13:41:15.047883855 +0100 > -+++ openssh-6.8p1/monitor_wrap.c 2015-03-20 13:41:15.108883756=C2=A0 > +0100 > -@@ -461,7 +461,7 @@ mm_key_allowed(enum mm_keytype type, cha > -=C2=A0=C2=A0*/ > -=C2=A0 > - int > --mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int=C2= =A0 > datalen) > -+mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int=C2=A0 > siglen, u_char *data, u_int datalen) > - { > -=C2=A0 Buffer m; > -=C2=A0 u_char *blob; > -@@ -475,6 +475,7 @@ mm_key_verify(Key *key, u_char *sig, u_i > -=C2=A0 return (0); > -=C2=A0 > -=C2=A0 buffer_init(&m); > -+ buffer_put_int(&m, type); > -=C2=A0 buffer_put_string(&m, blob, len); > -=C2=A0 buffer_put_string(&m, sig, siglen); > -=C2=A0 buffer_put_string(&m, data, datalen); > -@@ -492,6 +493,18 @@ mm_key_verify(Key *key, u_char *sig, u_i > -=C2=A0 return (verified); > - } > -=C2=A0 > -+int > -+mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char=C2=A0 > *data, u_int datalen) > -+{ > -+ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data,=C2=A0 > datalen); > -+} > -+ > -+int > -+mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data,=C2= =A0 > u_int datalen) > -+{ > -+ return mm_key_verify(MM_USERKEY, key, sig, siglen, data,=C2=A0 > datalen); > -+} > -+ > - void > - mm_send_keystate(struct monitor *monitor) > - { > -@@ -1005,10 +1018,11 @@ mm_audit_event(ssh_audit_event_t event) > -=C2=A0 buffer_free(&m); > - } > -=C2=A0 > --void > -+int > - mm_audit_run_command(const char *command) > - { > -=C2=A0 Buffer m; > -+ int handle; > -=C2=A0 > -=C2=A0 debug3("%s entering command %s", __func__, command); > -=C2=A0 > -@@ -1016,6 +1030,26 @@ mm_audit_run_command(const char *command > -=C2=A0 buffer_put_cstring(&m, command); > -=C2=A0 > -=C2=A0 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND,=C2=A0 > &m); > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > MONITOR_ANS_AUDIT_COMMAND, &m); > -+ > -+ handle =3D buffer_get_int(&m); > -+ buffer_free(&m); > -+ > -+ return (handle); > -+} > -+ > -+void > -+mm_audit_end_command(int handle, const char *command) > -+{ > -+ Buffer m; > -+ > -+ debug3("%s entering command %s", __func__, command); > -+ > -+ buffer_init(&m); > -+ buffer_put_int(&m, handle); > -+ buffer_put_cstring(&m, command); > -+ > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > MONITOR_REQ_AUDIT_END_COMMAND, &m); > -=C2=A0 buffer_free(&m); > - } > - #endif /* SSH_AUDIT_EVENTS */ > -@@ -1151,3 +1185,72 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc > -=C2=A0 > - #endif /* GSSAPI */ > -=C2=A0 > -+#ifdef SSH_AUDIT_EVENTS > -+void > -+mm_audit_unsupported_body(int what) > -+{ > -+ Buffer m; > -+ > -+ buffer_init(&m); > -+ buffer_put_int(&m, what); > -+ > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > MONITOR_REQ_AUDIT_UNSUPPORTED, &m); > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > MONITOR_ANS_AUDIT_UNSUPPORTED, > -+ =C2=A0=C2=A0&m); > -+ > -+ buffer_free(&m); > -+} > -+ > -+void > -+mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress,=C2=A0 > char *fps, pid_t pid, > -+ =C2=A0=C2=A0uid_t uid) > -+{ > -+ Buffer m; > -+ > -+ buffer_init(&m); > -+ buffer_put_int(&m, ctos); > -+ buffer_put_cstring(&m, cipher); > -+ buffer_put_cstring(&m, (mac ? mac : "")); > -+ buffer_put_cstring(&m, compress); > -+ buffer_put_cstring(&m, fps); > -+ buffer_put_int64(&m, pid); > -+ buffer_put_int64(&m, uid); > -+ > -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > MONITOR_ANS_AUDIT_KEX, > -+ =C2=A0=C2=A0&m); > -+ > -+ buffer_free(&m); > -+} > -+ > -+void > -+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > -+{ > -+ Buffer m; > -+ > -+ buffer_init(&m); > -+ buffer_put_int(&m, ctos); > -+ buffer_put_int64(&m, pid); > -+ buffer_put_int64(&m, uid); > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > MONITOR_ANS_AUDIT_SESSION_KEY_FREE, > -+ =C2=A0=C2=A0&m); > -+ buffer_free(&m); > -+} > -+ > -+void > -+mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > -+{ > -+ Buffer m; > -+ > -+ buffer_init(&m); > -+ buffer_put_cstring(&m, fp); > -+ buffer_put_int64(&m, pid); > -+ buffer_put_int64(&m, uid); > -+ > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > MONITOR_ANS_AUDIT_SERVER_KEY_FREE, > -+ =C2=A0=C2=A0&m); > -+ buffer_free(&m); > -+} > -+#endif /* SSH_AUDIT_EVENTS */ > -diff -up openssh-6.8p1/monitor_wrap.h.audit=C2=A0 > openssh-6.8p1/monitor_wrap.h > ---- openssh-6.8p1/monitor_wrap.h.audit 2015-03-20=C2=A0 > 13:41:15.048883853 +0100 > -+++ openssh-6.8p1/monitor_wrap.h 2015-03-20 13:41:15.096883775=C2=A0 > +0100 > -@@ -52,7 +52,8 @@ int mm_key_allowed(enum mm_keytype, char > - int mm_user_key_allowed(struct passwd *, Key *); > - int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); > - int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *,=C2=A0 > Key *); > --int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); > -+int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); > -+int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); > - int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); > - int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); > - BIGNUM *mm_auth_rsa_generate_challenge(Key *); > -@@ -79,7 +80,12 @@ void mm_sshpam_free_ctx(void *); > - #ifdef SSH_AUDIT_EVENTS > - #include "audit.h" > - void mm_audit_event(ssh_audit_event_t); > --void mm_audit_run_command(const char *); > -+int mm_audit_run_command(const char *); > -+void mm_audit_end_command(int, const char *); > -+void mm_audit_unsupported_body(int); > -+void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t,=C2=A0 > uid_t); > -+void mm_audit_session_key_free_body(int, pid_t, uid_t); > -+void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); > - #endif > -=C2=A0 > - struct Session; > -diff -up openssh-6.8p1/packet.c.audit openssh-6.8p1/packet.c > ---- openssh-6.8p1/packet.c.audit 2015-03-20 13:41:14.990883947=C2=A0 > +0100 > -+++ openssh-6.8p1/packet.c 2015-03-20 13:41:15.097883774 +0100 > -@@ -67,6 +67,7 @@ > - #include "key.h" /* typedefs XXX */ > -=C2=A0 > - #include "xmalloc.h" > -+#include "audit.h" > - #include "crc32.h" > - #include "deattack.h" > - #include "compat.h" > -@@ -448,6 +449,13 @@ ssh_packet_get_connection_out(struct ssh > -=C2=A0 return ssh->state->connection_out; > - } > -=C2=A0 > -+static int > -+packet_state_has_keys (const struct session_state *state) > -+{ > -+ return state !=3D NULL && > -+ (state->newkeys[MODE_IN] !=3D NULL || state- > >newkeys[MODE_OUT]=C2=A0 > !=3D NULL); > -+} > -+ > - /* > -=C2=A0=C2=A0* Returns the IP-address of the remote host as a string.=C2=A0= =C2=A0The=C2=A0 > returned > -=C2=A0=C2=A0* string must not be freed. > -@@ -478,13 +486,6 @@ ssh_packet_close(struct ssh *ssh) > -=C2=A0 if (!state->initialized) > -=C2=A0 return; > -=C2=A0 state->initialized =3D 0; > -- if (state->connection_in =3D=3D state->connection_out) { > -- shutdown(state->connection_out, SHUT_RDWR); > -- close(state->connection_out); > -- } else { > -- close(state->connection_in); > -- close(state->connection_out); > -- } > -=C2=A0 sshbuf_free(state->input); > -=C2=A0 sshbuf_free(state->output); > -=C2=A0 sshbuf_free(state->outgoing_packet); > -@@ -516,14 +517,24 @@ ssh_packet_close(struct ssh *ssh) > -=C2=A0 inflateEnd(stream); > -=C2=A0 } > -=C2=A0 } > -- if ((r =3D cipher_cleanup(&state->send_context)) !=3D 0) > -- error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > ssh_err(r)); > -- if ((r =3D cipher_cleanup(&state->receive_context)) !=3D 0) > -- error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > ssh_err(r)); > -+ if (packet_state_has_keys(state)) { > -+ if ((r =3D cipher_cleanup(&state->send_context)) !=3D 0) > -+ error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > ssh_err(r)); > -+ if ((r =3D cipher_cleanup(&state->receive_context)) !=3D 0) > -+ error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > ssh_err(r)); > -+ audit_session_key_free(2); > -+ } > -=C2=A0 if (ssh->remote_ipaddr) { > -=C2=A0 free(ssh->remote_ipaddr); > -=C2=A0 ssh->remote_ipaddr =3D NULL; > -=C2=A0 } > -+ if (state->connection_in =3D=3D state->connection_out) { > -+ shutdown(state->connection_out, SHUT_RDWR); > -+ close(state->connection_out); > -+ } else { > -+ close(state->connection_in); > -+ close(state->connection_out); > -+ } > -=C2=A0 free(ssh->state); > -=C2=A0 ssh->state =3D NULL; > - } > -@@ -941,6 +952,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod > -=C2=A0 } > -=C2=A0 if (state->newkeys[mode] !=3D NULL) { > -=C2=A0 debug("set_newkeys: rekeying"); > -+ audit_session_key_free(mode); > -=C2=A0 if ((r =3D cipher_cleanup(cc)) !=3D 0) > -=C2=A0 return r; > -=C2=A0 enc=C2=A0=C2=A0=3D &state->newkeys[mode]->enc; > -@@ -2263,6 +2275,75 @@ ssh_packet_get_output(struct ssh *ssh) > -=C2=A0 return (void *)ssh->state->output; > - } > -=C2=A0 > -+static void > -+newkeys_destroy_and_free(struct newkeys *newkeys) > -+{ > -+ if (newkeys =3D=3D NULL) > -+ return; > -+ > -+ free(newkeys->enc.name); > -+ > -+ if (newkeys->mac.enabled) { > -+ mac_clear(&newkeys->mac); > -+ free(newkeys->mac.name); > -+ } > -+ > -+ free(newkeys->comp.name); > -+ > -+ newkeys_destroy(newkeys); > -+ free(newkeys); > -+} > -+ > -+static void > -+packet_destroy_state(struct session_state *state) > -+{ > -+ if (state =3D=3D NULL) > -+ return; > -+ > -+ cipher_cleanup(&state->receive_context); > -+ cipher_cleanup(&state->send_context); > -+ > -+ buffer_free(state->input); > -+ state->input =3D NULL; > -+ buffer_free(state->output); > -+ state->output =3D NULL; > -+ buffer_free(state->outgoing_packet); > -+ state->outgoing_packet =3D NULL; > -+ buffer_free(state->incoming_packet); > -+ state->incoming_packet =3D NULL; > -+ if( state->compression_buffer ) { > -+ buffer_free(state->compression_buffer); > -+ state->compression_buffer =3D NULL; > -+ } > -+ newkeys_destroy_and_free(state->newkeys[MODE_IN]); > -+ state->newkeys[MODE_IN] =3D NULL; > -+ newkeys_destroy_and_free(state->newkeys[MODE_OUT]); > -+ state->newkeys[MODE_OUT] =3D NULL; > -+ mac_destroy(state->packet_discard_mac); > -+// TAILQ_HEAD(, packet) outgoing; > -+// memset(state, 0, sizeof(state)); > -+} > -+ > -+void > -+packet_destroy_all(int audit_it, int privsep) > -+{ > -+ if (audit_it) > -+ audit_it =3D (active_state !=3D NULL &&=C2=A0 > packet_state_has_keys(active_state->state)) > -+ || (backup_state !=3D NULL &&=C2=A0 > packet_state_has_keys(backup_state->state)); > -+ if (active_state !=3D NULL) > -+ packet_destroy_state(active_state->state); > -+ if (backup_state !=3D NULL) > -+ packet_destroy_state(backup_state->state); > -+ if (audit_it) { > -+#ifdef SSH_AUDIT_EVENTS > -+ if (privsep) > -+ audit_session_key_free(2); > -+ else > -+ audit_session_key_free_body(2, getpid(), getuid()); > -+#endif > -+ } > -+} > -+ > - /* XXX TODO update roaming to new API (does not work anyway) */ > - /* > -=C2=A0=C2=A0* Save the state for the real connection, and use a separate s= tate=C2=A0 > when > -@@ -2272,18 +2373,12 @@ void > - ssh_packet_backup_state(struct ssh *ssh, > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0struct ssh *backup_state) > - { > -- struct ssh *tmp; > -- > -=C2=A0 close(ssh->state->connection_in); > -=C2=A0 ssh->state->connection_in =3D -1; > -=C2=A0 close(ssh->state->connection_out); > -=C2=A0 ssh->state->connection_out =3D -1; > -- if (backup_state) > -- tmp =3D backup_state; > -- else > -- tmp =3D ssh_alloc_session_state(); > -=C2=A0 backup_state =3D ssh; > -- ssh =3D tmp; > -+ ssh =3D ssh_alloc_session_state(); > - } > -=C2=A0 > - /* XXX FIXME FIXME FIXME */ > -@@ -2302,9 +2397,7 @@ ssh_packet_restore_state(struct ssh *ssh > -=C2=A0 backup_state =3D ssh; > -=C2=A0 ssh =3D tmp; > -=C2=A0 ssh->state->connection_in =3D backup_state->state->connection_in; > -- backup_state->state->connection_in =3D -1; > -=C2=A0 ssh->state->connection_out =3D backup_state->state->connection_out; > -- backup_state->state->connection_out =3D -1; > -=C2=A0 len =3D sshbuf_len(backup_state->state->input); > -=C2=A0 if (len > 0) { > -=C2=A0 if ((r =3D sshbuf_putb(ssh->state->input, > -@@ -2313,6 +2406,11 @@ ssh_packet_restore_state(struct ssh *ssh > -=C2=A0 sshbuf_reset(backup_state->state->input); > -=C2=A0 add_recv_bytes(len); > -=C2=A0 } > -+ backup_state->state->connection_in =3D -1; > -+ backup_state->state->connection_out =3D -1; > -+ packet_destroy_state(backup_state->state); > -+ free(backup_state); > -+ backup_state =3D NULL; > - } > -=C2=A0 > - /* Reset after_authentication and reset compression in post-auth=C2=A0 > privsep */ > -diff -up openssh-6.8p1/packet.h.audit openssh-6.8p1/packet.h > ---- openssh-6.8p1/packet.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/packet.h 2015-03-20 13:41:15.097883774 +0100 > -@@ -189,7 +189,7 @@ int sshpkt_get_end(struct ssh *ssh); > - const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); > -=C2=A0 > - /* OLD API */ > --extern struct ssh *active_state; > -+extern struct ssh *active_state, *backup_state; > - #include "opacket.h" > -=C2=A0 > - #if !defined(WITH_OPENSSL) > -@@ -203,4 +203,5 @@ extern struct ssh *active_state; > - # undef EC_POINT > - #endif > -=C2=A0 > -+void =C2=A0packet_destroy_all(int, int); > - #endif /* PACKET_H */ > -diff -up openssh-6.8p1/session.c.audit openssh-6.8p1/session.c > ---- openssh-6.8p1/session.c.audit 2015-03-20 13:41:15.073883813=C2=A0 > +0100 > -+++ openssh-6.8p1/session.c 2015-03-20 13:41:15.097883774 +0100 > -@@ -139,7 +139,7 @@ extern int log_stderr; > - extern int debug_flag; > - extern u_int utmp_len; > - extern int startup_pipe; > --extern void destroy_sensitive_data(void); > -+extern void destroy_sensitive_data(int); > - extern Buffer loginmsg; > -=C2=A0 > - /* original command from peer. */ > -@@ -731,6 +731,14 @@ do_exec_pty(Session *s, const char *comm > -=C2=A0 /* Parent.=C2=A0=C2=A0Close the slave side of the pseudo tty. */ > -=C2=A0 close(ttyfd); > -=C2=A0 > -+#ifndef HAVE_OSF_SIA > -+ /* do_login in the child did not affect state in this process, > -+ =C2=A0=C2=A0=C2=A0compensate.=C2=A0=C2=A0From an architectural standpoin= t, this is=C2=A0 > extremely > -+ =C2=A0=C2=A0=C2=A0ugly. */ > -+ if (!(options.use_login && command =3D=3D NULL)) > -+ audit_count_session_open(); > -+#endif > -+ > -=C2=A0 /* Enter interactive session. */ > -=C2=A0 s->ptymaster =3D ptymaster; > -=C2=A0 packet_set_interactive(1,=C2=A0 > -@@ -853,15 +861,19 @@ do_exec(Session *s, const char *command) > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0get_remote_port()); > -=C2=A0 > - #ifdef SSH_AUDIT_EVENTS > -+ if (s->command !=3D NULL || s->command_handle !=3D -1) > -+ fatal("do_exec: command already set"); > -=C2=A0 if (command !=3D NULL) > -- PRIVSEP(audit_run_command(command)); > -+ s->command =3D xstrdup(command); > -=C2=A0 else if (s->ttyfd =3D=3D -1) { > -=C2=A0 char *shell =3D s->pw->pw_shell; > -=C2=A0 > -=C2=A0 if (shell[0] =3D=3D '\0') /* empty shell means /bin/sh */ > -=C2=A0 shell =3D_PATH_BSHELL; > -- PRIVSEP(audit_run_command(shell)); > -+ s->command =3D xstrdup(shell); > -=C2=A0 } > -+ if (s->command !=3D NULL && s->ptyfd =3D=3D -1) > -+ s->command_handle =3D PRIVSEP(audit_run_command(s->command)); > - #endif > -=C2=A0 if (s->ttyfd !=3D -1) > -=C2=A0 ret =3D do_exec_pty(s, command); > -@@ -1704,7 +1716,10 @@ do_child(Session *s, const char *command > -=C2=A0 int r =3D 0; > -=C2=A0 > -=C2=A0 /* remove hostkey from the child's memory */ > -- destroy_sensitive_data(); > -+ destroy_sensitive_data(1); > -+ /* Don't audit this - both us and the parent would be talking to=C2=A0 > the > -+ =C2=A0=C2=A0=C2=A0monitor over a single socket, with no synchronization.= */ > -+ packet_destroy_all(0, 1); > -=C2=A0 > -=C2=A0 /* Force a password change */ > -=C2=A0 if (s->authctxt->force_pwchange) { > -@@ -1934,6 +1949,7 @@ session_unused(int id) > -=C2=A0 sessions[id].ttyfd =3D -1; > -=C2=A0 sessions[id].ptymaster =3D -1; > -=C2=A0 sessions[id].x11_chanids =3D NULL; > -+ sessions[id].command_handle =3D -1; > -=C2=A0 sessions[id].next_unused =3D sessions_first_unused; > -=C2=A0 sessions_first_unused =3D id; > - } > -@@ -2016,6 +2032,19 @@ session_open(Authctxt *authctxt, int cha > - } > -=C2=A0 > - Session * > -+session_by_id(int id) > -+{ > -+ if (id >=3D 0 && id < sessions_nalloc) { > -+ Session *s =3D &sessions[id]; > -+ if (s->used) > -+ return s; > -+ } > -+ debug("session_by_id: unknown id %d", id); > -+ session_dump(); > -+ return NULL; > -+} > -+ > -+Session * > - session_by_tty(char *tty) > - { > -=C2=A0 int i; > -@@ -2532,6 +2561,32 @@ session_exit_message(Session *s, int sta > -=C2=A0 chan_write_failed(c); > - } > -=C2=A0 > -+#ifdef SSH_AUDIT_EVENTS > -+void > -+session_end_command2(Session *s) > -+{ > -+ if (s->command !=3D NULL) { > -+ if (s->command_handle !=3D -1) > -+ audit_end_command(s->command_handle, s->command); > -+ free(s->command); > -+ s->command =3D NULL; > -+ s->command_handle =3D -1; > -+ } > -+} > -+ > -+static void > -+session_end_command(Session *s) > -+{ > -+ if (s->command !=3D NULL) { > -+ if (s->command_handle !=3D -1) > -+ PRIVSEP(audit_end_command(s->command_handle,=C2=A0 > s->command)); > -+ free(s->command); > -+ s->command =3D NULL; > -+ s->command_handle =3D -1; > -+ } > -+} > -+#endif > -+ > - void > - session_close(Session *s) > - { > -@@ -2540,6 +2593,10 @@ session_close(Session *s) > -=C2=A0 debug("session_close: session %d pid %ld", s->self,=C2=A0 > (long)s->pid); > -=C2=A0 if (s->ttyfd !=3D -1) > -=C2=A0 session_pty_cleanup(s); > -+#ifdef SSH_AUDIT_EVENTS > -+ if (s->command) > -+ session_end_command(s); > -+#endif > -=C2=A0 free(s->term); > -=C2=A0 free(s->display); > -=C2=A0 free(s->x11_chanids); > -@@ -2754,6 +2811,15 @@ do_authenticated2(Authctxt *authctxt) > -=C2=A0 server_loop2(authctxt); > - } > -=C2=A0 > -+static void > -+do_cleanup_one_session(Session *s) > -+{ > -+ session_pty_cleanup2(s); > -+#ifdef SSH_AUDIT_EVENTS > -+ session_end_command2(s); > -+#endif > -+} > -+ > - void > - do_cleanup(Authctxt *authctxt) > - { > -@@ -2802,5 +2868,5 @@ do_cleanup(Authctxt *authctxt) > -=C2=A0 =C2=A0* or if running in monitor. > -=C2=A0 =C2=A0*/ > -=C2=A0 if (!use_privsep || mm_is_monitor()) > -- session_destroy_all(session_pty_cleanup2); > -+ session_destroy_all(do_cleanup_one_session); > - } > -diff -up openssh-6.8p1/session.h.audit openssh-6.8p1/session.h > ---- openssh-6.8p1/session.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/session.h 2015-03-20 13:41:15.097883774 +0100 > -@@ -61,6 +61,12 @@ struct Session { > -=C2=A0 char *name; > -=C2=A0 char *val; > -=C2=A0 } *env; > -+ > -+ /* exec */ > -+#ifdef SSH_AUDIT_EVENTS > -+ int command_handle; > -+ char *command; > -+#endif > - }; > -=C2=A0 > - void =C2=A0do_authenticated(Authctxt *); > -@@ -73,8 +79,10 @@ void =C2=A0session_close_by_pid(pid_t, int); > - void =C2=A0session_close_by_channel(int, void *); > - void =C2=A0session_destroy_all(void (*)(Session *)); > - void =C2=A0session_pty_cleanup2(Session *); > -+void =C2=A0session_end_command2(Session *); > -=C2=A0 > - Session *session_new(void); > -+Session *session_by_id(int); > - Session *session_by_tty(char *); > - void =C2=A0session_close(Session *); > - void =C2=A0do_setusercontext(struct passwd *); > -diff -up openssh-6.8p1/sshd.c.audit openssh-6.8p1/sshd.c > ---- openssh-6.8p1/sshd.c.audit 2015-03-20 13:41:15.083883796 +0100 > -+++ openssh-6.8p1/sshd.c 2015-03-20 13:41:15.110883753 +0100 > -@@ -121,6 +124,7 @@ > - #endif > - #include "monitor_wrap.h" > - #include "roaming.h" > -+#include "audit.h" > - #include "ssh-sandbox.h" > - #include "version.h" > - #include "ssherr.h" > -@@ -260,7 +264,7 @@ Buffer loginmsg; > - struct passwd *privsep_pw =3D NULL; > -=C2=A0 > - /* Prototypes for various functions defined later in this file. */ > --void destroy_sensitive_data(void); > -+void destroy_sensitive_data(int); > - void demote_sensitive_data(void); > -=C2=A0 > - #ifdef WITH_SSH1 > -@@ -281,6 +285,15 @@ close_listen_socks(void) > -=C2=A0 num_listen_socks =3D -1; > - } > -=C2=A0 > -+/* > -+ * Is this process listening for clients (i.e. not specific to any=C2=A0 > specific > -+ * client connection?) > -+ */ > -+int listening_for_clients(void) > -+{ > -+ return num_listen_socks > 0; > -+} > -+ > - static void > - close_startup_pipes(void) > - { > -@@ -560,22 +573,45 @@ sshd_exchange_identification(int sock_in > -=C2=A0 } > - } > -=C2=A0 > --/* Destroy the host and server keys.=C2=A0=C2=A0They will no longer be ne= eded.=C2=A0 > */ > -+/* > -+ * Destroy the host and server keys.=C2=A0=C2=A0They will no longer be ne= eded.=C2=A0=C2=A0 > Careful, > -+ * this can be called from cleanup_exit() - i.e. from just about=C2=A0 > anywhere. > -+ */ > - void > --destroy_sensitive_data(void) > -+destroy_sensitive_data(int privsep) > - { > -=C2=A0 int i; > -+ pid_t pid; > -+ uid_t uid; > -=C2=A0 > -=C2=A0 if (sensitive_data.server_key) { > -=C2=A0 key_free(sensitive_data.server_key); > -=C2=A0 sensitive_data.server_key =3D NULL; > -=C2=A0 } > -+ pid =3D getpid(); > -+ uid =3D getuid(); > -=C2=A0 for (i =3D 0; i < options.num_host_key_files; i++) { > -=C2=A0 if (sensitive_data.host_keys[i]) { > -+ char *fp; > -+ > -+ if (key_is_private(sensitive_data.host_keys[i])) > -+ fp =3D=C2=A0 > sshkey_fingerprint(sensitive_data.host_keys[i],=C2=A0 > options.fingerprint_hash, SSH_FP_HEX); > -+ else > -+ fp =3D NULL; > -=C2=A0 key_free(sensitive_data.host_keys[i]); > -=C2=A0 sensitive_data.host_keys[i] =3D NULL; > -+ if (fp !=3D NULL) { > -+ if (privsep) > -+ PRIVSEP(audit_destroy_sensitive_data > (fp, > -+ pid, uid)); > -+ else > -+ audit_destroy_sensitive_data(fp, > -+ pid, uid); > -+ free(fp); > -+ } > -=C2=A0 } > -- if (sensitive_data.host_certificates[i]) { > -+ if (sensitive_data.host_certificates > -+ =C2=A0=C2=A0=C2=A0=C2=A0&& sensitive_data.host_certificates[i]) { > -=C2=A0 key_free(sensitive_data.host_certificates[i]); > -=C2=A0 sensitive_data.host_certificates[i] =3D NULL; > -=C2=A0 } > -@@ -589,6 +625,8 @@ void > - demote_sensitive_data(void) > - { > -=C2=A0 Key *tmp; > -+ pid_t pid; > -+ uid_t uid; > -=C2=A0 int i; > -=C2=A0 > -=C2=A0 if (sensitive_data.server_key) { > -@@ -597,13 +635,25 @@ demote_sensitive_data(void) > -=C2=A0 sensitive_data.server_key =3D tmp; > -=C2=A0 } > -=C2=A0 > -+ pid =3D getpid(); > -+ uid =3D getuid(); > -=C2=A0 for (i =3D 0; i < options.num_host_key_files; i++) { > -=C2=A0 if (sensitive_data.host_keys[i]) { > -+ char *fp; > -+ > -+ if (key_is_private(sensitive_data.host_keys[i])) > -+ fp =3D=C2=A0 > sshkey_fingerprint(sensitive_data.host_keys[i],=C2=A0 > options.fingerprint_hash, SSH_FP_HEX); > -+ else > -+ fp =3D NULL; > -=C2=A0 tmp =3D key_demote(sensitive_data.host_keys[i]); > -=C2=A0 key_free(sensitive_data.host_keys[i]); > -=C2=A0 sensitive_data.host_keys[i] =3D tmp; > -=C2=A0 if (tmp->type =3D=3D KEY_RSA1) > -=C2=A0 sensitive_data.ssh1_host_key =3D tmp; > -+ if (fp !=3D NULL) { > -+ audit_destroy_sensitive_data(fp, pid, uid); > -+ free(fp); > -+ } > -=C2=A0 } > -=C2=A0 /* Certs do not need demotion */ > -=C2=A0 } > -@@ -675,7 +725,7 @@ privsep_preauth(Authctxt *authctxt) > -=C2=A0 > -=C2=A0 if (use_privsep =3D=3D PRIVSEP_ON) > -=C2=A0 box =3D ssh_sandbox_init(pmonitor); > -- pid =3D fork(); > -+ pmonitor->m_pid =3D pid =3D fork(); > -=C2=A0 if (pid =3D=3D -1) { > -=C2=A0 fatal("fork of unprivileged child failed"); > -=C2=A0 } else if (pid !=3D 0) { > -@@ -759,6 +811,12 @@ privsep_postauth(Authctxt *authctxt) > -=C2=A0 else if (pmonitor->m_pid !=3D 0) { > -=C2=A0 verbose("User child is on pid %ld", (long)pmonitor->m_pid); > -=C2=A0 buffer_clear(&loginmsg); > -+ if (*pmonitor->m_pkex !=3D NULL ){ > -+ =09 > newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_OUT]); > -+ newkeys_destroy((*pmonitor->m_pkex)- > >newkeys[MODE_IN]); > -+ audit_session_key_free_body(2, getpid(), getuid()); > -+ packet_destroy_all(0, 0); > -+ } > -=C2=A0 monitor_child_postauth(pmonitor); > -=C2=A0 > -=C2=A0 /* NEVERREACHED */ > -@@ -1286,6 +1341,7 @@ server_accept_loop(int *sock_in, int *so > -=C2=A0 if (received_sigterm) { > -=C2=A0 logit("Received signal %d; terminating.", > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0(int) received_sigterm); > -+ destroy_sensitive_data(0); > -=C2=A0 close_listen_socks(); > -=C2=A0 if (options.pid_file !=3D NULL) > -=C2=A0 unlink(options.pid_file); > -@@ -2242,6 +2321,7 @@ main(int ac, char **av) > -=C2=A0 =C2=A0*/ > -=C2=A0 if (use_privsep) { > -=C2=A0 mm_send_keystate(pmonitor); > -+ packet_destroy_all(1, 1); > -=C2=A0 exit(0); > -=C2=A0 } > -=C2=A0 > -@@ -2287,7 +2367,7 @@ main(int ac, char **av) > -=C2=A0 privsep_postauth(authctxt); > -=C2=A0 /* the monitor process [priv] will not return */ > -=C2=A0 if (!compat20) > -- destroy_sensitive_data(); > -+ destroy_sensitive_data(0); > -=C2=A0 } > -=C2=A0 > -=C2=A0 packet_set_timeout(options.client_alive_interval, > -@@ -2301,6 +2381,9 @@ main(int ac, char **av) > -=C2=A0 do_authenticated(authctxt); > -=C2=A0 > -=C2=A0 /* The connection has been terminated. */ > -+ packet_destroy_all(1, 1); > -+ destroy_sensitive_data(1); > -+ > -=C2=A0 packet_get_bytes(&ibytes, &obytes); > -=C2=A0 verbose("Transferred: sent %llu, received %llu bytes", > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0(unsigned long long)obytes, (unsigned long = long)ibytes); > -@@ -2461,6 +2544,10 @@ do_ssh1_kex(void) > -=C2=A0 if (cookie[i] !=3D packet_get_char()) > -=C2=A0 packet_disconnect("IP Spoofing check bytes do not=C2=A0 > match."); > -=C2=A0 > -+#ifdef SSH_AUDIT_EVENTS > -+ audit_kex(2, cipher_name(cipher_type), "crc", "none", "none"); > -+#endif > -+ > -=C2=A0 debug("Encryption type: %.200s", cipher_name(cipher_type)); > -=C2=A0 > -=C2=A0 /* Get the encrypted integer. */ > -@@ -2520,7 +2607,7 @@ do_ssh1_kex(void) > -=C2=A0 } > -=C2=A0 > -=C2=A0 /* Destroy the private and public keys. No longer. */ > -- destroy_sensitive_data(); > -+ destroy_sensitive_data(1); > -=C2=A0 > -=C2=A0 if (use_privsep) > -=C2=A0 mm_ssh1_session_id(session_id); > -@@ -2703,6 +2802,16 @@ do_ssh2_kex(void) > - void > - cleanup_exit(int i) > - { > -+ static int in_cleanup =3D 0; > -+ int is_privsep_child; > -+ > -+ /* cleanup_exit can be called at the very least from the privsep > -+ =C2=A0=C2=A0=C2=A0wrappers used for auditing.=C2=A0=C2=A0Make sure we do= n't recurse > -+ =C2=A0=C2=A0=C2=A0indefinitely. */ > -+ if (in_cleanup) > -+ _exit(i); > -+ in_cleanup =3D 1; > -+ > -=C2=A0 if (the_authctxt) { > -=C2=A0 do_cleanup(the_authctxt); > -=C2=A0 if (use_privsep && privsep_is_preauth && > -@@ -2714,9 +2823,14 @@ cleanup_exit(int i) > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0pmonitor->m_pid, strerror(errno)); > -=C2=A0 } > -=C2=A0 } > -+ is_privsep_child =3D use_privsep && pmonitor !=3D NULL &&=C2=A0 > pmonitor->m_pid =3D=3D 0; > -+ if (sensitive_data.host_keys !=3D NULL) > -+ destroy_sensitive_data(is_privsep_child); > -+ packet_destroy_all(1, is_privsep_child); > - #ifdef SSH_AUDIT_EVENTS > -=C2=A0 /* done after do_cleanup so it can cancel the PAM auth 'thread'=C2= =A0 > */ > -- if (!use_privsep || mm_is_monitor()) > -+ if ((the_authctxt =3D=3D NULL || !the_authctxt->authenticated) && > -+ =C2=A0=C2=A0=C2=A0=C2=A0(!use_privsep || mm_is_monitor())) > -=C2=A0 audit_event(SSH_CONNECTION_ABANDON); > - #endif > -=C2=A0 _exit(i); > -diff -up openssh-6.8p1/sshkey.c.audit openssh-6.8p1/sshkey.c > ---- openssh-6.8p1/sshkey.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/sshkey.c 2015-03-20 13:41:15.111883751 +0100 > -@@ -317,6 +319,33 @@ sshkey_type_is_valid_ca(int type) > - } > -=C2=A0 > - int > -+sshkey_is_private(const struct sshkey *k) > -+{ > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0switch (k->type) { > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA_CERT_V00: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA_CERT: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA1: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0return k->rsa->d !=3D NULL; > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA_CERT_V00: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA_CERT: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0return k->dsa->priv_key !=3D NULL; > -+#ifdef OPENSSL_HAS_ECC > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ECDSA_CERT: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ECDSA: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0return EC_KEY_get0_private_key(k->ecdsa) !=3D NULL; > -+#endif > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ED25519_CERT: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ED25519: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0return (k->ed25519_pk !=3D NULL); > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0default: > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0/* fatal("key_is_private: bad key type %d", k->type); */ > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0return 0; > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} > -+} > -+ > -+int > - sshkey_is_cert(const struct sshkey *k) > - { > -=C2=A0 if (k =3D=3D NULL) > -diff -up openssh-6.8p1/sshkey.h.audit openssh-6.8p1/sshkey.h > ---- openssh-6.8p1/sshkey.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > -+++ openssh-6.8p1/sshkey.h 2015-03-20 13:41:15.098883772 +0100 > -@@ -134,6 +134,7 @@ u_int =C2=A0sshkey_size(const struct sshkey > - int =C2=A0sshkey_generate(int type, u_int bits, struct sshkey=C2=A0 > **keyp); > - int =C2=A0sshkey_from_private(const struct sshkey *, struct > sshkey=C2=A0 > **); > - int =C2=A0sshkey_type_from_name(const char *); > -+int =C2=A0sshkey_is_private(const struct sshkey *); > - int =C2=A0sshkey_is_cert(const struct sshkey *); > - int =C2=A0sshkey_type_is_cert(int); > - int =C2=A0sshkey_type_plain(int); > -diff -up openssh-6.8p1/sandbox-seccomp-filter.c.audit=C2=A0 > openssh-6.8p1/sandbox-seccomp-filter.c > ---- openssh-6.8p1/sandbox-seccomp-filter.c.audit 2015-03-20=C2=A0 > 13:41:15.088883788 +0100 > -+++ openssh-6.8p1/sandbox-seccomp-filter.c 2015-03-20=C2=A0 > 13:41:15.097883774 +0100 > -@@ -110,6 +110,12 @@ static const struct sock_filter preauth_ > - #ifdef __NR_time /* not defined on EABI ARM */ > -=C2=A0 SC_ALLOW(time), > - #endif > -+#ifdef SSH_AUDIT_EVENTS > -+ SC_ALLOW(getuid), > -+#ifdef __NR_getuid32 /* not defined on x86_64 */ > -+ SC_ALLOW(getuid32), > -+#endif > -+#endif > -=C2=A0 SC_ALLOW(read), > -=C2=A0 SC_ALLOW(write), > -=C2=A0 SC_ALLOW(close), > diff --git a/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch=C2=A0 > b/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch > deleted file mode 100644 > index 4285bd9..0000000 > --- a/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch > +++ /dev/null > @@ -1,66 +0,0 @@ > -diff --git a/configure.ac b/configure.ac > -index 4065d0e..d59ad44 100644 > ---- a/configure.ac > -+++ b/configure.ac > -@@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("System")=C2=A0 > >=20 > > =3D (60 << 16)) > -=C2=A0 i*86-*) > -=C2=A0 seccomp_audit_arch=3DAUDIT_ARCH_I386 > -=C2=A0 ;; > --=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0arm*-*) > -+ aarch64*-*) > -+ seccomp_audit_arch=3DAUDIT_ARCH_AARCH64 > -+ ;; > -+ arm*-*) > -=C2=A0 seccomp_audit_arch=3DAUDIT_ARCH_ARM > --=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0;; > -+ ;; > -=C2=A0 esac > -=C2=A0 if test "x$seccomp_audit_arch" !=3D "x" ; then > -=C2=A0 AC_MSG_RESULT(["$seccomp_audit_arch"]) > -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c > -index 095b04a..52f6810 100644 > ---- a/sandbox-seccomp-filter.c > -+++ b/sandbox-seccomp-filter.c > -@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] =3D { > -=C2=A0 /* Load the syscall number for checking. */ > -=C2=A0 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, > -=C2=A0 offsetof(struct seccomp_data, nr)), > -- SC_DENY(open, EACCES), > -- SC_DENY(stat, EACCES), > -+ SC_DENY(openat, EACCES), > -+#ifdef __NR_open > -+ SC_DENY(open, EACCES), /* not on AArch64 */ > -+#endif > -+#ifdef __NR_fstat > -+ SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */ > -+#endif > -+#if defined(__NR_stat64) && defined(__NR_fstat64) > -+ SC_DENY(stat64, EACCES), /* ix86, arm */ > -+ SC_DENY(fstat64, EACCES), > -+#endif > -+#ifdef __NR_newfstatat > -+ SC_DENY(newfstatat, EACCES), /* Aarch64 */ > -+#endif > -=C2=A0 SC_ALLOW(getpid), > -=C2=A0 SC_ALLOW(gettimeofday), > -=C2=A0 SC_ALLOW(clock_gettime), > -@@ -111,12 +123,19 @@ static const struct sock_filter preauth_insns[] =3D= =C2=A0 > { > -=C2=A0 SC_ALLOW(shutdown), > - #endif > -=C2=A0 SC_ALLOW(brk), > -+#ifdef __NR_poll /* not on AArch64 */ > -=C2=A0 SC_ALLOW(poll), > -+#endif > - #ifdef __NR__newselect > -=C2=A0 SC_ALLOW(_newselect), > - #else > -+#ifdef __NR_select /* not on AArch64 */ > -=C2=A0 SC_ALLOW(select), > - #endif > -+#ifdef __NR_pselect6 /* AArch64 */ > -+ SC_ALLOW(pselect6), > -+#endif > -+#endif > -=C2=A0 SC_ALLOW(madvise), > - #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ > -=C2=A0 SC_ALLOW(mmap2), --===============4242799395951691228== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSllyV0pIQUFvSkVJQjU4UDl2a0FrSFN3c1AvME9KVys4eXhycFdmZ2YwRjdLakMvbnQK VTFvUkRsaHZZQ2RIZ0g1d0pRdkRGZjZlZHFIWEZyM2ZWRkNzQ3NWNE9sUmtXMngvblJ4Q0NROEIz QTdZYWdISApqenpNLy82RDY5TkM5MUlDMWQ2cmllMVdzdGtlbHBYREtkcGQxa0JBeWRDOEUzZFk5 QU82Qy82U2VRVTFtVS82ClFOOGR6TzJwUW8xYWMrd3E2WitmOVRsUitiSDVHdDh3WXJnc3U2eEhn ZTNNNUxaRVFBQWdaN0drRkRxakgrU2IKQkhTR0k2RzVQR25hU2p3Vjh2bVY1Nk9JUExleU5EbGRB U0lPKytsNUd2cXh3NDFKdWpQdy9xVjhSOTVwNzNQVgphVU11WTBxZ29iN1EyOFJObCtMM2hHSUxa M3VFQmtSSWdkdlJ1aHhBMmc3ZC96RTVieFg4SUpXOW0zdU5HVXlHCnhvNmtSMGFiaXEyenQvVzBM SmlZaUlMVm0wUWdkZStHNnhCZExIZDhNbTdSQ0VxZnMweEk4ODZyMHBvUGtRU24KaTV5VDdwTFVN amRBM3JMNEw1TEFoVEpNMXQxQ2NraTFrT3N1bXk2YVVVTUx0Z3dVYytvWWYxTG9tc2xnZm9SUApa TE55ejVhTXBzNk5JeUZmUVRSdjk0UnpEVGNOZTlOYitIWGs1eGRYKzI2QUg5NmN2dkxKN2dreWxU VWxJZVZuCitiUUVRY1BGdk5Rekd6WE9WbnEySDZEaWhZbTN5V0VGcmo1bzMxN0UzUUh0OFJHcmRj VGswVjE5b2hjNWFQeG4KVldvQWNoL1VVQTBTcFRCRDZ0OGNjcjVMd0tjMFR2KzRrYWFmYytPTXVX cERCTjY0ZEkvWFVaaDg5dWJrWGt1Mgp5TFhOMlA5ZDNhTE52djZLa0UyKwo9YW41VQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============4242799395951691228==--