From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] openssh: Update to 7.3p1. Date: Mon, 27 Feb 2017 12:04:10 +0000 Message-ID: <1488197050.24657.231.camel@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7294461796715931348==" List-Id: --===============7294461796715931348== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Wed, 2017-02-22 at 14:25 -0500, Kienker, Fred wrote: > Information on PCIDSS:=C2=A0 > https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >=20 > In the United States, many small businesses process payment card=C2=A0 > payments via a web browser. They are periodically required to pass a=C2=A0 > security audit for the bank or payment processing firm which checks the=C2= =A0 > security of their IT systems. This is to prevent malicious break ins and=C2= =A0 > thefts via an compromised firewall, server, computer, etc. Yes, they=C2=A0 > check everything - including firewalls. Businesses whose networks do not=C2= =A0 > pass may have their payment processing privileges suspended. Big cash=C2=A0 > flow problem if you accept credit or debit cards. >=20 > Currently to pass a PCI audit, the openssh package on Linux must be at=C2=A0 > least version 7.4. IPFire 2 is currently at 7.3 (I believe) so it will=C2=A0 > not pass. Updating to the current 7.4 version will solve the problem.=C2=A0 > The most of the problem appears to be over key length. 7.4 will not use=C2= =A0 > the shorter keys that 7.3 will. IPFire has been moving away from the=C2=A0 > older shorter keys anyway, and this is just another step in that=C2=A0 > process. Existing shorter keys might have to be regenerated. Well, we change the standard configuration of OpenSSH and do not allow old/bad keys, but for the certification it is probably easier to require a certain version. We can easily update and ship this with the next core update. > Currently the work-around is to disable exteral ssh access from IPFire=C2=A0 > and *never* turn it on. This is a *real* pain when it comes to remote=C2=A0 > support of IPFire. Agreed. > If this is not a priority, I completely understand. It just means moving=C2= =A0 > the affected systems to different firewall software. I don't think that there is any need to do that. Best, -Michael >=20 > Thanks in advance! > Fred >=20 >=20 > From the openssh 7.4 release notes: >=20 > Potentially-incompatible changes > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D >=20 > This release includes a number of changes that may affect existing > configurations: >=20 > =C2=A0* This release removes server support for the SSH v.1 protocol. >=20 > =C2=A0* ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit > =C2=A0=C2=A0=C2=A0block ciphers are not safe in 2016 and we don't want to w= ait until > =C2=A0=C2=A0=C2=A0attacks like SWEET32 are extended to SSH. As 3des-cbc was= the > =C2=A0=C2=A0=C2=A0only mandatory cipher in the SSH RFCs, this may cause pro= blems > =C2=A0=C2=A0=C2=A0connecting to older devices using the default configurati= on, > =C2=A0=C2=A0=C2=A0but it's highly likely that such devices already need exp= licit > =C2=A0=C2=A0=C2=A0configuration for key exchange and hostkey algorithms alr= eady > =C2=A0=C2=A0=C2=A0anyway. > =C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0* sshd(8): Remove support for pre-authentication compression. > =C2=A0=C2=A0=C2=A0Doing compression early in the protocol probably seemed r= easonable > =C2=A0=C2=A0=C2=A0in the 1990s, but today it's clearly a bad idea in terms = of both > =C2=A0=C2=A0=C2=A0cryptography (cf. multiple compression oracle attacks in = TLS) and > =C2=A0=C2=A0=C2=A0attack surface. Pre-auth compression support has been dis= abled by > =C2=A0=C2=A0=C2=A0default for >10 years. Support remains in the client. > =C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0* ssh-agent will refuse to load PKCS#11 modules outside a whitelist > =C2=A0=C2=A0=C2=A0of trusted paths by default. The path whitelist may be sp= ecified > =C2=A0=C2=A0=C2=A0at run-time. >=20 > =C2=A0* sshd(8): When a forced-command appears in both a certificate and > =C2=A0=C2=A0=C2=A0an authorized keys/principals command=3D restriction, ssh= d will now > =C2=A0=C2=A0=C2=A0refuse to accept the certificate unless they are identica= l. > =C2=A0=C2=A0=C2=A0The previous (documented) behaviour of having the certifi= cate > =C2=A0=C2=A0=C2=A0forced-command override the other could be a bit confusin= g and > =C2=A0=C2=A0=C2=A0error-prone. > =C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0* sshd(8): Remove the UseLogin configuration directive and support > =C2=A0=C2=A0=C2=A0for having /bin/login manage login sessions. >=20 >=20 > -----Original Message----- > From: Michael Tremer [mailto:michael.tremer(a)ipfire.org]=C2=A0 > Sent: Wednesday, February 22, 2017 5:05 AM > To: Kienker, Fred ; development=C2=A0 > > Subject: Re: [PATCH] openssh: Update to 7.3p1. >=20 > Hi Fred, >=20 > you are referring to IPFire 3 here, but I suppose that you are rather=C2=A0 > using > IPFire 2 in production. >=20 > This version of IPFire comes with OpenSSH 7.3p1: >=20 > =C2=A0=C2=A0 > http://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dlfs/openssh;h=3D371d= 0df4ac09c41 > 06f761886fa4e3f6107bd2265;hb=3DHEAD >=20 > It would be helpful if you could give us some more context about your > environment, why PCI compliance is required and what other things=C2=A0 > probably need > to be mended to comply or even comply better. >=20 > Best, > -Michael >=20 > On Tue, 2017-02-21 at 14:39 -0500, Kienker, Fred wrote: > >=20 > > FYI: > >=20 > > This is no longer considered "current" enough to pass a PCI=C2=A0 > Compliance=C2=A0 > >=20 > > audit. Only a version > 7.4 will now pass due to CVE-2016-10009.=C2=A0 > > Anyone using an IPFire firewall system who has to pass a PCI=C2=A0 > Compliance=C2=A0 > >=20 > > audit will have to disable ssh access until this is updated to at=C2=A0 > least=C2=A0 > >=20 > > 7.4. > >=20 > > Fred Kienker > >=20 > > -----Original Message----- > > From: Stefan Schantl [mailto:stefan.schantl(a)ipfire.org]=C2=A0 > > Sent: Wednesday, November 30, 2016 7:02 AM > > To: development(a)lists.ipfire.org > > Subject: [PATCH] openssh: Update to 7.3p1. > >=20 > > This is a major update to the latest stable version of OpenSSH. > >=20 > > * Drop not longer required patches. > > * Drop SElinux support. > >=20 > > Fixes #11218. > >=20 > > Signed-off-by: Stefan Schantl > > --- > > =C2=A0openssh/openssh.nm=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0|= =C2=A0=C2=A0=C2=A0=C2=A08 +- > > =C2=A0openssh/patches/openssh-6.7p1-audit.patch=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0| 2332=C2=A0 > > -------------------- > > =C2=A0.../patches/openssh-6.7p1-seccomp-aarch64.patch=C2=A0=C2=A0=C2=A0= =C2=A0|=C2=A0=C2=A0=C2=A066 - > > =C2=A03 files changed, 3 insertions(+), 2403 deletions(-) > > =C2=A0delete mode 100644 openssh/patches/openssh-6.7p1-audit.patch > > =C2=A0delete mode 100644=C2=A0 > openssh/patches/openssh-6.7p1-seccomp-aarch64.patch > >=20 > >=20 > > diff --git a/openssh/openssh.nm b/openssh/openssh.nm > > index 8489438..2e8de76 100644 > > --- a/openssh/openssh.nm > > +++ b/openssh/openssh.nm > > @@ -4,8 +4,8 @@ > >=20 > =C2=A0#####################################################################= ## > >=20 > > ######## > > =C2=A0 > > =C2=A0name=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D openssh > > -version=C2=A0=C2=A0=C2=A0=C2=A0=3D 6.8p1 > > -release=C2=A0=C2=A0=C2=A0=C2=A0=3D 2 > > +version=C2=A0=C2=A0=C2=A0=C2=A0=3D 7.3p1 > > +release=C2=A0=C2=A0=C2=A0=C2=A0=3D 1 > > =C2=A0 > > =C2=A0groups=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D Application/Internet > > =C2=A0url=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=3D http://www.o= penssh.com/portable.html > > @@ -28,10 +28,9 @@ build > > =C2=A0 automake > > =C2=A0 groff > > =C2=A0 libedit-devel > > - libselinux-devel > > =C2=A0 ncurses-devel > > =C2=A0 openldap-devel > > - openssl-devel >=3D 1.0.0d-2 > > + openssl-devel >=3D 1.0.2 > > =C2=A0 pam-devel > > =C2=A0 util-linux > > =C2=A0 zlib-devel > > @@ -51,7 +50,6 @@ build > > =C2=A0 --with-ipaddr-display \ > > =C2=A0 --with-pam \ > > =C2=A0 --with-libedit \ > > - --with-selinux \ > > =C2=A0 --with-audit=3Dlinux > > =C2=A0 > > =C2=A0 prepare_cmds > > diff --git a/openssh/patches/openssh-6.7p1-audit.patch=C2=A0 > > b/openssh/patches/openssh-6.7p1-audit.patch > > deleted file mode 100644 > > index 213ca67..0000000 > > --- a/openssh/patches/openssh-6.7p1-audit.patch > > +++ /dev/null > > @@ -1,2332 +0,0 @@ > > -diff -up openssh-6.8p1/Makefile.in.audit openssh-6.8p1/Makefile.in > > ---- openssh-6.8p1/Makefile.in.audit 2015-03-20=C2=A0 > 13:41:15.065883826=C2=A0 > >=20 > > +0100 > > -+++ openssh-6.8p1/Makefile.in 2015-03-20 13:41:15.100883769 +0100 > > -@@ -98,7 +98,7 @@ LIBSSH_OBJS=3D${LIBOPENSSH_OBJS} \ > > -=C2=A0 sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o=C2=A0 > blocks.o=C2=A0 > >=20 > > \ > > -=C2=A0 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ > > -=C2=A0 kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ > > -- kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o > > -+ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o auditstub.o > > -=C2=A0 > > - SSHOBJS=3D ssh.o readconf.o clientloop.o sshtty.o \ > > -=C2=A0 sshconnect.o sshconnect1.o sshconnect2.o mux.o \ > > -diff -up openssh-6.8p1/audit-bsm.c.audit openssh-6.8p1/audit-bsm.c > > ---- openssh-6.8p1/audit-bsm.c.audit 2015-03-17=C2=A0 > 06:49:20.000000000=C2=A0 > >=20 > > +0100 > > -+++ openssh-6.8p1/audit-bsm.c 2015-03-20 13:41:15.092883782 +0100 > > -@@ -375,10 +375,23 @@ audit_connection_from(const char *host, > > - #endif > > - } > > -=C2=A0 > > --void > > -+int > > - audit_run_command(const char *command) > > - { > > -=C2=A0 /* not implemented */ > > -+ return 0; > > -+} > > -+ > > -+void > > -+audit_end_command(int handle, const char *command) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_count_session_open(void) > > -+{ > > -+ /* not necessary */ > > - } > > -=C2=A0 > > - void > > -@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li) > > -=C2=A0 /* not implemented */ > > - } > > -=C2=A0 > > -+int > > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2= =A0 > > *fp, int rv) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > - void > > - audit_event(ssh_audit_event_t event) > > - { > > -@@ -454,4 +473,40 @@ audit_event(ssh_audit_event_t event) > > -=C2=A0 debug("%s: unhandled event %d", __func__, event); > > -=C2=A0 } > > - } > > -+ > > -+void > > -+audit_unsupported_body(int what) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2= =A0 > > *pfs, pid_t pid, uid_t uid) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_destroy_sensitive_data(const char *fp) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > > -+{ > > -+ /* not implemented */ > > -+} > > -+ > > -+void > > -+audit_generate_ephemeral_server_key(const char *fp) > > -+{ > > -+ /* not implemented */ > > -+} > > - #endif /* BSM */ > > -diff -up openssh-6.8p1/audit-linux.c.audit=C2=A0 > openssh-6.8p1/audit-linux.c > >=20 > > ---- openssh-6.8p1/audit-linux.c.audit 2015-03-17=C2=A0 > 06:49:20.000000000=C2=A0 > >=20 > > +0100 > > -+++ openssh-6.8p1/audit-linux.c 2015-03-20 13:41:15.093883780=C2=A0 > +0100 > >=20 > > -@@ -35,13 +35,25 @@ > > -=C2=A0 > > - #include "log.h" > > - #include "audit.h" > > -+#include "key.h" > > -+#include "hostfile.h" > > -+#include "auth.h" > > -+#include "misc.h"=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0/* servconf.h need= s misc.h for struct=C2=A0 > > ForwardOptions */ > > -+#include "servconf.h" > > - #include "canohost.h" > > -+#include "packet.h" > > -+#include "cipher.h" > > -=C2=A0 > > -+#define AUDIT_LOG_SIZE 256 > > -+ > > -+extern ServerOptions options; > > -+extern Authctxt *the_authctxt; > > -+extern u_int utmp_len; > > - const char* audit_username(void); > > -=C2=A0 > > --int > > --linux_audit_record_event(int uid, const char *username, > > --=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const cha= r *ttyn, int=C2=A0 > > success) > > -+static void > > -+linux_audit_user_logxxx(int uid, const char *username, > > -+=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const cha= r *ttyn, int=C2=A0 > > success, int event) > > - { > > -=C2=A0 int audit_fd, rc, saved_errno; > > -=C2=A0 > > -@@ -49,11 +61,11 @@ linux_audit_record_event(int uid, const char=C2=A0 > > *username, > > -=C2=A0 if (audit_fd < 0) { > > -=C2=A0 if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0errno =3D=3D EAFNOSUPPORT) > > -- return 1; /* No audit support in kernel */ > > -+ return; /* No audit support in kernel */ > > -=C2=A0 else > > -- return 0; /* Must prevent login */ > > -+ goto fatal_report; /* Must prevent login */ > > -=C2=A0 } > > -- rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, > > -+ rc =3D audit_log_acct_message(audit_fd, event, > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0NULL, "login", username ? username : "(un= known)", > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0username =3D=3D NULL ? uid : -1, hostname= , ip, ttyn, success); > > -=C2=A0 saved_errno =3D errno; > > -@@ -65,35 +77,154 @@ linux_audit_record_event(int uid, const char=C2=A0 > > *username, > > -=C2=A0 if ((rc =3D=3D -EPERM) && (geteuid() !=3D 0)) > > -=C2=A0 rc =3D 0; > > -=C2=A0 errno =3D saved_errno; > > -- return (rc >=3D 0); > > -+ if (rc < 0) { > > -+fatal_report: > > -+ fatal("linux_audit_write_entry failed: %s",=C2=A0 > > strerror(errno)); > > -+ } > > - } > > -=C2=A0 > > -+static void > > -+linux_audit_user_auth(int uid, const char *username, > > -+=C2=A0=C2=A0=C2=A0=C2=A0const char *hostname, const char *ip, const cha= r *ttyn, int=C2=A0 > > success, int event) > > -+{ > > -+ int audit_fd, rc, saved_errno; > > -+ static const char *event_name[] =3D { > > -+ "maxtries exceeded", > > -+ "root denied", > > -+ "success", > > -+ "none", > > -+ "password", > > -+ "challenge-response", > > -+ "pubkey", > > -+ "hostbased", > > -+ "gssapi", > > -+ "invalid user", > > -+ "nologin", > > -+ "connection closed", > > -+ "connection abandoned", > > -+ "unknown" > > -+ }; > > -+ > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > > -+ =C2=A0=C2=A0=C2=A0=C2=A0errno =3D=3D EAFNOSUPPORT) > > -+ return; /* No audit support in kernel */ > > -+ else > > -+ goto fatal_report; /* Must prevent login */ > > -+ } > > -+=09 > > -+ if ((event < 0) || (event > SSH_AUDIT_UNKNOWN)) > > -+ event =3D SSH_AUDIT_UNKNOWN; > > -+ > > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, event_name[event], username ? username := "(unknown)", > > -+ =C2=A0=C2=A0=C2=A0=C2=A0username =3D=3D NULL ? uid : -1, hostname, ip,= ttyn, success); > > -+ saved_errno =3D errno; > > -+ close(audit_fd); > > -+ /* > > -+ =C2=A0* Do not report error if the error is EPERM and sshd is run=C2=A0 > as=C2=A0 > >=20 > > non > > -+ =C2=A0* root user. > > -+ =C2=A0*/ > > -+ if ((rc =3D=3D -EPERM) && (geteuid() !=3D 0)) > > -+ rc =3D 0; > > -+ errno =3D saved_errno; > > -+ if (rc < 0) { > > -+fatal_report: > > -+ fatal("linux_audit_write_entry failed: %s",=C2=A0 > > strerror(errno)); > > -+ } > > -+} > > -+ > > -+int > > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2= =A0 > > *fp, int rv) > > -+{ > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ int audit_fd, rc, saved_errno; > > -+ > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > > -+ =C2=A0errno =3D=3D EAFNOSUPPORT) > > -+ return 1; /* No audit support in kernel */ > > -+ =09 > else=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > >=20 > > =C2=A0 > >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0 > >=20 > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > > -+ return 0; /* Must prevent login */ > > -+ } > > -+ snprintf(buf, sizeof(buf), "%s_auth rport=3D%d", host_user ?=C2=A0 > > "pubkey" : "hostbased", get_remote_port()); > > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, > > -+ buf, audit_username(), -1, NULL, get_remote_ipaddr(),=C2=A0 > NULL,=C2=A0 > >=20 > > rv); > > -+ if ((rc < 0) && ((rc !=3D -1) || (getuid() =3D=3D 0))) > > -+ goto out; > > -+ /* is the fingerprint_prefix() still needed?=C2=A0 > > -+ snprintf(buf, sizeof(buf), "key algo=3D%s size=3D%d fp=3D%s%s=C2=A0 > > rport=3D%d", > > -+ type, bits, sshkey_fingerprint_prefix(), fp,=C2=A0 > > get_remote_port()); > > -+ */ > > -+ snprintf(buf, sizeof(buf), "key algo=3D%s size=3D%d fp=3D%s=C2=A0 > rport=3D%d", > >=20 > > -+ type, bits, fp, get_remote_port()); > > -+ rc =3D audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, > > -+ buf, audit_username(), -1, NULL, get_remote_ipaddr(),=C2=A0 > NULL,=C2=A0 > >=20 > > rv); > > -+out: > > -+ saved_errno =3D errno; > > -+ audit_close(audit_fd); > > -+ errno =3D saved_errno; > > -+ /* do not report error if the error is EPERM and sshd is run=C2=A0 > as=C2=A0 > >=20 > > non root user */ > > -+ return (rc >=3D 0) || ((rc =3D=3D -EPERM) && (getuid() !=3D 0)); > > -+} > > -+ > > -+static int user_login_count =3D 0; > > -+ > > - /* Below is the sshd audit API code */ > > -=C2=A0 > > - void > > - audit_connection_from(const char *host, int port) > > - { > > --} > > -=C2=A0 /* not implemented */ > > -+} > > -=C2=A0 > > --void > > -+int > > - audit_run_command(const char *command) > > - { > > -- /* not implemented */ > > -+ if (!user_login_count++)=C2=A0 > > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > > get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGIN); > > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > > get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_START); > > -+ return 0; > > -+} > > -+ > > -+void > > -+audit_end_command(int handle, const char *command) > > -+{ > > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > > get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_END); > > -+ if (user_login_count && !--user_login_count)=C2=A0 > > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL,=C2=A0 > > get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGOUT); > > -+} > > -+ > > -+void > > -+audit_count_session_open(void) > > -+{ > > -+ user_login_count++; > > - } > > -=C2=A0 > > - void > > - audit_session_open(struct logininfo *li) > > - { > > -- if (linux_audit_record_event(li->uid, NULL, li->hostname, > > -- =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1) =3D=3D 0) > > -- fatal("linux_audit_write_entry failed: %s",=C2=A0 > > strerror(errno)); > > -+ if (!user_login_count++)=C2=A0 > > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_LOGIN); > > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_START); > > - } > > -=C2=A0 > > - void > > - audit_session_close(struct logininfo *li) > > - { > > -- /* not implemented */ > > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_END); > > -+ if (user_login_count && !--user_login_count)=C2=A0 > > -+ linux_audit_user_logxxx(li->uid, NULL, li->hostname, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, li->line, 1, AUDIT_USER_LOGOUT); > > - } > > -=C2=A0 > > - void > > -@@ -101,21 +232,43 @@ audit_event(ssh_audit_event_t event) > > - { > > -=C2=A0 switch(event) { > > -=C2=A0 case SSH_AUTH_SUCCESS: > > -- case SSH_CONNECTION_CLOSE: > > -+ linux_audit_user_auth(-1, audit_username(), NULL, > > -+ get_remote_ipaddr(), "ssh", 1, event); > > -+ break; > > -+ > > -=C2=A0 case SSH_NOLOGIN: > > -- case SSH_LOGIN_EXCEED_MAXTRIES: > > -=C2=A0 case SSH_LOGIN_ROOT_DENIED: > > -+ linux_audit_user_auth(-1, audit_username(), NULL, > > -+ get_remote_ipaddr(), "ssh", 0, event); > > -+ linux_audit_user_logxxx(-1, audit_username(), NULL, > > -+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); > > -=C2=A0 break; > > -=C2=A0 > > -+ case SSH_LOGIN_EXCEED_MAXTRIES: > > -=C2=A0 case SSH_AUTH_FAIL_NONE: > > -=C2=A0 case SSH_AUTH_FAIL_PASSWD: > > -=C2=A0 case SSH_AUTH_FAIL_KBDINT: > > -=C2=A0 case SSH_AUTH_FAIL_PUBKEY: > > -=C2=A0 case SSH_AUTH_FAIL_HOSTBASED: > > -=C2=A0 case SSH_AUTH_FAIL_GSSAPI: > > -+ linux_audit_user_auth(-1, audit_username(), NULL, > > -+ get_remote_ipaddr(), "ssh", 0, event); > > -+ break; > > -+ > > -+ case SSH_CONNECTION_CLOSE: > > -+ if (user_login_count) { > > -+ while (user_login_count--) > > -+ linux_audit_user_logxxx(the_authctxt->pw- > > >=20 > > > pw_uid,=C2=A0 > > NULL, get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_END); > > -+ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, > > NULL,=C2=A0 > > get_remote_name_or_ip(utmp_len, options.use_dns), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0NULL, "ssh", 1, AUDIT_USER_LOGOUT); > > -+ } > > -+ break; > > -+ > > -+ case SSH_CONNECTION_ABANDON: > > -=C2=A0 case SSH_INVALID_USER: > > -- linux_audit_record_event(-1, audit_username(), NULL, > > -- get_remote_ipaddr(), "sshd", 0); > > -+ linux_audit_user_logxxx(-1, audit_username(), NULL, > > -+ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); > > -=C2=A0 break; > > -=C2=A0 > > -=C2=A0 default: > > -@@ -123,4 +276,135 @@ audit_event(ssh_audit_event_t event) > > -=C2=A0 } > > - } > > -=C2=A0 > > -+void > > -+audit_unsupported_body(int what) > > -+{ > > -+#ifdef AUDIT_CRYPTO_SESSION > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ const static char *name[] =3D { "cipher", "mac", "comp" }; > > -+ char *s; > > -+ int audit_fd; > > -+ > > -+ snprintf(buf, sizeof(buf), "op=3Dunsupported-%s direction=3D?=C2=A0 > > cipher=3D? ksize=3D? rport=3D%d laddr=3D%s lport=3D%d ", > > -+ name[what], get_remote_port(), (s =3D=C2=A0 > > get_local_ipaddr(packet_get_connection_in())), > > -+ get_local_port()); > > -+ free(s); > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) > > -+ /* no problem, the next instruction will be fatal() */ > > -+ return; > > -+ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, > > -+ buf, NULL, get_remote_ipaddr(), NULL, 0); > > -+ audit_close(audit_fd); > > -+#endif > > -+} > > -+ > > -+const static char *direction[] =3D { "from-server", "from-client",=C2=A0 > > "both" }; > > -+ > > -+void > > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2= =A0 > > *pfs, pid_t pid, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0uid_t uid) > > -+{ > > -+#ifdef AUDIT_CRYPTO_SESSION > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ int audit_fd, audit_ok; > > -+ const Cipher *cipher =3D cipher_by_name(enc); > > -+ char *s; > > -+ > > -+ snprintf(buf, sizeof(buf), "op=3Dstart direction=3D%s cipher=3D%s=C2=A0 > > ksize=3D%d mac=3D%s pfs=3D%s spid=3D%jd suid=3D%jd rport=3D%d laddr=3D%s = lport=3D%d ", > > -+ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, > > mac,=C2=A0 > > pfs, > > -+ (intmax_t)pid, (intmax_t)uid, > > -+ get_remote_port(), (s =3D=C2=A0 > > get_local_ipaddr(packet_get_connection_in())), get_local_port()); > > -+ free(s); > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno =3D=3D EINVAL || errno =3D=3D EPROTONOSUPPORT || > > -+ =C2=A0errno =3D=3D EAFNOSUPPORT) > > -+ return; /* No audit support in kernel */ > > -+ =09 > else=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > >=20 > > =C2=A0 > >=20 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0 > >=20 > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > > -+ fatal("cannot open audit"); /* Must prevent login > > */ > > -+ } > > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > AUDIT_CRYPTO_SESSION, > >=20 > > -+ buf, NULL, get_remote_ipaddr(), NULL, 1); > > -+ audit_close(audit_fd); > > -+ /* do not abort if the error is EPERM and sshd is run as non=C2=A0 > root=C2=A0 > >=20 > > user */ > > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > > -+ fatal("cannot write into audit"); /* Must prevent login */ > > -+#endif > > -+} > > -+ > > -+void > > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > > -+{ > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ int audit_fd, audit_ok; > > -+ char *s; > > -+ > > -+ snprintf(buf, sizeof(buf), "op=3Ddestroy kind=3Dsession fp=3D?=C2=A0 > > direction=3D%s spid=3D%jd suid=3D%jd rport=3D%d laddr=3D%s lport=3D%d ", > > -+ =C2=A0direction[ctos], (intmax_t)pid, (intmax_t)uid, > > -+ =C2=A0get_remote_port(), > > -+ =C2=A0(s =3D get_local_ipaddr(packet_get_connection_in())), > > -+ =C2=A0get_local_port()); > > -+ free(s); > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > > -+ =C2=A0errno !=3D EAFNOSUPPORT) > > -+ error("cannot open audit"); > > -+ return; > > -+ } > > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > > AUDIT_CRYPTO_KEY_USER, > > -+ buf, NULL, get_remote_ipaddr(), NULL, 1); > > -+ audit_close(audit_fd); > > -+ /* do not abort if the error is EPERM and sshd is run as non=C2=A0 > root=C2=A0 > >=20 > > user */ > > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > > -+ error("cannot write into audit"); > > -+} > > -+ > > -+void > > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > > -+{ > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ int audit_fd, audit_ok; > > -+ > > -+ snprintf(buf, sizeof(buf), "op=3Ddestroy kind=3Dserver fp=3D%s=C2=A0 > > direction=3D? spid=3D%jd suid=3D%jd ", > > -+ fp, (intmax_t)pid, (intmax_t)uid); > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > > -+ =C2=A0errno !=3D EAFNOSUPPORT) > > -+ error("cannot open audit"); > > -+ return; > > -+ } > > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > > AUDIT_CRYPTO_KEY_USER, > > -+ buf, NULL, > > -+ listening_for_clients() ? get_remote_ipaddr() : > > NULL, > > -+ NULL, 1); > > -+ audit_close(audit_fd); > > -+ /* do not abort if the error is EPERM and sshd is run as non=C2=A0 > root=C2=A0 > >=20 > > user */ > > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > > -+ error("cannot write into audit"); > > -+} > > -+ > > -+void > > -+audit_generate_ephemeral_server_key(const char *fp) > > -+{ > > -+ char buf[AUDIT_LOG_SIZE]; > > -+ int audit_fd, audit_ok; > > -+ > > -+ snprintf(buf, sizeof(buf), "op=3Dcreate kind=3Dserver fp=3D%s=C2=A0 > > direction=3D? ", fp); > > -+ audit_fd =3D audit_open(); > > -+ if (audit_fd < 0) { > > -+ if (errno !=3D EINVAL && errno !=3D EPROTONOSUPPORT && > > -+ =C2=A0errno !=3D EAFNOSUPPORT) > > -+ error("cannot open audit"); > > -+ return; > > -+ } > > -+ audit_ok =3D audit_log_user_message(audit_fd,=C2=A0 > > AUDIT_CRYPTO_KEY_USER, > > -+ buf, NULL, 0, NULL, 1); > > -+ audit_close(audit_fd); > > -+ /* do not abort if the error is EPERM and sshd is run as non=C2=A0 > root=C2=A0 > >=20 > > user */ > > -+ if ((audit_ok < 0) && ((audit_ok !=3D -1) || (getuid() =3D=3D 0))) > > -+ error("cannot write into audit"); > > -+} > > - #endif /* USE_LINUX_AUDIT */ > > -diff -up openssh-6.8p1/audit.c.audit openssh-6.8p1/audit.c > > ---- openssh-6.8p1/audit.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/audit.c 2015-03-20 13:41:15.093883780 +0100 > > -@@ -28,6 +28,7 @@ > > -=C2=A0 > > - #include > > - #include > > -+#include > > -=C2=A0 > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0 > > -@@ -36,6 +37,11 @@ > > - #include "key.h" > > - #include "hostfile.h" > > - #include "auth.h" > > -+#include "ssh-gss.h" > > -+#include "monitor_wrap.h" > > -+#include "xmalloc.h" > > -+#include "misc.h" > > -+#include "servconf.h" > > -=C2=A0 > > - /* > > -=C2=A0=C2=A0* Care must be taken when using this since it WILL NOT be=C2= =A0 > initialized=C2=A0 > >=20 > > when > > -@@ -43,6 +49,7 @@ > > -=C2=A0=C2=A0* audit_event(CONNECTION_ABANDON) is called.=C2=A0=C2=A0Test= for NULL before=C2=A0 > > using. > > -=C2=A0=C2=A0*/ > > - extern Authctxt *the_authctxt; > > -+extern ServerOptions options; > > -=C2=A0 > > - /* Maybe add the audit class to struct Authmethod? */ > > - ssh_audit_event_t > > -@@ -71,13 +78,10 @@ audit_classify_auth(const char *method) > > - const char * > > - audit_username(void) > > - { > > -- static const char unknownuser[] =3D "(unknown user)"; > > -- static const char invaliduser[] =3D "(invalid user)"; > > -+ static const char unknownuser[] =3D "(unknown)"; > > -=C2=A0 > > -- if (the_authctxt =3D=3D NULL || the_authctxt->user =3D=3D NULL) > > -+ if (the_authctxt =3D=3D NULL || the_authctxt->user =3D=3D NULL ||=C2=A0 > > !the_authctxt->valid) > > -=C2=A0 return (unknownuser); > > -- if (!the_authctxt->valid) > > -- return (invaliduser); > > -=C2=A0 return (the_authctxt->user); > > - } > > -=C2=A0 > > -@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev) > > -=C2=A0 return(event_lookup[i].name); > > - } > > -=C2=A0 > > -+void > > -+audit_key(int host_user, int *rv, const Key *key) > > -+{ > > -+ char *fp; > > -+ const char *crypto_name; > > -+ > > -+ fp =3D sshkey_fingerprint(key, options.fingerprint_hash,=C2=A0 > > SSH_FP_HEX); > > -+ if (key->type =3D=3D KEY_RSA1) > > -+ crypto_name =3D "ssh-rsa1"; > > -+ else > > -+ crypto_name =3D key_ssh_name(key); > > -+ if (audit_keyusage(host_user, crypto_name, key_size(key), fp,=C2=A0 > > *rv) =3D=3D 0) > > -+ *rv =3D 0; > > -+ free(fp); > > -+} > > -+ > > -+void > > -+audit_unsupported(int what) > > -+{ > > -+ PRIVSEP(audit_unsupported_body(what)); > > -+} > > -+ > > -+void > > -+audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) > > -+{ > > -+ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, pfs, getpid(),=C2=A0 > > getuid())); > > -+} > > -+ > > -+void > > -+audit_session_key_free(int ctos) > > -+{ > > -+ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); > > -+} > > -+ > > - # ifndef CUSTOM_SSH_AUDIT_EVENTS > > - /* > > -=C2=A0=C2=A0* Null implementations of audit functions. > > -@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event) > > - } > > -=C2=A0 > > - /* > > -+ * Called when a child process has called, or will soon call, > > -+ * audit_session_open. > > -+ */ > > -+void > > -+audit_count_session_open(void) > > -+{ > > -+ debug("audit count session open euid %d user %s", geteuid(), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0audit_username()); > > -+} > > -+ > > -+/* > > -=C2=A0=C2=A0* Called when a user session is started.=C2=A0=C2=A0Argument= is the tty=C2=A0 > > allocated to > > -=C2=A0=C2=A0* the session, or NULL if no tty was allocated. > > -=C2=A0=C2=A0* > > -@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li) > > - /* > > -=C2=A0=C2=A0* This will be called when a user runs a non-interactive com= mand.=C2=A0=C2=A0 > > Note that > > -=C2=A0=C2=A0* it may be called multiple times for a single connection si= nce=C2=A0 > SSH2=C2=A0 > >=20 > > allows > > -- * multiple sessions within a single connection. > > -+ * multiple sessions within a single connection.=C2=A0=C2=A0Returns a= =C2=A0 > "handle"=C2=A0 > >=20 > > for > > -+ * audit_end_command. > > -=C2=A0=C2=A0*/ > > --void > > -+int > > - audit_run_command(const char *command) > > - { > > -=C2=A0 debug("audit run command euid %d user %s command '%.200s'",=C2=A0 > > geteuid(), > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0audit_username(), command); > > -+ return 0; > > -+} > > -+ > > -+/* > > -+ * This will be called when the non-interactive command finishes.=C2=A0= =C2=A0 > > Note that > > -+ * it may be called multiple times for a single connection since=C2=A0 > SSH2=C2=A0 > >=20 > > allows > > -+ * multiple sessions within a single connection.=C2=A0=C2=A0"handle" sh= ould=C2=A0 > come=C2=A0 > >=20 > > from > > -+ * the corresponding audit_run_command. > > -+ */ > > -+void > > -+audit_end_command(int handle, const char *command) > > -+{ > > -+ debug("audit end nopty exec=C2=A0=C2=A0euid %d user %s command=C2=A0 > '%.200s'",=C2=A0 > >=20 > > geteuid(), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0audit_username(), command); > > -+} > > -+ > > -+/* > > -+ * This will be called when user is successfully autherized by the=C2=A0 > > RSA1/RSA/DSA key. > > -+ * > > -+ * Type is the key type, len is the key length(byte) and fp is the=C2=A0 > > fingerprint of the key. > > -+ */ > > -+int > > -+audit_keyusage(int host_user, const char *type, unsigned bits, char=C2= =A0 > > *fp, int rv) > > -+{ > > -+ debug("audit %s key usage euid %d user %s key type %s key=C2=A0 > length=C2=A0 > >=20 > > %d fingerprint %s%s, result %d",=C2=A0 > > -+ host_user ? "pubkey" : "hostbased", geteuid(),=C2=A0 > > audit_username(), type, bits, > > -+ sshkey_fingerprint_prefix(), fp, rv); > > -+} > > -+ > > -+/* > > -+ * This will be called when the protocol negotiation fails. > > -+ */ > > -+void > > -+audit_unsupported_body(int what) > > -+{ > > -+ debug("audit unsupported protocol euid %d type %d", geteuid(),=C2=A0 > > what); > > -+} > > -+ > > -+/* > > -+ * This will be called on succesfull protocol negotiation. > > -+ */ > > -+void > > -+audit_kex_body(int ctos, char *enc, char *mac, char *compress, char=C2= =A0 > > *pfs, pid_t pid, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0uid_t uid) > > -+{ > > -+ debug("audit protocol negotiation euid %d direction %d cipher=C2=A0 > %s=C2=A0 > >=20 > > mac %s compresion %s pfs %s from pid %ld uid %u", > > -+ (unsigned)geteuid(), ctos, enc, mac, compress, pfs,=C2=A0 > > (long)pid, > > -+ =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0(unsigned)uid); > > -+} > > -+ > > -+/* > > -+ * This will be called on succesfull session key discard > > -+ */ > > -+void > > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > > -+{ > > -+ debug("audit session key discard euid %u direction %d from pid=C2=A0 > > %ld uid %u", > > -+ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); > > -+} > > -+ > > -+/* > > -+ * This will be called on destroy private part of the server key > > -+ */ > > -+void > > -+audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) > > -+{ > > -+ debug("audit destroy sensitive data euid %d fingerprint %s=C2=A0 > from=C2=A0 > >=20 > > pid %ld uid %u", > > -+ geteuid(), fp, (long)pid, (unsigned)uid); > > -+} > > -+ > > -+/* > > -+ * This will be called on generation of the ephemeral server key > > -+ */ > > -+void > > -+audit_generate_ephemeral_server_key(const char *) > > -+{ > > -+ debug("audit create ephemeral server key euid %d fingerprint=C2=A0 > %s",=C2=A0 > >=20 > > geteuid(), fp); > > - } > > - # endif=C2=A0=C2=A0/* !defined CUSTOM_SSH_AUDIT_EVENTS */ > > - #endif /* SSH_AUDIT_EVENTS */ > > -diff -up openssh-6.8p1/audit.h.audit openssh-6.8p1/audit.h > > ---- openssh-6.8p1/audit.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/audit.h 2015-03-20 13:41:15.093883780 +0100 > > -@@ -28,6 +28,7 @@ > > - # define _SSH_AUDIT_H > > -=C2=A0 > > - #include "loginrec.h" > > -+#include "key.h" > > -=C2=A0 > > - enum ssh_audit_event_type { > > -=C2=A0 SSH_LOGIN_EXCEED_MAXTRIES, > > -@@ -47,11 +48,25 @@ enum ssh_audit_event_type { > > - }; > > - typedef enum ssh_audit_event_type ssh_audit_event_t; > > -=C2=A0 > > -+int listening_for_clients(void); > > -+ > > - void audit_connection_from(const char *, int); > > - void audit_event(ssh_audit_event_t); > > -+void audit_count_session_open(void); > > - void audit_session_open(struct logininfo *); > > - void audit_session_close(struct logininfo *); > > --void audit_run_command(const char *); > > -+int audit_run_command(const char *); > > -+void=C2=A0 audit_end_command(int, const char *); > > - ssh_audit_event_t audit_classify_auth(const char *); > > -+int audit_keyusage(int, const char *, unsigned, char *, int); > > -+void audit_key(int, int *, const Key *); > > -+void audit_unsupported(int); > > -+void audit_kex(int, char *, char *, char *, char *); > > -+void audit_unsupported_body(int); > > -+void audit_kex_body(int, char *, char *, char *, char *, pid_t,=C2=A0 > > uid_t); > > -+void audit_session_key_free(int ctos); > > -+void audit_session_key_free_body(int ctos, pid_t, uid_t); > > -+void audit_destroy_sensitive_data(const char *, pid_t, uid_t); > > -+void audit_generate_ephemeral_server_key(const char *); > > -=C2=A0 > > - #endif /* _SSH_AUDIT_H */ > > -diff -up openssh-6.8p1/auditstub.c.audit openssh-6.8p1/auditstub.c > > ---- openssh-6.8p1/auditstub.c.audit 2015-03-20=C2=A0 > 13:41:15.093883780=C2=A0 > >=20 > > +0100 > > -+++ openssh-6.8p1/auditstub.c 2015-03-20 13:41:15.093883780 +0100 > > -@@ -0,0 +1,50 @@ > > -+/* $Id: auditstub.c,v 1.1 jfch Exp $ */ > > -+ > > -+/* > > -+ * Copyright 2010 Red Hat, Inc.=C2=A0=C2=A0All rights reserved. > > -+ * Use is subject to license terms. > > -+ * > > -+ * Redistribution and use in source and binary forms, with or=C2=A0 > without > >=20 > > -+ * modification, are permitted provided that the following=C2=A0 > conditions > >=20 > > -+ * are met: > > -+ * 1. Redistributions of source code must retain the above copyright > > -+ *=C2=A0=C2=A0=C2=A0=C2=A0notice, this list of conditions and the follo= wing disclaimer. > > -+ * 2. Redistributions in binary form must reproduce the above=C2=A0 > > copyright > > -+ *=C2=A0=C2=A0=C2=A0=C2=A0notice, this list of conditions and the follo= wing disclaimer=C2=A0 > in=C2=A0 > >=20 > > the > > -+ *=C2=A0=C2=A0=C2=A0=C2=A0documentation and/or other materials provided= with the=C2=A0 > > distribution. > > -+ * > > -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY=C2=A0 > EXPRESS=C2=A0 > >=20 > > OR > > -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED=C2=A0 > > WARRANTIES > > -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE=C2=A0 > > DISCLAIMED. > > -+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, > > -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES=C2=A0 > > (INCLUDING, BUT > > -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;=C2=A0 > LOSS=C2=A0 > >=20 > > OF USE, > > -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND=C2=A0 > ON=C2=A0 > >=20 > > ANY > > -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR=C2=A0 > TORT > >=20 > > -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF=C2=A0 > THE=C2=A0 > >=20 > > USE OF > > -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > > -+ * > > -+ * Red Hat author: Jan F. Chadima > > -+ */ > > -+ > > -+#include > > -+ > > -+void > > -+audit_unsupported(int n) > > -+{ > > -+} > > -+ > > -+void > > -+audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) > > -+{ > > -+} > > -+ > > -+void > > -+audit_session_key_free(int ctos) > > -+{ > > -+} > > -+ > > -+void > > -+audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > > -+{ > > -+} > > -diff -up openssh-6.8p1/auth-rsa.c.audit openssh-6.8p1/auth-rsa.c > > ---- openssh-6.8p1/auth-rsa.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/auth-rsa.c 2015-03-20 13:41:15.094883779 +0100 > > -@@ -95,7 +95,10 @@ auth_rsa_verify_response(Key *key, BIGNUM=C2=A0 > > *challenge, u_char response[16]) > > - { > > -=C2=A0 u_char buf[32], mdbuf[16]; > > -=C2=A0 struct ssh_digest_ctx *md; > > -- int len; > > -+ int len, rv; > > -+#ifdef SSH_AUDIT_EVENTS > > -+ char *fp; > > -+#endif > > -=C2=A0 > > -=C2=A0 /* don't allow short keys */ > > -=C2=A0 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { > > -@@ -119,12 +122,18 @@ auth_rsa_verify_response(Key *key, BIGNUM=C2=A0 > > *challenge, u_char response[16]) > > -=C2=A0 ssh_digest_free(md); > > -=C2=A0 > > -=C2=A0 /* Verify that the response is the original challenge. */ > > -- if (timingsafe_bcmp(response, mdbuf, 16) !=3D 0) { > > -- /* Wrong answer. */ > > -- return (0); > > -+ rv =3D timingsafe_bcmp(response, mdbuf, 16) =3D=3D 0; > > -+ > > -+#ifdef SSH_AUDIT_EVENTS > > -+ fp =3D sshkey_fingerprint(key, options.fingerprint_hash,=C2=A0 > > SSH_FP_HEX); > > -+ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp,=C2=A0 > rv)=C2=A0 > >=20 > > =3D=3D 0) { > > -+ debug("unsuccessful audit"); > > -+ rv =3D 0; > > -=C2=A0 } > > -- /* Correct answer. */ > > -- return (1); > > -+ free(fp); > > -+#endif > > -+ > > -+ return rv; > > - } > > -=C2=A0 > > - /* > > -diff -up openssh-6.8p1/auth.c.audit openssh-6.8p1/auth.c > > ---- openssh-6.8p1/auth.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/auth.c 2015-03-20 13:41:15.094883779 +0100 > > -@@ -644,9 +644,6 @@ getpwnamallow(const char *user) > > -=C2=A0 record_failed_login(user, > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0get_canonical_hostname(options.use_dns),= "ssh"); > > - #endif > > --#ifdef SSH_AUDIT_EVENTS > > -- audit_event(SSH_INVALID_USER); > > --#endif /* SSH_AUDIT_EVENTS */ > > -=C2=A0 return (NULL); > > -=C2=A0 } > > -=C2=A0 if (!allowed_user(pw)) > > -diff -up openssh-6.8p1/auth.h.audit openssh-6.8p1/auth.h > > ---- openssh-6.8p1/auth.h.audit 2015-03-20 13:41:15.002883927=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/auth.h 2015-03-20 13:41:15.094883779 +0100 > > -@@ -195,6 +195,7 @@ void abandon_challenge_response(Authctxt > > -=C2=A0 > > - char *expand_authorized_keys(const char *, struct passwd *pw); > > - char *authorized_principals_file(struct passwd *); > > -+int =C2=A0user_key_verify(const Key *, const u_char *, u_int, const=C2= =A0 > > u_char *, u_int); > > -=C2=A0 > > - FILE *auth_openkeyfile(const char *, struct passwd *, int); > > - FILE *auth_openprincipals(const char *, struct passwd *, int); > > -@@ -213,6 +214,7 @@ int =C2=A0get_hostkey_index(Key *, int, struc > > - int =C2=A0ssh1_session_key(BIGNUM *); > > - int =C2=A0sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const u_char *, size_t, u_int); > > -+int =C2=A0hostbased_key_verify(const Key *, const u_char *, u_int,=C2=A0 > > const u_char *, u_int); > > -=C2=A0 > > - /* debug messages during authentication */ > > - void =C2=A0auth_debug_add(const char *fmt,...)=C2=A0 > > __attribute__((format(printf, 1, 2))); > > -diff -up openssh-6.8p1/auth2-hostbased.c.audit=C2=A0 > > openssh-6.8p1/auth2-hostbased.c > > ---- openssh-6.8p1/auth2-hostbased.c.audit 2015-03-20=C2=A0 > > 13:41:15.002883927 +0100 > > -+++ openssh-6.8p1/auth2-hostbased.c 2015-03-20=C2=A0 > 13:41:15.093883780=C2=A0 > >=20 > > +0100 > > -@@ -147,7 +147,7 @@ userauth_hostbased(Authctxt *authctxt) > > -=C2=A0 /* test for allowed key and correct signature */ > > -=C2=A0 authenticated =3D 0; > > -=C2=A0 if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost,=C2= =A0 > > key)) && > > -- =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(key_verify(key, sig, slen, buffer_ptr(= &b), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(hostbased_key_verify(key, sig, slen,= =C2=A0 > buffer_ptr(&b), > >=20 > > -=C2=A0 buffer_len(&b))) =3D=3D 1) > > -=C2=A0 authenticated =3D 1; > > -=C2=A0 > > -@@ -164,6 +164,18 @@ done: > > -=C2=A0 return authenticated; > > - } > > -=C2=A0 > > -+int > > -+hostbased_key_verify(const Key *key, const u_char *sig, u_int slen,=C2= =A0 > > const u_char *data, u_int datalen) > > -+{ > > -+ int rv; > > -+ > > -+ rv =3D key_verify(key, sig, slen, data, datalen); > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_key(0, &rv, key); > > -+#endif > > -+ return rv; > > -+} > > -+ > > - /* return 1 if given hostkey is allowed */ > > - int > > - hostbased_key_allowed(struct passwd *pw, const char *cuser, char=C2=A0 > > *chost, > > -diff -up openssh-6.8p1/auth2-pubkey.c.audit=C2=A0 > > openssh-6.8p1/auth2-pubkey.c > > ---- openssh-6.8p1/auth2-pubkey.c.audit 2015-03-20=C2=A0 > > 13:41:15.013883910 +0100 > > -+++ openssh-6.8p1/auth2-pubkey.c 2015-03-20 13:41:15.094883779=C2=A0 > > +0100 > > -@@ -172,7 +172,7 @@ userauth_pubkey(Authctxt *authctxt) > > -=C2=A0 /* test for correct signature */ > > -=C2=A0 authenticated =3D 0; > > -=C2=A0 if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && > > -- =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(key_verify(key, sig, slen, buffer_ptr= (&b), > > -+ =C2=A0=C2=A0=C2=A0=C2=A0PRIVSEP(user_key_verify(key, sig, slen,=C2=A0 > buffer_ptr(&b), > >=20 > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0buffer_len(&b))) =3D=3D 1) { > > -=C2=A0 authenticated =3D 1; > > -=C2=A0 /* Record the successful key to prevent reuse */ > > -@@ -250,6 +250,18 @@ pubkey_auth_info(Authctxt *authctxt, con > > -=C2=A0 free(extra); > > - } > > -=C2=A0 > > -+int > > -+user_key_verify(const Key *key, const u_char *sig, u_int slen,=C2=A0 > const=C2=A0 > >=20 > > u_char *data, u_int datalen) > > -+{ > > -+ int rv; > > -+ > > -+ rv =3D key_verify(key, sig, slen, data, datalen); > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_key(1, &rv, key); > > -+#endif > > -+ return rv; > > -+} > > -+ > > - static int > > - match_principals_option(const char *principal_list, struct=C2=A0 > sshkey_cert=C2=A0 > >=20 > > *cert) > > - { > > -diff -up openssh-6.8p1/auth2.c.audit openssh-6.8p1/auth2.c > > ---- openssh-6.8p1/auth2.c.audit 2015-03-20 13:41:15.044883860=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/auth2.c 2015-03-20 13:41:15.093883780 +0100 > > -@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32 > > -=C2=A0 } else { > > -=C2=A0 logit("input_userauth_request: invalid user %s", > > user); > > -=C2=A0 authctxt->pw =3D fakepw(); > > --#ifdef SSH_AUDIT_EVENTS > > -- PRIVSEP(audit_event(SSH_INVALID_USER)); > > --#endif > > -=C2=A0 } > > - #ifdef USE_PAM > > -=C2=A0 if (options.use_pam) > > -diff -up openssh-6.8p1/cipher.c.audit openssh-6.8p1/cipher.c > > ---- openssh-6.8p1/cipher.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/cipher.c 2015-03-20 13:41:15.101883767 +0100 > > -@@ -57,26 +59,6 @@ extern const EVP_CIPHER *evp_ssh1_3des(v > > - extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); > > - #endif > > -=C2=A0 > > --struct sshcipher { > > -- char *name; > > -- int number; /* for ssh1 only */ > > -- u_int block_size; > > -- u_int key_len; > > -- u_int iv_len; /* defaults to block_size */ > > -- u_int auth_len; > > -- u_int discard_len; > > -- u_int flags; > > --#define CFLAG_CBC (1<<0) > > --#define CFLAG_CHACHAPOLY (1<<1) > > --#define CFLAG_AESCTR (1<<2) > > --#define CFLAG_NONE (1<<3) > > --#ifdef WITH_OPENSSL > > -- const EVP_CIPHER *(*evptype)(void); > > --#else > > -- void *ignored; > > --#endif > > --}; > > -- > > - static const struct sshcipher ciphers[] =3D { > > - #ifdef WITH_SSH1 > > -=C2=A0 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, > > -diff -up openssh-6.8p1/cipher.h.audit openssh-6.8p1/cipher.h > > ---- openssh-6.8p1/cipher.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/cipher.h 2015-03-20 13:41:15.094883779 +0100 > > -@@ -62,7 +62,26 @@ > > - #define CIPHER_ENCRYPT 1 > > - #define CIPHER_DECRYPT 0 > > -=C2=A0 > > --struct sshcipher; > > -+struct sshcipher { > > -+ char *name; > > -+ int number; /* for ssh1 only */ > > -+ u_int block_size; > > -+ u_int key_len; > > -+ u_int iv_len; /* defaults to block_size */ > > -+ u_int auth_len; > > -+ u_int discard_len; > > -+ u_int flags; > > -+#define CFLAG_CBC (1<<0) > > -+#define CFLAG_CHACHAPOLY (1<<1) > > -+#define CFLAG_AESCTR (1<<2) > > -+#define CFLAG_NONE (1<<3) > > -+#ifdef WITH_OPENSSL > > -+ const EVP_CIPHER *(*evptype)(void); > > -+#else > > -+ void *ignored; > > -+#endif > > -+}; > > -+ > > - struct sshcipher_ctx { > > -=C2=A0 int plaintext; > > -=C2=A0 int encrypt; > > -diff -up openssh-6.8p1/kex.c.audit openssh-6.8p1/kex.c > > ---- openssh-6.8p1/kex.c.audit 2015-03-20 13:41:15.046883856 +0100 > > -+++ openssh-6.8p1/kex.c 2015-03-20 13:41:15.101883767 +0100 > > -@@ -54,6 +55,7 @@ > > - #include "ssherr.h" > > - #include "sshbuf.h" > > - #include "digest.h" > > -+#include "audit.h" > > -=C2=A0 > > - #ifdef GSSAPI > > - #include "ssh-gss.h" > > -@@ -484,8 +508,12 @@ choose_enc(struct sshenc *enc, char *cli > > - { > > -=C2=A0 char *name =3D match_list(client, server, NULL); > > -=C2=A0 > > -- if (name =3D=3D NULL) > > -+ if (name =3D=3D NULL) { > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_unsupported(0); > > -+#endif > > -=C2=A0 return SSH_ERR_NO_CIPHER_ALG_MATCH; > > -+ } > > -=C2=A0 if ((enc->cipher =3D cipher_by_name(name)) =3D=3D NULL) > > -=C2=A0 return SSH_ERR_INTERNAL_ERROR; > > -=C2=A0 enc->name =3D name; > > -@@ -503,8 +531,12 @@ choose_mac(struct ssh *ssh, struct sshma > > - { > > -=C2=A0 char *name =3D match_list(client, server, NULL); > > -=C2=A0 > > -- if (name =3D=3D NULL) > > -+ if (name =3D=3D NULL) { > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_unsupported(1); > > -+#endif > > -=C2=A0 return SSH_ERR_NO_MAC_ALG_MATCH; > > -+ } > > -=C2=A0 if (mac_setup(mac, name) < 0) > > -=C2=A0 return SSH_ERR_INTERNAL_ERROR; > > -=C2=A0 /* truncate the key */ > > -@@ -521,8 +553,12 @@ choose_comp(struct sshcomp *comp, char * > > - { > > -=C2=A0 char *name =3D match_list(client, server, NULL); > > -=C2=A0 > > -- if (name =3D=3D NULL) > > -+ if (name =3D=3D NULL) { > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_unsupported(2); > > -+#endif > > -=C2=A0 return SSH_ERR_NO_COMPRESS_ALG_MATCH; > > -+ } > > -=C2=A0 if (strcmp(name, "zlib(a)openssh.com") =3D=3D 0) { > > -=C2=A0 comp->type =3D COMP_DELAYED; > > -=C2=A0 } else if (strcmp(name, "zlib") =3D=3D 0) { > > -@@ -672,6 +708,10 @@ kex_choose_conf(struct ssh *ssh) > > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->enc.block_size); > > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->enc.iv_len); > > -=C2=A0 dh_need =3D MAX(dh_need, newkeys->mac.key_len); > > -+ debug("kex: %s need=3D%d dh_need=3D%d", kex->name, need,=C2=A0 > > dh_need); > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_kex(mode, newkeys->enc.name, newkeys->mac.name,=C2=A0 > > newkeys->comp.name, kex->name); > > -+#endif > > -=C2=A0 } > > -=C2=A0 /* XXX need runden? */ > > -=C2=A0 kex->we_need =3D need; > > -@@ -847,3 +887,34 @@ dump_digest(char *msg, u_char *digest, i > > -=C2=A0 sshbuf_dump_data(digest, len, stderr); > > - } > > - #endif > > -+ > > -+static void > > -+enc_destroy(struct sshenc *enc) > > -+{ > > -+ if (enc =3D=3D NULL) > > -+ return; > > -+ > > -+ if (enc->key) { > > -+ memset(enc->key, 0, enc->key_len); > > -+ free(enc->key); > > -+ } > > -+ > > -+ if (enc->iv) { > > -+ memset(enc->iv,=C2=A0=C2=A00, enc->block_size); > > -+ free(enc->iv); > > -+ } > > -+ > > -+ memset(enc, 0, sizeof(*enc)); > > -+} > > -+ > > -+void > > -+newkeys_destroy(struct newkeys *newkeys) > > -+{ > > -+ if (newkeys =3D=3D NULL) > > -+ return; > > -+ > > -+ enc_destroy(&newkeys->enc); > > -+ mac_destroy(&newkeys->mac); > > -+ memset(&newkeys->comp, 0, sizeof(newkeys->comp)); > > -+} > > -+ > > -diff -up openssh-6.8p1/kex.h.audit openssh-6.8p1/kex.h > > ---- openssh-6.8p1/kex.h.audit 2015-03-20 13:41:15.046883856 +0100 > > -+++ openssh-6.8p1/kex.h 2015-03-20 13:41:15.095883777 +0100 > > -@@ -199,6 +199,8 @@ int =C2=A0kexgss_client(struct ssh *); > > - int =C2=A0kexgss_server(struct ssh *); > > - #endif > > -=C2=A0 > > -+void newkeys_destroy(struct newkeys *newkeys); > > -+ > > - int =C2=A0kex_dh_hash(const char *, const char *, > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const u_char *, size_t, const u_char *, si= ze_t, const u_char *,=C2=A0 > > size_t, > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0const BIGNUM *, const BIGNUM *, const BIGN= UM *, u_char *,=C2=A0 > size_t=C2=A0 > >=20 > > *); > > -diff -up openssh-6.8p1/key.h.audit openssh-6.8p1/key.h > > ---- openssh-6.8p1/key.h.audit 2015-03-17 06:49:20.000000000 +0100 > > -+++ openssh-6.8p1/key.h 2015-03-20 13:41:15.095883777 +0100 > > -@@ -50,6 +50,7 @@ typedef struct sshkey Key; > > - #define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid > > - #define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid > > - #define key_is_cert sshkey_is_cert > > -+#define key_is_private sshkey_is_private > > - #define key_type_plain sshkey_type_plain > > - #define key_cert_is_legacy sshkey_cert_is_legacy > > - #define key_curve_name_to_nid sshkey_curve_name_to_nid > > -diff -up openssh-6.8p1/mac.c.audit openssh-6.8p1/mac.c > > ---- openssh-6.8p1/mac.c.audit 2015-03-17 06:49:20.000000000 +0100 > > -+++ openssh-6.8p1/mac.c 2015-03-20 13:41:15.102883766 +0100 > > -@@ -226,6 +246,20 @@ mac_clear(struct sshmac *mac) > > -=C2=A0 mac->umac_ctx =3D NULL; > > - } > > -=C2=A0 > > -+void > > -+mac_destroy(struct sshmac *mac) > > -+{ > > -+ if (mac =3D=3D NULL) > > -+ return; > > -+ > > -+ if (mac->key) { > > -+ memset(mac->key, 0, mac->key_len); > > -+ free(mac->key); > > -+ } > > -+ > > -+ memset(mac, 0, sizeof(*mac)); > > -+} > > -+ > > - /* XXX copied from ciphers_valid */ > > - #define MAC_SEP "," > > - int > > -diff -up openssh-6.8p1/mac.h.audit openssh-6.8p1/mac.h > > ---- openssh-6.8p1/mac.h.audit 2015-03-17 06:49:20.000000000 +0100 > > -+++ openssh-6.8p1/mac.h 2015-03-20 13:41:15.095883777 +0100 > > -@@ -47,5 +47,6 @@ int =C2=A0mac_init(struct sshmac *); > > - int =C2=A0mac_compute(struct sshmac *, u_int32_t, const u_char *,=C2=A0 > int, > >=20 > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0u_char *, size_t); > > - void =C2=A0mac_clear(struct sshmac *); > > -+void =C2=A0mac_destroy(struct sshmac *); > > -=C2=A0 > > - #endif /* SSHMAC_H */ > > -diff -up openssh-6.8p1/monitor.c.audit openssh-6.8p1/monitor.c > > ---- openssh-6.8p1/monitor.c.audit 2015-03-20 13:41:15.072883814=C2=A0 > > +0100 > > -+++ openssh-6.8p1/monitor.c 2015-03-20 13:41:15.107883758 +0100 > > -@@ -102,6 +102,7 @@ > > - #include "ssh2.h" > > - #include "roaming.h" > > - #include "authfd.h" > > -+#include "audit.h" > > - #include "match.h" > > - #include "ssherr.h" > > -=C2=A0 > > -@@ -117,6 +118,8 @@ extern Buffer auth_debug; > > - extern int auth_debug_init; > > - extern Buffer loginmsg; > > -=C2=A0 > > -+extern void destroy_sensitive_data(int); > > -+ > > - /* State exported from the child */ > > - static struct sshbuf *child_state; > > -=C2=A0 > > -@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe > > - #ifdef SSH_AUDIT_EVENTS > > - int mm_answer_audit_event(int, Buffer *); > > - int mm_answer_audit_command(int, Buffer *); > > -+int mm_answer_audit_end_command(int, Buffer *); > > -+int mm_answer_audit_unsupported_body(int, Buffer *); > > -+int mm_answer_audit_kex_body(int, Buffer *); > > -+int mm_answer_audit_session_key_free_body(int, Buffer *); > > -+int mm_answer_audit_server_key_free(int, Buffer *); > > - #endif > > -=C2=A0 > > - static int monitor_read_log(struct monitor *); > > -@@ -226,6 +234,10 @@ struct mon_table mon_dispatch_proto20[] > > - #endif > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_a= nswer_audit_event}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2= =A0 > > mm_answer_audit_unsupported_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_a= udit_kex_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT= ,=C2=A0 > > mm_answer_audit_session_key_free_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > > mm_answer_audit_server_key_free}, > > - #endif > > - #ifdef BSD_AUTH > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_= answer_bsdauthquery}, > > -@@ -264,6 +276,11 @@ struct mon_table mon_dispatch_postauth20 > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_a= nswer_audit_event}, > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT,=C2= =A0 > mm_answer_audit_command}, > >=20 > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT,=C2= =A0 > > mm_answer_audit_end_command}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2= =A0 > > mm_answer_audit_unsupported_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_a= udit_kex_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT= ,=C2=A0 > > mm_answer_audit_session_key_free_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > > mm_answer_audit_server_key_free}, > > - #endif > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > > - }; > > -@@ -296,6 +313,10 @@ struct mon_table mon_dispatch_proto15[] > > - #endif > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_a= nswer_audit_event}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2= =A0 > > mm_answer_audit_unsupported_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_a= udit_kex_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT= ,=C2=A0 > > mm_answer_audit_session_key_free_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > > mm_answer_audit_server_key_free}, > > - #endif > > - #endif /* WITH_SSH1 */ > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > > -@@ -309,6 +330,11 @@ struct mon_table mon_dispatch_postauth15 > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_a= nswer_audit_event}, > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON= _ONCE,=C2=A0 > > mm_answer_audit_command}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT,=C2= =A0 > > mm_answer_audit_end_command}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT,=C2= =A0 > > mm_answer_audit_unsupported_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_a= udit_kex_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT= ,=C2=A0 > > mm_answer_audit_session_key_free_body}, > > -+=C2=A0=C2=A0=C2=A0=C2=A0{MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT,= =C2=A0 > > mm_answer_audit_server_key_free}, > > - #endif > > - #endif /* WITH_SSH1 */ > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0{0, 0, NULL} > > -@@ -1466,9 +1493,11 @@ mm_answer_keyverify(int sock, Buffer *m) > > -=C2=A0 Key *key; > > -=C2=A0 u_char *signature, *data, *blob; > > -=C2=A0 u_int signaturelen, datalen, bloblen; > > -+ int type =3D 0; > > -=C2=A0 int verified =3D 0; > > -=C2=A0 int valid_data =3D 0; > > -=C2=A0 > > -+ type =3D buffer_get_int(m); > > -=C2=A0 blob =3D buffer_get_string(m, &bloblen); > > -=C2=A0 signature =3D buffer_get_string(m, &signaturelen); > > -=C2=A0 data =3D buffer_get_string(m, &datalen); > > -@@ -1476,6 +1505,8 @@ mm_answer_keyverify(int sock, Buffer *m) > > -=C2=A0 if (hostbased_cuser =3D=3D NULL || hostbased_chost =3D=3D NULL || > > -=C2=A0 =C2=A0=C2=A0!monitor_allowed_key(blob, bloblen)) > > -=C2=A0 fatal("%s: bad key, not previously allowed", __func__); > > -+ if (type !=3D key_blobtype) > > -+ fatal("%s: bad key type", __func__); > > -=C2=A0 > > -=C2=A0 key =3D key_from_blob(blob, bloblen); > > -=C2=A0 if (key =3D=3D NULL) > > -@@ -1496,7 +1527,17 @@ mm_answer_keyverify(int sock, Buffer *m) > > -=C2=A0 if (!valid_data) > > -=C2=A0 fatal("%s: bad signature data blob", __func__); > > -=C2=A0 > > -- verified =3D key_verify(key, signature, signaturelen, data,=C2=A0 > > datalen); > > -+ switch (key_blobtype) { > > -+ case MM_USERKEY: > > -+ verified =3D user_key_verify(key, signature, signaturelen,=C2=A0 > > data, datalen); > > -+ break; > > -+ case MM_HOSTKEY: > > -+ verified =3D hostbased_key_verify(key, signature,=C2=A0 > > signaturelen, data, datalen); > > -+ break; > > -+ default: > > -+ verified =3D 0; > > -+ break; > > -+ } > > -=C2=A0 debug3("%s: key %p signature %s", > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0__func__, key, (verified =3D=3D 1) ? "ver= ified" :=C2=A0 > "unverified"); > >=20 > > -=C2=A0 > > -@@ -1554,6 +1595,12 @@ mm_session_close(Session *s) > > -=C2=A0 debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); > > -=C2=A0 session_pty_cleanup2(s); > > -=C2=A0 } > > -+#ifdef SSH_AUDIT_EVENTS > > -+ if (s->command !=3D NULL) { > > -+ debug3("%s: command %d", __func__, s->command_handle); > > -+ session_end_command2(s); > > -+ } > > -+#endif > > -=C2=A0 session_unused(s->self); > > - } > > -=C2=A0 > > -@@ -1836,6 +1883,8 @@ mm_answer_term(int sock, Buffer *req) > > -=C2=A0 sshpam_cleanup(); > > - #endif > > -=C2=A0 > > -+ destroy_sensitive_data(0); > > -+ > > -=C2=A0 while (waitpid(pmonitor->m_pid, &status, 0) =3D=3D -1) > > -=C2=A0 if (errno !=3D EINTR) > > -=C2=A0 exit(1); > > -@@ -1878,11 +1927,43 @@ mm_answer_audit_command(int socket, Buff > > - { > > -=C2=A0 u_int len; > > -=C2=A0 char *cmd; > > -+ Session *s; > > -=C2=A0 > > -=C2=A0 debug3("%s entering", __func__); > > -=C2=A0 cmd =3D buffer_get_string(m, &len); > > -+ > > -=C2=A0 /* sanity check command, if so how? */ > > -- audit_run_command(cmd); > > -+ s =3D session_new(); > > -+ if (s =3D=3D NULL) > > -+ fatal("%s: error allocating a session", __func__); > > -+ s->command =3D cmd; > > -+ s->command_handle =3D audit_run_command(cmd); > > -+ > > -+ buffer_clear(m); > > -+ buffer_put_int(m, s->self); > > -+ > > -+ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); > > -+ > > -+ return (0); > > -+} > > -+ > > -+int > > -+mm_answer_audit_end_command(int socket, Buffer *m) > > -+{ > > -+ int handle; > > -+ u_int len; > > -+ char *cmd; > > -+ Session *s; > > -+ > > -+ debug3("%s entering", __func__); > > -+ handle =3D buffer_get_int(m); > > -+ cmd =3D buffer_get_string(m, &len); > > -+ > > -+ s =3D session_by_id(handle); > > -+ if (s =3D=3D NULL || s->ttyfd !=3D -1 || s->command =3D=3D NULL || > > -+ =C2=A0=C2=A0=C2=A0=C2=A0strcmp(s->command, cmd) !=3D 0) > > -+ fatal("%s: invalid handle", __func__); > > -+ mm_session_close(s); > > -=C2=A0 free(cmd); > > -=C2=A0 return (0); > > - } > > -@@ -1936,6 +2017,7 @@ > > - void > > - mm_get_keystate(struct monitor *pmonitor) > > - { > > -+ Buffer m; > > -=C2=A0 debug3("%s: Waiting for new keys", __func__); > > -=C2=A0 > > -=C2=A0 if ((child_state =3D sshbuf_new()) =3D=3D NULL) > > -@@ -1946,6 +2027,21 @@ mm_get_keystate(struct monitor *pmonitor > > -=C2=A0 mm_request_receive_expect(pmonitor->m_sendfd,=C2=A0 > > MONITOR_REQ_KEYEXPORT, > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0child_state); > > -=C2=A0 debug3("%s: GOT new keys", __func__); > > -+ > > -+#ifdef SSH_AUDIT_EVENTS > > -+ if (compat20) { > > -+ buffer_init(&m); > > -+ mm_request_receive_expect(pmonitor->m_sendfd, > > -+ =C2=A0=C2=A0MONITOR_REQ_AUDIT_SESSION_KEY_FR > > EE > > , &m); > > -+ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd,=C2=A0 > > &m); > > -+ buffer_free(&m); > > -+ } > > -+#endif > > -+ > > -+ /* Drain any buffered messages from the child */ > > -+ while (pmonitor->m_log_recvfd >=3D 0 &&=C2=A0 > monitor_read_log(pmonitor)=C2=A0 > >=20 > > =3D=3D 0) > > -+ ; > > -+ > > - } > > -=C2=A0 > > -=C2=A0 > > -@@ -2212,3 +2308,87 @@ mm_answer_gss_updatecreds(int socket, Bu > > -=C2=A0 > > - #endif /* GSSAPI */ > > -=C2=A0 > > -+#ifdef SSH_AUDIT_EVENTS > > -+int > > -+mm_answer_audit_unsupported_body(int sock, Buffer *m) > > -+{ > > -+ int what; > > -+ > > -+ what =3D buffer_get_int(m); > > -+ > > -+ audit_unsupported_body(what); > > -+ > > -+ buffer_clear(m); > > -+ > > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m); > > -+ return 0; > > -+} > > -+ > > -+int > > -+mm_answer_audit_kex_body(int sock, Buffer *m) > > -+{ > > -+ int ctos, len; > > -+ char *cipher, *mac, *compress, *pfs; > > -+ pid_t pid; > > -+ uid_t uid; > > -+ > > -+ ctos =3D buffer_get_int(m); > > -+ cipher =3D buffer_get_string(m, &len); > > -+ mac =3D buffer_get_string(m, &len); > > -+ compress =3D buffer_get_string(m, &len); > > -+ pfs =3D buffer_get_string(m, &len); > > -+ pid =3D buffer_get_int64(m); > > -+ uid =3D buffer_get_int64(m); > > -+ > > -+ audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid); > > -+ > > -+ free(cipher); > > -+ free(mac); > > -+ free(compress); > > -+ free(pfs); > > -+ buffer_clear(m); > > -+ > > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m); > > -+ return 0; > > -+} > > -+ > > -+int > > -+mm_answer_audit_session_key_free_body(int sock, Buffer *m) > > -+{ > > -+ int ctos; > > -+ pid_t pid; > > -+ uid_t uid; > > -+ > > -+ ctos =3D buffer_get_int(m); > > -+ pid =3D buffer_get_int64(m); > > -+ uid =3D buffer_get_int64(m); > > -+ > > -+ audit_session_key_free_body(ctos, pid, uid); > > -+ > > -+ buffer_clear(m); > > -+ > > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); > > -+ return 0; > > -+} > > -+ > > -+int > > -+mm_answer_audit_server_key_free(int sock, Buffer *m) > > -+{ > > -+ int len; > > -+ char *fp; > > -+ pid_t pid; > > -+ uid_t uid; > > -+ > > -+ fp =3D buffer_get_string(m, &len); > > -+ pid =3D buffer_get_int64(m); > > -+ uid =3D buffer_get_int64(m); > > -+ > > -+ audit_destroy_sensitive_data(fp, pid, uid); > > -+ > > -+ free(fp); > > -+ buffer_clear(m); > > -+ > > -+ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m); > > -+ return 0; > > -+} > > -+#endif /* SSH_AUDIT_EVENTS */ > > -diff -up openssh-6.8p1/monitor.h.audit openssh-6.8p1/monitor.h > > ---- openssh-6.8p1/monitor.h.audit 2015-03-20 13:41:15.072883814=C2=A0 > > +0100 > > -+++ openssh-6.8p1/monitor.h 2015-03-20 13:41:15.096883775 +0100 > > -@@ -69,7 +69,13 @@ enum monitor_reqtype { > > -=C2=A0 MONITOR_REQ_PAM_QUERY =3D 106, MONITOR_ANS_PAM_QUERY =3D 107, > > -=C2=A0 MONITOR_REQ_PAM_RESPOND =3D 108, MONITOR_ANS_PAM_RESPOND =3D 109, > > -=C2=A0 MONITOR_REQ_PAM_FREE_CTX =3D 110, MONITOR_ANS_PAM_FREE_CTX =3D 11= 1, > > -- MONITOR_REQ_AUDIT_EVENT =3D 112, MONITOR_REQ_AUDIT_COMMAND =3D 113, > > -+ MONITOR_REQ_AUDIT_EVENT =3D 112, > > -+ MONITOR_REQ_AUDIT_COMMAND =3D 114, MONITOR_ANS_AUDIT_COMMAND =3D=C2=A0 > 115, > >=20 > > -+ MONITOR_REQ_AUDIT_END_COMMAND =3D 116, > > -+ MONITOR_REQ_AUDIT_UNSUPPORTED =3D 118,=C2=A0 > > MONITOR_ANS_AUDIT_UNSUPPORTED =3D 119, > > -+ MONITOR_REQ_AUDIT_KEX =3D 120, MONITOR_ANS_AUDIT_KEX =3D 121, > > -+ MONITOR_REQ_AUDIT_SESSION_KEY_FREE =3D 122,=C2=A0 > > MONITOR_ANS_AUDIT_SESSION_KEY_FREE =3D 123, > > -+ MONITOR_REQ_AUDIT_SERVER_KEY_FREE =3D 124,=C2=A0 > > MONITOR_ANS_AUDIT_SERVER_KEY_FREE =3D 125 > > -=C2=A0 > > - }; > > -=C2=A0 > > -diff -up openssh-6.8p1/monitor_wrap.c.audit=C2=A0 > > openssh-6.8p1/monitor_wrap.c > > ---- openssh-6.8p1/monitor_wrap.c.audit 2015-03-20=C2=A0 > > 13:41:15.047883855 +0100 > > -+++ openssh-6.8p1/monitor_wrap.c 2015-03-20 13:41:15.108883756=C2=A0 > > +0100 > > -@@ -461,7 +461,7 @@ mm_key_allowed(enum mm_keytype type, cha > > -=C2=A0=C2=A0*/ > > -=C2=A0 > > - int > > --mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data,=C2=A0 > u_int=C2=A0 > >=20 > > datalen) > > -+mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int=C2=A0 > > siglen, u_char *data, u_int datalen) > > - { > > -=C2=A0 Buffer m; > > -=C2=A0 u_char *blob; > > -@@ -475,6 +475,7 @@ mm_key_verify(Key *key, u_char *sig, u_i > > -=C2=A0 return (0); > > -=C2=A0 > > -=C2=A0 buffer_init(&m); > > -+ buffer_put_int(&m, type); > > -=C2=A0 buffer_put_string(&m, blob, len); > > -=C2=A0 buffer_put_string(&m, sig, siglen); > > -=C2=A0 buffer_put_string(&m, data, datalen); > > -@@ -492,6 +493,18 @@ mm_key_verify(Key *key, u_char *sig, u_i > > -=C2=A0 return (verified); > > - } > > -=C2=A0 > > -+int > > -+mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char=C2= =A0 > > *data, u_int datalen) > > -+{ > > -+ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data,=C2=A0 > > datalen); > > -+} > > -+ > > -+int > > -+mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char=C2=A0 > *data,=C2=A0 > >=20 > > u_int datalen) > > -+{ > > -+ return mm_key_verify(MM_USERKEY, key, sig, siglen, data,=C2=A0 > > datalen); > > -+} > > -+ > > - void > > - mm_send_keystate(struct monitor *monitor) > > - { > > -@@ -1005,10 +1018,11 @@ mm_audit_event(ssh_audit_event_t event) > > -=C2=A0 buffer_free(&m); > > - } > > -=C2=A0 > > --void > > -+int > > - mm_audit_run_command(const char *command) > > - { > > -=C2=A0 Buffer m; > > -+ int handle; > > -=C2=A0 > > -=C2=A0 debug3("%s entering command %s", __func__, command); > > -=C2=A0 > > -@@ -1016,6 +1030,26 @@ mm_audit_run_command(const char *command > > -=C2=A0 buffer_put_cstring(&m, command); > > -=C2=A0 > > -=C2=A0 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND,=C2= =A0 > > &m); > > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > > MONITOR_ANS_AUDIT_COMMAND, &m); > > -+ > > -+ handle =3D buffer_get_int(&m); > > -+ buffer_free(&m); > > -+ > > -+ return (handle); > > -+} > > -+ > > -+void > > -+mm_audit_end_command(int handle, const char *command) > > -+{ > > -+ Buffer m; > > -+ > > -+ debug3("%s entering command %s", __func__, command); > > -+ > > -+ buffer_init(&m); > > -+ buffer_put_int(&m, handle); > > -+ buffer_put_cstring(&m, command); > > -+ > > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > > MONITOR_REQ_AUDIT_END_COMMAND, &m); > > -=C2=A0 buffer_free(&m); > > - } > > - #endif /* SSH_AUDIT_EVENTS */ > > -@@ -1151,3 +1185,72 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc > > -=C2=A0 > > - #endif /* GSSAPI */ > > -=C2=A0 > > -+#ifdef SSH_AUDIT_EVENTS > > -+void > > -+mm_audit_unsupported_body(int what) > > -+{ > > -+ Buffer m; > > -+ > > -+ buffer_init(&m); > > -+ buffer_put_int(&m, what); > > -+ > > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > > MONITOR_REQ_AUDIT_UNSUPPORTED, &m); > > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > > MONITOR_ANS_AUDIT_UNSUPPORTED, > > -+ =C2=A0=C2=A0&m); > > -+ > > -+ buffer_free(&m); > > -+} > > -+ > > -+void > > -+mm_audit_kex_body(int ctos, char *cipher, char *mac, char=C2=A0 > *compress,=C2=A0 > >=20 > > char *fps, pid_t pid, > > -+ =C2=A0=C2=A0uid_t uid) > > -+{ > > -+ Buffer m; > > -+ > > -+ buffer_init(&m); > > -+ buffer_put_int(&m, ctos); > > -+ buffer_put_cstring(&m, cipher); > > -+ buffer_put_cstring(&m, (mac ? mac : "")); > > -+ buffer_put_cstring(&m, compress); > > -+ buffer_put_cstring(&m, fps); > > -+ buffer_put_int64(&m, pid); > > -+ buffer_put_int64(&m, uid); > > -+ > > -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); > > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > > MONITOR_ANS_AUDIT_KEX, > > -+ =C2=A0=C2=A0&m); > > -+ > > -+ buffer_free(&m); > > -+} > > -+ > > -+void > > -+mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) > > -+{ > > -+ Buffer m; > > -+ > > -+ buffer_init(&m); > > -+ buffer_put_int(&m, ctos); > > -+ buffer_put_int64(&m, pid); > > -+ buffer_put_int64(&m, uid); > > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > > MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); > > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > > MONITOR_ANS_AUDIT_SESSION_KEY_FREE, > > -+ =C2=A0=C2=A0&m); > > -+ buffer_free(&m); > > -+} > > -+ > > -+void > > -+mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t=C2=A0 > uid) > >=20 > > -+{ > > -+ Buffer m; > > -+ > > -+ buffer_init(&m); > > -+ buffer_put_cstring(&m, fp); > > -+ buffer_put_int64(&m, pid); > > -+ buffer_put_int64(&m, uid); > > -+ > > -+ mm_request_send(pmonitor->m_recvfd,=C2=A0 > > MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); > > -+ mm_request_receive_expect(pmonitor->m_recvfd,=C2=A0 > > MONITOR_ANS_AUDIT_SERVER_KEY_FREE, > > -+ =C2=A0=C2=A0&m); > > -+ buffer_free(&m); > > -+} > > -+#endif /* SSH_AUDIT_EVENTS */ > > -diff -up openssh-6.8p1/monitor_wrap.h.audit=C2=A0 > > openssh-6.8p1/monitor_wrap.h > > ---- openssh-6.8p1/monitor_wrap.h.audit 2015-03-20=C2=A0 > > 13:41:15.048883853 +0100 > > -+++ openssh-6.8p1/monitor_wrap.h 2015-03-20 13:41:15.096883775=C2=A0 > > +0100 > > -@@ -52,7 +52,8 @@ int mm_key_allowed(enum mm_keytype, char > > - int mm_user_key_allowed(struct passwd *, Key *); > > - int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key=C2=A0 > *); > >=20 > > - int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *,=C2= =A0 > > Key *); > > --int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); > > -+int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *,=C2=A0 > u_int); > >=20 > > -+int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); > > - int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); > > - int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); > > - BIGNUM *mm_auth_rsa_generate_challenge(Key *); > > -@@ -79,7 +80,12 @@ void mm_sshpam_free_ctx(void *); > > - #ifdef SSH_AUDIT_EVENTS > > - #include "audit.h" > > - void mm_audit_event(ssh_audit_event_t); > > --void mm_audit_run_command(const char *); > > -+int mm_audit_run_command(const char *); > > -+void mm_audit_end_command(int, const char *); > > -+void mm_audit_unsupported_body(int); > > -+void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t,=C2=A0 > > uid_t); > > -+void mm_audit_session_key_free_body(int, pid_t, uid_t); > > -+void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); > > - #endif > > -=C2=A0 > > - struct Session; > > -diff -up openssh-6.8p1/packet.c.audit openssh-6.8p1/packet.c > > ---- openssh-6.8p1/packet.c.audit 2015-03-20 13:41:14.990883947=C2=A0 > > +0100 > > -+++ openssh-6.8p1/packet.c 2015-03-20 13:41:15.097883774 +0100 > > -@@ -67,6 +67,7 @@ > > - #include "key.h" /* typedefs XXX */ > > -=C2=A0 > > - #include "xmalloc.h" > > -+#include "audit.h" > > - #include "crc32.h" > > - #include "deattack.h" > > - #include "compat.h" > > -@@ -448,6 +449,13 @@ ssh_packet_get_connection_out(struct ssh > > -=C2=A0 return ssh->state->connection_out; > > - } > > -=C2=A0 > > -+static int > > -+packet_state_has_keys (const struct session_state *state) > > -+{ > > -+ return state !=3D NULL && > > -+ (state->newkeys[MODE_IN] !=3D NULL || state- > > >=20 > > > newkeys[MODE_OUT]=C2=A0 > > !=3D NULL); > > -+} > > -+ > > - /* > > -=C2=A0=C2=A0* Returns the IP-address of the remote host as a string.=C2= =A0=C2=A0The=C2=A0 > > returned > > -=C2=A0=C2=A0* string must not be freed. > > -@@ -478,13 +486,6 @@ ssh_packet_close(struct ssh *ssh) > > -=C2=A0 if (!state->initialized) > > -=C2=A0 return; > > -=C2=A0 state->initialized =3D 0; > > -- if (state->connection_in =3D=3D state->connection_out) { > > -- shutdown(state->connection_out, SHUT_RDWR); > > -- close(state->connection_out); > > -- } else { > > -- close(state->connection_in); > > -- close(state->connection_out); > > -- } > > -=C2=A0 sshbuf_free(state->input); > > -=C2=A0 sshbuf_free(state->output); > > -=C2=A0 sshbuf_free(state->outgoing_packet); > > -@@ -516,14 +517,24 @@ ssh_packet_close(struct ssh *ssh) > > -=C2=A0 inflateEnd(stream); > > -=C2=A0 } > > -=C2=A0 } > > -- if ((r =3D cipher_cleanup(&state->send_context)) !=3D 0) > > -- error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > > ssh_err(r)); > > -- if ((r =3D cipher_cleanup(&state->receive_context)) !=3D 0) > > -- error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > > ssh_err(r)); > > -+ if (packet_state_has_keys(state)) { > > -+ if ((r =3D cipher_cleanup(&state->send_context)) !=3D 0) > > -+ error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > > ssh_err(r)); > > -+ if ((r =3D cipher_cleanup(&state->receive_context)) !=3D 0) > > -+ error("%s: cipher_cleanup failed: %s", __func__,=C2=A0 > > ssh_err(r)); > > -+ audit_session_key_free(2); > > -+ } > > -=C2=A0 if (ssh->remote_ipaddr) { > > -=C2=A0 free(ssh->remote_ipaddr); > > -=C2=A0 ssh->remote_ipaddr =3D NULL; > > -=C2=A0 } > > -+ if (state->connection_in =3D=3D state->connection_out) { > > -+ shutdown(state->connection_out, SHUT_RDWR); > > -+ close(state->connection_out); > > -+ } else { > > -+ close(state->connection_in); > > -+ close(state->connection_out); > > -+ } > > -=C2=A0 free(ssh->state); > > -=C2=A0 ssh->state =3D NULL; > > - } > > -@@ -941,6 +952,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod > > -=C2=A0 } > > -=C2=A0 if (state->newkeys[mode] !=3D NULL) { > > -=C2=A0 debug("set_newkeys: rekeying"); > > -+ audit_session_key_free(mode); > > -=C2=A0 if ((r =3D cipher_cleanup(cc)) !=3D 0) > > -=C2=A0 return r; > > -=C2=A0 enc=C2=A0=C2=A0=3D &state->newkeys[mode]->enc; > > -@@ -2263,6 +2275,75 @@ ssh_packet_get_output(struct ssh *ssh) > > -=C2=A0 return (void *)ssh->state->output; > > - } > > -=C2=A0 > > -+static void > > -+newkeys_destroy_and_free(struct newkeys *newkeys) > > -+{ > > -+ if (newkeys =3D=3D NULL) > > -+ return; > > -+ > > -+ free(newkeys->enc.name); > > -+ > > -+ if (newkeys->mac.enabled) { > > -+ mac_clear(&newkeys->mac); > > -+ free(newkeys->mac.name); > > -+ } > > -+ > > -+ free(newkeys->comp.name); > > -+ > > -+ newkeys_destroy(newkeys); > > -+ free(newkeys); > > -+} > > -+ > > -+static void > > -+packet_destroy_state(struct session_state *state) > > -+{ > > -+ if (state =3D=3D NULL) > > -+ return; > > -+ > > -+ cipher_cleanup(&state->receive_context); > > -+ cipher_cleanup(&state->send_context); > > -+ > > -+ buffer_free(state->input); > > -+ state->input =3D NULL; > > -+ buffer_free(state->output); > > -+ state->output =3D NULL; > > -+ buffer_free(state->outgoing_packet); > > -+ state->outgoing_packet =3D NULL; > > -+ buffer_free(state->incoming_packet); > > -+ state->incoming_packet =3D NULL; > > -+ if( state->compression_buffer ) { > > -+ buffer_free(state->compression_buffer); > > -+ state->compression_buffer =3D NULL; > > -+ } > > -+ newkeys_destroy_and_free(state->newkeys[MODE_IN]); > > -+ state->newkeys[MODE_IN] =3D NULL; > > -+ newkeys_destroy_and_free(state->newkeys[MODE_OUT]); > > -+ state->newkeys[MODE_OUT] =3D NULL; > > -+ mac_destroy(state->packet_discard_mac); > > -+// TAILQ_HEAD(, packet) outgoing; > > -+// memset(state, 0, sizeof(state)); > > -+} > > -+ > > -+void > > -+packet_destroy_all(int audit_it, int privsep) > > -+{ > > -+ if (audit_it) > > -+ audit_it =3D (active_state !=3D NULL &&=C2=A0 > > packet_state_has_keys(active_state->state)) > > -+ || (backup_state !=3D NULL &&=C2=A0 > > packet_state_has_keys(backup_state->state)); > > -+ if (active_state !=3D NULL) > > -+ packet_destroy_state(active_state->state); > > -+ if (backup_state !=3D NULL) > > -+ packet_destroy_state(backup_state->state); > > -+ if (audit_it) { > > -+#ifdef SSH_AUDIT_EVENTS > > -+ if (privsep) > > -+ audit_session_key_free(2); > > -+ else > > -+ audit_session_key_free_body(2, getpid(), > > getuid()); > > -+#endif > > -+ } > > -+} > > -+ > > - /* XXX TODO update roaming to new API (does not work anyway) */ > > - /* > > -=C2=A0=C2=A0* Save the state for the real connection, and use a separate= state=C2=A0 > > when > > -@@ -2272,18 +2373,12 @@ void > > - ssh_packet_backup_state(struct ssh *ssh, > > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0struct ssh *backup_state) > > - { > > -- struct ssh *tmp; > > -- > > -=C2=A0 close(ssh->state->connection_in); > > -=C2=A0 ssh->state->connection_in =3D -1; > > -=C2=A0 close(ssh->state->connection_out); > > -=C2=A0 ssh->state->connection_out =3D -1; > > -- if (backup_state) > > -- tmp =3D backup_state; > > -- else > > -- tmp =3D ssh_alloc_session_state(); > > -=C2=A0 backup_state =3D ssh; > > -- ssh =3D tmp; > > -+ ssh =3D ssh_alloc_session_state(); > > - } > > -=C2=A0 > > - /* XXX FIXME FIXME FIXME */ > > -@@ -2302,9 +2397,7 @@ ssh_packet_restore_state(struct ssh *ssh > > -=C2=A0 backup_state =3D ssh; > > -=C2=A0 ssh =3D tmp; > > -=C2=A0 ssh->state->connection_in =3D backup_state->state->connection_in; > > -- backup_state->state->connection_in =3D -1; > > -=C2=A0 ssh->state->connection_out =3D=C2=A0 > backup_state->state->connection_out; > >=20 > > -- backup_state->state->connection_out =3D -1; > > -=C2=A0 len =3D sshbuf_len(backup_state->state->input); > > -=C2=A0 if (len > 0) { > > -=C2=A0 if ((r =3D sshbuf_putb(ssh->state->input, > > -@@ -2313,6 +2406,11 @@ ssh_packet_restore_state(struct ssh *ssh > > -=C2=A0 sshbuf_reset(backup_state->state->input); > > -=C2=A0 add_recv_bytes(len); > > -=C2=A0 } > > -+ backup_state->state->connection_in =3D -1; > > -+ backup_state->state->connection_out =3D -1; > > -+ packet_destroy_state(backup_state->state); > > -+ free(backup_state); > > -+ backup_state =3D NULL; > > - } > > -=C2=A0 > > - /* Reset after_authentication and reset compression in post-auth=C2=A0 > > privsep */ > > -diff -up openssh-6.8p1/packet.h.audit openssh-6.8p1/packet.h > > ---- openssh-6.8p1/packet.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/packet.h 2015-03-20 13:41:15.097883774 +0100 > > -@@ -189,7 +189,7 @@ int sshpkt_get_end(struct ssh *ssh); > > - const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); > > -=C2=A0 > > - /* OLD API */ > > --extern struct ssh *active_state; > > -+extern struct ssh *active_state, *backup_state; > > - #include "opacket.h" > > -=C2=A0 > > - #if !defined(WITH_OPENSSL) > > -@@ -203,4 +203,5 @@ extern struct ssh *active_state; > > - # undef EC_POINT > > - #endif > > -=C2=A0 > > -+void =C2=A0packet_destroy_all(int, int); > > - #endif /* PACKET_H */ > > -diff -up openssh-6.8p1/session.c.audit openssh-6.8p1/session.c > > ---- openssh-6.8p1/session.c.audit 2015-03-20 13:41:15.073883813=C2=A0 > > +0100 > > -+++ openssh-6.8p1/session.c 2015-03-20 13:41:15.097883774 +0100 > > -@@ -139,7 +139,7 @@ extern int log_stderr; > > - extern int debug_flag; > > - extern u_int utmp_len; > > - extern int startup_pipe; > > --extern void destroy_sensitive_data(void); > > -+extern void destroy_sensitive_data(int); > > - extern Buffer loginmsg; > > -=C2=A0 > > - /* original command from peer. */ > > -@@ -731,6 +731,14 @@ do_exec_pty(Session *s, const char *comm > > -=C2=A0 /* Parent.=C2=A0=C2=A0Close the slave side of the pseudo tty. */ > > -=C2=A0 close(ttyfd); > > -=C2=A0 > > -+#ifndef HAVE_OSF_SIA > > -+ /* do_login in the child did not affect state in this process, > > -+ =C2=A0=C2=A0=C2=A0compensate.=C2=A0=C2=A0From an architectural standpo= int, this is=C2=A0 > > extremely > > -+ =C2=A0=C2=A0=C2=A0ugly. */ > > -+ if (!(options.use_login && command =3D=3D NULL)) > > -+ audit_count_session_open(); > > -+#endif > > -+ > > -=C2=A0 /* Enter interactive session. */ > > -=C2=A0 s->ptymaster =3D ptymaster; > > -=C2=A0 packet_set_interactive(1,=C2=A0 > > -@@ -853,15 +861,19 @@ do_exec(Session *s, const char *command) > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0get_remote_port()); > > -=C2=A0 > > - #ifdef SSH_AUDIT_EVENTS > > -+ if (s->command !=3D NULL || s->command_handle !=3D -1) > > -+ fatal("do_exec: command already set"); > > -=C2=A0 if (command !=3D NULL) > > -- PRIVSEP(audit_run_command(command)); > > -+ s->command =3D xstrdup(command); > > -=C2=A0 else if (s->ttyfd =3D=3D -1) { > > -=C2=A0 char *shell =3D s->pw->pw_shell; > > -=C2=A0 > > -=C2=A0 if (shell[0] =3D=3D '\0') /* empty shell means /bin/sh > > */ > > -=C2=A0 shell =3D_PATH_BSHELL; > > -- PRIVSEP(audit_run_command(shell)); > > -+ s->command =3D xstrdup(shell); > > -=C2=A0 } > > -+ if (s->command !=3D NULL && s->ptyfd =3D=3D -1) > > -+ s->command_handle =3D=C2=A0 > PRIVSEP(audit_run_command(s->command)); > >=20 > > - #endif > > -=C2=A0 if (s->ttyfd !=3D -1) > > -=C2=A0 ret =3D do_exec_pty(s, command); > > -@@ -1704,7 +1716,10 @@ do_child(Session *s, const char *command > > -=C2=A0 int r =3D 0; > > -=C2=A0 > > -=C2=A0 /* remove hostkey from the child's memory */ > > -- destroy_sensitive_data(); > > -+ destroy_sensitive_data(1); > > -+ /* Don't audit this - both us and the parent would be talking=C2=A0 > to=C2=A0 > >=20 > > the > > -+ =C2=A0=C2=A0=C2=A0monitor over a single socket, with no synchronizatio= n. */ > > -+ packet_destroy_all(0, 1); > > -=C2=A0 > > -=C2=A0 /* Force a password change */ > > -=C2=A0 if (s->authctxt->force_pwchange) { > > -@@ -1934,6 +1949,7 @@ session_unused(int id) > > -=C2=A0 sessions[id].ttyfd =3D -1; > > -=C2=A0 sessions[id].ptymaster =3D -1; > > -=C2=A0 sessions[id].x11_chanids =3D NULL; > > -+ sessions[id].command_handle =3D -1; > > -=C2=A0 sessions[id].next_unused =3D sessions_first_unused; > > -=C2=A0 sessions_first_unused =3D id; > > - } > > -@@ -2016,6 +2032,19 @@ session_open(Authctxt *authctxt, int cha > > - } > > -=C2=A0 > > - Session * > > -+session_by_id(int id) > > -+{ > > -+ if (id >=3D 0 && id < sessions_nalloc) { > > -+ Session *s =3D &sessions[id]; > > -+ if (s->used) > > -+ return s; > > -+ } > > -+ debug("session_by_id: unknown id %d", id); > > -+ session_dump(); > > -+ return NULL; > > -+} > > -+ > > -+Session * > > - session_by_tty(char *tty) > > - { > > -=C2=A0 int i; > > -@@ -2532,6 +2561,32 @@ session_exit_message(Session *s, int sta > > -=C2=A0 chan_write_failed(c); > > - } > > -=C2=A0 > > -+#ifdef SSH_AUDIT_EVENTS > > -+void > > -+session_end_command2(Session *s) > > -+{ > > -+ if (s->command !=3D NULL) { > > -+ if (s->command_handle !=3D -1) > > -+ audit_end_command(s->command_handle, s->command); > > -+ free(s->command); > > -+ s->command =3D NULL; > > -+ s->command_handle =3D -1; > > -+ } > > -+} > > -+ > > -+static void > > -+session_end_command(Session *s) > > -+{ > > -+ if (s->command !=3D NULL) { > > -+ if (s->command_handle !=3D -1) > > -+ PRIVSEP(audit_end_command(s->command_handle,=C2=A0 > > s->command)); > > -+ free(s->command); > > -+ s->command =3D NULL; > > -+ s->command_handle =3D -1; > > -+ } > > -+} > > -+#endif > > -+ > > - void > > - session_close(Session *s) > > - { > > -@@ -2540,6 +2593,10 @@ session_close(Session *s) > > -=C2=A0 debug("session_close: session %d pid %ld", s->self,=C2=A0 > > (long)s->pid); > > -=C2=A0 if (s->ttyfd !=3D -1) > > -=C2=A0 session_pty_cleanup(s); > > -+#ifdef SSH_AUDIT_EVENTS > > -+ if (s->command) > > -+ session_end_command(s); > > -+#endif > > -=C2=A0 free(s->term); > > -=C2=A0 free(s->display); > > -=C2=A0 free(s->x11_chanids); > > -@@ -2754,6 +2811,15 @@ do_authenticated2(Authctxt *authctxt) > > -=C2=A0 server_loop2(authctxt); > > - } > > -=C2=A0 > > -+static void > > -+do_cleanup_one_session(Session *s) > > -+{ > > -+ session_pty_cleanup2(s); > > -+#ifdef SSH_AUDIT_EVENTS > > -+ session_end_command2(s); > > -+#endif > > -+} > > -+ > > - void > > - do_cleanup(Authctxt *authctxt) > > - { > > -@@ -2802,5 +2868,5 @@ do_cleanup(Authctxt *authctxt) > > -=C2=A0 =C2=A0* or if running in monitor. > > -=C2=A0 =C2=A0*/ > > -=C2=A0 if (!use_privsep || mm_is_monitor()) > > -- session_destroy_all(session_pty_cleanup2); > > -+ session_destroy_all(do_cleanup_one_session); > > - } > > -diff -up openssh-6.8p1/session.h.audit openssh-6.8p1/session.h > > ---- openssh-6.8p1/session.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/session.h 2015-03-20 13:41:15.097883774 +0100 > > -@@ -61,6 +61,12 @@ struct Session { > > -=C2=A0 char *name; > > -=C2=A0 char *val; > > -=C2=A0 } *env; > > -+ > > -+ /* exec */ > > -+#ifdef SSH_AUDIT_EVENTS > > -+ int command_handle; > > -+ char *command; > > -+#endif > > - }; > > -=C2=A0 > > - void =C2=A0do_authenticated(Authctxt *); > > -@@ -73,8 +79,10 @@ void =C2=A0session_close_by_pid(pid_t, int); > > - void =C2=A0session_close_by_channel(int, void *); > > - void =C2=A0session_destroy_all(void (*)(Session *)); > > - void =C2=A0session_pty_cleanup2(Session *); > > -+void =C2=A0session_end_command2(Session *); > > -=C2=A0 > > - Session *session_new(void); > > -+Session *session_by_id(int); > > - Session *session_by_tty(char *); > > - void =C2=A0session_close(Session *); > > - void =C2=A0do_setusercontext(struct passwd *); > > -diff -up openssh-6.8p1/sshd.c.audit openssh-6.8p1/sshd.c > > ---- openssh-6.8p1/sshd.c.audit 2015-03-20 13:41:15.083883796=C2=A0 > +0100 > >=20 > > -+++ openssh-6.8p1/sshd.c 2015-03-20 13:41:15.110883753 +0100 > > -@@ -121,6 +124,7 @@ > > - #endif > > - #include "monitor_wrap.h" > > - #include "roaming.h" > > -+#include "audit.h" > > - #include "ssh-sandbox.h" > > - #include "version.h" > > - #include "ssherr.h" > > -@@ -260,7 +264,7 @@ Buffer loginmsg; > > - struct passwd *privsep_pw =3D NULL; > > -=C2=A0 > > - /* Prototypes for various functions defined later in this file. */ > > --void destroy_sensitive_data(void); > > -+void destroy_sensitive_data(int); > > - void demote_sensitive_data(void); > > -=C2=A0 > > - #ifdef WITH_SSH1 > > -@@ -281,6 +285,15 @@ close_listen_socks(void) > > -=C2=A0 num_listen_socks =3D -1; > > - } > > -=C2=A0 > > -+/* > > -+ * Is this process listening for clients (i.e. not specific to any=C2=A0 > > specific > > -+ * client connection?) > > -+ */ > > -+int listening_for_clients(void) > > -+{ > > -+ return num_listen_socks > 0; > > -+} > > -+ > > - static void > > - close_startup_pipes(void) > > - { > > -@@ -560,22 +573,45 @@ sshd_exchange_identification(int sock_in > > -=C2=A0 } > > - } > > -=C2=A0 > > --/* Destroy the host and server keys.=C2=A0=C2=A0They will no longer be= =C2=A0 > needed.=C2=A0 > >=20 > > */ > > -+/* > > -+ * Destroy the host and server keys.=C2=A0=C2=A0They will no longer be= =C2=A0 > needed.=C2=A0=C2=A0 > >=20 > > Careful, > > -+ * this can be called from cleanup_exit() - i.e. from just about=C2=A0 > > anywhere. > > -+ */ > > - void > > --destroy_sensitive_data(void) > > -+destroy_sensitive_data(int privsep) > > - { > > -=C2=A0 int i; > > -+ pid_t pid; > > -+ uid_t uid; > > -=C2=A0 > > -=C2=A0 if (sensitive_data.server_key) { > > -=C2=A0 key_free(sensitive_data.server_key); > > -=C2=A0 sensitive_data.server_key =3D NULL; > > -=C2=A0 } > > -+ pid =3D getpid(); > > -+ uid =3D getuid(); > > -=C2=A0 for (i =3D 0; i < options.num_host_key_files; i++) { > > -=C2=A0 if (sensitive_data.host_keys[i]) { > > -+ char *fp; > > -+ > > -+ if (key_is_private(sensitive_data.host_keys[i])) > > -+ fp =3D=C2=A0 > > sshkey_fingerprint(sensitive_data.host_keys[i],=C2=A0 > > options.fingerprint_hash, SSH_FP_HEX); > > -+ else > > -+ fp =3D NULL; > > -=C2=A0 key_free(sensitive_data.host_keys[i]); > > -=C2=A0 sensitive_data.host_keys[i] =3D NULL; > > -+ if (fp !=3D NULL) { > > -+ if (privsep) > > -+ PRIVSEP(audit_destroy_sensitive_da > > ta > > (fp, > > -+ pid, uid)); > > -+ else > > -+ audit_destroy_sensitive_data(fp, > > -+ pid, uid); > > -+ free(fp); > > -+ } > > -=C2=A0 } > > -- if (sensitive_data.host_certificates[i]) { > > -+ if (sensitive_data.host_certificates > > -+ =C2=A0=C2=A0=C2=A0=C2=A0&& sensitive_data.host_certificates[i]) { > > -=C2=A0 key_free(sensitive_data.host_certificates[i]); > > -=C2=A0 sensitive_data.host_certificates[i] =3D NULL; > > -=C2=A0 } > > -@@ -589,6 +625,8 @@ void > > - demote_sensitive_data(void) > > - { > > -=C2=A0 Key *tmp; > > -+ pid_t pid; > > -+ uid_t uid; > > -=C2=A0 int i; > > -=C2=A0 > > -=C2=A0 if (sensitive_data.server_key) { > > -@@ -597,13 +635,25 @@ demote_sensitive_data(void) > > -=C2=A0 sensitive_data.server_key =3D tmp; > > -=C2=A0 } > > -=C2=A0 > > -+ pid =3D getpid(); > > -+ uid =3D getuid(); > > -=C2=A0 for (i =3D 0; i < options.num_host_key_files; i++) { > > -=C2=A0 if (sensitive_data.host_keys[i]) { > > -+ char *fp; > > -+ > > -+ if (key_is_private(sensitive_data.host_keys[i])) > > -+ fp =3D=C2=A0 > > sshkey_fingerprint(sensitive_data.host_keys[i],=C2=A0 > > options.fingerprint_hash, SSH_FP_HEX); > > -+ else > > -+ fp =3D NULL; > > -=C2=A0 tmp =3D key_demote(sensitive_data.host_keys[i]); > > -=C2=A0 key_free(sensitive_data.host_keys[i]); > > -=C2=A0 sensitive_data.host_keys[i] =3D tmp; > > -=C2=A0 if (tmp->type =3D=3D KEY_RSA1) > > -=C2=A0 sensitive_data.ssh1_host_key =3D tmp; > > -+ if (fp !=3D NULL) { > > -+ audit_destroy_sensitive_data(fp, pid, > > uid); > > -+ free(fp); > > -+ } > > -=C2=A0 } > > -=C2=A0 /* Certs do not need demotion */ > > -=C2=A0 } > > -@@ -675,7 +725,7 @@ privsep_preauth(Authctxt *authctxt) > > -=C2=A0 > > -=C2=A0 if (use_privsep =3D=3D PRIVSEP_ON) > > -=C2=A0 box =3D ssh_sandbox_init(pmonitor); > > -- pid =3D fork(); > > -+ pmonitor->m_pid =3D pid =3D fork(); > > -=C2=A0 if (pid =3D=3D -1) { > > -=C2=A0 fatal("fork of unprivileged child failed"); > > -=C2=A0 } else if (pid !=3D 0) { > > -@@ -759,6 +811,12 @@ privsep_postauth(Authctxt *authctxt) > > -=C2=A0 else if (pmonitor->m_pid !=3D 0) { > > -=C2=A0 verbose("User child is on pid %ld",=C2=A0 > (long)pmonitor->m_pid); > >=20 > > -=C2=A0 buffer_clear(&loginmsg); > > -+ if (*pmonitor->m_pkex !=3D NULL ){ > > -+ =09 > > newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_OUT]); > > -+ newkeys_destroy((*pmonitor->m_pkex)- > > >=20 > > > newkeys[MODE_IN]); > > -+ audit_session_key_free_body(2, getpid(), > > getuid()); > > -+ packet_destroy_all(0, 0); > > -+ } > > -=C2=A0 monitor_child_postauth(pmonitor); > > -=C2=A0 > > -=C2=A0 /* NEVERREACHED */ > > -@@ -1286,6 +1341,7 @@ server_accept_loop(int *sock_in, int *so > > -=C2=A0 if (received_sigterm) { > > -=C2=A0 logit("Received signal %d; terminating.", > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0(int) received_sigterm); > > -+ destroy_sensitive_data(0); > > -=C2=A0 close_listen_socks(); > > -=C2=A0 if (options.pid_file !=3D NULL) > > -=C2=A0 unlink(options.pid_file); > > -@@ -2242,6 +2321,7 @@ main(int ac, char **av) > > -=C2=A0 =C2=A0*/ > > -=C2=A0 if (use_privsep) { > > -=C2=A0 mm_send_keystate(pmonitor); > > -+ packet_destroy_all(1, 1); > > -=C2=A0 exit(0); > > -=C2=A0 } > > -=C2=A0 > > -@@ -2287,7 +2367,7 @@ main(int ac, char **av) > > -=C2=A0 privsep_postauth(authctxt); > > -=C2=A0 /* the monitor process [priv] will not return */ > > -=C2=A0 if (!compat20) > > -- destroy_sensitive_data(); > > -+ destroy_sensitive_data(0); > > -=C2=A0 } > > -=C2=A0 > > -=C2=A0 packet_set_timeout(options.client_alive_interval, > > -@@ -2301,6 +2381,9 @@ main(int ac, char **av) > > -=C2=A0 do_authenticated(authctxt); > > -=C2=A0 > > -=C2=A0 /* The connection has been terminated. */ > > -+ packet_destroy_all(1, 1); > > -+ destroy_sensitive_data(1); > > -+ > > -=C2=A0 packet_get_bytes(&ibytes, &obytes); > > -=C2=A0 verbose("Transferred: sent %llu, received %llu bytes", > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0(unsigned long long)obytes, (unsigned lon= g long)ibytes); > > -@@ -2461,6 +2544,10 @@ do_ssh1_kex(void) > > -=C2=A0 if (cookie[i] !=3D packet_get_char()) > > -=C2=A0 packet_disconnect("IP Spoofing check bytes do not=C2=A0 > > match."); > > -=C2=A0 > > -+#ifdef SSH_AUDIT_EVENTS > > -+ audit_kex(2, cipher_name(cipher_type), "crc", "none", "none"); > > -+#endif > > -+ > > -=C2=A0 debug("Encryption type: %.200s", cipher_name(cipher_type)); > > -=C2=A0 > > -=C2=A0 /* Get the encrypted integer. */ > > -@@ -2520,7 +2607,7 @@ do_ssh1_kex(void) > > -=C2=A0 } > > -=C2=A0 > > -=C2=A0 /* Destroy the private and public keys. No longer. */ > > -- destroy_sensitive_data(); > > -+ destroy_sensitive_data(1); > > -=C2=A0 > > -=C2=A0 if (use_privsep) > > -=C2=A0 mm_ssh1_session_id(session_id); > > -@@ -2703,6 +2802,16 @@ do_ssh2_kex(void) > > - void > > - cleanup_exit(int i) > > - { > > -+ static int in_cleanup =3D 0; > > -+ int is_privsep_child; > > -+ > > -+ /* cleanup_exit can be called at the very least from the=C2=A0 > privsep > >=20 > > -+ =C2=A0=C2=A0=C2=A0wrappers used for auditing.=C2=A0=C2=A0Make sure we = don't recurse > > -+ =C2=A0=C2=A0=C2=A0indefinitely. */ > > -+ if (in_cleanup) > > -+ _exit(i); > > -+ in_cleanup =3D 1; > > -+ > > -=C2=A0 if (the_authctxt) { > > -=C2=A0 do_cleanup(the_authctxt); > > -=C2=A0 if (use_privsep && privsep_is_preauth && > > -@@ -2714,9 +2823,14 @@ cleanup_exit(int i) > > -=C2=A0 =C2=A0=C2=A0=C2=A0=C2=A0pmonitor->m_pid, strerror(errno)); > > -=C2=A0 } > > -=C2=A0 } > > -+ is_privsep_child =3D use_privsep && pmonitor !=3D NULL &&=C2=A0 > > pmonitor->m_pid =3D=3D 0; > > -+ if (sensitive_data.host_keys !=3D NULL) > > -+ destroy_sensitive_data(is_privsep_child); > > -+ packet_destroy_all(1, is_privsep_child); > > - #ifdef SSH_AUDIT_EVENTS > > -=C2=A0 /* done after do_cleanup so it can cancel the PAM auth=C2=A0 > 'thread'=C2=A0 > >=20 > > */ > > -- if (!use_privsep || mm_is_monitor()) > > -+ if ((the_authctxt =3D=3D NULL || !the_authctxt->authenticated) && > > -+ =C2=A0=C2=A0=C2=A0=C2=A0(!use_privsep || mm_is_monitor())) > > -=C2=A0 audit_event(SSH_CONNECTION_ABANDON); > > - #endif > > -=C2=A0 _exit(i); > > -diff -up openssh-6.8p1/sshkey.c.audit openssh-6.8p1/sshkey.c > > ---- openssh-6.8p1/sshkey.c.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/sshkey.c 2015-03-20 13:41:15.111883751 +0100 > > -@@ -317,6 +319,33 @@ sshkey_type_is_valid_ca(int type) > > - } > > -=C2=A0 > > - int > > -+sshkey_is_private(const struct sshkey *k) > > -+{ > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0switch (k->type) { > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA_CERT_V00: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA_CERT: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA1: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_RSA: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0return k->rsa->d !=3D NULL; > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA_CERT_V00: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA_CERT: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_DSA: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0return k->dsa->priv_key !=3D NULL; > > -+#ifdef OPENSSL_HAS_ECC > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ECDSA_CERT: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ECDSA: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0return EC_KEY_get0_private_key(k->ecdsa) !=3D NULL; > > -+#endif > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ED25519_CERT: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0case KEY_ED25519: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0return (k->ed25519_pk !=3D NULL); > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0default: > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0/* fatal("key_is_private: bad key type %d", k->type);=C2=A0 > */ > >=20 > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0return 0; > > -+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0} > > -+} > > -+ > > -+int > > - sshkey_is_cert(const struct sshkey *k) > > - { > > -=C2=A0 if (k =3D=3D NULL) > > -diff -up openssh-6.8p1/sshkey.h.audit openssh-6.8p1/sshkey.h > > ---- openssh-6.8p1/sshkey.h.audit 2015-03-17 06:49:20.000000000=C2=A0 > > +0100 > > -+++ openssh-6.8p1/sshkey.h 2015-03-20 13:41:15.098883772 +0100 > > -@@ -134,6 +134,7 @@ u_int =C2=A0sshkey_size(const struct sshkey > > - int =C2=A0sshkey_generate(int type, u_int bits, struct sshkey=C2=A0 > > **keyp); > > - int =C2=A0sshkey_from_private(const struct sshkey *, struct > > sshkey=C2=A0 > > **); > > - int =C2=A0sshkey_type_from_name(const char *); > > -+int =C2=A0sshkey_is_private(const struct sshkey *); > > - int =C2=A0sshkey_is_cert(const struct sshkey *); > > - int =C2=A0sshkey_type_is_cert(int); > > - int =C2=A0sshkey_type_plain(int); > > -diff -up openssh-6.8p1/sandbox-seccomp-filter.c.audit=C2=A0 > > openssh-6.8p1/sandbox-seccomp-filter.c > > ---- openssh-6.8p1/sandbox-seccomp-filter.c.audit 2015-03-20=C2=A0 > > 13:41:15.088883788 +0100 > > -+++ openssh-6.8p1/sandbox-seccomp-filter.c 2015-03-20=C2=A0 > > 13:41:15.097883774 +0100 > > -@@ -110,6 +110,12 @@ static const struct sock_filter preauth_ > > - #ifdef __NR_time /* not defined on EABI ARM */ > > -=C2=A0 SC_ALLOW(time), > > - #endif > > -+#ifdef SSH_AUDIT_EVENTS > > -+ SC_ALLOW(getuid), > > -+#ifdef __NR_getuid32 /* not defined on x86_64 */ > > -+ SC_ALLOW(getuid32), > > -+#endif > > -+#endif > > -=C2=A0 SC_ALLOW(read), > > -=C2=A0 SC_ALLOW(write), > > -=C2=A0 SC_ALLOW(close), > > diff --git a/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch=C2=A0 > > b/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch > > deleted file mode 100644 > > index 4285bd9..0000000 > > --- a/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch > > +++ /dev/null > > @@ -1,66 +0,0 @@ > > -diff --git a/configure.ac b/configure.ac > > -index 4065d0e..d59ad44 100644 > > ---- a/configure.ac > > -+++ b/configure.ac > > -@@ -764,9 +764,12 @@ main() { if=C2=A0 > (NSVersionOfRunTimeLibrary("System")=C2=A0 > >=20 > > >=20 > > >=20 > > > =3D (60 << 16)) > > -=C2=A0 i*86-*) > > -=C2=A0 seccomp_audit_arch=3DAUDIT_ARCH_I386 > > -=C2=A0 ;; > > --=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0arm*-*) > > -+ aarch64*-*) > > -+ seccomp_audit_arch=3DAUDIT_ARCH_AARCH64 > > -+ ;; > > -+ arm*-*) > > -=C2=A0 seccomp_audit_arch=3DAUDIT_ARCH_ARM > > --=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0;; > > -+ ;; > > -=C2=A0 esac > > -=C2=A0 if test "x$seccomp_audit_arch" !=3D "x" ; then > > -=C2=A0 AC_MSG_RESULT(["$seccomp_audit_arch"]) > > -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c > > -index 095b04a..52f6810 100644 > > ---- a/sandbox-seccomp-filter.c > > -+++ b/sandbox-seccomp-filter.c > > -@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] =3D= =C2=A0 > { > >=20 > > -=C2=A0 /* Load the syscall number for checking. */ > > -=C2=A0 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, > > -=C2=A0 offsetof(struct seccomp_data, nr)), > > -- SC_DENY(open, EACCES), > > -- SC_DENY(stat, EACCES), > > -+ SC_DENY(openat, EACCES), > > -+#ifdef __NR_open > > -+ SC_DENY(open, EACCES), /* not on AArch64 */ > > -+#endif > > -+#ifdef __NR_fstat > > -+ SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */ > > -+#endif > > -+#if defined(__NR_stat64) && defined(__NR_fstat64) > > -+ SC_DENY(stat64, EACCES), /* ix86, arm */ > > -+ SC_DENY(fstat64, EACCES), > > -+#endif > > -+#ifdef __NR_newfstatat > > -+ SC_DENY(newfstatat, EACCES), /* Aarch64 */ > > -+#endif > > -=C2=A0 SC_ALLOW(getpid), > > -=C2=A0 SC_ALLOW(gettimeofday), > > -=C2=A0 SC_ALLOW(clock_gettime), > > -@@ -111,12 +123,19 @@ static const struct sock_filter preauth_insns[]=C2= =A0 > =3D=C2=A0 > >=20 > > { > > -=C2=A0 SC_ALLOW(shutdown), > > - #endif > > -=C2=A0 SC_ALLOW(brk), > > -+#ifdef __NR_poll /* not on AArch64 */ > > -=C2=A0 SC_ALLOW(poll), > > -+#endif > > - #ifdef __NR__newselect > > -=C2=A0 SC_ALLOW(_newselect), > > - #else > > -+#ifdef __NR_select /* not on AArch64 */ > > -=C2=A0 SC_ALLOW(select), > > - #endif > > -+#ifdef __NR_pselect6 /* AArch64 */ > > -+ SC_ALLOW(pselect6), > > -+#endif > > -+#endif > > -=C2=A0 SC_ALLOW(madvise), > > - #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ > > -=C2=A0 SC_ALLOW(mmap2), >=20 >=20 --===============7294461796715931348== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSll0Qlc4QUFvSkVJQjU4UDl2a0FrSHNpOFAvMzgvVlhNSEFJMW54R0lRbHpzZ3d5eSsK NzNmbE1XQ2tJTjk4QjU0ejZwb2RzM09RMWF5dERUL1dkR0xQamxFMFRzRzlVTnMvSHNIRGc5U1Vo WlVIeTF3cQpmRjQ0bEdXejlUQ3J3Yy90M3BoSFBwdE1FOEtxdGJXUktIbzVqNEtvV0F4NGd1YVBh QmlDNE1qY2dlcm5nQ0dOCkVCSHkrZlJrRWhPdi84ZUVJMFhicGlCT0gwN0lZRVlJT0lIVUVpZFBh VHByQU4xbmd2dTJucWVxaXVUa2pHNFIKTEIxK3Y4bVZ6a2ErSUExQnhGSlVwZ2tuajBmbnB0clZ0 eTE5QzdYZGF4SW05T1gyTDMza0lMMG92VEhhWVJnKwpIaU9aV0Q5cFc1SVRNUHdGK3Y3aFBkeGtX WXB3VEZ2MlBFaFZaMWxnQkl6NHdOcDlWZmh1SUdzUjVIUGVxYU5GCi84MzAva1Q2aURJVEgyYlRk VW9CMTFkUFMydndUS2xqTllSRFZYRzNsNEltVE5ZMTZZZ3F2ck9wUGhwZjZWalAKTzFHT0srYnNw Nm1pbkxENHlvUE1Od1F5c3lidk0xbXpuOVNmakJLdisvYjMxbk41bWFnWllXb3E2MEtyeVdJWQpp dU15WDBhOFVYU1BLZlBPQVR6TDcwTkZYbDRCK3dDdDY3ZTFjaFhWN1YwNVRsSmd3U05PSTBSTDdz UFZ4Q2Q0Cjg4Nll5VWUxOTZzTzJLZnFpU3ZWdWlCQ094RFJJc1Yxa1FWaHpJc1dPdUtJL2ZqVitL YXRWbUtodkthenZBMW8KbkhEek1kNlFadXBjUWc1ME5MQ2NUN1NYU0hCbnUrZlhxMjVjK1JZSk5D WUl4ejFtT0FMd2lab2tYeGx6TzZ0TQpUeWhMQ1k0dlp0VGhvS0swbjh1Vgo9clZhbAotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============7294461796715931348==--