This commit is contained in:
Damien Miller 2016-07-27 08:25:42 +10:00
parent d99ee9c4e5
commit 3e1e076550

View File

@ -38,16 +38,15 @@
#include "canohost.h"
#include "packet.h"
const char* audit_username(void);
const char *audit_username(void);
int
linux_audit_record_event(int uid, const char *username,
const char *hostname, const char *ip, const char *ttyn, int success)
linux_audit_record_event(int uid, const char *username, const char *hostname,
const char *ip, const char *ttyn, int success)
{
int audit_fd, rc, saved_errno;
audit_fd = audit_open();
if (audit_fd < 0) {
if ((audit_fd = audit_open()) < 0) {
if (errno == EINVAL || errno == EPROTONOSUPPORT ||
errno == EAFNOSUPPORT)
return 1; /* No audit support in kernel */
@ -59,6 +58,7 @@ linux_audit_record_event(int uid, const char *username,
username == NULL ? uid : -1, hostname, ip, ttyn, success);
saved_errno = errno;
close(audit_fd);
/*
* Do not report error if the error is EPERM and sshd is run as non
* root user.
@ -66,7 +66,8 @@ linux_audit_record_event(int uid, const char *username,
if ((rc == -EPERM) && (geteuid() != 0))
rc = 0;
errno = saved_errno;
return (rc >= 0);
return rc >= 0;
}
/* Below is the sshd audit API code */
@ -74,8 +75,8 @@ linux_audit_record_event(int uid, const char *username,
void
audit_connection_from(const char *host, int port)
{
}
/* not implemented */
}
void
audit_run_command(const char *command)
@ -86,8 +87,8 @@ audit_run_command(const char *command)
void
audit_session_open(struct logininfo *li)
{
if (linux_audit_record_event(li->uid, NULL, li->hostname,
NULL, li->line, 1) == 0)
if (linux_audit_record_event(li->uid, NULL, li->hostname, NULL,
li->line, 1) == 0)
fatal("linux_audit_write_entry failed: %s", strerror(errno));
}
@ -109,7 +110,6 @@ audit_event(ssh_audit_event_t event)
case SSH_LOGIN_EXCEED_MAXTRIES:
case SSH_LOGIN_ROOT_DENIED:
break;
case SSH_AUTH_FAIL_NONE:
case SSH_AUTH_FAIL_PASSWD:
case SSH_AUTH_FAIL_KBDINT:
@ -120,10 +120,9 @@ audit_event(ssh_audit_event_t event)
linux_audit_record_event(-1, audit_username(), NULL,
ssh_remote_ipaddr(ssh), "sshd", 0);
break;
default:
debug("%s: unhandled event %d", __func__, event);
break;
}
}
#endif /* USE_LINUX_AUDIT */