last bits of old packet API / active_state global

author: Damien Miller <djm@mindrot.org> 2019-01-20 14:55:27 +1100
committer: Damien Miller <djm@mindrot.org> 2019-01-20 14:55:27 +1100
commit: 9b655dc9c9a353f0a527f0c6c43a5e35653c9503 (patch)
tree: 78b3512ffa1a9e5b8d954aca6fb45a0a3045504b
parent: 3f0786bbe73609ac96e5a0d91425ee21129f8e04 (diff)
15 files changed, 18 insertions, 58 deletions
diff --git a/audit-bsm.c b/audit-bsm.c
index 1409f69a..0ba16c72 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li)
 }
 
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	char    textbuf[BSM_TEXTBUFSZ];
 	static int logged_in = 0;
diff --git a/audit-linux.c b/audit-linux.c
index 136ed76b..3fcbe5c5 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li)
 }
 
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
-	struct ssh *ssh = active_state; /* XXX */
-
 	switch(event) {
 	case SSH_AUTH_SUCCESS:
 	case SSH_CONNECTION_CLOSE:
diff --git a/audit.c b/audit.c
index 33a04376..dd2f0355 100644
--- a/audit.c
+++ b/audit.c
@@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port)
  * events and what they mean).
  */
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	debug("audit event euid %d user %s event %d (%s)", geteuid(),
 	    audit_username(), event, audit_event_lookup(event));
diff --git a/audit.h b/audit.h
index 0b593666..38cb5ad3 100644
--- a/audit.h
+++ b/audit.h
@@ -27,6 +27,8 @@
 
 #include "loginrec.h"
 
+struct ssh;
+
 enum ssh_audit_event_type {
 	SSH_LOGIN_EXCEED_MAXTRIES,
 	SSH_LOGIN_ROOT_DENIED,
@@ -46,7 +48,7 @@ enum ssh_audit_event_type {
 typedef enum ssh_audit_event_type ssh_audit_event_t;
 
 void	audit_connection_from(const char *, int);
-void	audit_event(ssh_audit_event_t);
+void	audit_event(struct ssh *, ssh_audit_event_t);
 void	audit_session_open(struct logininfo *);
 void	audit_session_close(struct logininfo *);
 void	audit_run_command(const char *);
diff --git a/auth.c b/auth.c
index a4c1dece..62c58e72 100644
--- a/auth.c
+++ b/auth.c
@@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
 #endif
 #ifdef SSH_AUDIT_EVENTS
 	if (authenticated == 0 && !authctxt->postponed)
-		audit_event(audit_classify_auth(method));
+		audit_event(ssh, audit_classify_auth(method));
 #endif
 }
 
@@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
 #endif
 #ifdef SSH_AUDIT_EVENTS
-		audit_event(SSH_INVALID_USER);
+		audit_event(ssh, SSH_INVALID_USER);
 #endif /* SSH_AUDIT_EVENTS */
 		return (NULL);
 	}
diff --git a/auth2.c b/auth2.c
index a80b3f87..e43350c3 100644
--- a/auth2.c
+++ b/auth2.c
@@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_INVALID_USER));
+			PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
 #endif
 		}
 #ifdef USE_PAM
@@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 	    !auth_root_allowed(ssh, method)) {
 		authenticated = 0;
 #ifdef SSH_AUDIT_EVENTS
-		PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+		PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
 #endif
 	}
 
@@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+			PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
 			auth_maxtries_exceeded(ssh);
 		}
diff --git a/monitor.c b/monitor.c
index 5fa30b2a..a9546dad 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
 	case SSH_LOGIN_ROOT_DENIED:
 	case SSH_CONNECTION_CLOSE:
 	case SSH_INVALID_USER:
-		audit_event(event);
+		audit_event(ssh, event);
 		break;
 	default:
 		fatal("Audit event type %d not permitted", event);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f52b9c88..9e3c7cd1 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
 
 #ifdef SSH_AUDIT_EVENTS
 void
-mm_audit_event(ssh_audit_event_t event)
+mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	struct sshbuf *m;
 	int r;
diff --git a/monitor_wrap.h b/monitor_wrap.h
index c7e0c91d..fdebb3aa 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *);
 
 #ifdef SSH_AUDIT_EVENTS
 #include "audit.h"
-void mm_audit_event(ssh_audit_event_t);
+void mm_audit_event(struct ssh *, ssh_audit_event_t);
 void mm_audit_run_command(const char *);
 #endif
 
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 3e2c4816..61cae042 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -29,8 +29,6 @@
 #include "authfile.h"
 #include "log.h"
 
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
 void kex_tests(void);
 static int do_debug = 0;
 
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index 90f1ebf4..112bc549 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -24,8 +24,6 @@
 #include "packet.h"
 #include "myproposal.h"
 
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
 void kex_tests(void);
 static int do_debug = 0;
 
diff --git a/session.c b/session.c
index b5a38247..4862e5d6 100644
--- a/session.c
+++ b/session.c
@@ -123,9 +123,6 @@ int	do_exec_no_pty(struct ssh *, Session *, const char *);
 int	do_exec(struct ssh *, Session *, const char *);
 void	do_login(struct ssh *, Session *, const char *);
 void	do_child(struct ssh *, Session *, const char *);
-#ifdef LOGIN_NEEDS_UTMPX
-static void	do_pre_login(Session *s);
-#endif
 void	do_motd(void);
 int	check_quietlogin(Session *, const char *);
 
@@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
 	return 0;
 }
 
-#ifdef LOGIN_NEEDS_UTMPX
-static void
-do_pre_login(Session *s)
-{
-	struct ssh *ssh = active_state;	/* XXX */
-	socklen_t fromlen;
-	struct sockaddr_storage from;
-	pid_t pid = getpid();
-
-	/*
-	 * Get IP address of client. If the connection is not a socket, let
-	 * the address be 0.0.0.0.
-	 */
-	memset(&from, 0, sizeof(from));
-	fromlen = sizeof(from);
-	if (packet_connection_is_on_socket()) {
-		if (getpeername(packet_get_connection_in(),
-		    (struct sockaddr *)&from, &fromlen) < 0) {
-			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(255);
-		}
-	}
-
-	record_utmp_only(pid, s->tty, s->pw->pw_name,
-	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
-	    (struct sockaddr *)&from, fromlen);
-}
-#endif
-
 /*
  * This is called to fork and execute a command.  If another command is
  * to be forced, execute that instead.
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 38b1c548..88449f67 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -83,8 +83,6 @@ fd_set *read_wait;
 size_t read_wait_nfdset;
 int ncon;
 
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
 /*
  * Keep a connection structure for each file descriptor.  The state
  * associated with file descriptor n is held in fdcon[n].
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 7ea5ad0e..601f6ca7 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -59,8 +59,6 @@
 #include "sshkey.h"
 #include "ssherr.h"
 
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
 extern char *__progname;
 
 static int
diff --git a/sshd.c b/sshd.c
index 58d17e54..f6927672 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2080,7 +2080,7 @@ main(int ac, char **av)
 	}
 
 #ifdef SSH_AUDIT_EVENTS
-	audit_event(SSH_AUTH_SUCCESS);
+	audit_event(ssh, SSH_AUTH_SUCCESS);
 #endif
 
 #ifdef GSSAPI
@@ -2128,7 +2128,7 @@ main(int ac, char **av)
 #endif /* USE_PAM */
 
 #ifdef SSH_AUDIT_EVENTS
-	PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+	PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE));
 #endif
 
 	ssh_packet_close(ssh);
@@ -2256,8 +2256,8 @@ cleanup_exit(int i)
 	}
 #ifdef SSH_AUDIT_EVENTS
 	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
-	if (!use_privsep || mm_is_monitor())
-		audit_event(SSH_CONNECTION_ABANDON);
+	if (the_active_state != NULL && (!use_privsep || mm_is_monitor()))
+		audit_event(the_active_state, SSH_CONNECTION_ABANDON);
 #endif
 	_exit(i);
 }
author	Damien Miller <djm@mindrot.org>	2019-01-20 14:55:27 +1100
committer	Damien Miller <djm@mindrot.org>	2019-01-20 14:55:27 +1100
commit	9b655dc9c9a353f0a527f0c6c43a5e35653c9503 (patch)
tree	78b3512ffa1a9e5b8d954aca6fb45a0a3045504b
parent	3f0786bbe73609ac96e5a0d91425ee21129f8e04 (diff)