diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-02-03 00:20:53 +1100 |
| commit | 269a1ea1c80a855d1eb74fccba6dd5c75947c5d2 (patch) | |
| tree | 2c3ece8547de7552c4c78337607a1a387decd797 /auth.c | |
| parent | 2fba993080eba14e339d6a6666ee79580ee20f97 (diff) | |
- (dtucker) [Makefile.in auth.c auth.h auth1.c auth2.c loginrec.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h session.c sshd.c] Bug #125:
(first stage) Add audit instrumentation to sshd, currently disabled by
default. with suggestions from and djm@
Diffstat (limited to 'auth.c')
| -rw-r--r-- | auth.c | 42 |
1 files changed, 42 insertions, 0 deletions
@@ -51,6 +51,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "bufaux.h" #include "packet.h" #include "loginrec.h" +#include "monitor_wrap.h" /* import */ extern ServerOptions options; @@ -251,6 +252,44 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) { + ssh_audit_event_t event; + + debug3("audit failed auth attempt, method %s euid %d", + method, (int)geteuid()); + /* + * Because the auth loop is used in both monitor and slave, + * we must be careful to send each event only once and with + * enough privs to write the event. + */ + event = audit_classify_auth(method); + switch(event) { + case AUTH_FAIL_NONE: + case AUTH_FAIL_PASSWD: + case AUTH_FAIL_KBDINT: + if (geteuid() == 0) + audit_event(event); + break; + case AUTH_FAIL_PUBKEY: + case AUTH_FAIL_HOSTBASED: + case AUTH_FAIL_GSSAPI: + /* + * This is required to handle the case where privsep + * is enabled but it's root logging in, since + * use_privsep won't be cleared until after a + * successful login. + */ + if (geteuid() == 0) + audit_event(event); + else + PRIVSEP(audit_event(event)); + break; + default: + error("unknown authentication audit event %d", event); + } + } +#endif } /* @@ -476,6 +515,9 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif +#ifdef AUDIT_EVENTS + audit_event(INVALID_USER); +#endif /* AUDIT_EVENTS */ return (NULL); } if (!allowed_user(pw)) |