[Bug 125] with BSM auditing, cron editing thru ssh session causes cron jobs to fail

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jun 1 08:36:59 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=125





------- Additional Comments From djm at mindrot.org  2004-06-01 08:36 -------
(From update of attachment 647)
>+#ifdef AUDIT_EVENTS
>+			PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
>+#endif

How about removing the #ifdefs and just making audit_event a no-op for the
non-audit case?

>Index: sshaudit.h
>===================================================================
>RCS file: sshaudit.h
>diff -N sshaudit.h
>--- /dev/null	1 Jan 1970 00:00:00 -0000
>+++ sshaudit.h	31 May 2004 12:10:20 -0000
>@@ -0,0 +1,22 @@
>+#include "auth.h"
>+
>+#ifndef SSHAUDIT_H
>+# define SSHAUDIT_H
>+enum audit_event_type {
>+	AUTH_FAILED,	/* ? */
>+        LOGIN_SUCCESS,
>+	LOGIN_EXCEED_MAXTRIES,
>+	LOGIN_FAIL_BADPW,
>+	ILLEGAL_USER,
>+	ROOT_NOT_CONSOLE,
>+        NOLOGIN,
>+        LOGOUT
>+};

indenting looks wonky here

>+#if defined(HAVE_GETAUDIT_ADDR)
>+	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
>+	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
>+#else
>+	ia = inet_addr(host);
>+	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
>+	sav_iptype = 0;			/* not used, but just in case */
>+#endif

How does this cope with INET6 addresses? or is this code path only taken when
the machine is old ipv4 API only?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list