[Bug 125] add BSM audit support
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Feb 2 15:46:22 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=125
------- Additional Comments From djm at mindrot.org 2005-02-02 15:46 -------
(From update of attachment 796)
>+/* helper to return supplied username */
>+static const char *
>+audit_username(void)
>+{
>+ static const char unknownuser[] = "(unknown user)";
>+
>+ if (the_authctxt == NULL || the_authctxt->user == NULL)
>+ return (unknownuser);
>+ return (the_authctxt->user);
What about when !authctxt->valid, shouldn't it return "Invalid User" or
something to prevent leakage of mistyped passwords into logs?
>+void
>+audit_connection_from(const char *host, int port)
>+{
>+ debug("%s: euid %d connection from %s port %d", __func__, geteuid(),
>+ host, port);
>+}
Remember: __func__ is verboten :)
>+/*
>+ * Called when various events occur (see audit.h for a list of possible
>+ * events and what they mean).
>+ */
>+void
>+audit_event(ssh_audit_event_t event)
>+{
>+ char *eventstr[] = {
>+ "LOGIN_EXCEED_MAXTRIES",
>+ "LOGIN_ROOT_DENIED",
>+ "AUTH_SUCCESS",
>+ "AUTH_FAIL_NONE",
>+ "AUTH_FAIL_PASSWD",
>+ "AUTH_FAIL_KBDINT",
>+ "AUTH_FAIL_PUBKEY",
>+ "AUTH_FAIL_HOSTBASED",
>+ "AUTH_FAIL_GSSAPI",
>+ "INVALID_USER",
>+ "NOLOGIN",
>+ "CONNECTION_CLOSE",
>+ "CONNECTION_ABANDON",
>+ "AUDIT_UNKNOWN"
>+ };
Rather than maintaining this list and the mapping for auth method names earlier
in this file, would it be nicer to whack them all into an array-of-struct (int,
char*, char*) and provide lookup functions?
Looks OK otherwise
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list