summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2019-01-20 14:55:27 +1100
committerDamien Miller <djm@mindrot.org>2019-01-20 14:55:27 +1100
commit9b655dc9c9a353f0a527f0c6c43a5e35653c9503 (patch)
tree78b3512ffa1a9e5b8d954aca6fb45a0a3045504b
parent3f0786bbe73609ac96e5a0d91425ee21129f8e04 (diff)
last bits of old packet API / active_state global
-rw-r--r--audit-bsm.c2
-rw-r--r--audit-linux.c4
-rw-r--r--audit.c2
-rw-r--r--audit.h4
-rw-r--r--auth.c4
-rw-r--r--auth2.c6
-rw-r--r--monitor.c2
-rw-r--r--monitor_wrap.c2
-rw-r--r--monitor_wrap.h2
-rw-r--r--regress/misc/kexfuzz/kexfuzz.c2
-rw-r--r--regress/unittests/kex/test_kex.c2
-rw-r--r--session.c32
-rw-r--r--ssh-keyscan.c2
-rw-r--r--ssh-keysign.c2
-rw-r--r--sshd.c8
15 files changed, 18 insertions, 58 deletions
diff --git a/audit-bsm.c b/audit-bsm.c
index 1409f69a..0ba16c72 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -391,7 +391,7 @@ audit_session_close(struct logininfo *li)
}
void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
char textbuf[BSM_TEXTBUFSZ];
static int logged_in = 0;
diff --git a/audit-linux.c b/audit-linux.c
index 136ed76b..3fcbe5c5 100644
--- a/audit-linux.c
+++ b/audit-linux.c
@@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li)
}
void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
- struct ssh *ssh = active_state; /* XXX */
-
switch(event) {
case SSH_AUTH_SUCCESS:
case SSH_CONNECTION_CLOSE:
diff --git a/audit.c b/audit.c
index 33a04376..dd2f0355 100644
--- a/audit.c
+++ b/audit.c
@@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port)
* events and what they mean).
*/
void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
debug("audit event euid %d user %s event %d (%s)", geteuid(),
audit_username(), event, audit_event_lookup(event));
diff --git a/audit.h b/audit.h
index 0b593666..38cb5ad3 100644
--- a/audit.h
+++ b/audit.h
@@ -27,6 +27,8 @@
#include "loginrec.h"
+struct ssh;
+
enum ssh_audit_event_type {
SSH_LOGIN_EXCEED_MAXTRIES,
SSH_LOGIN_ROOT_DENIED,
@@ -46,7 +48,7 @@ enum ssh_audit_event_type {
typedef enum ssh_audit_event_type ssh_audit_event_t;
void audit_connection_from(const char *, int);
-void audit_event(ssh_audit_event_t);
+void audit_event(struct ssh *, ssh_audit_event_t);
void audit_session_open(struct logininfo *);
void audit_session_close(struct logininfo *);
void audit_run_command(const char *);
diff --git a/auth.c b/auth.c
index a4c1dece..62c58e72 100644
--- a/auth.c
+++ b/auth.c
@@ -367,7 +367,7 @@ auth_log(struct ssh *ssh, int authenticated, int partial,
#endif
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
- audit_event(audit_classify_auth(method));
+ audit_event(ssh, audit_classify_auth(method));
#endif
}
@@ -605,7 +605,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
#endif
#ifdef SSH_AUDIT_EVENTS
- audit_event(SSH_INVALID_USER);
+ audit_event(ssh, SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
return (NULL);
}
diff --git a/auth2.c b/auth2.c
index a80b3f87..e43350c3 100644
--- a/auth2.c
+++ b/auth2.c
@@ -294,7 +294,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
/* Invalid user, fake password information */
authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_INVALID_USER));
+ PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
#endif
}
#ifdef USE_PAM
@@ -369,7 +369,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
!auth_root_allowed(ssh, method)) {
authenticated = 0;
#ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+ PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
#endif
}
@@ -430,7 +430,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+ PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
#endif
auth_maxtries_exceeded(ssh);
}
diff --git a/monitor.c b/monitor.c
index 5fa30b2a..a9546dad 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1628,7 +1628,7 @@ mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
case SSH_LOGIN_ROOT_DENIED:
case SSH_CONNECTION_CLOSE:
case SSH_INVALID_USER:
- audit_event(event);
+ audit_event(ssh, event);
break;
default:
fatal("Audit event type %d not permitted", event);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f52b9c88..9e3c7cd1 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -867,7 +867,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
#ifdef SSH_AUDIT_EVENTS
void
-mm_audit_event(ssh_audit_event_t event)
+mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
{
struct sshbuf *m;
int r;
diff --git a/monitor_wrap.h b/monitor_wrap.h
index c7e0c91d..fdebb3aa 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -76,7 +76,7 @@ void mm_sshpam_free_ctx(void *);
#ifdef SSH_AUDIT_EVENTS
#include "audit.h"
-void mm_audit_event(ssh_audit_event_t);
+void mm_audit_event(struct ssh *, ssh_audit_event_t);
void mm_audit_run_command(const char *);
#endif
diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
index 3e2c4816..61cae042 100644
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ b/regress/misc/kexfuzz/kexfuzz.c
@@ -29,8 +29,6 @@
#include "authfile.h"
#include "log.h"
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
void kex_tests(void);
static int do_debug = 0;
diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index 90f1ebf4..112bc549 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -24,8 +24,6 @@
#include "packet.h"
#include "myproposal.h"
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
void kex_tests(void);
static int do_debug = 0;
diff --git a/session.c b/session.c
index b5a38247..4862e5d6 100644
--- a/session.c
+++ b/session.c
@@ -123,9 +123,6 @@ int do_exec_no_pty(struct ssh *, Session *, const char *);
int do_exec(struct ssh *, Session *, const char *);
void do_login(struct ssh *, Session *, const char *);
void do_child(struct ssh *, Session *, const char *);
-#ifdef LOGIN_NEEDS_UTMPX
-static void do_pre_login(Session *s);
-#endif
void do_motd(void);
int check_quietlogin(Session *, const char *);
@@ -656,35 +653,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
return 0;
}
-#ifdef LOGIN_NEEDS_UTMPX
-static void
-do_pre_login(Session *s)
-{
- struct ssh *ssh = active_state; /* XXX */
- socklen_t fromlen;
- struct sockaddr_storage from;
- pid_t pid = getpid();
-
- /*
- * Get IP address of client. If the connection is not a socket, let
- * the address be 0.0.0.0.
- */
- memset(&from, 0, sizeof(from));
- fromlen = sizeof(from);
- if (packet_connection_is_on_socket()) {
- if (getpeername(packet_get_connection_in(),
- (struct sockaddr *)&from, &fromlen) < 0) {
- debug("getpeername: %.100s", strerror(errno));
- cleanup_exit(255);
- }
- }
-
- record_utmp_only(pid, s->tty, s->pw->pw_name,
- session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
- (struct sockaddr *)&from, fromlen);
-}
-#endif
-
/*
* This is called to fork and execute a command. If another command is
* to be forced, execute that instead.
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 38b1c548..88449f67 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -83,8 +83,6 @@ fd_set *read_wait;
size_t read_wait_nfdset;
int ncon;
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
/*
* Keep a connection structure for each file descriptor. The state
* associated with file descriptor n is held in fdcon[n].
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 7ea5ad0e..601f6ca7 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -59,8 +59,6 @@
#include "sshkey.h"
#include "ssherr.h"
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
extern char *__progname;
static int
diff --git a/sshd.c b/sshd.c
index 58d17e54..f6927672 100644
--- a/sshd.c
+++ b/sshd.c
@@ -2080,7 +2080,7 @@ main(int ac, char **av)
}
#ifdef SSH_AUDIT_EVENTS
- audit_event(SSH_AUTH_SUCCESS);
+ audit_event(ssh, SSH_AUTH_SUCCESS);
#endif
#ifdef GSSAPI
@@ -2128,7 +2128,7 @@ main(int ac, char **av)
#endif /* USE_PAM */
#ifdef SSH_AUDIT_EVENTS
- PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+ PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE));
#endif
ssh_packet_close(ssh);
@@ -2256,8 +2256,8 @@ cleanup_exit(int i)
}
#ifdef SSH_AUDIT_EVENTS
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
- if (!use_privsep || mm_is_monitor())
- audit_event(SSH_CONNECTION_ABANDON);
+ if (the_active_state != NULL && (!use_privsep || mm_is_monitor()))
+ audit_event(the_active_state, SSH_CONNECTION_ABANDON);
#endif
_exit(i);
}