Bug 184247

Summary: sshd closes connections if audit is not supported by the kernel
Product: [Fedora] Fedora Reporter: Max Krasnyansky <maxk>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-07 16:06:34 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Max Krasnyansky 2006-03-07 13:02:22 EST
Latest sshd (in openssh) is closing connections (ie refusing logins) right after
authentication (even if auth is successeful) if audit is not supported by the
kernel. 
It's supposed to check whether audit is supported and if it is let the login go
through. But current check is wrong. It only checks if socket creation failed. 
The patch basically looks like this

 --- openssh-4.3p2/loginrec.c    2006-03-07 10:02:29.000000000 -0800
+++ openssh-4.3p2.good/loginrec.c       2006-03-07 09:24:57.000000000 -0800
@@ -1404,6 +1404,14 @@
                else
                        return 0; /* Must prevent login */
        }
+
+       rc = audit_request_status(audit_fd);
+       if (rc < 0) {
+               if (errno == ECONNREFUSED)
+                       return 1; /* No audit support in kernel */
+               return 0; /* Must prevent login */
+       }
+
Comment 1 Tomas Mraz 2006-03-07 16:06:34 EST

*** This bug has been marked as a duplicate of 183243 ***