search for: mm_answer_audit_command

...l, shuts up the warnings): ==== //depot/yahoo/ybsd_6/src/crypto/openssh/monitor.c#4 (text+ko) ==== @@ -272,7 +272,7 @@ {MONITOR_REQ_TERM, 0, mm_answer_term}, #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, - {MONITOR_REQ_AUDIT_COMMAND, MON_ONCE, mm_answer_audit_command}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, #endif {0, 0, NULL} }; I notice that early on it tries to enable MONITOR_REQ_AUDIT_COMMAND in mm_answer_pwnamallow(). However, this doesn't actually work as it tries to enable it in the monitor_dispatch table (whi...

...115 Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_request_receive entering Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_receive entering Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: monitor_read: checking request 114 Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_answer_audit_command entering Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: fatal: mm_answer_audit_command: error allocating a session Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: do_cleanup Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: cleanup Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: closin...

...> #endif @@ -52,6 +60,7 @@ #include <openssl/dh.h> #include "openbsd-compat/sys-queue.h" +#include "atomicio.h" #include "xmalloc.h" #include "ssh.h" #include "key.h" @@ -179,6 +188,8 @@ int mm_answer_audit_event(int, Buffer *) int mm_answer_audit_command(int, Buffer *); #endif +static int monitor_read_log(struct monitor *); + static Authctxt *authctxt; static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ @@ -346,6 +357,10 @@ monitor_child_preauth(Authctxt *_authctx debug3("preauth child monitor started"); + clos...

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"