diff options
| author | Antonio Larrosa <alarrosa@suse.com> | 2024-08-23 12:21:06 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-08-28 14:09:46 +0200 |
| commit | 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad (patch) | |
| tree | ad32f593e8578ff9594ec326401916eb1f1e5563 | |
| parent | upstream: fix test: -F is the argument to specify a non-default (diff) | |
| download | openssh-05f2b141cfcc60c7cdedf9450d2b9d390c19eaad.tar.xz openssh-05f2b141cfcc60c7cdedf9450d2b9d390c19eaad.zip | |
Don't skip audit before exitting cleanup_exit
This fixes an issue where the SSH_CONNECTION_ABANDON event is not
audited because cleanup_exit overrides the regular _exit too soon and
as a result, failed auth attempts are not logged correctly.
The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29
where the code from upstream was merged before the audit_event call when
it should have been merged right before the _exit call in order to honor
the comment that just mentions an override of the exit value.
| -rw-r--r-- | sshd-session.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sshd-session.c b/sshd-session.c index d089f10de..757435a1f 100644 --- a/sshd-session.c +++ b/sshd-session.c @@ -1502,13 +1502,13 @@ cleanup_exit(int i) } } } - /* Override default fatal exit value when auth was attempted */ - if (i == 255 && auth_attempted) - _exit(EXIT_AUTH_ATTEMPTED); #ifdef SSH_AUDIT_EVENTS /* done after do_cleanup so it can cancel the PAM auth 'thread' */ if (the_active_state != NULL && mm_is_monitor()) audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif + /* Override default fatal exit value when auth was attempted */ + if (i == 255 && auth_attempted) + _exit(EXIT_AUTH_ATTEMPTED); _exit(i); } |