summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Weingärtner <timo@tiwe.de>2014-05-26 23:36:33 +0200
committerTimo Weingärtner <timo@tiwe.de>2014-05-26 23:36:33 +0200
commit4318a9a998f78f1d6ee4d32facd0fc8e1e231179 (patch)
treed6721370013947314029bcb881a9ef98a3c47b7c
parent5cc6f72612187001f70255f6097437381cf49bba (diff)
downloadssh-agent-filter-4318a9a998f78f1d6ee4d32facd0fc8e1e231179.tar.gz
add dissection of pam_ssh_agent_auth data
-rw-r--r--ssh-agent-filter.C51
1 files changed, 51 insertions, 0 deletions
diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C
index 5aedb35..7ac2687 100644
--- a/ssh-agent-filter.C
+++ b/ssh-agent-filter.C
@@ -66,6 +66,8 @@ using std::count;
using std::mutex;
using std::lock_guard;
+#include <chrono>
+
#include <cerrno>
#include <csignal>
#include <cstdlib>
@@ -339,6 +341,55 @@ bool dissect_auth_data_ssh (rfc4251string const & data, string & request_descrip
request_description = "The request is for an ssh connection as user '" + string{username} + "' with service name '" + string{servicename} + "'.";
+ if (string{servicename} == "pam_ssh_agent_auth") try {
+ clog << base64_encode(session_identifier) << endl;
+ io::stream<io::array_source> idstream{session_identifier.data(), session_identifier.size()};
+ arm(idstream);
+
+ rfc4251uint32 type{idstream};
+ if (type == 101) {
+ // PAM_SSH_AGENT_AUTH_REQUESTv1
+ rfc4251string cookie{idstream};
+ rfc4251string user{idstream};
+ rfc4251string ruser{idstream};
+ rfc4251string pam_service{idstream};
+ rfc4251string pwd{idstream};
+ rfc4251string action{idstream};
+ rfc4251string hostname{idstream};
+ rfc4251uint64 timestamp{idstream};
+
+ string singleuser{user};
+ if (user != ruser)
+ singleuser += " (" + string{ruser} + ")";
+
+ string additional;
+ additional += "User '" + singleuser + "' wants to use '" + string{pam_service};
+ additional += "' in '" + string{pwd};
+
+ io::stream<io::array_source> actionstream{action.data(), action.size()};
+ arm(actionstream);
+
+ rfc4251uint32 argc{actionstream};
+
+ if (argc) {
+ additional += " to run";
+ for (uint32_t i = argc; i; --i) {
+ rfc4251string argv{actionstream};
+ additional += ' ' + string{argv};
+ }
+ }
+
+ additional += " on " + string{hostname} + ".\n";
+
+ auto now = std::chrono::system_clock::now();
+ auto req_time = std::chrono::system_clock::from_time_t(static_cast<uint64_t>(timestamp));
+ auto timediff = std::chrono::duration_cast<std::chrono::seconds>(now - req_time).count();
+
+ additional += "The request was generated " + std::to_string(timediff) + " seconds ago.\n";
+ request_description = move(additional);
+ }
+ } catch (...) {}
+
return true;
} catch (...) {
return false;