# bnc#752354, bnc#757360 # prevent timeouts in libaudit code caused by DNS misconfiguration by # explicitely disabling DNS lookups in libaudit when UseDNS is false. # Note that this particular solution causes the logs to always contain # "hostname=?, addr=?" when DNS lookups are disabled. diff --git a/openssh-6.5p1/audit-linux.c b/openssh-6.5p1/audit-linux.c --- a/openssh-6.5p1/audit-linux.c +++ b/openssh-6.5p1/audit-linux.c @@ -62,17 +62,17 @@ linux_audit_user_logxxx(int uid, const c if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return; /* No audit support in kernel */ else goto fatal_report; /* Must prevent login */ } rc = audit_log_acct_message(audit_fd, event, NULL, "login", username ? username : "(unknown)", - username == NULL ? uid : -1, hostname, ip, ttyn, success); + username == NULL ? uid : -1, options.use_dns ? hostname : NULL, ip, ttyn, success); saved_errno = errno; close(audit_fd); /* * Do not report error if the error is EPERM and sshd is run as non * root user. */ if ((rc == -EPERM) && (geteuid() != 0)) rc = 0; @@ -114,17 +114,17 @@ linux_audit_user_auth(int uid, const cha goto fatal_report; /* Must prevent login */ } if ((event < 0) || (event > SSH_AUDIT_UNKNOWN)) event = SSH_AUDIT_UNKNOWN; rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, event_name[event], username ? username : "(unknown)", - username == NULL ? uid : -1, hostname, ip, ttyn, success); + username == NULL ? uid : -1, options.use_dns ? hostname : NULL, ip, ttyn, success); saved_errno = errno; close(audit_fd); /* * Do not report error if the error is EPERM and sshd is run as non * root user. */ if ((rc == -EPERM) && (geteuid() != 0)) rc = 0;