- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
--with-audit=bsm to enable. Patch originally from Sun Microsystems,
parts by John R. Jackson. ok djm@
diff --git a/ChangeLog b/ChangeLog
index 836cc0d..87ae13a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20050220
+ - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
+ defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
+ --with-audit=bsm to enable. Patch originally from Sun Microsystems,
+ parts by John R. Jackson. ok djm@
+
20050216
- (djm) write seed to temporary file and atomically rename into place;
ok dtucker@
@@ -2148,4 +2154,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $
+$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $
diff --git a/LICENCE b/LICENCE
index f9062bd..ae03eb3 100644
--- a/LICENCE
+++ b/LICENCE
@@ -203,6 +203,7 @@
Wayne Schroeder
William Jones
Darren Tucker
+ Sun Microsystems
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
diff --git a/Makefile.in b/Makefile.in
index c6cfef1..71036c1 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $
+# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -85,7 +85,8 @@
monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
- loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ audit.o audit-bsm.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
diff --git a/README.platform b/README.platform
index 4e7b84d..af551de 100644
--- a/README.platform
+++ b/README.platform
@@ -32,8 +32,17 @@
Solaris
-------
-Currently, sshd does not support BSM auditting. This can show up as errors
-when editting cron entries via crontab. See.
-http://bugzilla.mindrot.org/show_bug.cgi?id=125
+If you enable BSM auditing on Solaris, you need to update audit_event(4)
+for praudit(1m) to give sensible output. The following line needs to be
+added to /etc/security/audit_event:
-$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $
+ 32800:AUE_openssh:OpenSSH login:lo
+
+The BSM audit event range available for third party TCB applications is
+32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
+There is no official registry of 3rd party event numbers, so if this
+number is already in use on your system, you may change it at build time
+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
+
+
+$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index fe6b002..1bf067a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $
+# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -881,6 +881,37 @@
fi ]
)
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)],
+ [
+ AC_MSG_CHECKING(for supported audit module)
+ case "$withval" in
+ bsm)
+ AC_MSG_RESULT(bsm)
+ AUDIT_MODULE=bsm
+ dnl Checks for headers, libs and functions
+ AC_CHECK_HEADERS(bsm/audit.h, [],
+ [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+ AC_CHECK_LIB(bsm, getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required library not found)])
+ AC_CHECK_FUNCS(getaudit, [],
+ [AC_MSG_ERROR(BSM enabled and required function not found)])
+ # These are optional
+ AC_CHECK_FUNCS(getaudit_addr gettext)
+ AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+ ;;
+ debug)
+ AUDIT_MODULE=debug
+ AC_MSG_RESULT(debug)
+ AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+ ;;
+ *)
+ AC_MSG_ERROR([Unknown audit module $withval])
+ ;;
+ esac ]
+)
+
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
@@ -1846,6 +1877,8 @@
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES(in_addr_t,,,[#include <netinet/in.h>])
+
AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
AC_TRY_COMPILE(
[
@@ -3195,3 +3228,7 @@
echo ""
fi
+if test "$AUDIT_MODULE" = "bsm" ; then
+ echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+ echo "See the Solaris section in README.platform for details."
+fi
diff --git a/defines.h b/defines.h
index 4d59408..7758bc3 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */
+/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
/* Constants */
@@ -288,6 +288,10 @@
};
#endif /* HAVE_SYS_UN_H */
+#ifndef HAVE_IN_ADDR_T
+typedef u_int32_t in_addr_t;
+#endif
+
#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
#define _STRUCT_WINSIZE
struct winsize {
@@ -530,6 +534,11 @@
# define getpgrp() getpgrp(0)
#endif
+#ifdef USE_BSM_AUDIT
+# define SSH_AUDIT_EVENTS
+# define CUSTOM_SSH_AUDIT_EVENTS
+#endif
+
/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
# define OPENSSL_free(x) Free(x)