- (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
This commit is contained in:
parent
2c2ac033c1
commit
acada07b52
|
@ -2,6 +2,9 @@
|
|||
- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
|
||||
since it now conflicts with the helper function in misc.c. From
|
||||
vinschen AT redhat.com.
|
||||
- (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
|
||||
of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
|
||||
Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
|
||||
|
||||
20080224
|
||||
- (tim) [contrib/cygwin/ssh-host-config]
|
||||
|
@ -3621,4 +3624,4 @@
|
|||
OpenServer 6 and add osr5bigcrypt support so when someone migrates
|
||||
passwords between UnixWare and OpenServer they will still work. OK dtucker@
|
||||
|
||||
$Id: ChangeLog,v 1.4839 2008/02/25 09:21:20 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.4840 2008/02/25 10:05:04 dtucker Exp $
|
||||
|
|
57
audit-bsm.c
57
audit-bsm.c
|
@ -1,4 +1,4 @@
|
|||
/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
|
||||
/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* TODO
|
||||
|
@ -40,7 +40,9 @@
|
|||
#include <sys/types.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "ssh.h"
|
||||
|
@ -62,8 +64,6 @@
|
|||
#if defined(HAVE_GETAUDIT_ADDR)
|
||||
#define AuditInfoStruct auditinfo_addr
|
||||
#define AuditInfoTermID au_tid_addr_t
|
||||
#define GetAuditFunc(a,b) getaudit_addr((a),(b))
|
||||
#define GetAuditFuncText "getaudit_addr"
|
||||
#define SetAuditFunc(a,b) setaudit_addr((a),(b))
|
||||
#define SetAuditFuncText "setaudit_addr"
|
||||
#define AUToSubjectFunc au_to_subject_ex
|
||||
|
@ -71,18 +71,16 @@
|
|||
#else
|
||||
#define AuditInfoStruct auditinfo
|
||||
#define AuditInfoTermID au_tid_t
|
||||
#define GetAuditFunc(a,b) getaudit(a)
|
||||
#define GetAuditFuncText "getaudit"
|
||||
#define SetAuditFunc(a,b) setaudit(a)
|
||||
#define SetAuditFuncText "setaudit"
|
||||
#define AUToSubjectFunc au_to_subject
|
||||
#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
|
||||
#endif
|
||||
|
||||
#ifndef cannot_audit
|
||||
extern int cannot_audit(int);
|
||||
#endif
|
||||
extern void aug_init(void);
|
||||
extern dev_t aug_get_port(void);
|
||||
extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
|
||||
extern void aug_save_auid(au_id_t);
|
||||
extern void aug_save_uid(uid_t);
|
||||
extern void aug_save_euid(uid_t);
|
||||
|
@ -118,6 +116,51 @@ static AuditInfoTermID ssh_bsm_tid;
|
|||
|
||||
/* Below is the low-level BSM interface code */
|
||||
|
||||
/*
|
||||
* aug_get_machine is only required on IPv6 capable machines, we use a
|
||||
* different mechanism in audit_connection_from() for IPv4-only machines.
|
||||
* getaudit_addr() is only present on IPv6 capable machines.
|
||||
*/
|
||||
#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
|
||||
extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
|
||||
#else
|
||||
static int
|
||||
aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
|
||||
{
|
||||
struct addrinfo *ai;
|
||||
struct sockaddr_in *in4;
|
||||
struct sockaddr_in6 *in6;
|
||||
int ret = 0, r;
|
||||
|
||||
if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
|
||||
error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
|
||||
r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
|
||||
return -1;
|
||||
}
|
||||
|
||||
switch (ai->ai_family) {
|
||||
case AF_INET:
|
||||
in4 = (struct sockaddr_in *)ai->ai_addr;
|
||||
*type = AU_IPv4;
|
||||
memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
|
||||
break;
|
||||
#ifdef AU_IPv6
|
||||
case AF_INET6:
|
||||
in6 = (struct sockaddr_in6 *)ai->ai_addr;
|
||||
*type = AU_IPv6;
|
||||
memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
error("BSM audit: unknown address family for %.100s: %d",
|
||||
host, ai->ai_family);
|
||||
ret = -1;
|
||||
}
|
||||
freeaddrinfo(ai);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Check if the specified event is selected (enabled) for auditing.
|
||||
* Returns 1 if the event is selected, 0 if not and -1 on failure.
|
||||
|
|
11
configure.ac
11
configure.ac
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.389 2008/01/02 07:08:45 dtucker Exp $
|
||||
# $Id: configure.ac,v 1.390 2008/02/25 10:05:04 dtucker Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
@ -15,7 +15,7 @@
|
|||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
||||
AC_REVISION($Revision: 1.389 $)
|
||||
AC_REVISION($Revision: 1.390 $)
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
|
@ -423,6 +423,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
|
|||
[Use tunnel device compatibility to OpenBSD])
|
||||
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
|
||||
[Prepend the address family to IP tunnel traffic])
|
||||
m4_pattern_allow(AU_IPv)
|
||||
AC_CHECK_DECL(AU_IPv4, [],
|
||||
AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
|
||||
[#include <bsm/audit.h>]
|
||||
)
|
||||
;;
|
||||
*-*-dragonfly*)
|
||||
SSHDLIBS="$SSHDLIBS -lcrypt"
|
||||
|
@ -1226,7 +1231,7 @@ AC_ARG_WITH(audit,
|
|||
AC_CHECK_FUNCS(getaudit, [],
|
||||
[AC_MSG_ERROR(BSM enabled and required function not found)])
|
||||
# These are optional
|
||||
AC_CHECK_FUNCS(getaudit_addr)
|
||||
AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
|
||||
AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
|
||||
;;
|
||||
debug)
|
||||
|
|
Loading…
Reference in New Issue