- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac

defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
   parts by John R. Jackson.  ok djm@

ChangeLog

@@ -1,3 +1,9 @@
+20050220
+ - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
+   defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
+   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
+   parts by John R. Jackson.  ok djm@
+
 20050216
  - (djm) write seed to temporary file and atomically rename into place; 
    ok dtucker@
@@ -2148,4 +2154,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $
+$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $

LICENCE

@@ -203,6 +203,7 @@ OpenSSH contains no GPL code.
 	Wayne Schroeder
 	William Jones
 	Darren Tucker
+	Sun Microsystems
 
      * Redistribution and use in source and binary forms, with or without
      * modification, are permitted provided that the following conditions

Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $
+# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
 	auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
-	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
+	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+	audit.o audit-bsm.o
 
 MANPAGES	= scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5

README.platform

@@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel.
 
 Solaris
 -------
-Currently, sshd does not support BSM auditting.  This can show up as errors
+If you enable BSM auditing on Solaris, you need to update audit_event(4)
-when editting cron entries via crontab.  See.
+for praudit(1m) to give sensible output.  The following line needs to be
-http://bugzilla.mindrot.org/show_bug.cgi?id=125
+added to /etc/security/audit_event:
 
-$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $
+	32800:AUE_openssh:OpenSSH login:lo
+
+The BSM audit event range available for third party TCB applications is
+32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
+There is no official registry of 3rd party event numbers, so if this
+number is already in use on your system, you may change it at build time
+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
+
+
+$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $
+# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -881,6 +881,37 @@ AC_ARG_WITH(libedit,
 	fi ]
 )
 
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+	[  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
+	[
+	  AC_MSG_CHECKING(for supported audit module)
+	  case "$withval" in
+	  bsm)
+		AC_MSG_RESULT(bsm)
+		AUDIT_MODULE=bsm
+		dnl    Checks for headers, libs and functions
+		AC_CHECK_HEADERS(bsm/audit.h, [],
+		    [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+		AC_CHECK_LIB(bsm, getaudit, [],
+		    [AC_MSG_ERROR(BSM enabled and required library not found)])
+		AC_CHECK_FUNCS(getaudit, [],
+		    [AC_MSG_ERROR(BSM enabled and required function not found)])
+		# These are optional
+		AC_CHECK_FUNCS(getaudit_addr gettext)
+		AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+		;;
+	  debug)
+		AUDIT_MODULE=debug
+		AC_MSG_RESULT(debug)
+		AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+		;;
+	  *)
+		AC_MSG_ERROR([Unknown audit module $withval])
+		;;
+	esac ]
+)
+
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
 	arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
@@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T
 
 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
 
+AC_CHECK_TYPES(in_addr_t,,,[#include <netinet/in.h>])
+
 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
 	AC_TRY_COMPILE(
 		[
@@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then
 	echo ""
 fi
 
+if test "$AUDIT_MODULE" = "bsm" ; then
+	echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+	echo "See the Solaris section in README.platform for details."
+fi

defines.h

@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */
+/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
 
 
 /* Constants */
@@ -288,6 +288,10 @@ struct	sockaddr_un {
 };
 #endif /* HAVE_SYS_UN_H */
 
+#ifndef HAVE_IN_ADDR_T
+typedef u_int32_t	in_addr_t;
+#endif
+
 #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
 #define _STRUCT_WINSIZE
 struct winsize {
@@ -530,6 +534,11 @@ struct winsize {
 # define getpgrp() getpgrp(0)
 #endif
 
+#ifdef USE_BSM_AUDIT
+# define SSH_AUDIT_EVENTS
+# define CUSTOM_SSH_AUDIT_EVENTS
+#endif
+
 /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
 # define OPENSSL_free(x) Free(x)