Bugzilla – Attachment 1422 Details for
Bug 1420
BSM support on Mac OS X
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Implement aug_get_machine for BSM audit support
openssh-bsm-aug_get_machine.patch (text/plain), 3.63 KB, created by
Darren Tucker
on 2007-12-24 06:40:29 AEDT
(
hide
)
Description:
Implement aug_get_machine for BSM audit support
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2007-12-24 06:40:29 AEDT
Size:
3.63 KB
patch
obsolete
>Index: audit-bsm.c >=================================================================== >RCS file: /cvs/openssh/audit-bsm.c,v >retrieving revision 1.5 >diff -u -p -r1.5 audit-bsm.c >--- audit-bsm.c 30 Sep 2006 22:09:50 -0000 1.5 >+++ audit-bsm.c 23 Dec 2007 18:51:43 -0000 >@@ -62,8 +63,6 @@ > #if defined(HAVE_GETAUDIT_ADDR) > #define AuditInfoStruct auditinfo_addr > #define AuditInfoTermID au_tid_addr_t >-#define GetAuditFunc(a,b) getaudit_addr((a),(b)) >-#define GetAuditFuncText "getaudit_addr" > #define SetAuditFunc(a,b) setaudit_addr((a),(b)) > #define SetAuditFuncText "setaudit_addr" > #define AUToSubjectFunc au_to_subject_ex >@@ -71,18 +70,16 @@ > #else > #define AuditInfoStruct auditinfo > #define AuditInfoTermID au_tid_t >-#define GetAuditFunc(a,b) getaudit(a) >-#define GetAuditFuncText "getaudit" > #define SetAuditFunc(a,b) setaudit(a) > #define SetAuditFuncText "setaudit" > #define AUToSubjectFunc au_to_subject > #define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) > #endif > >+#ifndef cannot_audit > extern int cannot_audit(int); >+#endif > extern void aug_init(void); >-extern dev_t aug_get_port(void); >-extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); > extern void aug_save_auid(au_id_t); > extern void aug_save_uid(uid_t); > extern void aug_save_euid(uid_t); >@@ -117,6 +114,49 @@ extern Authctxt *the_authctxt; > static AuditInfoTermID ssh_bsm_tid; > > /* Below is the low-level BSM interface code */ >+ >+/* >+ * aug_get_machine is only required on IPv6 capable machines, we use a >+ * different mechanism in audit_connection_from() for IPv4-only machines. >+ * getaudit_addr() is only present on IPv6 capable machines. >+ */ >+#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR) >+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); >+#else >+static int >+aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) >+{ >+ struct addrinfo *ai; >+ struct sockaddr_in *in4; >+ struct sockaddr_in6 *in6; >+ int ret = 0, r; >+ >+ if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) { >+ error("BSM audit: getaddrinfo failed for %.100s: %.100s", host, >+ r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); >+ return -1; >+ } >+ >+ switch (ai->ai_family) { >+ case AF_INET: >+ in4 = (struct sockaddr_in *)ai->ai_addr; >+ *type = AU_IPv4; >+ memcpy(addr, &in4->sin_addr, sizeof(struct in_addr)); >+ break; >+ case AF_INET6: >+ in6 = (struct sockaddr_in6 *)ai->ai_addr; >+ *type = AU_IPv6; >+ memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr)); >+ break; >+ default: >+ error("BSM audit: unknown address family for %.100s: %d", >+ host, ai->ai_family); >+ ret = -1; >+ } >+ freeaddrinfo(ai); >+ return ret; >+} >+#endif > > /* > * Check if the specified event is selected (enabled) for auditing. >Index: configure.ac >=================================================================== >RCS file: /cvs/openssh/configure.ac,v >retrieving revision 1.387 >diff -u -p -r1.387 configure.ac >--- configure.ac 2 Dec 2007 10:02:22 -0000 1.387 >+++ configure.ac 23 Dec 2007 18:51:53 -0000 >@@ -422,6 +422,9 @@ main() { if (NSVersionOfRunTimeLibrary(" > [Use tunnel device compatibility to OpenBSD]) > AC_DEFINE(SSH_TUN_PREPEND_AF, 1, > [Prepend the address family to IP tunnel traffic]) >+ m4_pattern_allow(AU_IPv) >+ AC_DEFINE(AU_IPv4, 0, [Need AU_IPv4 for BSM on OS X]) >+ AC_DEFINE(AU_IPv6, 1, [Need AU_IPv6 for BSM on OS X]) > ;; > *-*-dragonfly*) > SSHDLIBS="$SSHDLIBS -lcrypt" >@@ -1225,7 +1228,7 @@ AC_ARG_WITH(audit, > AC_CHECK_FUNCS(getaudit, [], > [AC_MSG_ERROR(BSM enabled and required function not found)]) > # These are optional >- AC_CHECK_FUNCS(getaudit_addr) >+ AC_CHECK_FUNCS(getaudit_addr aug_get_machine) > AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module]) > ;; > debug)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1422">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1420
:
1417
|
1422
|
1433