Attachment #1433 for bug #1420




#if defined(HAVE_GETAUDIT_ADDR)
#define	AuditInfoStruct		auditinfo_addr
#define AuditInfoTermID		au_tid_addr_t
#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
#define GetAuditFuncText	"getaudit_addr"
#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
#define SetAuditFuncText	"setaudit_addr"
#define AUToSubjectFunc		au_to_subject_ex

#else
#define	AuditInfoStruct		auditinfo
#define AuditInfoTermID		au_tid_t
#define GetAuditFunc(a,b)	getaudit(a)
#define GetAuditFuncText	"getaudit"
#define SetAuditFunc(a,b)	setaudit(a)
#define SetAuditFuncText	"setaudit"
#define AUToSubjectFunc		au_to_subject
#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
#endif

#ifndef cannot_audit
extern int	cannot_audit(int);
#endif
extern void	aug_init(void);
extern dev_t	aug_get_port(void);
extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
extern void	aug_save_auid(au_id_t);
extern void	aug_save_uid(uid_t);
extern void	aug_save_euid(uid_t);

static AuditInfoTermID ssh_bsm_tid;

/* Below is the low-level BSM interface code */

/*
 * aug_get_machine is only required on IPv6 capable machines, we use a
 * different mechanism in audit_connection_from() for IPv4-only machines.
 * getaudit_addr() is only present on IPv6 capable machines.
 */
#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
#else
static int
aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
{
	struct addrinfo *ai; 
	struct sockaddr_in *in4;
	struct sockaddr_in6 *in6;
	int ret = 0, r;

	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
		error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
		    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		return -1;
	}
	
	switch (ai->ai_family) {
	case AF_INET:
		in4 = (struct sockaddr_in *)ai->ai_addr;
		*type = AU_IPv4;
		memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
		break;
#ifdef AU_IPv6
	case AF_INET6: 
		in6 = (struct sockaddr_in6 *)ai->ai_addr;
		*type = AU_IPv6;
		memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
		break;
#endif
	default:
		error("BSM audit: unknown address family for %.100s: %d",
		    host, ai->ai_family);
		ret = -1;
	}
	freeaddrinfo(ai);
	return ret;
}
#endif

/*
 * Check if the specified event is selected (enabled) for auditing.

Lines 423-428 main() { if (NSVersionOfRunTimeLibrary(" Link Here

(-)configure.ac (-1 / +6 lines)
423	[Use tunnel device compatibility to OpenBSD])	423	[Use tunnel device compatibility to OpenBSD])
424	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,	424	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
425	[Prepend the address family to IP tunnel traffic])	425	[Prepend the address family to IP tunnel traffic])
		426	m4_pattern_allow(AU_IPv)
		427	AC_CHECK_DECL(AU_IPv4, [],
		428	AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
		429	[#include <bsm/audit.h>]
		430	)
426	;;	431	;;
427	--dragonfly*)	432	--dragonfly*)
428	SSHDLIBS="$SSHDLIBS -lcrypt"	433	SSHDLIBS="$SSHDLIBS -lcrypt"
Lines 1226-1232 AC_ARG_WITH(audit, Link Here
1226	AC_CHECK_FUNCS(getaudit, [],	1231	AC_CHECK_FUNCS(getaudit, [],
1227	[AC_MSG_ERROR(BSM enabled and required function not found)])	1232	[AC_MSG_ERROR(BSM enabled and required function not found)])
1228	# These are optional	1233	# These are optional
1229	AC_CHECK_FUNCS(getaudit_addr)	1234	AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1230	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])	1235	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1231	;;	1236	;;
1232	debug)	1237	debug)

Return to bug 1420

Lines 62-69 Link Here

(-)audit-bsm.c (-6 / +47 lines)
62	#if defined(HAVE_GETAUDIT_ADDR)	62	#if defined(HAVE_GETAUDIT_ADDR)
63	#define AuditInfoStruct auditinfo_addr	63	#define AuditInfoStruct auditinfo_addr
64	#define AuditInfoTermID au_tid_addr_t	64	#define AuditInfoTermID au_tid_addr_t
65	#define GetAuditFunc(a,b) getaudit_addr((a),(b))
66	#define GetAuditFuncText "getaudit_addr"
67	#define SetAuditFunc(a,b) setaudit_addr((a),(b))	65	#define SetAuditFunc(a,b) setaudit_addr((a),(b))
68	#define SetAuditFuncText "setaudit_addr"	66	#define SetAuditFuncText "setaudit_addr"
69	#define AUToSubjectFunc au_to_subject_ex	67	#define AUToSubjectFunc au_to_subject_ex
Lines 71-88 Link Here
71	#else	69	#else
72	#define AuditInfoStruct auditinfo	70	#define AuditInfoStruct auditinfo
73	#define AuditInfoTermID au_tid_t	71	#define AuditInfoTermID au_tid_t
74	#define GetAuditFunc(a,b) getaudit(a)
75	#define GetAuditFuncText "getaudit"
76	#define SetAuditFunc(a,b) setaudit(a)	72	#define SetAuditFunc(a,b) setaudit(a)
77	#define SetAuditFuncText "setaudit"	73	#define SetAuditFuncText "setaudit"
78	#define AUToSubjectFunc au_to_subject	74	#define AUToSubjectFunc au_to_subject
79	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))	75	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
80	#endif	76	#endif
81		77
		78	#ifndef cannot_audit
82	extern int cannot_audit(int);	79	extern int cannot_audit(int);
		80	#endif
83	extern void aug_init(void);	81	extern void aug_init(void);
84	extern dev_t aug_get_port(void);
85	extern int aug_get_machine(char , u_int32_t , u_int32_t *);
86	extern void aug_save_auid(au_id_t);	82	extern void aug_save_auid(au_id_t);
87	extern void aug_save_uid(uid_t);	83	extern void aug_save_uid(uid_t);
88	extern void aug_save_euid(uid_t);	84	extern void aug_save_euid(uid_t);
Lines 117-122 extern Authctxt *the_authctxt; Link Here
117	static AuditInfoTermID ssh_bsm_tid;	113	static AuditInfoTermID ssh_bsm_tid;
118		114
119	/* Below is the low-level BSM interface code */	115	/* Below is the low-level BSM interface code */
		116
		117	/*
		118	* aug_get_machine is only required on IPv6 capable machines, we use a
		119	* different mechanism in audit_connection_from() for IPv4-only machines.
		120	* getaudit_addr() is only present on IPv6 capable machines.
		121	*/
		122	#if defined(HAVE_AUG_GET_MACHINE) \|\| !defined(HAVE_GETAUDIT_ADDR)
		123	extern int aug_get_machine(char , u_int32_t , u_int32_t *);
		124	#else
		125	static int
		126	aug_get_machine(char host, u_int32_t addr, u_int32_t *type)
		127	{
		128	struct addrinfo *ai;
		129	struct sockaddr_in *in4;
		130	struct sockaddr_in6 *in6;
		131	int ret = 0, r;
		132
		133	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
		134	error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
		135	r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		136	return -1;
		137	}
		138
		139	switch (ai->ai_family) {
		140	case AF_INET:
		141	in4 = (struct sockaddr_in *)ai->ai_addr;
		142	*type = AU_IPv4;
		143	memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
		144	break;
		145	#ifdef AU_IPv6
		146	case AF_INET6:
		147	in6 = (struct sockaddr_in6 *)ai->ai_addr;
		148	*type = AU_IPv6;
		149	memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
		150	break;
		151	#endif
		152	default:
		153	error("BSM audit: unknown address family for %.100s: %d",
		154	host, ai->ai_family);
		155	ret = -1;
		156	}
		157	freeaddrinfo(ai);
		158	return ret;
		159	}
		160	#endif
120		161
121	/*	162	/*
122	* Check if the specified event is selected (enabled) for auditing.	163	* Check if the specified event is selected (enabled) for auditing.