Attachment #1422 for bug #1420




#if defined(HAVE_GETAUDIT_ADDR)
#define	AuditInfoStruct		auditinfo_addr
#define AuditInfoTermID		au_tid_addr_t
#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
#define GetAuditFuncText	"getaudit_addr"
#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
#define SetAuditFuncText	"setaudit_addr"
#define AUToSubjectFunc		au_to_subject_ex

#else
#define	AuditInfoStruct		auditinfo
#define AuditInfoTermID		au_tid_t
#define GetAuditFunc(a,b)	getaudit(a)
#define GetAuditFuncText	"getaudit"
#define SetAuditFunc(a,b)	setaudit(a)
#define SetAuditFuncText	"setaudit"
#define AUToSubjectFunc		au_to_subject
#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
#endif

#ifndef cannot_audit
extern int	cannot_audit(int);
#endif
extern void	aug_init(void);
extern dev_t	aug_get_port(void);
extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
extern void	aug_save_auid(au_id_t);
extern void	aug_save_uid(uid_t);
extern void	aug_save_euid(uid_t);

static AuditInfoTermID ssh_bsm_tid;

/* Below is the low-level BSM interface code */

/*
 * aug_get_machine is only required on IPv6 capable machines, we use a
 * different mechanism in audit_connection_from() for IPv4-only machines.
 * getaudit_addr() is only present on IPv6 capable machines.
 */
#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
#else
static int
aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
{
	struct addrinfo *ai; 
	struct sockaddr_in *in4;
	struct sockaddr_in6 *in6;
	int ret = 0, r;

	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
		error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
		    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		return -1;
	}
	
	switch (ai->ai_family) {
	case AF_INET:
		in4 = (struct sockaddr_in *)ai->ai_addr;
		*type = AU_IPv4;
		memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
		break;
	case AF_INET6: 
		in6 = (struct sockaddr_in6 *)ai->ai_addr;
		*type = AU_IPv6;
		memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
		break;
	default:
		error("BSM audit: unknown address family for %.100s: %d",
		    host, ai->ai_family);
		ret = -1;
	}
	freeaddrinfo(ai);
	return ret;
}
#endif

/*
 * Check if the specified event is selected (enabled) for auditing.

Lines 422-427 main() { if (NSVersionOfRunTimeLibrary(" Link Here

(-)configure.ac (-1 / +4 lines)
422	[Use tunnel device compatibility to OpenBSD])	422	[Use tunnel device compatibility to OpenBSD])
423	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,	423	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
424	[Prepend the address family to IP tunnel traffic])	424	[Prepend the address family to IP tunnel traffic])
		425	m4_pattern_allow(AU_IPv)
		426	AC_DEFINE(AU_IPv4, 0, [Need AU_IPv4 for BSM on OS X])
		427	AC_DEFINE(AU_IPv6, 1, [Need AU_IPv6 for BSM on OS X])
425	;;	428	;;
426	--dragonfly*)	429	--dragonfly*)
427	SSHDLIBS="$SSHDLIBS -lcrypt"	430	SSHDLIBS="$SSHDLIBS -lcrypt"
Lines 1225-1231 AC_ARG_WITH(audit, Link Here
1225	AC_CHECK_FUNCS(getaudit, [],	1228	AC_CHECK_FUNCS(getaudit, [],
1226	[AC_MSG_ERROR(BSM enabled and required function not found)])	1229	[AC_MSG_ERROR(BSM enabled and required function not found)])
1227	# These are optional	1230	# These are optional
1228	AC_CHECK_FUNCS(getaudit_addr)	1231	AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
1229	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])	1232	AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1230	;;	1233	;;
1231	debug)	1234	debug)

Return to bug 1420

Lines 62-69 Link Here

(-)audit-bsm.c (-6 / +45 lines)
62	#if defined(HAVE_GETAUDIT_ADDR)	63	#if defined(HAVE_GETAUDIT_ADDR)
63	#define AuditInfoStruct auditinfo_addr	64	#define AuditInfoStruct auditinfo_addr
64	#define AuditInfoTermID au_tid_addr_t	65	#define AuditInfoTermID au_tid_addr_t
65	#define GetAuditFunc(a,b) getaudit_addr((a),(b))
66	#define GetAuditFuncText "getaudit_addr"
67	#define SetAuditFunc(a,b) setaudit_addr((a),(b))	66	#define SetAuditFunc(a,b) setaudit_addr((a),(b))
68	#define SetAuditFuncText "setaudit_addr"	67	#define SetAuditFuncText "setaudit_addr"
69	#define AUToSubjectFunc au_to_subject_ex	68	#define AUToSubjectFunc au_to_subject_ex
Lines 71-88 Link Here
71	#else	70	#else
72	#define AuditInfoStruct auditinfo	71	#define AuditInfoStruct auditinfo
73	#define AuditInfoTermID au_tid_t	72	#define AuditInfoTermID au_tid_t
74	#define GetAuditFunc(a,b) getaudit(a)
75	#define GetAuditFuncText "getaudit"
76	#define SetAuditFunc(a,b) setaudit(a)	73	#define SetAuditFunc(a,b) setaudit(a)
77	#define SetAuditFuncText "setaudit"	74	#define SetAuditFuncText "setaudit"
78	#define AUToSubjectFunc au_to_subject	75	#define AUToSubjectFunc au_to_subject
79	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))	76	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
80	#endif	77	#endif
81		78
		79	#ifndef cannot_audit
82	extern int cannot_audit(int);	80	extern int cannot_audit(int);
		81	#endif
83	extern void aug_init(void);	82	extern void aug_init(void);
84	extern dev_t aug_get_port(void);
85	extern int aug_get_machine(char , u_int32_t , u_int32_t *);
86	extern void aug_save_auid(au_id_t);	83	extern void aug_save_auid(au_id_t);
87	extern void aug_save_uid(uid_t);	84	extern void aug_save_uid(uid_t);
88	extern void aug_save_euid(uid_t);	85	extern void aug_save_euid(uid_t);
Lines 117-122 extern Authctxt *the_authctxt; Link Here
117	static AuditInfoTermID ssh_bsm_tid;	114	static AuditInfoTermID ssh_bsm_tid;
118		115
119	/* Below is the low-level BSM interface code */	116	/* Below is the low-level BSM interface code */
		117
		118	/*
		119	* aug_get_machine is only required on IPv6 capable machines, we use a
		120	* different mechanism in audit_connection_from() for IPv4-only machines.
		121	* getaudit_addr() is only present on IPv6 capable machines.
		122	*/
		123	#if defined(HAVE_AUG_GET_MACHINE) \|\| !defined(HAVE_GETAUDIT_ADDR)
		124	extern int aug_get_machine(char , u_int32_t , u_int32_t *);
		125	#else
		126	static int
		127	aug_get_machine(char host, u_int32_t addr, u_int32_t *type)
		128	{
		129	struct addrinfo *ai;
		130	struct sockaddr_in *in4;
		131	struct sockaddr_in6 *in6;
		132	int ret = 0, r;
		133
		134	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
		135	error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
		136	r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
		137	return -1;
		138	}
		139
		140	switch (ai->ai_family) {
		141	case AF_INET:
		142	in4 = (struct sockaddr_in *)ai->ai_addr;
		143	*type = AU_IPv4;
		144	memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
		145	break;
		146	case AF_INET6:
		147	in6 = (struct sockaddr_in6 *)ai->ai_addr;
		148	*type = AU_IPv6;
		149	memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
		150	break;
		151	default:
		152	error("BSM audit: unknown address family for %.100s: %d",
		153	host, ai->ai_family);
		154	ret = -1;
		155	}
		156	freeaddrinfo(ai);
		157	return ret;
		158	}
		159	#endif
120		160
121	/*	161	/*
122	* Check if the specified event is selected (enabled) for auditing.	162	* Check if the specified event is selected (enabled) for auditing.