Bugzilla – Attachment 2127 Details for
Bug 1968
openssh won't build with --with-audit=bsm on Solaris 11
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to make openssh build on Solaris 11.
audit-bsm.c.patch (text/plain), 2.77 KB, created by
Magnus Johansson
on 2012-02-06 19:25:47 AEDT
(
hide
)
Description:
Patch to make openssh build on Solaris 11.
Filename:
MIME Type:
Creator:
Magnus Johansson
Created:
2012-02-06 19:25:47 AEDT
Size:
2.77 KB
patch
obsolete
>--- audit-bsm.c 2011-01-17 11:15:29.000000000 +0100 >+++ ../openssh-5.9p1.new/audit-bsm.c 2012-01-26 14:45:43.561314875 +0100 >@@ -45,6 +45,10 @@ > #include <string.h> > #include <unistd.h> > >+#ifdef BROKEN_BSM_API >+#include <libscf.h> >+#endif >+ > #include "ssh.h" > #include "log.h" > #include "key.h" >@@ -114,6 +118,12 @@ > extern Authctxt *the_authctxt; > static AuditInfoTermID ssh_bsm_tid; > >+#ifdef BROKEN_BSM_API >+/* For some reason this constant is no longer defined >+ in Solaris 11. */ >+#define BSM_TEXTBUFSZ 256 >+#endif >+ > /* Below is the low-level BSM interface code */ > > /* >@@ -161,6 +171,65 @@ > } > #endif > >+#ifdef BROKEN_BSM_API >+/* >+ In Solaris 11 the audit daemon has been moved to SMF. In the process >+ they simply dropped getacna() from the API, since it read from a now >+ non-existent config file. This function re-implements getacna() to >+ read from the SMF repository instead. >+ */ >+int >+getacna(char *auditstring, int len) >+{ >+ scf_handle_t *handle = NULL; >+ scf_property_t *property = NULL; >+ scf_value_t *value = NULL; >+ int ret = 0; >+ >+ handle = scf_handle_create(SCF_VERSION); >+ if (handle == NULL) >+ return -2; /* The man page for getacna on Solaris 10 states >+ we should return -2 in case of error and set >+ errno to indicate the error. We don't bother >+ with errno here, though, since the only use >+ of this function below doesn't check for errors >+ anyway. >+ */ >+ >+ ret = scf_handle_bind(handle); >+ if (ret == -1) >+ return -2; >+ >+ property = scf_property_create(handle); >+ if (property == NULL) >+ return -2; >+ >+ ret = scf_handle_decode_fmri(handle, >+ "svc:/system/auditd:default/:properties/preselection/naflags", >+ NULL, NULL, NULL, NULL, property, 0); >+ if (ret == -1) >+ return -2; >+ >+ value = scf_value_create(handle); >+ if (value == NULL) >+ return -2; >+ >+ ret = scf_property_get_value(property, value); >+ if (ret == -1) >+ return -2; >+ >+ ret = scf_value_get_astring(value, auditstring, len); >+ if (ret == -1) >+ return -2; >+ >+ scf_value_destroy(value); >+ scf_property_destroy(property); >+ scf_handle_destroy(handle); >+ >+ return 0; >+} >+#endif >+ > /* > * Check if the specified event is selected (enabled) for auditing. > * Returns 1 if the event is selected, 0 if not and -1 on failure. >@@ -213,7 +282,15 @@ > (void) au_write(ad, au_to_text(string)); > (void) au_write(ad, AUToReturnFunc(typ, rc)); > >+#ifdef BROKEN_BSM_API >+ /* The last argument is the event modifier flags. For >+ some seemingly undocumented reason it was added in >+ Solaris 11. */ >+ rc = au_close(ad, AU_TO_WRITE, event_no, 0); >+#else > rc = au_close(ad, AU_TO_WRITE, event_no); >+#endif >+ > if (rc < 0) > error("BSM audit: %s failed to write \"%s\" record: %s", > __func__, string, strerror(errno));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2127">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1968
:
2126
| 2127