Attachment #618 for bug #125

View | Details | Raw Unified | Return to bug 125 | Differences between

and this patch




configuration will work with sshd (sshd will match the other service
name).

If you enable BSM auditing on Solaris, you need to update audit_event(4)
for praudit(1m) to give sensible output.  The following line needs to be
added to /etc/security/audit_event:

	32800:AUE_openssh:OpenSSH login:lo

If the contrib/buildpkg.sh script is used, the included postinstall
script will add the line for you.

The BSM audit event range available for third party TCB applications is
32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
There is no official registry of 3rd party event numbers, so if this
number is already in use on your system, change the value of
AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.

There are a few other options to the configure script:

--with-pam enables PAM support. If PAM support is compiled in, it must

Lines 482-487 Link Here

(-)auth.c~ (-10 / +18 lines)
482	#endif	482	#endif
483	struct passwd *pw;	483	struct passwd *pw;
484		484
		485	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		486	solaris_audit_save_name(user);
		487	#endif /* BSM */
485	pw = getpwnam(user);	488	pw = getpwnam(user);
486	if (pw == NULL) {	489	if (pw == NULL) {
487	logit("Illegal user %.100s from %.100s",	490	logit("Illegal user %.100s from %.100s",
Lines 489-506 Link Here
489	#ifdef CUSTOM_FAILED_LOGIN	492	#ifdef CUSTOM_FAILED_LOGIN
490	record_failed_login(user, "ssh");	493	record_failed_login(user, "ssh");
491	#endif	494	#endif
492	return (NULL);
493	}	495	}
494	if (!allowed_user(pw))	496	if (pw != NULL && !allowed_user(pw))
495	return (NULL);	497	pw = NULL;
496	#ifdef HAVE_LOGIN_CAP	498	#ifdef HAVE_LOGIN_CAP
497	if ((lc = login_getclass(pw->pw_class)) == NULL) {	499	if (pw != NULL && (lc = login_getclass(pw->pw_class)) == NULL) {
498	debug("unable to get login class: %s", user);	500	debug("unable to get login class: %s", user);
499	return (NULL);	501	pw = NULL;
500	}	502	}
501	#ifdef BSD_AUTH	503	#ifdef BSD_AUTH
502	if ((as = auth_open()) == NULL \|\| auth_setpwd(as, pw) != 0 \|\|	504	as = NULL;
503	auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {	505	if (pw != NULL
		506	&& ((as = auth_open()) == NULL \|\| auth_setpwd(as, pw) != 0 \|\|
		507	auth_approval(as, lc, pw->pw_name, "ssh") <= 0)) {
504	debug("Approval failure for %s", user);	508	debug("Approval failure for %s", user);
505	pw = NULL;	509	pw = NULL;
506	}	510	}
Lines 508-516 Link Here
508	auth_close(as);	512	auth_close(as);
509	#endif	513	#endif
510	#endif	514	#endif
511	if (pw != NULL)	515	if (pw != NULL) {
512	return (pwcopy(pw));	516	pw = pwcopy(pw);
513	return (NULL);	517	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		518	solaris_audit_save_pw(pw);
		519	#endif /* BSM */
		520	}
		521	return (pw);
514	}	522	}
515		523
516	void	524	void

Lines 241-248 Link Here

(-)auth1.c~ (-2 / +13 lines)
241	#else	241	#else
242	/* Special handling for root */	242	/* Special handling for root */
243	if (authenticated && authctxt->pw->pw_uid == 0 &&	243	if (authenticated && authctxt->pw->pw_uid == 0 &&
244	!auth_root_allowed(get_authname(type)))	244	!auth_root_allowed(get_authname(type))) {
245	authenticated = 0;	245	authenticated = 0;
		246	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		247	PRIVSEP(solaris_audit_not_console());
		248	#endif /* BSM */
		249	}
246	#endif	250	#endif
247		251
248	#ifdef USE_PAM	252	#ifdef USE_PAM
Lines 262-269 Link Here
262	if (authenticated)	266	if (authenticated)
263	return;	267	return;
264		268
265	if (authctxt->failures++ > AUTH_FAIL_MAX)	269	if (authctxt->failures++ > AUTH_FAIL_MAX) {
		270	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		271	PRIVSEP(solaris_audit_maxtrys());
		272	#endif /* BSM */
266	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	273	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		274	}
		275	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		276	PRIVSEP(solaris_audit_bad_pw("authorization"));
		277	#endif /* BSM */
267		278
268	packet_start(SSH_SMSG_FAILURE);	279	packet_start(SSH_SMSG_FAILURE);
269	packet_send();	280	packet_send();

Lines 28-33 Link Here

(-)auth2-kbdint.c~ (-1 / +7 lines)
28	#include "packet.h"	28	#include "packet.h"
29	#include "auth.h"	29	#include "auth.h"
30	#include "log.h"	30	#include "log.h"
		31	#include "monitor_wrap.h"
31	#include "servconf.h"	32	#include "servconf.h"
32	#include "xmalloc.h"	33	#include "xmalloc.h"
33		34
Lines 53-60 Link Here
53	xfree(lang);	54	xfree(lang);
54	#ifdef HAVE_CYGWIN	55	#ifdef HAVE_CYGWIN
55	if (check_nt_auth(0, authctxt->pw) == 0)	56	if (check_nt_auth(0, authctxt->pw) == 0)
56	return(0);	57	authenticated = 0;
57	#endif	58	#endif
		59	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		60	if (!authenticated) {
		61	PRIVSEP(solaris_audit_bad_pw("interactive password entry"));
		62	}
		63	#endif /* BSM */
58	return authenticated;	64	return authenticated;
59	}	65	}
60		66

Lines 63-68 Link Here

(-)auth2-passwd.c~ (+5 lines)
63	authenticated = 1;	63	authenticated = 1;
64	memset(password, 0, len);	64	memset(password, 0, len);
65	xfree(password);	65	xfree(password);
		66	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		67	if (!authenticated) {
		68	PRIVSEP(solaris_audit_bad_pw("password"));
		69	}
		70	#endif /* BSM */
66	return authenticated;	71	return authenticated;
67	}	72	}
68		73

Lines 158-165 Link Here

(-)auth2-pubkey.c~ (-1 / +6 lines)
158	xfree(pkblob);	158	xfree(pkblob);
159	#ifdef HAVE_CYGWIN	159	#ifdef HAVE_CYGWIN
160	if (check_nt_auth(0, authctxt->pw) == 0)	160	if (check_nt_auth(0, authctxt->pw) == 0)
161	return(0);	161	authenticated = 0;
162	#endif	162	#endif
		163	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		164	if (!authenticated) {
		165	PRIVSEP(solaris_audit_bad_pw("public key"));
		166	}
		167	#endif /* BSM */
163	return authenticated;	168	return authenticated;
164	}	169	}
165		170

Lines 164-169 Link Here

(-)auth2.c~ (-2 / +16 lines)
164	if (options.use_pam)	164	if (options.use_pam)
165	PRIVSEP(start_pam(user));	165	PRIVSEP(start_pam(user));
166	#endif	166	#endif
		167	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		168	PRIVSEP(solaris_audit_bad_pw("name"));
		169	#endif /* BSM */
167	}	170	}
168	setproctitle("%s%s", authctxt->pw ? user : "unknown",	171	setproctitle("%s%s", authctxt->pw ? user : "unknown",
169	use_privsep ? " [net]" : "");	172	use_privsep ? " [net]" : "");
Lines 212-219 Link Here
212		215
213	/* Special handling for root */	216	/* Special handling for root */
214	if (authenticated && authctxt->pw->pw_uid == 0 &&	217	if (authenticated && authctxt->pw->pw_uid == 0 &&
215	!auth_root_allowed(method))	218	!auth_root_allowed(method)) {
216	authenticated = 0;	219	authenticated = 0;
		220	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		221	PRIVSEP(solaris_audit_not_console());
		222	#endif /* BSM */
		223	}
217		224
218	#ifdef USE_PAM	225	#ifdef USE_PAM
219	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))	226	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
Lines 243-250 Link Here
243	/* now we can break out */	250	/* now we can break out */
244	authctxt->success = 1;	251	authctxt->success = 1;
245	} else {	252	} else {
246	if (authctxt->failures++ > AUTH_FAIL_MAX)	253	if (authctxt->failures++ > AUTH_FAIL_MAX) {
		254	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		255	PRIVSEP(solaris_audit_maxtrys());
		256	#endif /* BSM */
247	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	257	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		258	}
		259	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		260	PRIVSEP(solaris_audit_bad_pw("authorization"));
		261	#endif /* BSM */
248	methods = authmethods_get();	262	methods = authmethods_get();
249	packet_start(SSH2_MSG_USERAUTH_FAILURE);	263	packet_start(SSH2_MSG_USERAUTH_FAILURE);
250	packet_put_cstring(methods);	264	packet_put_cstring(methods);




AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
AC_CHECK_FUNCS(logout updwtmp logwtmp)

dnl    Checks for libbsm functions
AC_CHECK_HEADERS(bsm/audit.h)
AC_CHECK_LIB(bsm, getaudit)
AC_CHECK_FUNC(getaudit, AC_DEFINE(HAVE_GETAUDIT,
				  1,
				  [Define if libbsm has `getaudit'.]
				 )
	     )
AC_CHECK_FUNC(getaudit_addr, AC_DEFINE(HAVE_GETAUDIT_ADDR,
				       1,
				       [Define if libbsm has `getaudit_addr'.]
				      )
	     )

AC_FUNC_STRFTIME

# Check for ALTDIRFUNC glob() extension

Lines 191-196 Link Here

(-)contrib/solaris/buildpkg.sh~ (+6 lines)
191	cat > postinstall << _EOF	191	cat > postinstall << _EOF
192	#! /sbin/sh	192	#! /sbin/sh
193	#	193	#
		194	audit_event=/etc/security/audit_event
		195
		196	if [ -z "\`grep AUE_openssh \$audit_event\`" ] ; then
		197	echo "32800:AUE_openssh:OpenSSH login:lo" >> \$audit_event
		198	fi
		199	#
194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\	201	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config	202	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config

Lines 137-142 Link Here

(-)monitor.c~ (+60 lines)
137	int mm_answer_gss_checkmic(int, Buffer *);	137	int mm_answer_gss_checkmic(int, Buffer *);
138	#endif	138	#endif
139		139
		140	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		141	int mm_answer_bad_pw(int, Buffer *);
		142	int mm_answer_maxtrys(int, Buffer *);
		143	int mm_answer_not_console(int, Buffer *);
		144	#endif /* BSM */
		145
140	static Authctxt *authctxt;	146	static Authctxt *authctxt;
141	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */	147	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */
142		148
Lines 196-201 Link Here
196	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},	202	{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
197	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},	203	{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
198	#endif	204	#endif
		205	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		206	{MONITOR_REQ_AUDIT_BAD_PW, MON_PERMIT, mm_answer_bad_pw},
		207	{MONITOR_REQ_AUDIT_MAXTRYS, MON_PERMIT, mm_answer_maxtrys},
		208	{MONITOR_REQ_AUDIT_NOT_CONSOLE, MON_PERMIT, mm_answer_not_console},
		209	#endif /* BSM */
199	{0, 0, NULL}	210	{0, 0, NULL}
200	};	211	};
201		212
Lines 233-238 Link Here
233	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	244	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
234	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	245	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
235	#endif	246	#endif
		247	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		248	{MONITOR_REQ_AUDIT_BAD_PW, MON_PERMIT, mm_answer_bad_pw},
		249	{MONITOR_REQ_AUDIT_MAXTRYS, MON_PERMIT, mm_answer_maxtrys},
		250	{MONITOR_REQ_AUDIT_NOT_CONSOLE, MON_PERMIT, mm_answer_not_console},
		251	#endif /* BSM */
236	{0, 0, NULL}	252	{0, 0, NULL}
237	};	253	};
238		254
Lines 1482-1487 Link Here
1482	exit (res);	1498	exit (res);
1483	}	1499	}
1484		1500
		1501	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1502
		1503	/* Report that the user or password is invalid */
		1504
		1505	int
		1506	mm_answer_bad_pw(int socket, Buffer *m)
		1507	{
		1508	char *what;
		1509
		1510	debug3("%s", __func__);
		1511
		1512	what = buffer_get_string(m, NULL);
		1513	solaris_audit_bad_pw(what);
		1514	xfree(what);
		1515
		1516	return (0);
		1517	}
		1518
		1519	/* Report that too many attemps have been made */
		1520
		1521	int
		1522	mm_answer_maxtrys(int socket, Buffer *m)
		1523	{
		1524	debug3("%s", __func__);
		1525
		1526	solaris_audit_maxtrys();
		1527
		1528	return (0);
		1529	}
		1530
		1531	/* Report that console access is not allowed */
		1532
		1533	int
		1534	mm_answer_not_console(int socket, Buffer *m)
		1535	{
		1536	debug3("%s", __func__);
		1537
		1538	solaris_audit_not_console();
		1539
		1540	return (0);
		1541	}
		1542
		1543	#endif /* BSM */
		1544
1485	void	1545	void
1486	monitor_apply_keystate(struct monitor *pmonitor)	1546	monitor_apply_keystate(struct monitor *pmonitor)
1487	{	1547	{

Lines 46-51 Link Here

(-)monitor.h~ (+3 lines)
46	MONITOR_REQ_PTYCLEANUP,	46	MONITOR_REQ_PTYCLEANUP,
47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,	47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,
48	MONITOR_REQ_SESSID,	48	MONITOR_REQ_SESSID,
		49	MONITOR_REQ_AUDIT_BAD_PW,
		50	MONITOR_REQ_AUDIT_MAXTRYS,
		51	MONITOR_REQ_AUDIT_NOT_CONSOLE,
49	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,	52	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
50	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,	53	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
51	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,	54	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,




	return (authenticated);
}
#endif /* GSSAPI */

#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)

void
mm_solaris_audit_bad_pw(const char *what)
{
      Buffer m;

      debug3("%s entering", __func__);

      buffer_init(&m);
      buffer_put_string(&m, what, strlen(what) + 1);

      mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_BAD_PW, &m);
      buffer_free(&m);
}

void
mm_solaris_audit_maxtrys(void)
{
      Buffer m;

      debug3("%s entering", __func__);

      buffer_init(&m);

      mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_MAXTRYS, &m);
      buffer_free(&m);
}

void
mm_solaris_audit_not_console(void)
{
      Buffer m;

      debug3("%s entering", __func__);

      buffer_init(&m);

      mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_NOT_CONSOLE, &m);
      buffer_free(&m);
}

#endif /* BSM */

Lines 99-104 Link Here

(-)monitor_wrap.h~ (+6 lines)
99	int mm_skey_query(void , char , char , u_int , char *, u_int );	99	int mm_skey_query(void , char , char , u_int , char *, u_int );
100	int mm_skey_respond(void , u_int, char *);	100	int mm_skey_respond(void , u_int, char *);
101		101
		102	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		103	void mm_solaris_audit_bad_pw(const char *what);
		104	void mm_solaris_audit_maxtrys(void);
		105	void mm_solaris_audit_not_console(void);
		106	#endif /* BSM */
		107
102	/* zlib allocation hooks */	108	/* zlib allocation hooks */
103		109
104	void mm_zalloc(struct mm_master , u_int, u_int);	110	void mm_zalloc(struct mm_master , u_int, u_int);




INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@

OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o \
	getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o \
	inet_aton.o inet_ntoa.o inet_ntop.o \
	mktemp.o readpassphrase.o realpath.o rresvport.o \
	setenv.o setproctitle.o sigact.o \
	strlcat.o strlcpy.o strmode.o strsep.o \
	strtoul.o vis.o

COMPAT=bsd-arc4random.o \
	bsd-cray.o \
	bsd-cygwin_util.o \
	bsd-nextstep.o \
	bsd-solaris.o \
	bsd-getpeereid.o bsd-misc.o bsd-snprintf.o \
	bsd-waitpid.o bsd-openpty.o \
	fake-rfc2553.o \
	xmmap.o \
	xcrypt.o

PORTS=port-irix.o port-aix.o





/*
 * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
#pragma ident	"@(#)bsmaudit.c	1.1	01/09/17 SMI"

#include "includes.h"
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
#include <sys/systeminfo.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/systeminfo.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <netdb.h>
#include <signal.h>

#include <pwd.h>
#include <shadow.h>
#include <utmpx.h>
#include <unistd.h>
#include <string.h>

#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <bsm/audit_uevents.h>
#include <bsm/audit_record.h>
#include "openbsd-compat/bsd-solaris.h"

#include <locale.h>

#include "ssh.h"
#include "log.h"
#include "xmalloc.h"

#if defined(HAVE_GETAUDIT_ADDR)
#define	AuditInfoStruct		auditinfo_addr
#define AuditInfoTermID		au_tid_addr_t
#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
#define GetAuditFuncText	"getaudit_addr"
#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
#define SetAuditFuncText	"setaudit_addr"
#define AUToSubjectFunc		au_to_subject_ex
#define AUToReturnFunc(a,b)	au_to_return32((a), (int32_t)(b))
#else
#define	AuditInfoStruct		auditinfo
#define AuditInfoTermID		au_tid_t
#define GetAuditFunc(a,b)	getaudit(a)
#define GetAuditFuncText	"getaudit"
#define SetAuditFunc(a,b)	setaudit(a)
#define SetAuditFuncText	"setaudit"
#define AUToSubjectFunc		au_to_subject
#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
#endif

static void solaris_audit_record(int typ, char *string, au_event_t event_no);
static void solaris_audit_session_setup(void);
static int selected(char *nam, uid_t uid, au_event_t event, int sf);

static void get_terminal_id(AuditInfoTermID *tid);

extern int	cannot_audit(int);
extern void	aug_init(void);
extern dev_t	aug_get_port(void);
extern int 	aug_get_machine(char *, uint32_t *, uint32_t *);
extern void	aug_save_auid(au_id_t);
extern void	aug_save_uid(uid_t);
extern void	aug_save_euid(uid_t);
extern void	aug_save_gid(gid_t);
extern void	aug_save_egid(gid_t);
extern void	aug_save_pid(pid_t);
extern void	aug_save_asid(au_asid_t);
extern void	aug_save_tid(dev_t, unsigned int);
extern void	aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
extern int	aug_save_me(void);
extern int	aug_save_namask(void);
extern void	aug_save_event(au_event_t);
extern void	aug_save_sorf(int);
extern void	aug_save_text(char *);
extern void	aug_save_text1(char *);
extern void	aug_save_text2(char *);
extern void	aug_save_na(int);
extern void	aug_save_user(char *);
extern void	aug_save_path(char *);
extern int	aug_save_policy(void);
extern void	aug_save_afunc(int (*)(int));
extern int	aug_audit(void);
extern int	aug_na_selected(void);
extern int	aug_selected(void);
extern int	aug_daemon_session(void);

static char	sav_ttyn[512];
static char	sav_name[512];
static uid_t	sav_uid;
static gid_t	sav_gid;
static dev_t	sav_port;
static uint32_t	sav_machine[4];
static uint32_t	sav_iptype;
static char	sav_host[MAXHOSTNAMELEN];
static char	*sav_cmd = NULL;

void
solaris_audit_save_port(int port)
{
	if (cannot_audit(0)) {
		return;
	}
	sav_port = port;
	debug3("BSM audit: sav_port=%ld", (long)sav_port);
}

void
solaris_audit_save_host(const char *host)
{
	int		i;
#if !defined(HAVE_GETAUDIT_ADDR)
	in_addr_t	ia;
#endif

	if (cannot_audit(0)) {
		return;
	}
	(void) strlcpy(sav_host, host, sizeof (sav_host));
	debug3("BSM audit: sav_host=%s", sav_host);
	memset(sav_machine, 0, sizeof(sav_machine));
#if defined(HAVE_GETAUDIT_ADDR)
	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
#else
	ia = inet_addr(host);
	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
	sav_iptype = 0;			/* not used, but just in case */
#endif
	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
		debug3("BSM audit: sav_machine[%d]=%08lx",
		    i, (long)sav_machine[i]);
	}
}

void
solaris_audit_save_command(const char *command)
{
	if (cannot_audit(0)) {
		return;
	}
	if (sav_cmd != NULL) {
		free(sav_cmd);
		sav_cmd = NULL;
	}
	sav_cmd = xstrdup(command);
	debug3("BSM audit: sav_cmd=%s", sav_cmd);
}

void
solaris_audit_save_ttyn(const char *ttyn)
{
	if (cannot_audit(0)) {
		return;
	}
	(void) strlcpy(sav_ttyn, ttyn, sizeof (sav_ttyn));
	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
}

void
solaris_audit_save_name(const char *name)
{
	if (cannot_audit(0)) {
		return;
	}
	(void) strlcpy(sav_name, name, sizeof (sav_name));
	debug3("BSM audit: sav_name=%s", sav_name);
}

void
solaris_audit_save_pw(struct passwd *pwd)
{
	if (cannot_audit(0)) {
		return;
	}
	if (pwd == NULL) {
		sav_uid = -1;
		sav_gid = -1;
	} else {
		(void) strlcpy(sav_name, pwd->pw_name, sizeof (sav_name));
		sav_uid = pwd->pw_uid;
		sav_gid = pwd->pw_gid;
	}
	debug3("BSM audit: sav_name=%s", sav_name);
	debug3("BSM audit: sav_uid=%ld", (long)sav_uid);
	debug3("BSM audit: sav_gid=%ld", (long)sav_gid);
}

void
solaris_audit_nologin(void)
{
	if (cannot_audit(0)) {
		return;
	}
	solaris_audit_record(1, gettext("logins disabled by /etc/nologin"),
	    AUE_openssh);
}

void
solaris_audit_maxtrys(void)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0)) {
		return;
	}
	(void) snprintf(textbuf, sizeof (textbuf),
		gettext("too many tries for user %s"), sav_name);
	solaris_audit_record(1, textbuf, AUE_openssh);
}

void
solaris_audit_not_console(void)
{
	if (cannot_audit(0)) {
		return;
	}
	solaris_audit_record(2, gettext("not_console"), AUE_openssh);
}

void
solaris_audit_bad_pw(const char *what)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0)) {
		return;
	}
	if (sav_uid == -1) {
		(void) snprintf(textbuf, sizeof (textbuf),
			gettext("invalid user name \"%s\""), sav_name);
		solaris_audit_record(3, textbuf, AUE_openssh);
	} else {
		(void) snprintf(textbuf, sizeof (textbuf),
			gettext("invalid %s for user %s"), what, sav_name);
		solaris_audit_record(4, textbuf, AUE_openssh);
	}
}

void
solaris_audit_success(void)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0)) {
		return;
	}

	solaris_audit_session_setup();
	(void) snprintf(textbuf, sizeof (textbuf),
		gettext("successful login %s"), sav_name);
	solaris_audit_record(0, textbuf, AUE_openssh);
}

static void
solaris_audit_record(int typ, char *string, au_event_t event_no)
{
	int		ad, rc, sel;
	uid_t		uid;
	gid_t		gid;
	pid_t		pid;
	AuditInfoTermID	tid;

	uid = sav_uid;
	gid = sav_gid;
	pid = getpid();

	get_terminal_id(&tid);

	if (typ == 0) {
		rc = 0;
	} else {
		/*
		 * The typ value is passed to the au_return function as
		 * the error number.  We used to use small integer values
		 * (e.g. 4) to distinguish between the various errors,
		 * but praudit treats the field as an errno value and
		 * passes it through strerror(), so they would show
		 * up as (e.g.) "interrupted system call" (4 is EINTR)
		 * which was confusing:
		 *
		 *  return,failure: Interrupted system call,-1
		 *
		 * I tried setting rc to the negative of the typ and typ
		 * to zero, but that shows up as a success rather than a
		 * failure:
		 *
		 *  return,success,-4
		 *
		 * Sigh.
		 *
		 * Experimentally, using numbers outside the range of
		 * valid errno values show up as integers, e.g.:
		 *
		 *  return,failure: 244,-1
		 *
		 * which seems much more reasonable.
		 *
		 * According to the audit.log documentation, the field
		 * is only a char type (actually, probably unsigned char)
		 * so we have to keep it under 255.
		 */
		typ += 240;
		if (typ > 255) {
			typ = EINVAL;		/* caller goofed */
		}
		rc = -1;
	}

	sel = selected(sav_name, uid, event_no, rc);
	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
	if (!sel)
		return;

	ad = au_open();

	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
	    pid, pid, &tid));
	(void) au_write(ad, au_to_text(string));
	if (sav_cmd != NULL) {
		(void) au_write(ad, au_to_text(sav_cmd));
	}
	(void) au_write(ad, AUToReturnFunc(typ, rc));

	rc = au_close(ad, AU_TO_WRITE, event_no);
	if (rc < 0) {
		error("BSM audit: solaris_audit_record failed to write \"%s\" record: %s",
		    string, strerror(errno));
	}
}

static void
solaris_audit_session_setup(void)
{
	int	rc;
	struct AuditInfoStruct info;
	au_mask_t mask;
	struct AuditInfoStruct now;

	info.ai_auid = sav_uid;
	info.ai_asid = getpid();
	mask.am_success = 0;
	mask.am_failure = 0;

	(void) au_user_mask(sav_name, &mask);

	info.ai_mask.am_success  = mask.am_success;
	info.ai_mask.am_failure  = mask.am_failure;

	/* see if terminal id already set */
	if (GetAuditFunc(&now, sizeof (now)) < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    GetAuditFuncText, strerror(errno));
	}

	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
	get_terminal_id(&(info.ai_termid));

	rc = SetAuditFunc(&info, sizeof (info));
	if (rc < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    SetAuditFuncText, strerror(errno));
	}
}


static void
get_terminal_id(AuditInfoTermID *tid)
{
#if defined(HAVE_GETAUDIT_ADDR)
	tid->at_port = sav_port;
	tid->at_type = sav_iptype;
	tid->at_addr[0] = sav_machine[0];
	tid->at_addr[1] = sav_machine[1];
	tid->at_addr[2] = sav_machine[2];
	tid->at_addr[3] = sav_machine[3];
#else
	tid->port = sav_port;
	tid->machine = sav_machine[0];
#endif
}

void
solaris_audit_logout(void)
{
	char    textbuf[BSM_TEXTBUFSZ];

	(void) snprintf(textbuf, sizeof (textbuf),
		gettext("sshd logout %s"), sav_name);

	solaris_audit_record(0, textbuf, AUE_logout);
}

static int
selected(char *nam, uid_t uid, au_event_t event, int sf)
{
	int	rc, sorf;
	char	naflags[512];
	struct au_mask mask;

	mask.am_success = mask.am_failure = 0;
	if (uid < 0) {
		rc = getacna(naflags, 256); /* get non-attrib flags */
		if (rc == 0)
			(void) getauditflagsbin(naflags, &mask);
	} else {
		rc = au_user_mask(nam, &mask);
	}

	if (sf == 0) {
		sorf = AU_PRS_SUCCESS;
	} else {
		sorf = AU_PRS_FAILURE;
	}
	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);

	return (rc);
}
#endif /* BSM */




/*
 * Copyright 1993-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#ifndef	_BSD_SOLARIS_H
#define	_BSD_SOLARIS_H

#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)

#pragma ident	"@(#)bsmaudit.h	1.1	01/09/17 SMI"

#ifdef	__cplusplus
extern "C" {
#endif

#include <bsm/audit.h>
#define	AUE_openssh	32800

void solaris_audit_maxtrys(void);
void solaris_audit_nologin(void);
void solaris_audit_save_name(const char *name);
void solaris_audit_save_pw(struct passwd *pwd);
void solaris_audit_not_console(void);
void solaris_audit_bad_pw(const char *what);
void solaris_audit_save_host(const char *host);
void solaris_audit_save_ttyn(const char *ttyn);
void solaris_audit_save_port(int port);
void solaris_audit_save_command(const char *command);
void solaris_audit_success(void);
void solaris_audit_logout(void);

#ifdef	__cplusplus
}
#endif

#endif /* BSM */

#endif	/* _BSD_SOLARIS_H */

Lines 162-167 Link Here

(-)openbsd-compat/openbsd-compat.h~ (+1 lines)
162		162
163	/* Routines for a single OS platform */	163	/* Routines for a single OS platform */
164	#include "bsd-cray.h"	164	#include "bsd-cray.h"
		165	#include "bsd-solaris.h"
165	#include "bsd-cygwin_util.h"	166	#include "bsd-cygwin_util.h"
166	#include "port-irix.h"	167	#include "port-irix.h"
167	#include "port-aix.h"	168	#include "port-aix.h"

Lines 559-564 Link Here

(-)session.c~ (+11 lines)
559	cray_init_job(s->pw); /* set up cray jid and tmpdir */	559	cray_init_job(s->pw); /* set up cray jid and tmpdir */
560	#endif /* _UNICOS */	560	#endif /* _UNICOS */
561	do_login(s, command);	561	do_login(s, command);
		562	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		563	if (s->tty != NULL)
		564	solaris_audit_save_ttyn(s->tty);
		565	#endif /* BSM */
562	}	566	}
563	# ifdef LOGIN_NEEDS_UTMPX	567	# ifdef LOGIN_NEEDS_UTMPX
564	else	568	else
Lines 1218-1223 Link Here
1218	while (fgets(buf, sizeof(buf), f))	1222	while (fgets(buf, sizeof(buf), f))
1219	fputs(buf, stderr);	1223	fputs(buf, stderr);
1220	fclose(f);	1224	fclose(f);
		1225	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1226	solaris_audit_nologin();
		1227	#endif /* BSM */
1221	fflush(NULL);	1228	fflush(NULL);
1222	exit(254);	1229	exit(254);
1223	}	1230	}
Lines 1414-1419 Link Here
1414	do_motd();	1421	do_motd();
1415	#else /* HAVE_OSF_SIA */	1422	#else /* HAVE_OSF_SIA */
1416	do_nologin(pw);	1423	do_nologin(pw);
		1424	# if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1425	if (command != NULL)
		1426	solaris_audit_save_command(command);
		1427	# endif /* BSM */
1417	do_setusercontext(pw);	1428	do_setusercontext(pw);
1418	#endif /* HAVE_OSF_SIA */	1429	#endif /* HAVE_OSF_SIA */
1419	}	1430	}

Lines 1432-1438 Link Here

(-)sshd.c~ (-1 / +9 lines)
1432		1432
1433	remote_port = get_remote_port();	1433	remote_port = get_remote_port();
1434	remote_ip = get_remote_ipaddr();	1434	remote_ip = get_remote_ipaddr();
1435		1435	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1436	solaris_audit_save_host(remote_ip);
		1437	solaris_audit_save_port(remote_port);
		1438	#endif /* BSM */
1436	#ifdef LIBWRAP	1439	#ifdef LIBWRAP
1437	/* Check whether logins are denied from this host. */	1440	/* Check whether logins are denied from this host. */
1438	{	1441	{
Lines 1502-1507 Link Here
1502	}	1505	}
1503		1506
1504	authenticated:	1507	authenticated:
		1508
		1509	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1510	solaris_audit_success();
		1511	#endif /* BSM */
		1512
1505	/*	1513	/*
1506	* In privilege separation, we fork another child and prepare	1514	* In privilege separation, we fork another child and prepare
1507	* file descriptor passing.	1515	* file descriptor passing.

Lines 98-101 Link Here

(-)sshlogin.c~ (+3 lines)
98	li = login_alloc_entry(pid, user, NULL, ttyname);	98	li = login_alloc_entry(pid, user, NULL, ttyname);
99	login_logout(li);	99	login_logout(li);
100	login_free_entry(li);	100	login_free_entry(li);
		101	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		102	solaris_audit_logout();
		103	#endif /* BSM */
101	}	104	}

Return to bug 125

Lines 649-654 Link Here

(-)configure.ac~ (+14 lines)
649	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])	649	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
650	AC_CHECK_FUNCS(logout updwtmp logwtmp)	650	AC_CHECK_FUNCS(logout updwtmp logwtmp)
651		651
		652	dnl Checks for libbsm functions
		653	AC_CHECK_HEADERS(bsm/audit.h)
		654	AC_CHECK_LIB(bsm, getaudit)
		655	AC_CHECK_FUNC(getaudit, AC_DEFINE(HAVE_GETAUDIT,
		656	1,
		657	[Define if libbsm has `getaudit'.]
		658	)
		659	)
		660	AC_CHECK_FUNC(getaudit_addr, AC_DEFINE(HAVE_GETAUDIT_ADDR,
		661	1,
		662	[Define if libbsm has `getaudit_addr'.]
		663	)
		664	)
		665
652	AC_FUNC_STRFTIME	666	AC_FUNC_STRFTIME
653		667
654	# Check for ALTDIRFUNC glob() extension	668	# Check for ALTDIRFUNC glob() extension

Lines 1172-1174 Link Here

(-)monitor_wrap.c~ (+44 lines)
1172	return (authenticated);	1172	return (authenticated);
1173	}	1173	}
1174	#endif /* GSSAPI */	1174	#endif /* GSSAPI */
		1175
		1176	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		1177
		1178	void
		1179	mm_solaris_audit_bad_pw(const char *what)
		1180	{
		1181	Buffer m;
		1182
		1183	debug3("%s entering", __func__);
		1184
		1185	buffer_init(&m);
		1186	buffer_put_string(&m, what, strlen(what) + 1);
		1187
		1188	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_BAD_PW, &m);
		1189	buffer_free(&m);
		1190	}
		1191
		1192	void
		1193	mm_solaris_audit_maxtrys(void)
		1194	{
		1195	Buffer m;
		1196
		1197	debug3("%s entering", __func__);
		1198
		1199	buffer_init(&m);
		1200
		1201	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_MAXTRYS, &m);
		1202	buffer_free(&m);
		1203	}
		1204
		1205	void
		1206	mm_solaris_audit_not_console(void)
		1207	{
		1208	Buffer m;
		1209
		1210	debug3("%s entering", __func__);
		1211
		1212	buffer_init(&m);
		1213
		1214	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_NOT_CONSOLE, &m);
		1215	buffer_free(&m);
		1216	}
		1217
		1218	#endif /* BSM */

Lines 99-104 Link Here

(-)INSTALL~ (+15 lines)
99	configuration will work with sshd (sshd will match the other service	99	configuration will work with sshd (sshd will match the other service
100	name).	100	name).
101		101
		102	If you enable BSM auditing on Solaris, you need to update audit_event(4)
		103	for praudit(1m) to give sensible output. The following line needs to be
		104	added to /etc/security/audit_event:
		105
		106	32800:AUE_openssh:OpenSSH login:lo
		107
		108	If the contrib/buildpkg.sh script is used, the included postinstall
		109	script will add the line for you.
		110
		111	The BSM audit event range available for third party TCB applications is
		112	32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
		113	There is no official registry of 3rd party event numbers, so if this
		114	number is already in use on your system, change the value of
		115	AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.
		116
102	There are a few other options to the configure script:	117	There are a few other options to the configure script:
103		118
104	--with-pam enables PAM support. If PAM support is compiled in, it must	119	--with-pam enables PAM support. If PAM support is compiled in, it must

Lines 16-24 Link Here

(-)openbsd-compat/Makefile.in~ (-3 / +18 lines)
16	INSTALL=@INSTALL@	16	INSTALL=@INSTALL@
17	LDFLAGS=-L. @LDFLAGS@	17	LDFLAGS=-L. @LDFLAGS@
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o \
20		20	getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o \
21	COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o	21	inet_aton.o inet_ntoa.o inet_ntop.o \
		22	mktemp.o readpassphrase.o realpath.o rresvport.o \
		23	setenv.o setproctitle.o sigact.o \
		24	strlcat.o strlcpy.o strmode.o strsep.o \
		25	strtoul.o vis.o
		26
		27	COMPAT=bsd-arc4random.o \
		28	bsd-cray.o \
		29	bsd-cygwin_util.o \
		30	bsd-nextstep.o \
		31	bsd-solaris.o \
		32	bsd-getpeereid.o bsd-misc.o bsd-snprintf.o \
		33	bsd-waitpid.o bsd-openpty.o \
		34	fake-rfc2553.o \
		35	xmmap.o \
		36	xcrypt.o
22		37
23	PORTS=port-irix.o port-aix.o	38	PORTS=port-irix.o port-aix.o
24		39

Line 0 Link Here

(-)openbsd-compat/bsd-solaris.c~ (+447 lines)
		1	/*
		2	* Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
		3	* Use is subject to license terms.
		4	*
		5	*
		6	* Redistribution and use in source and binary forms, with or without
		7	* modification, are permitted provided that the following conditions
		8	* are met:
		9	* 1. Redistributions of source code must retain the above copyright
		10	* notice, this list of conditions and the following disclaimer.
		11	* 2. Redistributions in binary form must reproduce the above copyright
		12	* notice, this list of conditions and the following disclaimer in the
		13	* documentation and/or other materials provided with the distribution.
		14	*
		15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
		16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
		17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
		18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
		19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
		21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
		22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
		24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		25	*
		26	*/
		27	#pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI"
		28
		29	#include "includes.h"
		30	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		31	#include <sys/systeminfo.h>
		32	#include <sys/param.h>
		33	#include <sys/types.h>
		34	#include <sys/socket.h>
		35	#include <sys/systeminfo.h>
		36	#include <sys/stat.h>
		37	#include <sys/wait.h>
		38	#include <netinet/in.h>
		39	#include <netdb.h>
		40	#include <signal.h>
		41
		42	#include <pwd.h>
		43	#include <shadow.h>
		44	#include <utmpx.h>
		45	#include <unistd.h>
		46	#include <string.h>
		47
		48	#include <bsm/audit.h>
		49	#include <bsm/libbsm.h>
		50	#include <bsm/audit_uevents.h>
		51	#include <bsm/audit_record.h>
		52	#include "openbsd-compat/bsd-solaris.h"
		53
		54	#include <locale.h>
		55
		56	#include "ssh.h"
		57	#include "log.h"
		58	#include "xmalloc.h"
		59
		60	#if defined(HAVE_GETAUDIT_ADDR)
		61	#define AuditInfoStruct auditinfo_addr
		62	#define AuditInfoTermID au_tid_addr_t
		63	#define GetAuditFunc(a,b) getaudit_addr((a),(b))
		64	#define GetAuditFuncText "getaudit_addr"
65	#define SetAuditFunc(a,b) setaudit_addr((a),(b))
66	#define SetAuditFuncText "setaudit_addr"
67	#define AUToSubjectFunc au_to_subject_ex
68	#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
69	#else
70	#define AuditInfoStruct auditinfo
71	#define AuditInfoTermID au_tid_t
72	#define GetAuditFunc(a,b) getaudit(a)
73	#define GetAuditFuncText "getaudit"
74	#define SetAuditFunc(a,b) setaudit(a)
75	#define SetAuditFuncText "setaudit"
76	#define AUToSubjectFunc au_to_subject
77	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
78	#endif
79
80	static void solaris_audit_record(int typ, char *string, au_event_t event_no);
81	static void solaris_audit_session_setup(void);
82	static int selected(char *nam, uid_t uid, au_event_t event, int sf);
83
84	static void get_terminal_id(AuditInfoTermID *tid);
85
86	extern int cannot_audit(int);
87	extern void aug_init(void);
88	extern dev_t aug_get_port(void);
89	extern int aug_get_machine(char , uint32_t , uint32_t *);
90	extern void aug_save_auid(au_id_t);
91	extern void aug_save_uid(uid_t);
92	extern void aug_save_euid(uid_t);
93	extern void aug_save_gid(gid_t);
94	extern void aug_save_egid(gid_t);
95	extern void aug_save_pid(pid_t);
96	extern void aug_save_asid(au_asid_t);
97	extern void aug_save_tid(dev_t, unsigned int);
98	extern void aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
99	extern int aug_save_me(void);
100	extern int aug_save_namask(void);
101	extern void aug_save_event(au_event_t);
102	extern void aug_save_sorf(int);
103	extern void aug_save_text(char *);
104	extern void aug_save_text1(char *);
105	extern void aug_save_text2(char *);
106	extern void aug_save_na(int);
107	extern void aug_save_user(char *);
108	extern void aug_save_path(char *);
109	extern int aug_save_policy(void);
110	extern void aug_save_afunc(int (*)(int));
111	extern int aug_audit(void);
112	extern int aug_na_selected(void);
113	extern int aug_selected(void);
114	extern int aug_daemon_session(void);
115
116	static char sav_ttyn[512];
117	static char sav_name[512];
118	static uid_t sav_uid;
119	static gid_t sav_gid;
120	static dev_t sav_port;
121	static uint32_t sav_machine[4];
122	static uint32_t sav_iptype;
123	static char sav_host[MAXHOSTNAMELEN];
124	static char *sav_cmd = NULL;
125
126	void
127	solaris_audit_save_port(int port)
128	{
129	if (cannot_audit(0)) {
130	return;
131	}
132	sav_port = port;
133	debug3("BSM audit: sav_port=%ld", (long)sav_port);
134	}
135
136	void
137	solaris_audit_save_host(const char *host)
138	{
139	int i;
140	#if !defined(HAVE_GETAUDIT_ADDR)
141	in_addr_t ia;
142	#endif
143
144	if (cannot_audit(0)) {
145	return;
146	}
147	(void) strlcpy(sav_host, host, sizeof (sav_host));
148	debug3("BSM audit: sav_host=%s", sav_host);
149	memset(sav_machine, 0, sizeof(sav_machine));
150	#if defined(HAVE_GETAUDIT_ADDR)
151	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
152	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
153	#else
154	ia = inet_addr(host);
155	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
156	sav_iptype = 0; /* not used, but just in case */
157	#endif
158	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
159	debug3("BSM audit: sav_machine[%d]=%08lx",
160	i, (long)sav_machine[i]);
161	}
162	}
163
164	void
165	solaris_audit_save_command(const char *command)
166	{
167	if (cannot_audit(0)) {
168	return;
169	}
170	if (sav_cmd != NULL) {
171	free(sav_cmd);
172	sav_cmd = NULL;
173	}
174	sav_cmd = xstrdup(command);
175	debug3("BSM audit: sav_cmd=%s", sav_cmd);
176	}
177
178	void
179	solaris_audit_save_ttyn(const char *ttyn)
180	{
181	if (cannot_audit(0)) {
182	return;
183	}
184	(void) strlcpy(sav_ttyn, ttyn, sizeof (sav_ttyn));
185	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
186	}
187
188	void
189	solaris_audit_save_name(const char *name)
190	{
191	if (cannot_audit(0)) {
192	return;
193	}
194	(void) strlcpy(sav_name, name, sizeof (sav_name));
195	debug3("BSM audit: sav_name=%s", sav_name);
196	}
197
198	void
199	solaris_audit_save_pw(struct passwd *pwd)
200	{
201	if (cannot_audit(0)) {
202	return;
203	}
204	if (pwd == NULL) {
205	sav_uid = -1;
206	sav_gid = -1;
207	} else {
208	(void) strlcpy(sav_name, pwd->pw_name, sizeof (sav_name));
209	sav_uid = pwd->pw_uid;
210	sav_gid = pwd->pw_gid;
211	}
212	debug3("BSM audit: sav_name=%s", sav_name);
213	debug3("BSM audit: sav_uid=%ld", (long)sav_uid);
214	debug3("BSM audit: sav_gid=%ld", (long)sav_gid);
215	}
216
217	void
218	solaris_audit_nologin(void)
219	{
220	if (cannot_audit(0)) {
221	return;
222	}
223	solaris_audit_record(1, gettext("logins disabled by /etc/nologin"),
224	AUE_openssh);
225	}
226
227	void
228	solaris_audit_maxtrys(void)
229	{
230	char textbuf[BSM_TEXTBUFSZ];
231
232	if (cannot_audit(0)) {
233	return;
234	}
235	(void) snprintf(textbuf, sizeof (textbuf),
236	gettext("too many tries for user %s"), sav_name);
237	solaris_audit_record(1, textbuf, AUE_openssh);
238	}
239
240	void
241	solaris_audit_not_console(void)
242	{
243	if (cannot_audit(0)) {
244	return;
245	}
246	solaris_audit_record(2, gettext("not_console"), AUE_openssh);
247	}
248
249	void
250	solaris_audit_bad_pw(const char *what)
251	{
252	char textbuf[BSM_TEXTBUFSZ];
253
254	if (cannot_audit(0)) {
255	return;
256	}
257	if (sav_uid == -1) {
258	(void) snprintf(textbuf, sizeof (textbuf),
259	gettext("invalid user name \"%s\""), sav_name);
260	solaris_audit_record(3, textbuf, AUE_openssh);
261	} else {
262	(void) snprintf(textbuf, sizeof (textbuf),
263	gettext("invalid %s for user %s"), what, sav_name);
264	solaris_audit_record(4, textbuf, AUE_openssh);
265	}
266	}
267
268	void
269	solaris_audit_success(void)
270	{
271	char textbuf[BSM_TEXTBUFSZ];
272
273	if (cannot_audit(0)) {
274	return;
275	}
276
277	solaris_audit_session_setup();
278	(void) snprintf(textbuf, sizeof (textbuf),
279	gettext("successful login %s"), sav_name);
280	solaris_audit_record(0, textbuf, AUE_openssh);
281	}
282
283	static void
284	solaris_audit_record(int typ, char *string, au_event_t event_no)
285	{
286	int ad, rc, sel;
287	uid_t uid;
288	gid_t gid;
289	pid_t pid;
290	AuditInfoTermID tid;
291
292	uid = sav_uid;
293	gid = sav_gid;
294	pid = getpid();
295
296	get_terminal_id(&tid);
297
298	if (typ == 0) {
299	rc = 0;
300	} else {
301	/*
302	* The typ value is passed to the au_return function as
303	* the error number. We used to use small integer values
304	* (e.g. 4) to distinguish between the various errors,
305	* but praudit treats the field as an errno value and
306	* passes it through strerror(), so they would show
307	* up as (e.g.) "interrupted system call" (4 is EINTR)
308	* which was confusing:
309	*
310	* return,failure: Interrupted system call,-1
311	*
312	* I tried setting rc to the negative of the typ and typ
313	* to zero, but that shows up as a success rather than a
314	* failure:
315	*
316	* return,success,-4
317	*
318	* Sigh.
319	*
320	* Experimentally, using numbers outside the range of
321	* valid errno values show up as integers, e.g.:
322	*
323	* return,failure: 244,-1
324	*
325	* which seems much more reasonable.
326	*
327	* According to the audit.log documentation, the field
328	* is only a char type (actually, probably unsigned char)
329	* so we have to keep it under 255.
330	*/
331	typ += 240;
332	if (typ > 255) {
333	typ = EINVAL; /* caller goofed */
334	}
335	rc = -1;
336	}
337
338	sel = selected(sav_name, uid, event_no, rc);
339	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
340	if (!sel)
341	return;
342
343	ad = au_open();
344
345	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
346	pid, pid, &tid));
347	(void) au_write(ad, au_to_text(string));
348	if (sav_cmd != NULL) {
349	(void) au_write(ad, au_to_text(sav_cmd));
350	}
351	(void) au_write(ad, AUToReturnFunc(typ, rc));
352
353	rc = au_close(ad, AU_TO_WRITE, event_no);
354	if (rc < 0) {
355	error("BSM audit: solaris_audit_record failed to write \"%s\" record: %s",
356	string, strerror(errno));
357	}
358	}
359
360	static void
361	solaris_audit_session_setup(void)
362	{
363	int rc;
364	struct AuditInfoStruct info;
365	au_mask_t mask;
366	struct AuditInfoStruct now;
367
368	info.ai_auid = sav_uid;
369	info.ai_asid = getpid();
370	mask.am_success = 0;
371	mask.am_failure = 0;
372
373	(void) au_user_mask(sav_name, &mask);
374
375	info.ai_mask.am_success = mask.am_success;
376	info.ai_mask.am_failure = mask.am_failure;
377
378	/* see if terminal id already set */
379	if (GetAuditFunc(&now, sizeof (now)) < 0) {
380	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
381	GetAuditFuncText, strerror(errno));
382	}
383
384	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
385	get_terminal_id(&(info.ai_termid));
386
387	rc = SetAuditFunc(&info, sizeof (info));
388	if (rc < 0) {
389	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
390	SetAuditFuncText, strerror(errno));
391	}
392	}
393
394
395	static void
396	get_terminal_id(AuditInfoTermID *tid)
397	{
398	#if defined(HAVE_GETAUDIT_ADDR)
399	tid->at_port = sav_port;
400	tid->at_type = sav_iptype;
401	tid->at_addr[0] = sav_machine[0];
402	tid->at_addr[1] = sav_machine[1];
403	tid->at_addr[2] = sav_machine[2];
404	tid->at_addr[3] = sav_machine[3];
405	#else
406	tid->port = sav_port;
407	tid->machine = sav_machine[0];
408	#endif
409	}
410
411	void
412	solaris_audit_logout(void)
413	{
414	char textbuf[BSM_TEXTBUFSZ];
415
416	(void) snprintf(textbuf, sizeof (textbuf),
417	gettext("sshd logout %s"), sav_name);
418
419	solaris_audit_record(0, textbuf, AUE_logout);
420	}
421
422	static int
423	selected(char *nam, uid_t uid, au_event_t event, int sf)
424	{
425	int rc, sorf;
426	char naflags[512];
427	struct au_mask mask;
428
429	mask.am_success = mask.am_failure = 0;
430	if (uid < 0) {
431	rc = getacna(naflags, 256); /* get non-attrib flags */
432	if (rc == 0)
433	(void) getauditflagsbin(naflags, &mask);
434	} else {
435	rc = au_user_mask(nam, &mask);
436	}
437
438	if (sf == 0) {
439	sorf = AU_PRS_SUCCESS;
440	} else {
441	sorf = AU_PRS_FAILURE;
442	}
443	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
444
445	return (rc);
446	}
447	#endif /* BSM */

Line 0 Link Here

(-)openbsd-compat/bsd-solaris.h~ (+60 lines)
	1	/*
	2	* Copyright 1993-2002 Sun Microsystems, Inc. All rights reserved.
	3	* Use is subject to license terms.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
	13	*
	14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	*
	25	*/
	26
	27	#ifndef _BSD_SOLARIS_H
	28	#define _BSD_SOLARIS_H
	29
	30	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
	31
	32	#pragma ident "@(#)bsmaudit.h 1.1 01/09/17 SMI"
	33
	34	#ifdef __cplusplus
	35	extern "C" {
	36	#endif
	37
	38	#include <bsm/audit.h>
	39	#define AUE_openssh 32800
	40
	41	void solaris_audit_maxtrys(void);
	42	void solaris_audit_nologin(void);
	43	void solaris_audit_save_name(const char *name);
	44	void solaris_audit_save_pw(struct passwd *pwd);
	45	void solaris_audit_not_console(void);
	46	void solaris_audit_bad_pw(const char *what);
	47	void solaris_audit_save_host(const char *host);
	48	void solaris_audit_save_ttyn(const char *ttyn);
	49	void solaris_audit_save_port(int port);
	50	void solaris_audit_save_command(const char *command);
	51	void solaris_audit_success(void);
	52	void solaris_audit_logout(void);
	53
	54	#ifdef __cplusplus
	55	}
	56	#endif
	57
	58	#endif /* BSM */
	59
	60	#endif /* _BSD_SOLARIS_H */