Attachment #619 for bug #125

View | Details | Raw Unified | Return to bug 125 | Differences between

and this patch




configuration will work with sshd (sshd will match the other service
name).

If you enable BSM auditing on Solaris, you need to update audit_event(4)
for praudit(1m) to give sensible output.  The following line needs to be
added to /etc/security/audit_event:

	32800:AUE_openssh:OpenSSH login:lo

If the contrib/buildpkg.sh script is used, the included postinstall
script will add the line for you.

The BSM audit event range available for third party TCB applications is
32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
There is no official registry of 3rd party event numbers, so if this
number is already in use on your system, change the value of
AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.

There are a few other options to the configure script:

--with-pam enables PAM support. If PAM support is compiled in, it must

Lines 203-208 Link Here

(-)LICENCE (+1 lines)
203	Wayne Schroeder	203	Wayne Schroeder
204	William Jones	204	William Jones
205	Darren Tucker	205	Darren Tucker
		206	Sun Microsystems
206		207
207	* Redistribution and use in source and binary forms, with or without	208	* Redistribution and use in source and binary forms, with or without
208	* modification, are permitted provided that the following conditions	209	* modification, are permitted provided that the following conditions

Lines 482-487 Link Here

(-)auth.c (-2 / +9 lines)
482	#endif	482	#endif
483	struct passwd *pw;	483	struct passwd *pw;
484		484
		485	#ifdef USE_BSM_AUDIT
		486	solaris_audit_save_name(user);
		487	#endif
485	pw = getpwnam(user);	488	pw = getpwnam(user);
486	if (pw == NULL) {	489	if (pw == NULL) {
487	logit("Illegal user %.100s from %.100s",	490	logit("Illegal user %.100s from %.100s",
Lines 508-515 Link Here
508	auth_close(as);	511	auth_close(as);
509	#endif	512	#endif
510	#endif	513	#endif
511	if (pw != NULL)	514	if (pw != NULL) {
512	return (pwcopy(pw));	515	#ifdef USE_BSM_AUDIT
		516	solaris_audit_save_pw(pw);
		517	#endif /* BSM */
		518	return(pwcopy(pw));
		519	}
513	return (NULL);	520	return (NULL);
514	}	521	}
515		522

Lines 241-248 Link Here

(-)auth1.c (-2 / +13 lines)
241	#else	241	#else
242	/* Special handling for root */	242	/* Special handling for root */
243	if (authenticated && authctxt->pw->pw_uid == 0 &&	243	if (authenticated && authctxt->pw->pw_uid == 0 &&
244	!auth_root_allowed(get_authname(type)))	244	!auth_root_allowed(get_authname(type))) {
245	authenticated = 0;	245	authenticated = 0;
		246	#ifdef USE_BSM_AUDIT
		247	PRIVSEP(solaris_audit_event(NOT_CONSOLE));
		248	#endif /* BSM */
		249	}
246	#endif	250	#endif
247		251
248	#ifdef USE_PAM	252	#ifdef USE_PAM
Lines 262-270 Link Here
262	if (authenticated)	266	if (authenticated)
263	return;	267	return;
264		268
265	if (authctxt->failures++ > AUTH_FAIL_MAX)	269	if (authctxt->failures++ > AUTH_FAIL_MAX) {
		270	#ifdef USE_BSM_AUDIT
		271	PRIVSEP(solaris_audit_event(MAXTRIES));
		272	#endif
266	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	273	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		274	}
267		275
		276	#ifdef USE_BSM_AUDIT
		277	PRIVSEP(solaris_audit_bad_pw("authorization"));
		278	#endif
268	packet_start(SSH_SMSG_FAILURE);	279	packet_start(SSH_SMSG_FAILURE);
269	packet_send();	280	packet_send();
270	packet_write_wait();	281	packet_write_wait();

Lines 30-35 Link Here

(-)auth2-kbdint.c (+6 lines)
30	#include "log.h"	30	#include "log.h"
31	#include "servconf.h"	31	#include "servconf.h"
32	#include "xmalloc.h"	32	#include "xmalloc.h"
		33	#include "monitor_wrap.h"
33		34
34	/* import */	35	/* import */
35	extern ServerOptions options;	36	extern ServerOptions options;
Lines 55-60 Link Here
55	if (check_nt_auth(0, authctxt->pw) == 0)	56	if (check_nt_auth(0, authctxt->pw) == 0)
56	return(0);	57	return(0);
57	#endif	58	#endif
		59	#ifdef USE_BSM_AUDIT
		60	if (!authenticated) {
		61	PRIVSEP(solaris_audit_bad_pw("interactive password entry"));
		62	}
		63	#endif
58	return authenticated;	64	return authenticated;
59	}	65	}
60		66

Lines 63-68 Link Here

(-)auth2-passwd.c (+4 lines)
63	authenticated = 1;	63	authenticated = 1;
64	memset(password, 0, len);	64	memset(password, 0, len);
65	xfree(password);	65	xfree(password);
		66	#ifdef USE_BSM_AUDIT
		67	if (!authenticated)
		68	PRIVSEP(solaris_audit_bad_pw("password"));
		69	#endif /* BSM */
66	return authenticated;	70	return authenticated;
67	}	71	}
68		72

Lines 160-165 Link Here

(-)auth2-pubkey.c (+4 lines)
160	if (check_nt_auth(0, authctxt->pw) == 0)	160	if (check_nt_auth(0, authctxt->pw) == 0)
161	return(0);	161	return(0);
162	#endif	162	#endif
		163	#ifdef USE_BSMAUDIT
		164	if (!authenticated)
		165	PRIVSEP(solaris_audit_bad_pw("public key"));
		166	#endif /* BSM */
163	return authenticated;	167	return authenticated;
164	}	168	}
165		169

Lines 165-170 Link Here

(-)auth2.c (-2 / +16 lines)
165	if (options.use_pam)	165	if (options.use_pam)
166	PRIVSEP(start_pam(authctxt));	166	PRIVSEP(start_pam(authctxt));
167	#endif	167	#endif
		168	#ifdef USE_BSM_AUDIT
		169	PRIVSEP(solaris_audit_bad_pw("name"));
		170	#endif
168	}	171	}
169	setproctitle("%s%s", authctxt->pw ? user : "unknown",	172	setproctitle("%s%s", authctxt->pw ? user : "unknown",
170	use_privsep ? " [net]" : "");	173	use_privsep ? " [net]" : "");
Lines 212-219 Link Here
212		215
213	/* Special handling for root */	216	/* Special handling for root */
214	if (authenticated && authctxt->pw->pw_uid == 0 &&	217	if (authenticated && authctxt->pw->pw_uid == 0 &&
215	!auth_root_allowed(method))	218	!auth_root_allowed(method)) {
216	authenticated = 0;	219	authenticated = 0;
		220	#ifdef USE_BSM_AUDIT
		221	PRIVSEP(solaris_audit_event(NOT_CONSOLE));
		222	#endif
		223	}
217		224
218	#ifdef USE_PAM	225	#ifdef USE_PAM
219	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))	226	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
Lines 243-250 Link Here
243	/* now we can break out */	250	/* now we can break out */
244	authctxt->success = 1;	251	authctxt->success = 1;
245	} else {	252	} else {
246	if (authctxt->failures++ > AUTH_FAIL_MAX)	253	if (authctxt->failures++ > AUTH_FAIL_MAX) {
		254	#ifdef USE_BSM_AUDIT
		255	PRIVSEP(solaris_audit_event(MAXTRIES));
		256	#endif
247	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	257	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		258	}
		259	#ifdef USE_BSM_AUDIT
		260	PRIVSEP(solaris_audit_bad_pw("authorization"));
		261	#endif
248	methods = authmethods_get();	262	methods = authmethods_get();
249	packet_start(SSH2_MSG_USERAUTH_FAILURE);	263	packet_start(SSH2_MSG_USERAUTH_FAILURE);
250	packet_put_cstring(methods);	264	packet_put_cstring(methods);




AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
AC_CHECK_FUNCS(logout updwtmp logwtmp)

dnl    Checks for libbsm functions
AC_CHECK_HEADERS(bsm/audit.h)
AC_CHECK_LIB(bsm, getaudit)
AC_CHECK_FUNC(getaudit, AC_DEFINE(HAVE_GETAUDIT,
				  1,
				  [Define if libbsm has `getaudit'.]
				 )
	     )
AC_CHECK_FUNC(getaudit_addr, AC_DEFINE(HAVE_GETAUDIT_ADDR,
				       1,
				       [Define if libbsm has `getaudit_addr'.]
				      )
	     )

AC_FUNC_STRFTIME

# Check for ALTDIRFUNC glob() extension

Lines 523-528 Link Here

(-)defines.h (+5 lines)
523	# define getpgrp() getpgrp(0)	523	# define getpgrp() getpgrp(0)
524	#endif	524	#endif
525		525
		526	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		527	# define USE_BSM_AUDIT
		528	# define CUSTOM_FAILED_LOGIN
		529	#endif
		530
526	/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */	531	/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
527	#if !defined(OPENSSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x0090600f)	532	#if !defined(OPENSSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x0090600f)
528	# define OPENSSL_free(x) Free(x)	533	# define OPENSSL_free(x) Free(x)

Lines 412-417 Link Here

(-)loginrec.c (+3 lines)
412	return 1;	412	return 1;
413	}	413	}
414	#endif	414	#endif
		415	#ifdef USE_BSM_AUDIT
		416	solaris_audit_event(LOGOUT);
		417	#endif /* BSM */
415		418
416	/* set the timestamp */	419	/* set the timestamp */
417	login_set_current_time(li);	420	login_set_current_time(li);

Lines 143-148 Link Here

(-)monitor.c (+49 lines)
143	int mm_answer_gss_checkmic(int, Buffer *);	143	int mm_answer_gss_checkmic(int, Buffer *);
144	#endif	144	#endif
145		145
		146	#ifdef USE_BSM_AUDIT
		147	int mm_answer_bad_pw(int, Buffer *);
		148	int mm_answer_audit_event(int, Buffer *);
		149	#endif
		150
146	static Authctxt *authctxt;	151	static Authctxt *authctxt;
147	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */	152	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */
148		153
Lines 196-201 Link Here
196	#endif	201	#endif
197	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},	202	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
198	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},	203	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
		204	#ifdef USE_BSM_AUDIT
		205	{MONITOR_REQ_AUDIT_BAD_PW, MON_PERMIT, mm_answer_bad_pw},
		206	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		207	#endif
199	#ifdef GSSAPI	208	#ifdef GSSAPI
200	{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},	209	{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
201	{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},	210	{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
Lines 239-244 Link Here
239	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	248	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
240	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	249	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
241	#endif	250	#endif
		251	#ifdef USE_BSM_AUDIT
		252	{MONITOR_REQ_AUDIT_BAD_PW, MON_PERMIT, mm_answer_bad_pw},
		253	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		254	#endif
242	{0, 0, NULL}	255	{0, 0, NULL}
243	};	256	};
244		257
Lines 1483-1488 Link Here
1483	exit (res);	1496	exit (res);
1484	}	1497	}
1485		1498
		1499	#ifdef USE_BSM_AUDIT
		1500
		1501	/* Report that the user or password is invalid */
		1502
		1503	int
		1504	mm_answer_bad_pw(int socket, Buffer *m)
		1505	{
		1506	char *what;
		1507
		1508	debug3("%s", __func__);
		1509
		1510	what = buffer_get_string(m, NULL);
		1511	solaris_audit_bad_pw(what);
		1512	xfree(what);
		1513
		1514	return (0);
		1515	}
		1516
		1517	/* Report that an audit event occurred */
		1518
		1519	int
		1520	mm_answer_audit_event(int socket, Buffer *m)
		1521	{
		1522	enum audit_event_type event;
		1523
		1524	debug3("%s", __func__);
		1525
		1526	event = buffer_get_int(m);
		1527	if (event == MAXTRIES \|\| event == NOT_CONSOLE)
		1528	solaris_audit_event(event);
		1529
		1530	return (0);
		1531	}
		1532
		1533	#endif
		1534
1486	void	1535	void
1487	monitor_apply_keystate(struct monitor *pmonitor)	1536	monitor_apply_keystate(struct monitor *pmonitor)
1488	{	1537	{

Lines 46-51 Link Here

(-)monitor.h (+2 lines)
46	MONITOR_REQ_PTYCLEANUP,	46	MONITOR_REQ_PTYCLEANUP,
47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,	47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,
48	MONITOR_REQ_SESSID,	48	MONITOR_REQ_SESSID,
		49	MONITOR_REQ_AUDIT_BAD_PW,
		50	MONITOR_REQ_AUDIT_EVENT,
49	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,	51	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
50	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,	52	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
51	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,	53	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,




	return (success);
}

#ifdef USE_BSM_AUDIT
void
mm_solaris_audit_bad_pw(const char *what)
{
	Buffer m;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_string(&m, what, strlen(what) + 1);

	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_BAD_PW, &m);
	buffer_free(&m);
}

void
mm_solaris_audit_event(enum audit_event_type event)
{
	Buffer m;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_int(&m, event);

	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
	buffer_free(&m);
}

#endif /* BSM */

#ifdef GSSAPI
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)

Lines 99-104 Link Here

(-)monitor_wrap.h (+5 lines)
99	int mm_skey_query(void , char , char , u_int , char *, u_int );	99	int mm_skey_query(void , char , char , u_int , char *, u_int );
100	int mm_skey_respond(void , u_int, char *);	100	int mm_skey_respond(void , u_int, char *);
101		101
		102	#ifdef USE_BSM_AUDIT
		103	void mm_solaris_audit_bad_pw(const char *);
		104	void mm_solaris_audit_audit_event(enum audit_event_type);
		105	#endif /* BSM */
		106
102	/* zlib allocation hooks */	107	/* zlib allocation hooks */
103		108
104	void mm_zalloc(struct mm_master , u_int, u_int);	109	void mm_zalloc(struct mm_master , u_int, u_int);

Lines 567-572 Link Here

(-)session.c (+11 lines)
567	cray_init_job(s->pw); /* set up cray jid and tmpdir */	567	cray_init_job(s->pw); /* set up cray jid and tmpdir */
568	#endif /* _UNICOS */	568	#endif /* _UNICOS */
569	do_login(s, command);	569	do_login(s, command);
		570	#ifdef USE_BSM_AUDIT
		571	if (s->tty != NULL)
		572	solaris_audit_save_ttyn(s->tty);
		573	#endif /* BSM */
570	}	574	}
571	# ifdef LOGIN_NEEDS_UTMPX	575	# ifdef LOGIN_NEEDS_UTMPX
572	else	576	else
Lines 1226-1231 Link Here
1226	while (fgets(buf, sizeof(buf), f))	1230	while (fgets(buf, sizeof(buf), f))
1227	fputs(buf, stderr);	1231	fputs(buf, stderr);
1228	fclose(f);	1232	fclose(f);
		1233	#ifdef USE_BSM_AUDIT
		1234	solaris_audit_event(NOLOGIN);
		1235	#endif
1229	fflush(NULL);	1236	fflush(NULL);
1230	exit(254);	1237	exit(254);
1231	}	1238	}
Lines 1422-1427 Link Here
1422	do_motd();	1429	do_motd();
1423	#else /* HAVE_OSF_SIA */	1430	#else /* HAVE_OSF_SIA */
1424	do_nologin(pw);	1431	do_nologin(pw);
		1432	# ifdef USE_BSM_AUDIT
		1433	if (command != NULL)
		1434	solaris_audit_save_command(command);
		1435	# endif /* BSM */
1425	do_setusercontext(pw);	1436	do_setusercontext(pw);
1426	#endif /* HAVE_OSF_SIA */	1437	#endif /* HAVE_OSF_SIA */
1427	}	1438	}

Lines 1423-1429 Link Here

(-)sshd.c (-1 / +9 lines)
1423		1423
1424	remote_port = get_remote_port();	1424	remote_port = get_remote_port();
1425	remote_ip = get_remote_ipaddr();	1425	remote_ip = get_remote_ipaddr();
1426		1426	#ifdef USE_BSM_AUDIT
		1427	solaris_audit_save_host(remote_ip);
		1428	solaris_audit_save_port(remote_port);
		1429	#endif
1427	#ifdef LIBWRAP	1430	#ifdef LIBWRAP
1428	/* Check whether logins are denied from this host. */	1431	/* Check whether logins are denied from this host. */
1429	{	1432	{
Lines 1493-1498 Link Here
1493	}	1496	}
1494		1497
1495	authenticated:	1498	authenticated:
		1499
		1500	#ifdef USE_BSM_AUDIT
		1501	solaris_audit_event(SUCCESS);
		1502	#endif
		1503
1496	/*	1504	/*
1497	* In privilege separation, we fork another child and prepare	1505	* In privilege separation, we fork another child and prepare
1498	* file descriptor passing.	1506	* file descriptor passing.

Lines 191-196 Link Here

(-)contrib/solaris/buildpkg.sh (+6 lines)
191	cat > postinstall << _EOF	191	cat > postinstall << _EOF
192	#! /sbin/sh	192	#! /sbin/sh
193	#	193	#
		194	audit_event=/etc/security/audit_event
		195
		196	if [ -z "\`grep AUE_openssh \$audit_event\`" ] ; then
		197	echo "32800:AUE_openssh:OpenSSH login:lo" >> \$audit_event
		198	fi
		199	#
194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\	201	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config	202	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config

Lines 20-26 Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
20		20
21	COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o	23	PORTS=port-irix.o port-aix.o port-solaris.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

Lines 163-169 Link Here

(-)openbsd-compat/openbsd-compat.h (-1 / +2 lines)
163	/* Routines for a single OS platform */	163	/* Routines for a single OS platform */
164	#include "bsd-cray.h"	164	#include "bsd-cray.h"
165	#include "bsd-cygwin_util.h"	165	#include "bsd-cygwin_util.h"
166	#include "port-irix.h"
167	#include "port-aix.h"	166	#include "port-aix.h"
		167	#include "port-irix.h"
		168	#include "port-solaris.h"
168		169
169	#endif /* _OPENBSD_COMPAT_H */	170	#endif /* _OPENBSD_COMPAT_H */




/*
 * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
/* #pragma ident	"@(#)bsmaudit.c	1.1	01/09/17 SMI" */

#include "includes.h"
#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)

#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <bsm/audit_uevents.h>
#include <bsm/audit_record.h>
#include "port-solaris.h"

#include <locale.h>

#include "ssh.h"
#include "log.h"

#if defined(HAVE_GETAUDIT_ADDR)
#define	AuditInfoStruct		auditinfo_addr
#define AuditInfoTermID		au_tid_addr_t
#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
#define GetAuditFuncText	"getaudit_addr"
#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
#define SetAuditFuncText	"setaudit_addr"
#define AUToSubjectFunc		au_to_subject_ex
#define AUToReturnFunc(a,b)	au_to_return32((a), (int32_t)(b))
#else
#define	AuditInfoStruct		auditinfo
#define AuditInfoTermID		au_tid_t
#define GetAuditFunc(a,b)	getaudit(a)
#define GetAuditFuncText	"getaudit"
#define SetAuditFunc(a,b)	setaudit(a)
#define SetAuditFuncText	"setaudit"
#define AUToSubjectFunc		au_to_subject
#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
#endif

static void solaris_audit_record(int typ, char *string, au_event_t event_no);
static void solaris_audit_session_setup(void);
static int selected(char *nam, uid_t uid, au_event_t event, int sf);

static void get_terminal_id(AuditInfoTermID *tid);

extern int	cannot_audit(int);
extern void	aug_init(void);
extern dev_t	aug_get_port(void);
extern int 	aug_get_machine(char *, uint32_t *, uint32_t *);
extern void	aug_save_auid(au_id_t);
extern void	aug_save_uid(uid_t);
extern void	aug_save_euid(uid_t);
extern void	aug_save_gid(gid_t);
extern void	aug_save_egid(gid_t);
extern void	aug_save_pid(pid_t);
extern void	aug_save_asid(au_asid_t);
extern void	aug_save_tid(dev_t, unsigned int);
extern void	aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
extern int	aug_save_me(void);
extern int	aug_save_namask(void);
extern void	aug_save_event(au_event_t);
extern void	aug_save_sorf(int);
extern void	aug_save_text(char *);
extern void	aug_save_text1(char *);
extern void	aug_save_text2(char *);
extern void	aug_save_na(int);
extern void	aug_save_user(char *);
extern void	aug_save_path(char *);
extern int	aug_save_policy(void);
extern void	aug_save_afunc(int (*)(int));
extern int	aug_audit(void);
extern int	aug_na_selected(void);
extern int	aug_selected(void);
extern int	aug_daemon_session(void);

static char	sav_ttyn[512];
static char	sav_name[512];
static uid_t	sav_uid;
static gid_t	sav_gid;
static dev_t	sav_port;
static uint32_t	sav_machine[4];
static uint32_t	sav_iptype;
static char	sav_host[MAXHOSTNAMELEN];
static char	*sav_cmd = NULL;

void
solaris_audit_save_port(int port)
{
	if (cannot_audit(0)) 
		return;

	sav_port = port;
	debug3("BSM audit: sav_port=%ld", (long)sav_port);
}

void
solaris_audit_save_host(const char *host)
{
	int		i;
#if !defined(HAVE_GETAUDIT_ADDR)
	in_addr_t	ia;
#endif

	if (cannot_audit(0))
		return;

	(void) strlcpy(sav_host, host, sizeof (sav_host));
	debug3("BSM audit: sav_host=%s", sav_host);
	memset(sav_machine, 0, sizeof(sav_machine));
#if defined(HAVE_GETAUDIT_ADDR)
	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
#else
	ia = inet_addr(host);
	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
	sav_iptype = 0;			/* not used, but just in case */
#endif
	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
		debug3("BSM audit: sav_machine[%d]=%08lx",
		    i, (long)sav_machine[i]);
	}
}

void
solaris_audit_save_command(const char *command)
{
	if (cannot_audit(0))
		return;

	if (sav_cmd != NULL) {
		free(sav_cmd);
		sav_cmd = NULL;
	}
	sav_cmd = strdup(command);
	debug3("BSM audit: sav_cmd=%s", sav_cmd);
}

void
solaris_audit_save_ttyn(const char *ttyn)
{
	if (cannot_audit(0))
		return;

	(void) strlcpy(sav_ttyn, ttyn, sizeof (sav_ttyn));
	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
}

void
solaris_audit_save_name(const char *name)
{
	if (cannot_audit(0)) {
		return;
	}
	(void) strlcpy(sav_name, name, sizeof (sav_name));
	debug3("BSM audit: sav_name=%s", sav_name);
}

void
solaris_audit_save_pw(struct passwd *pwd)
{
	if (cannot_audit(0))
		return;

	if (pwd == NULL) {
		sav_uid = -1;
		sav_gid = -1;
	} else {
		(void) strlcpy(sav_name, pwd->pw_name, sizeof (sav_name));
		sav_uid = pwd->pw_uid;
		sav_gid = pwd->pw_gid;
	}
	debug3("BSM audit: sav_name=%s", sav_name);
	debug3("BSM audit: sav_uid=%ld", (long)sav_uid);
	debug3("BSM audit: sav_gid=%ld", (long)sav_gid);
}

void
solaris_audit_bad_pw(const char *what)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0))
		return;

	if (sav_uid == -1) {
		(void) snprintf(textbuf, sizeof (textbuf),
			gettext("invalid user name \"%s\""), sav_name);
		solaris_audit_record(3, textbuf, AUE_openssh);
	} else {
		(void) snprintf(textbuf, sizeof (textbuf),
			gettext("invalid %s for user %s"), what, sav_name);
		solaris_audit_record(4, textbuf, AUE_openssh);
	}
}

static void
solaris_audit_record(int typ, char *string, au_event_t event_no)
{
	int		ad, rc, sel;
	uid_t		uid;
	gid_t		gid;
	pid_t		pid;
	AuditInfoTermID	tid;

	uid = sav_uid;
	gid = sav_gid;
	pid = getpid();

	get_terminal_id(&tid);

	if (typ == 0) {
		rc = 0;
	} else {
		rc = -1;
	}

	sel = selected(sav_name, uid, event_no, rc);
	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
	if (!sel)
		return;

	ad = au_open();

	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
	    pid, pid, &tid));
	(void) au_write(ad, au_to_text(string));
	if (sav_cmd != NULL) {
		(void) au_write(ad, au_to_text(sav_cmd));
	}
	(void) au_write(ad, AUToReturnFunc(typ, rc));

	rc = au_close(ad, AU_TO_WRITE, event_no);
	if (rc < 0) {
		error("BSM audit: solaris_audit_record failed to write \"%s\" record: %s",
		    string, strerror(errno));
	}
}

static void
solaris_audit_session_setup(void)
{
	int	rc;
	struct AuditInfoStruct info;
	au_mask_t mask;
	struct AuditInfoStruct now;

	info.ai_auid = sav_uid;
	info.ai_asid = getpid();
	mask.am_success = 0;
	mask.am_failure = 0;

	(void) au_user_mask(sav_name, &mask);

	info.ai_mask.am_success  = mask.am_success;
	info.ai_mask.am_failure  = mask.am_failure;

	/* see if terminal id already set */
	if (GetAuditFunc(&now, sizeof (now)) < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    GetAuditFuncText, strerror(errno));
	}

	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
	get_terminal_id(&(info.ai_termid));

	rc = SetAuditFunc(&info, sizeof (info));
	if (rc < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    SetAuditFuncText, strerror(errno));
	}
}


static void
get_terminal_id(AuditInfoTermID *tid)
{
#if defined(HAVE_GETAUDIT_ADDR)
	tid->at_port = sav_port;
	tid->at_type = sav_iptype;
	tid->at_addr[0] = sav_machine[0];
	tid->at_addr[1] = sav_machine[1];
	tid->at_addr[2] = sav_machine[2];
	tid->at_addr[3] = sav_machine[3];
#else
	tid->port = sav_port;
	tid->machine = sav_machine[0];
#endif
}

void
solaris_audit_event(enum audit_event_type event)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0))
		return;

	switch(event) {
	case LOGOUT:
		snprintf(textbuf, sizeof (textbuf),
			gettext("sshd logout %s"), sav_name);
		solaris_audit_record(0, textbuf, AUE_logout);
		break;

	case NOLOGIN:
		solaris_audit_record(1,
		    gettext("logins disabled by /etc/nologin"), AUE_openssh);
		break;

	case MAXTRIES:
		snprintf(textbuf, sizeof (textbuf),
		    gettext("too many tries for user %s"), sav_name);
		solaris_audit_record(1, textbuf, AUE_openssh);
		break;

	case NOT_CONSOLE:
		solaris_audit_record(2, gettext("not_console"), AUE_openssh);
		break;

	case SUCCESS:
		solaris_audit_session_setup();
		snprintf(textbuf, sizeof (textbuf),
		    gettext("successful login %s"), sav_name);
		solaris_audit_record(0, textbuf, AUE_openssh);
		break;
	}
}

static int
selected(char *nam, uid_t uid, au_event_t event, int sf)
{
	int	rc, sorf;
	char	naflags[512];
	struct au_mask mask;

	mask.am_success = mask.am_failure = 0;
	if (uid < 0) {
		rc = getacna(naflags, 256); /* get non-attrib flags */
		if (rc == 0)
			(void) getauditflagsbin(naflags, &mask);
	} else {
		rc = au_user_mask(nam, &mask);
	}

	if (sf == 0) {
		sorf = AU_PRS_SUCCESS;
	} else {
		sorf = AU_PRS_FAILURE;
	}
	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);

	return (rc);
}

# ifdef CUSTOM_FAILED_LOGIN
void
record_failed_login(const char *user, const char *ttyname)
{
}
# endif

#endif /* BSM */




/*
 * Copyright 1993-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#ifndef	_BSD_SOLARIS_H
#define	_BSD_SOLARIS_H

#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)

/* #pragma ident	"@(#)bsmaudit.h	1.1	01/09/17 SMI" */

#include <bsm/audit.h>
#define	AUE_openssh	32800

enum audit_event_type {
	NOLOGIN,
	MAXTRIES,
	NOT_CONSOLE,
	SUCCESS,
	LOGOUT
};

void solaris_audit_save_name(const char *name);
void solaris_audit_save_pw(struct passwd *pwd);
void solaris_audit_event(enum audit_event_type);
void solaris_audit_bad_pw(const char *what);
void solaris_audit_save_host(const char *host);
void solaris_audit_save_ttyn(const char *ttyn);
void solaris_audit_save_port(int port);
void solaris_audit_save_command(const char *command);

#endif /* BSM */
#endif	/* _BSD_SOLARIS_H */

Return to bug 125

Lines 667-672 Link Here

(-)configure.ac (+14 lines)
667	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])	667	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
668	AC_CHECK_FUNCS(logout updwtmp logwtmp)	668	AC_CHECK_FUNCS(logout updwtmp logwtmp)
669		669
		670	dnl Checks for libbsm functions
		671	AC_CHECK_HEADERS(bsm/audit.h)
		672	AC_CHECK_LIB(bsm, getaudit)
		673	AC_CHECK_FUNC(getaudit, AC_DEFINE(HAVE_GETAUDIT,
		674	1,
		675	[Define if libbsm has `getaudit'.]
		676	)
		677	)
		678	AC_CHECK_FUNC(getaudit_addr, AC_DEFINE(HAVE_GETAUDIT_ADDR,
		679	1,
		680	[Define if libbsm has `getaudit_addr'.]
		681	)
		682	)
		683
670	AC_FUNC_STRFTIME	684	AC_FUNC_STRFTIME
671		685
672	# Check for ALTDIRFUNC glob() extension	686	# Check for ALTDIRFUNC glob() extension

Lines 1091-1096 Link Here

(-)monitor_wrap.c (+31 lines)
1091	return (success);	1091	return (success);
1092	}	1092	}
1093		1093
		1094	#ifdef USE_BSM_AUDIT
		1095	void
		1096	mm_solaris_audit_bad_pw(const char *what)
		1097	{
		1098	Buffer m;
		1099
		1100	debug3("%s entering", __func__);
		1101
		1102	buffer_init(&m);
		1103	buffer_put_string(&m, what, strlen(what) + 1);
		1104
		1105	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_BAD_PW, &m);
		1106	buffer_free(&m);
		1107	}
		1108
		1109	void
		1110	mm_solaris_audit_event(enum audit_event_type event)
		1111	{
		1112	Buffer m;
		1113
		1114	debug3("%s entering", __func__);
		1115
		1116	buffer_init(&m);
		1117	buffer_put_int(&m, event);
		1118
		1119	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
		1120	buffer_free(&m);
		1121	}
		1122
		1123	#endif /* BSM */
		1124
1094	#ifdef GSSAPI	1125	#ifdef GSSAPI
1095	OM_uint32	1126	OM_uint32
1096	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)	1127	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)

Lines 99-104 Link Here

(-)INSTALL (+15 lines)
99	configuration will work with sshd (sshd will match the other service	99	configuration will work with sshd (sshd will match the other service
100	name).	100	name).
101		101
		102	If you enable BSM auditing on Solaris, you need to update audit_event(4)
		103	for praudit(1m) to give sensible output. The following line needs to be
		104	added to /etc/security/audit_event:
		105
		106	32800:AUE_openssh:OpenSSH login:lo
		107
		108	If the contrib/buildpkg.sh script is used, the included postinstall
		109	script will add the line for you.
		110
		111	The BSM audit event range available for third party TCB applications is
		112	32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
		113	There is no official registry of 3rd party event numbers, so if this
		114	number is already in use on your system, change the value of
		115	AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.
		116
102	There are a few other options to the configure script:	117	There are a few other options to the configure script:
103		118
104	--with-pam enables PAM support. If PAM support is compiled in, it must	119	--with-pam enables PAM support. If PAM support is compiled in, it must

Added Link Here

(-)openbsd-compat/port-solaris.c (+385 lines)
1	/*
2	* Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
3	* Use is subject to license terms.
4	*
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions
8	* are met:
9	* 1. Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	* 2. Redistributions in binary form must reproduce the above copyright
12	* notice, this list of conditions and the following disclaimer in the
13	* documentation and/or other materials provided with the distribution.
14	*
15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*
26	*/
27	/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
28
29	#include "includes.h"
30	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
31
32	#include <bsm/audit.h>
33	#include <bsm/libbsm.h>
34	#include <bsm/audit_uevents.h>
35	#include <bsm/audit_record.h>
36	#include "port-solaris.h"
37
38	#include <locale.h>
39
40	#include "ssh.h"
41	#include "log.h"
42
43	#if defined(HAVE_GETAUDIT_ADDR)
44	#define AuditInfoStruct auditinfo_addr
45	#define AuditInfoTermID au_tid_addr_t
46	#define GetAuditFunc(a,b) getaudit_addr((a),(b))
47	#define GetAuditFuncText "getaudit_addr"
48	#define SetAuditFunc(a,b) setaudit_addr((a),(b))
49	#define SetAuditFuncText "setaudit_addr"
50	#define AUToSubjectFunc au_to_subject_ex
51	#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
52	#else
53	#define AuditInfoStruct auditinfo
54	#define AuditInfoTermID au_tid_t
55	#define GetAuditFunc(a,b) getaudit(a)
56	#define GetAuditFuncText "getaudit"
57	#define SetAuditFunc(a,b) setaudit(a)
58	#define SetAuditFuncText "setaudit"
59	#define AUToSubjectFunc au_to_subject
60	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
61	#endif
62
63	static void solaris_audit_record(int typ, char *string, au_event_t event_no);
64	static void solaris_audit_session_setup(void);
65	static int selected(char *nam, uid_t uid, au_event_t event, int sf);
66
67	static void get_terminal_id(AuditInfoTermID *tid);
68
69	extern int cannot_audit(int);
70	extern void aug_init(void);
71	extern dev_t aug_get_port(void);
72	extern int aug_get_machine(char , uint32_t , uint32_t *);
73	extern void aug_save_auid(au_id_t);
74	extern void aug_save_uid(uid_t);
75	extern void aug_save_euid(uid_t);
76	extern void aug_save_gid(gid_t);
77	extern void aug_save_egid(gid_t);
78	extern void aug_save_pid(pid_t);
79	extern void aug_save_asid(au_asid_t);
80	extern void aug_save_tid(dev_t, unsigned int);
81	extern void aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
82	extern int aug_save_me(void);
83	extern int aug_save_namask(void);
84	extern void aug_save_event(au_event_t);
85	extern void aug_save_sorf(int);
86	extern void aug_save_text(char *);
87	extern void aug_save_text1(char *);
88	extern void aug_save_text2(char *);
89	extern void aug_save_na(int);
90	extern void aug_save_user(char *);
91	extern void aug_save_path(char *);
92	extern int aug_save_policy(void);
93	extern void aug_save_afunc(int (*)(int));
94	extern int aug_audit(void);
95	extern int aug_na_selected(void);
96	extern int aug_selected(void);
97	extern int aug_daemon_session(void);
98
99	static char sav_ttyn[512];
100	static char sav_name[512];
101	static uid_t sav_uid;
102	static gid_t sav_gid;
103	static dev_t sav_port;
104	static uint32_t sav_machine[4];
105	static uint32_t sav_iptype;
106	static char sav_host[MAXHOSTNAMELEN];
107	static char *sav_cmd = NULL;
108
109	void
110	solaris_audit_save_port(int port)
111	{
112	if (cannot_audit(0))
113	return;
114
115	sav_port = port;
116	debug3("BSM audit: sav_port=%ld", (long)sav_port);
117	}
118
119	void
120	solaris_audit_save_host(const char *host)
121	{
122	int i;
123	#if !defined(HAVE_GETAUDIT_ADDR)
124	in_addr_t ia;
125	#endif
126
127	if (cannot_audit(0))
128	return;
129
130	(void) strlcpy(sav_host, host, sizeof (sav_host));
131	debug3("BSM audit: sav_host=%s", sav_host);
132	memset(sav_machine, 0, sizeof(sav_machine));
133	#if defined(HAVE_GETAUDIT_ADDR)
134	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
135	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
136	#else
137	ia = inet_addr(host);
138	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
139	sav_iptype = 0; /* not used, but just in case */
140	#endif
141	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
142	debug3("BSM audit: sav_machine[%d]=%08lx",
143	i, (long)sav_machine[i]);
144	}
145	}
146
147	void
148	solaris_audit_save_command(const char *command)
149	{
150	if (cannot_audit(0))
151	return;
152
153	if (sav_cmd != NULL) {
154	free(sav_cmd);
155	sav_cmd = NULL;
156	}
157	sav_cmd = strdup(command);
158	debug3("BSM audit: sav_cmd=%s", sav_cmd);
159	}
160
161	void
162	solaris_audit_save_ttyn(const char *ttyn)
163	{
164	if (cannot_audit(0))
165	return;
166
167	(void) strlcpy(sav_ttyn, ttyn, sizeof (sav_ttyn));
168	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
169	}
170
171	void
172	solaris_audit_save_name(const char *name)
173	{
174	if (cannot_audit(0)) {
175	return;
176	}
177	(void) strlcpy(sav_name, name, sizeof (sav_name));
178	debug3("BSM audit: sav_name=%s", sav_name);
179	}
180
181	void
182	solaris_audit_save_pw(struct passwd *pwd)
183	{
184	if (cannot_audit(0))
185	return;
186
187	if (pwd == NULL) {
188	sav_uid = -1;
189	sav_gid = -1;
190	} else {
191	(void) strlcpy(sav_name, pwd->pw_name, sizeof (sav_name));
192	sav_uid = pwd->pw_uid;
193	sav_gid = pwd->pw_gid;
194	}
195	debug3("BSM audit: sav_name=%s", sav_name);
196	debug3("BSM audit: sav_uid=%ld", (long)sav_uid);
197	debug3("BSM audit: sav_gid=%ld", (long)sav_gid);
198	}
199
200	void
201	solaris_audit_bad_pw(const char *what)
202	{
203	char textbuf[BSM_TEXTBUFSZ];
204
205	if (cannot_audit(0))
206	return;
207
208	if (sav_uid == -1) {
209	(void) snprintf(textbuf, sizeof (textbuf),
210	gettext("invalid user name \"%s\""), sav_name);
211	solaris_audit_record(3, textbuf, AUE_openssh);
212	} else {
213	(void) snprintf(textbuf, sizeof (textbuf),
214	gettext("invalid %s for user %s"), what, sav_name);
215	solaris_audit_record(4, textbuf, AUE_openssh);
216	}
217	}
218
219	static void
220	solaris_audit_record(int typ, char *string, au_event_t event_no)
221	{
222	int ad, rc, sel;
223	uid_t uid;
224	gid_t gid;
225	pid_t pid;
226	AuditInfoTermID tid;
227
228	uid = sav_uid;
229	gid = sav_gid;
230	pid = getpid();
231
232	get_terminal_id(&tid);
233
234	if (typ == 0) {
235	rc = 0;
236	} else {
237	rc = -1;
238	}
239
240	sel = selected(sav_name, uid, event_no, rc);
241	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
242	if (!sel)
243	return;
244
245	ad = au_open();
246
247	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
248	pid, pid, &tid));
249	(void) au_write(ad, au_to_text(string));
250	if (sav_cmd != NULL) {
251	(void) au_write(ad, au_to_text(sav_cmd));
252	}
253	(void) au_write(ad, AUToReturnFunc(typ, rc));
254
255	rc = au_close(ad, AU_TO_WRITE, event_no);
256	if (rc < 0) {
257	error("BSM audit: solaris_audit_record failed to write \"%s\" record: %s",
258	string, strerror(errno));
259	}
260	}
261
262	static void
263	solaris_audit_session_setup(void)
264	{
265	int rc;
266	struct AuditInfoStruct info;
267	au_mask_t mask;
268	struct AuditInfoStruct now;
269
270	info.ai_auid = sav_uid;
271	info.ai_asid = getpid();
272	mask.am_success = 0;
273	mask.am_failure = 0;
274
275	(void) au_user_mask(sav_name, &mask);
276
277	info.ai_mask.am_success = mask.am_success;
278	info.ai_mask.am_failure = mask.am_failure;
279
280	/* see if terminal id already set */
281	if (GetAuditFunc(&now, sizeof (now)) < 0) {
282	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
283	GetAuditFuncText, strerror(errno));
284	}
285
286	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
287	get_terminal_id(&(info.ai_termid));
288
289	rc = SetAuditFunc(&info, sizeof (info));
290	if (rc < 0) {
291	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
292	SetAuditFuncText, strerror(errno));
293	}
294	}
295
296
297	static void
298	get_terminal_id(AuditInfoTermID *tid)
299	{
300	#if defined(HAVE_GETAUDIT_ADDR)
301	tid->at_port = sav_port;
302	tid->at_type = sav_iptype;
303	tid->at_addr[0] = sav_machine[0];
304	tid->at_addr[1] = sav_machine[1];
305	tid->at_addr[2] = sav_machine[2];
306	tid->at_addr[3] = sav_machine[3];
307	#else
308	tid->port = sav_port;
309	tid->machine = sav_machine[0];
310	#endif
311	}
312
313	void
314	solaris_audit_event(enum audit_event_type event)
315	{
316	char textbuf[BSM_TEXTBUFSZ];
317
318	if (cannot_audit(0))
319	return;
320
321	switch(event) {
322	case LOGOUT:
323	snprintf(textbuf, sizeof (textbuf),
324	gettext("sshd logout %s"), sav_name);
325	solaris_audit_record(0, textbuf, AUE_logout);
326	break;
327
328	case NOLOGIN:
329	solaris_audit_record(1,
330	gettext("logins disabled by /etc/nologin"), AUE_openssh);
331	break;
332
333	case MAXTRIES:
334	snprintf(textbuf, sizeof (textbuf),
335	gettext("too many tries for user %s"), sav_name);
336	solaris_audit_record(1, textbuf, AUE_openssh);
337	break;
338
339	case NOT_CONSOLE:
340	solaris_audit_record(2, gettext("not_console"), AUE_openssh);
341	break;
342
343	case SUCCESS:
344	solaris_audit_session_setup();
345	snprintf(textbuf, sizeof (textbuf),
346	gettext("successful login %s"), sav_name);
347	solaris_audit_record(0, textbuf, AUE_openssh);
348	break;
349	}
350	}
351
352	static int
353	selected(char *nam, uid_t uid, au_event_t event, int sf)
354	{
355	int rc, sorf;
356	char naflags[512];
357	struct au_mask mask;
358
359	mask.am_success = mask.am_failure = 0;
360	if (uid < 0) {
361	rc = getacna(naflags, 256); /* get non-attrib flags */
362	if (rc == 0)
363	(void) getauditflagsbin(naflags, &mask);
364	} else {
365	rc = au_user_mask(nam, &mask);
366	}
367
368	if (sf == 0) {
369	sorf = AU_PRS_SUCCESS;
370	} else {
371	sorf = AU_PRS_FAILURE;
372	}
373	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
374
375	return (rc);
376	}
377
378	# ifdef CUSTOM_FAILED_LOGIN
379	void
380	record_failed_login(const char user, const char ttyname)
381	{
382	}
383	# endif
384
385	#endif /* BSM */

Added Link Here

(-)openbsd-compat/port-solaris.h (+55 lines)
1	/*
2	* Copyright 1993-2002 Sun Microsystems, Inc. All rights reserved.
3	* Use is subject to license terms.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	*
14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	*
25	*/
26
27	#ifndef _BSD_SOLARIS_H
28	#define _BSD_SOLARIS_H
29
30	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
31
32	/* #pragma ident "@(#)bsmaudit.h 1.1 01/09/17 SMI" */
33
34	#include <bsm/audit.h>
35	#define AUE_openssh 32800
36
37	enum audit_event_type {
38	NOLOGIN,
39	MAXTRIES,
40	NOT_CONSOLE,
41	SUCCESS,
42	LOGOUT
43	};
44
45	void solaris_audit_save_name(const char *name);
46	void solaris_audit_save_pw(struct passwd *pwd);
47	void solaris_audit_event(enum audit_event_type);
48	void solaris_audit_bad_pw(const char *what);
49	void solaris_audit_save_host(const char *host);
50	void solaris_audit_save_ttyn(const char *ttyn);
51	void solaris_audit_save_port(int port);
52	void solaris_audit_save_command(const char *command);
53
54	#endif /* BSM */
55	#endif /* _BSD_SOLARIS_H */