Attachment #647 for bug #125

View | Details | Raw Unified | Return to bug 125 | Differences between

and this patch

Lines 203-208 OpenSSH contains no GPL code. Link Here

(-)LICENCE (+1 lines)
203	Wayne Schroeder	203	Wayne Schroeder
204	William Jones	204	William Jones
205	Darren Tucker	205	Darren Tucker
		206	Sun Microsystems
206		207
207	* Redistribution and use in source and binary forms, with or without	208	* Redistribution and use in source and binary forms, with or without
208	* modification, are permitted provided that the following conditions	209	* modification, are permitted provided that the following conditions





Solaris
-------
If you enable BSM auditing on Solaris, you need to update audit_event(4)
for praudit(1m) to give sensible output.  The following line needs to be
added to /etc/security/audit_event:

	32800:AUE_openssh:OpenSSH login:lo

If the contrib/buildpkg.sh script is used, the included postinstall
script will add the line for you.

The BSM audit event range available for third party TCB applications is
32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
There is no official registry of 3rd party event numbers, so if this
number is already in use on your system, change the value of
AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.


$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $

Lines 261-268 auth_log(Authctxt *authctxt, int authent Link Here

(-)auth.c (-2 / +6 lines)
261	info);	261	info);
262		262
263	#ifdef CUSTOM_FAILED_LOGIN	263	#ifdef CUSTOM_FAILED_LOGIN
264	if (authenticated == 0 && strcmp(method, "password") == 0)	264	if (authenticated == 0) {
265	record_failed_login(authctxt->user, "ssh");	265	if (strcmp(method, "password") == 0)
		266	record_failed_login(authctxt->user, "ssh-password");
		267	else if (strcmp(method, "keyboard-interactive") == 0)
		268	record_failed_login(authctxt->user, "ssh-kbdint");
		269	}
266	#endif	270	#endif
267	}	271	}
268		272

Lines 130-135 int auth_shadow_pwexpired(Authctxt *); Link Here

(-)auth.h (+1 lines)
130	#endif	130	#endif
131		131
132	#include "auth-pam.h"	132	#include "auth-pam.h"
		133	#include "sshaudit.h"
133	void disable_forwarding(void);	134	void disable_forwarding(void);
134		135
135	void do_authentication(Authctxt *);	136	void do_authentication(Authctxt *);

Lines 240-247 do_authloop(Authctxt *authctxt) Link Here

(-)auth1.c (-2 / +14 lines)
240	#else	240	#else
241	/* Special handling for root */	241	/* Special handling for root */
242	if (authenticated && authctxt->pw->pw_uid == 0 &&	242	if (authenticated && authctxt->pw->pw_uid == 0 &&
243	!auth_root_allowed(get_authname(type)))	243	!auth_root_allowed(get_authname(type))) {
244	authenticated = 0;	244	authenticated = 0;
		245	#ifdef AUDIT_EVENTS
		246	PRIVSEP(audit_event(ROOT_NOT_CONSOLE));
		247	#endif
		248	}
245	#endif	249	#endif
246		250
247	#ifdef USE_PAM	251	#ifdef USE_PAM
Lines 261-269 do_authloop(Authctxt *authctxt) Link Here
261	if (authenticated)	265	if (authenticated)
262	return;	266	return;
263		267
264	if (authctxt->failures++ > options.max_authtries)	268	if (authctxt->failures++ > options.max_authtries) {
		269	#ifdef AUDIT_EVENTS
		270	PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
		271	#endif
265	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	272	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		273	}
266		274
		275	#ifdef AUDIT_EVENTS
		276	/* XXX: logged via auth.c ? */
		277	PRIVSEP(audit_event(LOGIN_FAIL_BADPW));
		278	#endif
267	packet_start(SSH_SMSG_FAILURE);	279	packet_start(SSH_SMSG_FAILURE);
268	packet_send();	280	packet_send();
269	packet_write_wait();	281	packet_write_wait();

Lines 30-35 RCSID("$OpenBSD: auth2-kbdint.c,v 1.2 20 Link Here

(-)auth2-kbdint.c (+5 lines)
30	#include "log.h"	30	#include "log.h"
31	#include "servconf.h"	31	#include "servconf.h"
32	#include "xmalloc.h"	32	#include "xmalloc.h"
		33	#include "monitor_wrap.h"
33		34
34	/* import */	35	/* import */
35	extern ServerOptions options;	36	extern ServerOptions options;
Lines 54-59 userauth_kbdint(Authctxt *authctxt) Link Here
54	#ifdef HAVE_CYGWIN	55	#ifdef HAVE_CYGWIN
55	if (check_nt_auth(0, authctxt->pw) == 0)	56	if (check_nt_auth(0, authctxt->pw) == 0)
56	return(0);	57	return(0);
		58	#endif
		59	#ifdef CUSTOM_FAILED_LOGIN
		60	if (!authenticated) /* XXX: need monitor call? */
		61	record_failed_login(authctxt->user, "ssh-keyboard-interactive");
57	#endif	62	#endif
58	return authenticated;	63	return authenticated;
59	}	64	}

Lines 165-170 input_userauth_request(int type, u_int32 Link Here

(-)auth2.c (-2 / +16 lines)
165	if (options.use_pam)	165	if (options.use_pam)
166	PRIVSEP(start_pam(authctxt));	166	PRIVSEP(start_pam(authctxt));
167	#endif	167	#endif
		168	#ifdef AUDIT_EVENTS
		169	PRIVSEP(audit_event(ILLEGAL_USER));
		170	#endif
168	}	171	}
169	setproctitle("%s%s", authctxt->pw ? user : "unknown",	172	setproctitle("%s%s", authctxt->pw ? user : "unknown",
170	use_privsep ? " [net]" : "");	173	use_privsep ? " [net]" : "");
Lines 212-219 userauth_finish(Authctxt *authctxt, int Link Here
212		215
213	/* Special handling for root */	216	/* Special handling for root */
214	if (authenticated && authctxt->pw->pw_uid == 0 &&	217	if (authenticated && authctxt->pw->pw_uid == 0 &&
215	!auth_root_allowed(method))	218	!auth_root_allowed(method)) {
216	authenticated = 0;	219	authenticated = 0;
		220	#ifdef AUDIT_EVENTS
		221	PRIVSEP(audit_event(ROOT_NOT_CONSOLE));
		222	#endif
		223	}
217		224
218	#ifdef USE_PAM	225	#ifdef USE_PAM
219	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))	226	if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
Lines 243-250 userauth_finish(Authctxt *authctxt, int Link Here
243	/* now we can break out */	250	/* now we can break out */
244	authctxt->success = 1;	251	authctxt->success = 1;
245	} else {	252	} else {
246	if (authctxt->failures++ > options.max_authtries)	253	if (authctxt->failures++ > options.max_authtries) {
		254	#ifdef AUDIT_EVENTS
		255	PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES));
		256	#endif
247	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);	257	packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
		258	}
		259	#ifdef AUDIT_EVENTS
		260	PRIVSEP(audit_event(AUTH_FAILED));
		261	#endif
248	methods = authmethods_get();	262	methods = authmethods_get();
249	packet_start(SSH2_MSG_USERAUTH_FAILURE);	263	packet_start(SSH2_MSG_USERAUTH_FAILURE);
250	packet_put_cstring(methods);	264	packet_put_cstring(methods);

Lines 674-679 AC_CHECK_HEADERS(libutil.h) Link Here

(-)configure.ac (+5 lines)
674	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])	674	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
675	AC_CHECK_FUNCS(logout updwtmp logwtmp)	675	AC_CHECK_FUNCS(logout updwtmp logwtmp)
676		676
		677	dnl Checks for libbsm functions
		678	AC_CHECK_HEADERS(bsm/audit.h)
		679	AC_CHECK_LIB(bsm, getaudit)
		680	AC_CHECK_FUNCS(getaudit getaudit_addr)
		681
677	AC_FUNC_STRFTIME	682	AC_FUNC_STRFTIME
678		683
679	# Check for ALTDIRFUNC glob() extension	684	# Check for ALTDIRFUNC glob() extension

Lines 523-528 struct winsize { Link Here

(-)defines.h (+6 lines)
523	# define getpgrp() getpgrp(0)	523	# define getpgrp() getpgrp(0)
524	#endif	524	#endif
525		525
		526	#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM)
		527	# define USE_BSM_AUDIT
		528	# define AUDIT_EVENTS
		529	# define CUSTOM_FAILED_LOGIN
		530	#endif
		531
526	/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */	532	/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
527	#if !defined(OPENSSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x0090600f)	533	#if !defined(OPENSSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x0090600f)
528	# define OPENSSL_free(x) Free(x)	534	# define OPENSSL_free(x) Free(x)

Lines 157-162 Link Here

(-)loginrec.c (+4 lines)
157	#include "loginrec.h"	157	#include "loginrec.h"
158	#include "log.h"	158	#include "log.h"
159	#include "atomicio.h"	159	#include "atomicio.h"
		160	#include "auth.h"
160		161
161	RCSID("$Id: loginrec.c,v 1.56 2004/04/08 06:16:06 dtucker Exp $");	162	RCSID("$Id: loginrec.c,v 1.56 2004/04/08 06:16:06 dtucker Exp $");
162		163
Lines 229-234 login_login (struct logininfo *li) Link Here
229	int	230	int
230	login_logout(struct logininfo *li)	231	login_logout(struct logininfo *li)
231	{	232	{
		233	#ifdef AUDIT_EVENTS
		234	audit_event(LOGOUT);
		235	#endif
232	li->type = LTYPE_LOGOUT;	236	li->type = LTYPE_LOGOUT;
233	return login_write(li);	237	return login_write(li);
234	}	238	}

Lines 142-147 int mm_answer_gss_userok(int, Buffer *); Link Here

(-)monitor.c (+37 lines)
142	int mm_answer_gss_checkmic(int, Buffer *);	142	int mm_answer_gss_checkmic(int, Buffer *);
143	#endif	143	#endif
144		144
		145	#ifdef AUDIT_EVENTS
		146	int mm_answer_audit_event(int, Buffer *);
		147	#endif
		148
145	static Authctxt *authctxt;	149	static Authctxt *authctxt;
146	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */	150	static BIGNUM ssh1_challenge = NULL; / used for ssh1 rsa auth */
147		151
Lines 195-200 struct mon_table mon_dispatch_proto20[] Link Here
195	#endif	199	#endif
196	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},	200	{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
197	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},	201	{MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
		202	#ifdef AUDIT_EVENTS
		203	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		204	#endif
198	#ifdef GSSAPI	205	#ifdef GSSAPI
199	{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},	206	{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
200	{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},	207	{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
Lines 238-243 struct mon_table mon_dispatch_proto15[] Link Here
238	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	245	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
239	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	246	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
240	#endif	247	#endif
		248	#ifdef AUDIT_EVENTS
		249	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
		250	#endif
241	{0, 0, NULL}	251	{0, 0, NULL}
242	};	252	};
243		253
Lines 1481-1486 mm_answer_term(int socket, Buffer *req) Link Here
1481	/* Terminate process */	1491	/* Terminate process */
1482	exit(res);	1492	exit(res);
1483	}	1493	}
		1494
		1495	#ifdef AUDIT_EVENTS
		1496	/* Report that an audit event occurred */
		1497
		1498	int
		1499	mm_answer_audit_event(int socket, Buffer *m)
		1500	{
		1501	enum audit_event_type event;
		1502
		1503	debug3("%s", __func__);
		1504
		1505	event = buffer_get_int(m);
		1506	switch(event) {
		1507	case LOGIN_EXCEED_MAXTRIES:
		1508	case ROOT_NOT_CONSOLE:
		1509	case LOGIN_FAIL_BADPW:
		1510	case ILLEGAL_USER:
		1511	case AUTH_FAILED:
		1512	audit_event(event);
		1513	break;
		1514	default:
		1515	fatal("Audit event type %d not permitted", event);
		1516	}
		1517
		1518	return (0);
		1519	}
		1520	#endif
1484		1521
1485	void	1522	void
1486	monitor_apply_keystate(struct monitor *pmonitor)	1523	monitor_apply_keystate(struct monitor *pmonitor)

Lines 46-51 enum monitor_reqtype { Link Here

(-)monitor.h (+2 lines)
46	MONITOR_REQ_PTYCLEANUP,	46	MONITOR_REQ_PTYCLEANUP,
47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,	47	MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY,
48	MONITOR_REQ_SESSID,	48	MONITOR_REQ_SESSID,
		49	MONITOR_REQ_AUDIT_BAD_PW,
		50	MONITOR_REQ_AUDIT_EVENT,
49	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,	51	MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
50	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,	52	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
51	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,	53	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,




	return (success);
}

#ifdef AUDIT_EVENTS
void
mm_audit_event(enum audit_event_type event)
{
	Buffer m;

	debug3("%s entering", __func__);

	buffer_init(&m);
	buffer_put_int(&m, event);

	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
	buffer_free(&m);
}
#endif /* AUDIT_EVENTS */

#ifdef GSSAPI
OM_uint32
mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)

Lines 99-104 int mm_bsdauth_respond(void *, u_int, ch Link Here

(-)monitor_wrap.h (+4 lines)
99	int mm_skey_query(void , char , char , u_int , char *, u_int );	99	int mm_skey_query(void , char , char , u_int , char *, u_int );
100	int mm_skey_respond(void , u_int, char *);	100	int mm_skey_respond(void , u_int, char *);
101		101
		102	#ifdef AUDIT_EVENTS
		103	void mm_audit_event(enum audit_event_type);
		104	#endif
		105
102	/* zlib allocation hooks */	106	/* zlib allocation hooks */
103		107
104	void mm_zalloc(struct mm_master , u_int, u_int);	108	void mm_zalloc(struct mm_master , u_int, u_int);

Lines 567-572 do_exec_pty(Session s, const char comm Link Here

(-)session.c (+11 lines)
567	cray_init_job(s->pw); /* set up cray jid and tmpdir */	567	cray_init_job(s->pw); /* set up cray jid and tmpdir */
568	#endif /* _UNICOS */	568	#endif /* _UNICOS */
569	do_login(s, command);	569	do_login(s, command);
		570	# ifdef AUDIT_EVENTS
		571	if (s->tty != NULL)
		572	audit_save_ttyn(s->tty);
		573	# endif
570	}	574	}
571	# ifdef LOGIN_NEEDS_UTMPX	575	# ifdef LOGIN_NEEDS_UTMPX
572	else	576	else
Lines 1230-1235 do_nologin(struct passwd *pw) Link Here
1230	while (fgets(buf, sizeof(buf), f))	1234	while (fgets(buf, sizeof(buf), f))
1231	fputs(buf, stderr);	1235	fputs(buf, stderr);
1232	fclose(f);	1236	fclose(f);
		1237	#ifdef AUDIT_EVENTS
		1238	audit_event(NOLOGIN);
		1239	#endif
1233	fflush(NULL);	1240	fflush(NULL);
1234	exit(254);	1241	exit(254);
1235	}	1242	}
Lines 1426-1431 do_child(Session s, const char command Link Here
1426	do_motd();	1433	do_motd();
1427	#else /* HAVE_OSF_SIA */	1434	#else /* HAVE_OSF_SIA */
1428	do_nologin(pw);	1435	do_nologin(pw);
		1436	# ifdef AUDIT_EVENTS
		1437	if (command != NULL)
		1438	audit_save_command(command);
		1439	# endif
1429	do_setusercontext(pw);	1440	do_setusercontext(pw);
1430	#endif /* HAVE_OSF_SIA */	1441	#endif /* HAVE_OSF_SIA */
1431	}	1442	}




#include "auth.h"

#ifndef SSHAUDIT_H
# define SSHAUDIT_H
enum audit_event_type {
	AUTH_FAILED,	/* ? */
        LOGIN_SUCCESS,
	LOGIN_EXCEED_MAXTRIES,
	LOGIN_FAIL_BADPW,
	ILLEGAL_USER,
	ROOT_NOT_CONSOLE,
        NOLOGIN,
        LOGOUT
};

void audit_init(Authctxt *ctxt);
void audit_login_from(const char *host, int port);
void audit_event(enum audit_event_type);
void audit_save_ttyn(const char *ttyn);
void audit_save_command(const char *command);

#endif /* SSHAUDIT_H */

Lines 1422-1428 main(int ac, char **av) Link Here

(-)sshd.c (-1 / +8 lines)
1422		1422
1423	remote_port = get_remote_port();	1423	remote_port = get_remote_port();
1424	remote_ip = get_remote_ipaddr();	1424	remote_ip = get_remote_ipaddr();
1425		1425	#ifdef AUDIT_EVENTS
		1426	audit_login_from(remote_ip, remote_port);
		1427	#endif
1426	#ifdef LIBWRAP	1428	#ifdef LIBWRAP
1427	/* Check whether logins are denied from this host. */	1429	/* Check whether logins are denied from this host. */
1428	{	1430	{
Lines 1492-1497 main(int ac, char **av) Link Here
1492	}	1494	}
1493		1495
1494	authenticated:	1496	authenticated:
		1497
		1498	#ifdef AUDIT_EVENTS
		1499	audit_event(LOGIN_SUCCESS);
		1500	#endif
		1501
1495	/*	1502	/*
1496	* In privilege separation, we fork another child and prepare	1503	* In privilege separation, we fork another child and prepare
1497	* file descriptor passing.	1504	* file descriptor passing.

Lines 191-196 echo "Building postinstall file..." Link Here

(-)contrib/solaris/buildpkg.sh (+6 lines)
191	cat > postinstall << _EOF	191	cat > postinstall << _EOF
192	#! /sbin/sh	192	#! /sbin/sh
193	#	193	#
		194	audit_event=/etc/security/audit_event
		195
		196	if [ -z "\`grep AUE_openssh \$audit_event\`" ] ; then
		197	echo "32800:AUE_openssh:OpenSSH login:lo" >> \$audit_event
		198	fi
		199	#
194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\	201	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config	202	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config

Lines 20-26 OPENBSD=base64.o basename.o bindresvport Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
20		20
21	COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o	23	PORTS=port-aix.o port-irix.o port-solaris.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

Lines 163-169 char shadow_pw(struct passwd pw); Link Here

(-)openbsd-compat/openbsd-compat.h (-1 / +1 lines)
163	/* Routines for a single OS platform */	163	/* Routines for a single OS platform */
164	#include "bsd-cray.h"	164	#include "bsd-cray.h"
165	#include "bsd-cygwin_util.h"	165	#include "bsd-cygwin_util.h"
166	#include "port-irix.h"
167	#include "port-aix.h"	166	#include "port-aix.h"
		167	#include "port-irix.h"
168		168
169	#endif /* _OPENBSD_COMPAT_H */	169	#endif /* _OPENBSD_COMPAT_H */




/* $Id$ */

/*
 * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
/* #pragma ident	"@(#)bsmaudit.c	1.1	01/09/17 SMI" */

#include "includes.h"
#if defined(AUDIT_EVENTS) && defined(USE_BSM_AUDIT)

#define AUE_openssh     32800

#include "solaris-bsm.h"
#include "ssh.h"
#include "log.h"
#include "auth.h"
#include "xmalloc.h"

static char	sav_ttyn[512];
static char	sav_name[512];
static int	sav_port = -1;
static uid_t	sav_uid = -1;
static gid_t	sav_gid = -1;
static uint32_t	sav_machine[4] = { 0,0,0,0};
static uint32_t	sav_iptype = 0;
static char	sav_host[MAXHOSTNAMELEN];
static char	*sav_cmd = NULL;
static Authctxt *auditctxt = NULL;

void
audit_init(Authctxt *ctxt)
{
	auditctxt = ctxt;
}

void
audit_login_from(const char *host, int port)
{
	int		i;
#if !defined(HAVE_GETAUDIT_ADDR)
	in_addr_t	ia;
#endif

	if (cannot_audit(0)) 
		return;

	/* save port */
	sav_port = port;
	debug3("BSM audit: sav_port=%d", sav_port);

	/* save host */
	(void) strlcpy(sav_host, host, sizeof(sav_host));
	debug3("BSM audit: sav_host=%s", sav_host);
	memset(sav_machine, 0, sizeof(sav_machine));
#if defined(HAVE_GETAUDIT_ADDR)
	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
#else
	ia = inet_addr(host);
	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
	sav_iptype = 0;			/* not used, but just in case */
#endif
	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
		debug3("BSM audit: sav_machine[%d]=%08lx",
		    i, (long)sav_machine[i]);
	}
}

void
audit_save_command(const char *command)
{
	if (cannot_audit(0))
		return;

	if (sav_cmd != NULL) {
		free(sav_cmd);
		sav_cmd = NULL;
	}
	sav_cmd = xstrdup(command);
	debug3("BSM audit: sav_cmd=%s", sav_cmd);
}

void
audit_save_ttyn(const char *ttyn)
{
	if (cannot_audit(0))
		return;

	(void) strlcpy(sav_ttyn, ttyn, sizeof(sav_ttyn));
	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
}

static void
solaris_audit_record(int typ, char *string, au_event_t event_no)
{
	int		ad, rc, sel;
	uid_t		uid;
	gid_t		gid;
	pid_t		pid;
	AuditInfoTermID	tid;

	uid = sav_uid;
	gid = sav_gid;
	pid = getpid();

	get_terminal_id(&tid);

	if (typ == 0)
		rc = 0;
	else
		rc = -1;

	sel = selected(sav_name, uid, event_no, rc);
	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
	if (!sel)
		return;

	ad = au_open();

	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
	    pid, pid, &tid));
	(void) au_write(ad, au_to_text(string));
	if (sav_cmd != NULL) {
		(void) au_write(ad, au_to_text(sav_cmd));
	}
	(void) au_write(ad, AUToReturnFunc(typ, rc));

	rc = au_close(ad, AU_TO_WRITE, event_no);
	if (rc < 0) {
		error("BSM audit: solaris_audit_record failed to write "
		    "\"%s\" record: %s", string, strerror(errno));
	}
}

static void
solaris_audit_session_setup(void)
{
	int	rc;
	struct AuditInfoStruct info;
	au_mask_t mask;
	struct AuditInfoStruct now;

	info.ai_auid = sav_uid;
	info.ai_asid = getpid();
	mask.am_success = 0;
	mask.am_failure = 0;

	(void) au_user_mask(sav_name, &mask);

	info.ai_mask.am_success  = mask.am_success;
	info.ai_mask.am_failure  = mask.am_failure;

	/* see if terminal id already set */
	if (GetAuditFunc(&now, sizeof(now)) < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    GetAuditFuncText, strerror(errno));
	}

	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
	get_terminal_id(&(info.ai_termid));

	rc = SetAuditFunc(&info, sizeof(info));
	if (rc < 0) {
		error("BSM audit: solaris_audit_session_setup: %s failed: %s",
		    SetAuditFuncText, strerror(errno));
	}
}


static void
get_terminal_id(AuditInfoTermID *tid)
{
#if defined(HAVE_GETAUDIT_ADDR)
	tid->at_port = sav_port;
	tid->at_type = sav_iptype;
	tid->at_addr[0] = sav_machine[0];
	tid->at_addr[1] = sav_machine[1];
	tid->at_addr[2] = sav_machine[2];
	tid->at_addr[3] = sav_machine[3];
#else
	tid->port = sav_port;
	tid->machine = sav_machine[0];
#endif
}

void
audit_event(enum audit_event_type event)
{
	char    textbuf[BSM_TEXTBUFSZ];

	if (cannot_audit(0))
		return;

	switch(event) {
	case LOGOUT:
		snprintf(textbuf, sizeof(textbuf),
			gettext("sshd logout %s"), sav_name);
		solaris_audit_record(0, textbuf, AUE_logout);
		break;

	case NOLOGIN:
		solaris_audit_record(1,
		    gettext("logins disabled by /etc/nologin"), AUE_openssh);
		break;

	case LOGIN_EXCEED_MAXTRIES:
		snprintf(textbuf, sizeof(textbuf),
		    gettext("too many tries for user %s"), sav_name);
		solaris_audit_record(1, textbuf, AUE_openssh);
		break;

	case ROOT_NOT_CONSOLE:
		solaris_audit_record(2, gettext("not_console"), AUE_openssh);
		break;

	case LOGIN_SUCCESS:
		solaris_audit_session_setup();
		snprintf(textbuf, sizeof(textbuf),
		    gettext("successful login %s"), sav_name);
		solaris_audit_record(0, textbuf, AUE_openssh);
		break;
	}
}

static int
selected(char *nam, uid_t uid, au_event_t event, int sf)
{
	int	rc, sorf;
	char	naflags[512];
	struct au_mask mask;

	mask.am_success = mask.am_failure = 0;
	if (uid < 0) {
		rc = getacna(naflags, 256); /* get non-attrib flags */
		if (rc == 0)
			(void) getauditflagsbin(naflags, &mask);
	} else {
		rc = au_user_mask(nam, &mask);
	}

	if (sf == 0) {
		sorf = AU_PRS_SUCCESS;
	} else {
		sorf = AU_PRS_FAILURE;
	}
	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);

	return rc;
}

# ifdef CUSTOM_FAILED_LOGIN
void
record_failed_login(const char *user, const char *ttyname)
{
}
# endif

#endif /* BSM */




/* $Id$ */

/*
 * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
/* #pragma ident	"@(#)bsmaudit.c	1.1	01/09/17 SMI" */

#include "includes.h"
#ifdef USE_BSM_AUDIT

#define AUE_openssh     32800

#include <bsm/audit.h>
#include <bsm/libbsm.h>
#include <bsm/audit_uevents.h>
#include <bsm/audit_record.h>
#include <locale.h>

#if defined(HAVE_GETAUDIT_ADDR)
#define	AuditInfoStruct		auditinfo_addr
#define AuditInfoTermID		au_tid_addr_t
#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
#define GetAuditFuncText	"getaudit_addr"
#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
#define SetAuditFuncText	"setaudit_addr"
#define AUToSubjectFunc		au_to_subject_ex
#define AUToReturnFunc(a,b)	au_to_return32((a), (int32_t)(b))
#else
#define	AuditInfoStruct		auditinfo
#define AuditInfoTermID		au_tid_t
#define GetAuditFunc(a,b)	getaudit(a)
#define GetAuditFuncText	"getaudit"
#define SetAuditFunc(a,b)	setaudit(a)
#define SetAuditFuncText	"setaudit"
#define AUToSubjectFunc		au_to_subject
#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
#endif

static void solaris_audit_record(int typ, char *string, au_event_t event_no);
static void solaris_audit_session_setup(void);
static int selected(char *nam, uid_t uid, au_event_t event, int sf);

static void get_terminal_id(AuditInfoTermID *tid);

extern int	cannot_audit(int);
extern void	aug_init(void);
extern dev_t	aug_get_port(void);
extern int 	aug_get_machine(char *, uint32_t *, uint32_t *);
extern void	aug_save_auid(au_id_t);
extern void	aug_save_uid(uid_t);
extern void	aug_save_euid(uid_t);
extern void	aug_save_gid(gid_t);
extern void	aug_save_egid(gid_t);
extern void	aug_save_pid(pid_t);
extern void	aug_save_asid(au_asid_t);
extern void	aug_save_tid(dev_t, unsigned int);
extern void	aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
extern int	aug_save_me(void);
extern int	aug_save_namask(void);
extern void	aug_save_event(au_event_t);
extern void	aug_save_sorf(int);
extern void	aug_save_text(char *);
extern void	aug_save_text1(char *);
extern void	aug_save_text2(char *);
extern void	aug_save_na(int);
extern void	aug_save_user(char *);
extern void	aug_save_path(char *);
extern int	aug_save_policy(void);
extern void	aug_save_afunc(int (*)(int));
extern int	aug_audit(void);
extern int	aug_na_selected(void);
extern int	aug_selected(void);
extern int	aug_daemon_session(void);

#endif

Return to bug 125

Lines 1091-1096 mm_auth_rsa_verify_response(Key *key, BI Link Here

(-)monitor_wrap.c (+16 lines)
1091	return (success);	1091	return (success);
1092	}	1092	}
1093		1093
		1094	#ifdef AUDIT_EVENTS
		1095	void
		1096	mm_audit_event(enum audit_event_type event)
		1097	{
		1098	Buffer m;
		1099
		1100	debug3("%s entering", __func__);
		1101
		1102	buffer_init(&m);
		1103	buffer_put_int(&m, event);
		1104
		1105	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m);
		1106	buffer_free(&m);
		1107	}
		1108	#endif /* AUDIT_EVENTS */
		1109
1094	#ifdef GSSAPI	1110	#ifdef GSSAPI
1095	OM_uint32	1111	OM_uint32
1096	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)	1112	mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)

Lines 23-30 openssl-devel, zlib, minres, minires-dev Link Here

(-)README.platform (-3 / +15 lines)
23		23
24	Solaris	24	Solaris
25	-------	25	-------
26	Currently, sshd does not support BSM auditting. This can show up as errors	26	If you enable BSM auditing on Solaris, you need to update audit_event(4)
27	when editting cron entries via crontab. See.	27	for praudit(1m) to give sensible output. The following line needs to be
28	http://bugzilla.mindrot.org/show_bug.cgi?id=125	28	added to /etc/security/audit_event:
		29
		30	32800:AUE_openssh:OpenSSH login:lo
		31
		32	If the contrib/buildpkg.sh script is used, the included postinstall
		33	script will add the line for you.
		34
		35	The BSM audit event range available for third party TCB applications is
		36	32768 - 65535. Event number 32800 has been choosen for AUE_openssh.
		37	There is no official registry of 3rd party event numbers, so if this
		38	number is already in use on your system, change the value of
		39	AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild.
		40
29		41
30	$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $	42	$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $

Added Link Here

(-)sshaudit.h (+22 lines)
1	#include "auth.h"
2
3	#ifndef SSHAUDIT_H
4	# define SSHAUDIT_H
5	enum audit_event_type {
6	AUTH_FAILED, /* ? */
7	LOGIN_SUCCESS,
8	LOGIN_EXCEED_MAXTRIES,
9	LOGIN_FAIL_BADPW,
10	ILLEGAL_USER,
11	ROOT_NOT_CONSOLE,
12	NOLOGIN,
13	LOGOUT
14	};
15
16	void audit_init(Authctxt *ctxt);
17	void audit_login_from(const char *host, int port);
18	void audit_event(enum audit_event_type);
19	void audit_save_ttyn(const char *ttyn);
20	void audit_save_command(const char *command);
21
22	#endif /* SSHAUDIT_H */

Added Link Here

(-)openbsd-compat/port-solaris.c (+281 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
5	* Use is subject to license terms.
6	*
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	* 1. Redistributions of source code must retain the above copyright
12	* notice, this list of conditions and the following disclaimer.
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	*
28	*/
29	/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
30
31	#include "includes.h"
32	#if defined(AUDIT_EVENTS) && defined(USE_BSM_AUDIT)
33
34	#define AUE_openssh 32800
35
36	#include "solaris-bsm.h"
37	#include "ssh.h"
38	#include "log.h"
39	#include "auth.h"
40	#include "xmalloc.h"
41
42	static char sav_ttyn[512];
43	static char sav_name[512];
44	static int sav_port = -1;
45	static uid_t sav_uid = -1;
46	static gid_t sav_gid = -1;
47	static uint32_t sav_machine[4] = { 0,0,0,0};
48	static uint32_t sav_iptype = 0;
49	static char sav_host[MAXHOSTNAMELEN];
50	static char *sav_cmd = NULL;
51	static Authctxt *auditctxt = NULL;
52
53	void
54	audit_init(Authctxt *ctxt)
55	{
56	auditctxt = ctxt;
57	}
58
59	void
60	audit_login_from(const char *host, int port)
61	{
62	int i;
63	#if !defined(HAVE_GETAUDIT_ADDR)
64	in_addr_t ia;
65	#endif
66
67	if (cannot_audit(0))
68	return;
69
70	/* save port */
71	sav_port = port;
72	debug3("BSM audit: sav_port=%d", sav_port);
73
74	/* save host */
75	(void) strlcpy(sav_host, host, sizeof(sav_host));
76	debug3("BSM audit: sav_host=%s", sav_host);
77	memset(sav_machine, 0, sizeof(sav_machine));
78	#if defined(HAVE_GETAUDIT_ADDR)
79	(void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype);
80	debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype);
81	#else
82	ia = inet_addr(host);
83	memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0]));
84	sav_iptype = 0; /* not used, but just in case */
85	#endif
86	for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) {
87	debug3("BSM audit: sav_machine[%d]=%08lx",
88	i, (long)sav_machine[i]);
89	}
90	}
91
92	void
93	audit_save_command(const char *command)
94	{
95	if (cannot_audit(0))
96	return;
97
98	if (sav_cmd != NULL) {
99	free(sav_cmd);
100	sav_cmd = NULL;
101	}
102	sav_cmd = xstrdup(command);
103	debug3("BSM audit: sav_cmd=%s", sav_cmd);
104	}
105
106	void
107	audit_save_ttyn(const char *ttyn)
108	{
109	if (cannot_audit(0))
110	return;
111
112	(void) strlcpy(sav_ttyn, ttyn, sizeof(sav_ttyn));
113	debug3("BSM audit: sav_ttyn=%s", sav_ttyn);
114	}
115
116	static void
117	solaris_audit_record(int typ, char *string, au_event_t event_no)
118	{
119	int ad, rc, sel;
120	uid_t uid;
121	gid_t gid;
122	pid_t pid;
123	AuditInfoTermID tid;
124
125	uid = sav_uid;
126	gid = sav_gid;
127	pid = getpid();
128
129	get_terminal_id(&tid);
130
131	if (typ == 0)
132	rc = 0;
133	else
134	rc = -1;
135
136	sel = selected(sav_name, uid, event_no, rc);
137	debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
138	if (!sel)
139	return;
140
141	ad = au_open();
142
143	(void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
144	pid, pid, &tid));
145	(void) au_write(ad, au_to_text(string));
146	if (sav_cmd != NULL) {
147	(void) au_write(ad, au_to_text(sav_cmd));
148	}
149	(void) au_write(ad, AUToReturnFunc(typ, rc));
150
151	rc = au_close(ad, AU_TO_WRITE, event_no);
152	if (rc < 0) {
153	error("BSM audit: solaris_audit_record failed to write "
154	"\"%s\" record: %s", string, strerror(errno));
155	}
156	}
157
158	static void
159	solaris_audit_session_setup(void)
160	{
161	int rc;
162	struct AuditInfoStruct info;
163	au_mask_t mask;
164	struct AuditInfoStruct now;
165
166	info.ai_auid = sav_uid;
167	info.ai_asid = getpid();
168	mask.am_success = 0;
169	mask.am_failure = 0;
170
171	(void) au_user_mask(sav_name, &mask);
172
173	info.ai_mask.am_success = mask.am_success;
174	info.ai_mask.am_failure = mask.am_failure;
175
176	/* see if terminal id already set */
177	if (GetAuditFunc(&now, sizeof(now)) < 0) {
178	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
179	GetAuditFuncText, strerror(errno));
180	}
181
182	debug("BSM solaris_audit_setup_session: calling get_terminal_id");
183	get_terminal_id(&(info.ai_termid));
184
185	rc = SetAuditFunc(&info, sizeof(info));
186	if (rc < 0) {
187	error("BSM audit: solaris_audit_session_setup: %s failed: %s",
188	SetAuditFuncText, strerror(errno));
189	}
190	}
191
192
193	static void
194	get_terminal_id(AuditInfoTermID *tid)
195	{
196	#if defined(HAVE_GETAUDIT_ADDR)
197	tid->at_port = sav_port;
198	tid->at_type = sav_iptype;
199	tid->at_addr[0] = sav_machine[0];
200	tid->at_addr[1] = sav_machine[1];
201	tid->at_addr[2] = sav_machine[2];
202	tid->at_addr[3] = sav_machine[3];
203	#else
204	tid->port = sav_port;
205	tid->machine = sav_machine[0];
206	#endif
207	}
208
209	void
210	audit_event(enum audit_event_type event)
211	{
212	char textbuf[BSM_TEXTBUFSZ];
213
214	if (cannot_audit(0))
215	return;
216
217	switch(event) {
218	case LOGOUT:
219	snprintf(textbuf, sizeof(textbuf),
220	gettext("sshd logout %s"), sav_name);
221	solaris_audit_record(0, textbuf, AUE_logout);
222	break;
223
224	case NOLOGIN:
225	solaris_audit_record(1,
226	gettext("logins disabled by /etc/nologin"), AUE_openssh);
227	break;
228
229	case LOGIN_EXCEED_MAXTRIES:
230	snprintf(textbuf, sizeof(textbuf),
231	gettext("too many tries for user %s"), sav_name);
232	solaris_audit_record(1, textbuf, AUE_openssh);
233	break;
234
235	case ROOT_NOT_CONSOLE:
236	solaris_audit_record(2, gettext("not_console"), AUE_openssh);
237	break;
238
239	case LOGIN_SUCCESS:
240	solaris_audit_session_setup();
241	snprintf(textbuf, sizeof(textbuf),
242	gettext("successful login %s"), sav_name);
243	solaris_audit_record(0, textbuf, AUE_openssh);
244	break;
245	}
246	}
247
248	static int
249	selected(char *nam, uid_t uid, au_event_t event, int sf)
250	{
251	int rc, sorf;
252	char naflags[512];
253	struct au_mask mask;
254
255	mask.am_success = mask.am_failure = 0;
256	if (uid < 0) {
257	rc = getacna(naflags, 256); /* get non-attrib flags */
258	if (rc == 0)
259	(void) getauditflagsbin(naflags, &mask);
260	} else {
261	rc = au_user_mask(nam, &mask);
262	}
263
264	if (sf == 0) {
265	sorf = AU_PRS_SUCCESS;
266	} else {
267	sorf = AU_PRS_FAILURE;
268	}
269	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
270
271	return rc;
272	}
273
274	# ifdef CUSTOM_FAILED_LOGIN
275	void
276	record_failed_login(const char user, const char ttyname)
277	{
278	}
279	# endif
280
281	#endif /* BSM */

Added Link Here

(-)openbsd-compat/solaris-bsm.h (+98 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
5	* Use is subject to license terms.
6	*
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	* 1. Redistributions of source code must retain the above copyright
12	* notice, this list of conditions and the following disclaimer.
13	* 2. Redistributions in binary form must reproduce the above copyright
14	* notice, this list of conditions and the following disclaimer in the
15	* documentation and/or other materials provided with the distribution.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	*
28	*/
29	/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
30
31	#include "includes.h"
32	#ifdef USE_BSM_AUDIT
33
34	#define AUE_openssh 32800
35
36	#include <bsm/audit.h>
37	#include <bsm/libbsm.h>
38	#include <bsm/audit_uevents.h>
39	#include <bsm/audit_record.h>
40	#include <locale.h>
41
42	#if defined(HAVE_GETAUDIT_ADDR)
43	#define AuditInfoStruct auditinfo_addr
44	#define AuditInfoTermID au_tid_addr_t
45	#define GetAuditFunc(a,b) getaudit_addr((a),(b))
46	#define GetAuditFuncText "getaudit_addr"
47	#define SetAuditFunc(a,b) setaudit_addr((a),(b))
48	#define SetAuditFuncText "setaudit_addr"
49	#define AUToSubjectFunc au_to_subject_ex
50	#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
51	#else
52	#define AuditInfoStruct auditinfo
53	#define AuditInfoTermID au_tid_t
54	#define GetAuditFunc(a,b) getaudit(a)
55	#define GetAuditFuncText "getaudit"
56	#define SetAuditFunc(a,b) setaudit(a)
57	#define SetAuditFuncText "setaudit"
58	#define AUToSubjectFunc au_to_subject
59	#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
60	#endif
61
62	static void solaris_audit_record(int typ, char *string, au_event_t event_no);
63	static void solaris_audit_session_setup(void);
64	static int selected(char *nam, uid_t uid, au_event_t event, int sf);
65
66	static void get_terminal_id(AuditInfoTermID *tid);
67
68	extern int cannot_audit(int);
69	extern void aug_init(void);
70	extern dev_t aug_get_port(void);
71	extern int aug_get_machine(char , uint32_t , uint32_t *);
72	extern void aug_save_auid(au_id_t);
73	extern void aug_save_uid(uid_t);
74	extern void aug_save_euid(uid_t);
75	extern void aug_save_gid(gid_t);
76	extern void aug_save_egid(gid_t);
77	extern void aug_save_pid(pid_t);
78	extern void aug_save_asid(au_asid_t);
79	extern void aug_save_tid(dev_t, unsigned int);
80	extern void aug_save_tid_ex(dev_t, uint32_t *, uint32_t);
81	extern int aug_save_me(void);
82	extern int aug_save_namask(void);
83	extern void aug_save_event(au_event_t);
84	extern void aug_save_sorf(int);
85	extern void aug_save_text(char *);
86	extern void aug_save_text1(char *);
87	extern void aug_save_text2(char *);
88	extern void aug_save_na(int);
89	extern void aug_save_user(char *);
90	extern void aug_save_path(char *);
91	extern int aug_save_policy(void);
92	extern void aug_save_afunc(int (*)(int));
93	extern int aug_audit(void);
94	extern int aug_na_selected(void);
95	extern int aug_selected(void);
96	extern int aug_daemon_session(void);
97
98	#endif