Bugzilla – Attachment 647 Details for
Bug 125
add BSM audit support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
(DO NOT USE) More work-in-progress for comment.
openssh-bsm.patch (text/plain), 28.24 KB, created by
Darren Tucker
on 2004-05-31 23:25:29 AEST
(
hide
)
Description:
(DO NOT USE) More work-in-progress for comment.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-05-31 23:25:29 AEST
Size:
28.24 KB
patch
obsolete
>Index: LICENCE >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/LICENCE,v >retrieving revision 1.16 >diff -u -p -r1.16 LICENCE >--- LICENCE 10 Feb 2004 02:01:14 -0000 1.16 >+++ LICENCE 26 Apr 2004 00:55:51 -0000 >@@ -203,6 +203,7 @@ OpenSSH contains no GPL code. > Wayne Schroeder > William Jones > Darren Tucker >+ Sun Microsystems > > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >Index: README.platform >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/README.platform,v >retrieving revision 1.2 >diff -u -p -r1.2 README.platform >--- README.platform 23 Apr 2004 08:57:13 -0000 1.2 >+++ README.platform 26 Apr 2004 02:22:11 -0000 >@@ -23,8 +23,20 @@ openssl-devel, zlib, minres, minires-dev > > Solaris > ------- >-Currently, sshd does not support BSM auditting. This can show up as errors >-when editting cron entries via crontab. See. >-http://bugzilla.mindrot.org/show_bug.cgi?id=125 >+If you enable BSM auditing on Solaris, you need to update audit_event(4) >+for praudit(1m) to give sensible output. The following line needs to be >+added to /etc/security/audit_event: >+ >+ 32800:AUE_openssh:OpenSSH login:lo >+ >+If the contrib/buildpkg.sh script is used, the included postinstall >+script will add the line for you. >+ >+The BSM audit event range available for third party TCB applications is >+32768 - 65535. Event number 32800 has been choosen for AUE_openssh. >+There is no official registry of 3rd party event numbers, so if this >+number is already in use on your system, change the value of >+AUE_openssh in openbsd-compat/bsd-solaris.h and rebuild. >+ > > $Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $ >Index: auth.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v >retrieving revision 1.86 >diff -u -p -r1.86 auth.c >--- auth.c 24 May 2004 00:36:23 -0000 1.86 >+++ auth.c 31 May 2004 08:05:07 -0000 >@@ -261,8 +261,12 @@ auth_log(Authctxt *authctxt, int authent > info); > > #ifdef CUSTOM_FAILED_LOGIN >- if (authenticated == 0 && strcmp(method, "password") == 0) >- record_failed_login(authctxt->user, "ssh"); >+ if (authenticated == 0) { >+ if (strcmp(method, "password") == 0) >+ record_failed_login(authctxt->user, "ssh-password"); >+ else if (strcmp(method, "keyboard-interactive") == 0) >+ record_failed_login(authctxt->user, "ssh-kbdint"); >+ } > #endif > } > >Index: auth.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth.h,v >retrieving revision 1.62 >diff -u -p -r1.62 auth.h >--- auth.h 24 May 2004 00:36:23 -0000 1.62 >+++ auth.h 31 May 2004 10:11:27 -0000 >@@ -130,6 +130,7 @@ int auth_shadow_pwexpired(Authctxt *); > #endif > > #include "auth-pam.h" >+#include "sshaudit.h" > void disable_forwarding(void); > > void do_authentication(Authctxt *); >Index: auth1.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v >retrieving revision 1.99 >diff -u -p -r1.99 auth1.c >--- auth1.c 24 May 2004 00:36:23 -0000 1.99 >+++ auth1.c 31 May 2004 10:15:09 -0000 >@@ -240,8 +240,12 @@ do_authloop(Authctxt *authctxt) > #else > /* Special handling for root */ > if (authenticated && authctxt->pw->pw_uid == 0 && >- !auth_root_allowed(get_authname(type))) >+ !auth_root_allowed(get_authname(type))) { > authenticated = 0; >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(ROOT_NOT_CONSOLE)); >+#endif >+ } > #endif > > #ifdef USE_PAM >@@ -261,9 +265,17 @@ do_authloop(Authctxt *authctxt) > if (authenticated) > return; > >- if (authctxt->failures++ > options.max_authtries) >+ if (authctxt->failures++ > options.max_authtries) { >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); >+#endif > packet_disconnect(AUTH_FAIL_MSG, authctxt->user); >+ } > >+#ifdef AUDIT_EVENTS >+ /* XXX: logged via auth.c ? */ >+ PRIVSEP(audit_event(LOGIN_FAIL_BADPW)); >+#endif > packet_start(SSH_SMSG_FAILURE); > packet_send(); > packet_write_wait(); >Index: auth2-kbdint.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2-kbdint.c,v >retrieving revision 1.2 >diff -u -p -r1.2 auth2-kbdint.c >--- auth2-kbdint.c 10 May 2003 09:28:02 -0000 1.2 >+++ auth2-kbdint.c 31 May 2004 11:21:23 -0000 >@@ -30,6 +30,7 @@ RCSID("$OpenBSD: auth2-kbdint.c,v 1.2 20 > #include "log.h" > #include "servconf.h" > #include "xmalloc.h" >+#include "monitor_wrap.h" > > /* import */ > extern ServerOptions options; >@@ -54,6 +55,10 @@ userauth_kbdint(Authctxt *authctxt) > #ifdef HAVE_CYGWIN > if (check_nt_auth(0, authctxt->pw) == 0) > return(0); >+#endif >+#ifdef CUSTOM_FAILED_LOGIN >+ if (!authenticated) /* XXX: need monitor call? */ >+ record_failed_login(authctxt->user, "ssh-keyboard-interactive"); > #endif > return authenticated; > } >Index: auth2.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2.c,v >retrieving revision 1.128 >diff -u -p -r1.128 auth2.c >--- auth2.c 24 May 2004 00:36:23 -0000 1.128 >+++ auth2.c 31 May 2004 12:22:20 -0000 >@@ -165,6 +165,9 @@ input_userauth_request(int type, u_int32 > if (options.use_pam) > PRIVSEP(start_pam(authctxt)); > #endif >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(ILLEGAL_USER)); >+#endif > } > setproctitle("%s%s", authctxt->pw ? user : "unknown", > use_privsep ? " [net]" : ""); >@@ -212,8 +215,12 @@ userauth_finish(Authctxt *authctxt, int > > /* Special handling for root */ > if (authenticated && authctxt->pw->pw_uid == 0 && >- !auth_root_allowed(method)) >+ !auth_root_allowed(method)) { > authenticated = 0; >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(ROOT_NOT_CONSOLE)); >+#endif >+ } > > #ifdef USE_PAM > if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) >@@ -243,8 +250,15 @@ userauth_finish(Authctxt *authctxt, int > /* now we can break out */ > authctxt->success = 1; > } else { >- if (authctxt->failures++ > options.max_authtries) >+ if (authctxt->failures++ > options.max_authtries) { >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(LOGIN_EXCEED_MAXTRIES)); >+#endif > packet_disconnect(AUTH_FAIL_MSG, authctxt->user); >+ } >+#ifdef AUDIT_EVENTS >+ PRIVSEP(audit_event(AUTH_FAILED)); >+#endif > methods = authmethods_get(); > packet_start(SSH2_MSG_USERAUTH_FAILURE); > packet_put_cstring(methods); >Index: configure.ac >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v >retrieving revision 1.219 >diff -u -p -r1.219 configure.ac >--- configure.ac 31 May 2004 04:38:51 -0000 1.219 >+++ configure.ac 31 May 2004 07:48:17 -0000 >@@ -674,6 +674,11 @@ AC_CHECK_HEADERS(libutil.h) > AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)]) > AC_CHECK_FUNCS(logout updwtmp logwtmp) > >+dnl Checks for libbsm functions >+AC_CHECK_HEADERS(bsm/audit.h) >+AC_CHECK_LIB(bsm, getaudit) >+AC_CHECK_FUNCS(getaudit getaudit_addr) >+ > AC_FUNC_STRFTIME > > # Check for ALTDIRFUNC glob() extension >Index: defines.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/defines.h,v >retrieving revision 1.115 >diff -u -p -r1.115 defines.h >--- defines.h 14 Apr 2004 07:24:30 -0000 1.115 >+++ defines.h 26 Apr 2004 02:15:21 -0000 >@@ -523,6 +523,12 @@ struct winsize { > # define getpgrp() getpgrp(0) > #endif > >+#if defined(HAVE_BSM_AUDIT_H) && defined(HAVE_LIBBSM) >+# define USE_BSM_AUDIT >+# define AUDIT_EVENTS >+# define CUSTOM_FAILED_LOGIN >+#endif >+ > /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ > #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) > # define OPENSSL_free(x) Free(x) >Index: loginrec.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/loginrec.c,v >retrieving revision 1.56 >diff -u -p -r1.56 loginrec.c >--- loginrec.c 8 Apr 2004 06:16:06 -0000 1.56 >+++ loginrec.c 31 May 2004 11:57:39 -0000 >@@ -157,6 +157,7 @@ > #include "loginrec.h" > #include "log.h" > #include "atomicio.h" >+#include "auth.h" > > RCSID("$Id: loginrec.c,v 1.56 2004/04/08 06:16:06 dtucker Exp $"); > >@@ -229,6 +230,9 @@ login_login (struct logininfo *li) > int > login_logout(struct logininfo *li) > { >+#ifdef AUDIT_EVENTS >+ audit_event(LOGOUT); >+#endif > li->type = LTYPE_LOGOUT; > return login_write(li); > } >Index: monitor.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.c,v >retrieving revision 1.71 >diff -u -p -r1.71 monitor.c >--- monitor.c 13 May 2004 06:39:33 -0000 1.71 >+++ monitor.c 31 May 2004 12:08:34 -0000 >@@ -142,6 +142,10 @@ int mm_answer_gss_userok(int, Buffer *); > int mm_answer_gss_checkmic(int, Buffer *); > #endif > >+#ifdef AUDIT_EVENTS >+int mm_answer_audit_event(int, Buffer *); >+#endif >+ > static Authctxt *authctxt; > static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ > >@@ -195,6 +199,9 @@ struct mon_table mon_dispatch_proto20[] > #endif > {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, > {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify}, >+#ifdef AUDIT_EVENTS >+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, >+#endif > #ifdef GSSAPI > {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, > {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, >@@ -238,6 +245,9 @@ struct mon_table mon_dispatch_proto15[] > {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond}, > {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx}, > #endif >+#ifdef AUDIT_EVENTS >+ {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, >+#endif > {0, 0, NULL} > }; > >@@ -1481,6 +1491,33 @@ mm_answer_term(int socket, Buffer *req) > /* Terminate process */ > exit(res); > } >+ >+#ifdef AUDIT_EVENTS >+/* Report that an audit event occurred */ >+ >+int >+mm_answer_audit_event(int socket, Buffer *m) >+{ >+ enum audit_event_type event; >+ >+ debug3("%s", __func__); >+ >+ event = buffer_get_int(m); >+ switch(event) { >+ case LOGIN_EXCEED_MAXTRIES: >+ case ROOT_NOT_CONSOLE: >+ case LOGIN_FAIL_BADPW: >+ case ILLEGAL_USER: >+ case AUTH_FAILED: >+ audit_event(event); >+ break; >+ default: >+ fatal("Audit event type %d not permitted", event); >+ } >+ >+ return (0); >+} >+#endif > > void > monitor_apply_keystate(struct monitor *pmonitor) >Index: monitor.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.h,v >retrieving revision 1.19 >diff -u -p -r1.19 monitor.h >--- monitor.h 17 Nov 2003 11:18:22 -0000 1.19 >+++ monitor.h 26 Apr 2004 00:54:34 -0000 >@@ -46,6 +46,8 @@ enum monitor_reqtype { > MONITOR_REQ_PTYCLEANUP, > MONITOR_REQ_SESSKEY, MONITOR_ANS_SESSKEY, > MONITOR_REQ_SESSID, >+ MONITOR_REQ_AUDIT_BAD_PW, >+ MONITOR_REQ_AUDIT_EVENT, > MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, > MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, > MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, >Index: monitor_wrap.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.c,v >retrieving revision 1.44 >diff -u -p -r1.44 monitor_wrap.c >--- monitor_wrap.c 8 Apr 2004 16:12:30 -0000 1.44 >+++ monitor_wrap.c 31 May 2004 10:20:01 -0000 >@@ -1091,6 +1091,22 @@ mm_auth_rsa_verify_response(Key *key, BI > return (success); > } > >+#ifdef AUDIT_EVENTS >+void >+mm_audit_event(enum audit_event_type event) >+{ >+ Buffer m; >+ >+ debug3("%s entering", __func__); >+ >+ buffer_init(&m); >+ buffer_put_int(&m, event); >+ >+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_EVENT, &m); >+ buffer_free(&m); >+} >+#endif /* AUDIT_EVENTS */ >+ > #ifdef GSSAPI > OM_uint32 > mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) >Index: monitor_wrap.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.h,v >retrieving revision 1.18 >diff -u -p -r1.18 monitor_wrap.h >--- monitor_wrap.h 8 Mar 2004 12:04:07 -0000 1.18 >+++ monitor_wrap.h 31 May 2004 08:15:12 -0000 >@@ -99,6 +99,10 @@ int mm_bsdauth_respond(void *, u_int, ch > int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); > int mm_skey_respond(void *, u_int, char **); > >+#ifdef AUDIT_EVENTS >+void mm_audit_event(enum audit_event_type); >+#endif >+ > /* zlib allocation hooks */ > > void *mm_zalloc(struct mm_master *, u_int, u_int); >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.281 >diff -u -p -r1.281 session.c >--- session.c 13 May 2004 06:39:34 -0000 1.281 >+++ session.c 31 May 2004 10:58:38 -0000 >@@ -567,6 +567,10 @@ do_exec_pty(Session *s, const char *comm > cray_init_job(s->pw); /* set up cray jid and tmpdir */ > #endif /* _UNICOS */ > do_login(s, command); >+# ifdef AUDIT_EVENTS >+ if (s->tty != NULL) >+ audit_save_ttyn(s->tty); >+# endif > } > # ifdef LOGIN_NEEDS_UTMPX > else >@@ -1230,6 +1234,9 @@ do_nologin(struct passwd *pw) > while (fgets(buf, sizeof(buf), f)) > fputs(buf, stderr); > fclose(f); >+#ifdef AUDIT_EVENTS >+ audit_event(NOLOGIN); >+#endif > fflush(NULL); > exit(254); > } >@@ -1426,6 +1433,10 @@ do_child(Session *s, const char *command > do_motd(); > #else /* HAVE_OSF_SIA */ > do_nologin(pw); >+# ifdef AUDIT_EVENTS >+ if (command != NULL) >+ audit_save_command(command); >+# endif > do_setusercontext(pw); > #endif /* HAVE_OSF_SIA */ > } >Index: sshaudit.h >=================================================================== >RCS file: sshaudit.h >diff -N sshaudit.h >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ sshaudit.h 31 May 2004 12:10:20 -0000 >@@ -0,0 +1,22 @@ >+#include "auth.h" >+ >+#ifndef SSHAUDIT_H >+# define SSHAUDIT_H >+enum audit_event_type { >+ AUTH_FAILED, /* ? */ >+ LOGIN_SUCCESS, >+ LOGIN_EXCEED_MAXTRIES, >+ LOGIN_FAIL_BADPW, >+ ILLEGAL_USER, >+ ROOT_NOT_CONSOLE, >+ NOLOGIN, >+ LOGOUT >+}; >+ >+void audit_init(Authctxt *ctxt); >+void audit_login_from(const char *host, int port); >+void audit_event(enum audit_event_type); >+void audit_save_ttyn(const char *ttyn); >+void audit_save_command(const char *command); >+ >+#endif /* SSHAUDIT_H */ >Index: sshd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v >retrieving revision 1.281 >diff -u -p -r1.281 sshd.c >--- sshd.c 24 May 2004 03:37:13 -0000 1.281 >+++ sshd.c 31 May 2004 11:49:49 -0000 >@@ -1422,7 +1422,9 @@ main(int ac, char **av) > > remote_port = get_remote_port(); > remote_ip = get_remote_ipaddr(); >- >+#ifdef AUDIT_EVENTS >+ audit_login_from(remote_ip, remote_port); >+#endif > #ifdef LIBWRAP > /* Check whether logins are denied from this host. */ > { >@@ -1492,6 +1494,11 @@ main(int ac, char **av) > } > > authenticated: >+ >+#ifdef AUDIT_EVENTS >+ audit_event(LOGIN_SUCCESS); >+#endif >+ > /* > * In privilege separation, we fork another child and prepare > * file descriptor passing. >Index: contrib/solaris/buildpkg.sh >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/contrib/solaris/buildpkg.sh,v >retrieving revision 1.9 >diff -u -p -r1.9 buildpkg.sh >--- contrib/solaris/buildpkg.sh 23 Jan 2004 00:10:03 -0000 1.9 >+++ contrib/solaris/buildpkg.sh 26 Apr 2004 00:54:40 -0000 >@@ -191,6 +191,12 @@ echo "Building postinstall file..." > cat > postinstall << _EOF > #! /sbin/sh > # >+audit_event=/etc/security/audit_event >+ >+if [ -z "\`grep AUE_openssh \$audit_event\`" ] ; then >+ echo "32800:AUE_openssh:OpenSSH login:lo" >> \$audit_event >+fi >+# > [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ > cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ > \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config >Index: openbsd-compat/Makefile.in >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/Makefile.in,v >retrieving revision 1.30 >diff -u -p -r1.30 Makefile.in >--- openbsd-compat/Makefile.in 21 Jan 2004 06:07:23 -0000 1.30 >+++ openbsd-compat/Makefile.in 26 Apr 2004 01:58:19 -0000 >@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport > > COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o > >-PORTS=port-irix.o port-aix.o >+PORTS=port-aix.o port-irix.o port-solaris.o > > .c.o: > $(CC) $(CFLAGS) $(CPPFLAGS) -c $< >Index: openbsd-compat/openbsd-compat.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/openbsd-compat.h,v >retrieving revision 1.25 >diff -u -p -r1.25 openbsd-compat.h >--- openbsd-compat/openbsd-compat.h 21 Jan 2004 06:07:23 -0000 1.25 >+++ openbsd-compat/openbsd-compat.h 31 May 2004 10:12:27 -0000 >@@ -163,7 +163,7 @@ char *shadow_pw(struct passwd *pw); > /* Routines for a single OS platform */ > #include "bsd-cray.h" > #include "bsd-cygwin_util.h" >-#include "port-irix.h" > #include "port-aix.h" >+#include "port-irix.h" > > #endif /* _OPENBSD_COMPAT_H */ >Index: openbsd-compat/port-solaris.c >=================================================================== >RCS file: openbsd-compat/port-solaris.c >diff -N openbsd-compat/port-solaris.c >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ openbsd-compat/port-solaris.c 31 May 2004 12:18:11 -0000 >@@ -0,0 +1,281 @@ >+/* $Id$ */ >+ >+/* >+ * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved. >+ * Use is subject to license terms. >+ * >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ * >+ */ >+/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ >+ >+#include "includes.h" >+#if defined(AUDIT_EVENTS) && defined(USE_BSM_AUDIT) >+ >+#define AUE_openssh 32800 >+ >+#include "solaris-bsm.h" >+#include "ssh.h" >+#include "log.h" >+#include "auth.h" >+#include "xmalloc.h" >+ >+static char sav_ttyn[512]; >+static char sav_name[512]; >+static int sav_port = -1; >+static uid_t sav_uid = -1; >+static gid_t sav_gid = -1; >+static uint32_t sav_machine[4] = { 0,0,0,0}; >+static uint32_t sav_iptype = 0; >+static char sav_host[MAXHOSTNAMELEN]; >+static char *sav_cmd = NULL; >+static Authctxt *auditctxt = NULL; >+ >+void >+audit_init(Authctxt *ctxt) >+{ >+ auditctxt = ctxt; >+} >+ >+void >+audit_login_from(const char *host, int port) >+{ >+ int i; >+#if !defined(HAVE_GETAUDIT_ADDR) >+ in_addr_t ia; >+#endif >+ >+ if (cannot_audit(0)) >+ return; >+ >+ /* save port */ >+ sav_port = port; >+ debug3("BSM audit: sav_port=%d", sav_port); >+ >+ /* save host */ >+ (void) strlcpy(sav_host, host, sizeof(sav_host)); >+ debug3("BSM audit: sav_host=%s", sav_host); >+ memset(sav_machine, 0, sizeof(sav_machine)); >+#if defined(HAVE_GETAUDIT_ADDR) >+ (void) aug_get_machine(sav_host, &sav_machine[0], &sav_iptype); >+ debug3("BSM audit: sav_iptype=%ld", (long)sav_iptype); >+#else >+ ia = inet_addr(host); >+ memcpy(&sav_machine[0], &ia, sizeof(sav_machine[0])); >+ sav_iptype = 0; /* not used, but just in case */ >+#endif >+ for (i = 0; i < sizeof(sav_machine) / sizeof(sav_machine[0]); i++) { >+ debug3("BSM audit: sav_machine[%d]=%08lx", >+ i, (long)sav_machine[i]); >+ } >+} >+ >+void >+audit_save_command(const char *command) >+{ >+ if (cannot_audit(0)) >+ return; >+ >+ if (sav_cmd != NULL) { >+ free(sav_cmd); >+ sav_cmd = NULL; >+ } >+ sav_cmd = xstrdup(command); >+ debug3("BSM audit: sav_cmd=%s", sav_cmd); >+} >+ >+void >+audit_save_ttyn(const char *ttyn) >+{ >+ if (cannot_audit(0)) >+ return; >+ >+ (void) strlcpy(sav_ttyn, ttyn, sizeof(sav_ttyn)); >+ debug3("BSM audit: sav_ttyn=%s", sav_ttyn); >+} >+ >+static void >+solaris_audit_record(int typ, char *string, au_event_t event_no) >+{ >+ int ad, rc, sel; >+ uid_t uid; >+ gid_t gid; >+ pid_t pid; >+ AuditInfoTermID tid; >+ >+ uid = sav_uid; >+ gid = sav_gid; >+ pid = getpid(); >+ >+ get_terminal_id(&tid); >+ >+ if (typ == 0) >+ rc = 0; >+ else >+ rc = -1; >+ >+ sel = selected(sav_name, uid, event_no, rc); >+ debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string); >+ if (!sel) >+ return; >+ >+ ad = au_open(); >+ >+ (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid, >+ pid, pid, &tid)); >+ (void) au_write(ad, au_to_text(string)); >+ if (sav_cmd != NULL) { >+ (void) au_write(ad, au_to_text(sav_cmd)); >+ } >+ (void) au_write(ad, AUToReturnFunc(typ, rc)); >+ >+ rc = au_close(ad, AU_TO_WRITE, event_no); >+ if (rc < 0) { >+ error("BSM audit: solaris_audit_record failed to write " >+ "\"%s\" record: %s", string, strerror(errno)); >+ } >+} >+ >+static void >+solaris_audit_session_setup(void) >+{ >+ int rc; >+ struct AuditInfoStruct info; >+ au_mask_t mask; >+ struct AuditInfoStruct now; >+ >+ info.ai_auid = sav_uid; >+ info.ai_asid = getpid(); >+ mask.am_success = 0; >+ mask.am_failure = 0; >+ >+ (void) au_user_mask(sav_name, &mask); >+ >+ info.ai_mask.am_success = mask.am_success; >+ info.ai_mask.am_failure = mask.am_failure; >+ >+ /* see if terminal id already set */ >+ if (GetAuditFunc(&now, sizeof(now)) < 0) { >+ error("BSM audit: solaris_audit_session_setup: %s failed: %s", >+ GetAuditFuncText, strerror(errno)); >+ } >+ >+ debug("BSM solaris_audit_setup_session: calling get_terminal_id"); >+ get_terminal_id(&(info.ai_termid)); >+ >+ rc = SetAuditFunc(&info, sizeof(info)); >+ if (rc < 0) { >+ error("BSM audit: solaris_audit_session_setup: %s failed: %s", >+ SetAuditFuncText, strerror(errno)); >+ } >+} >+ >+ >+static void >+get_terminal_id(AuditInfoTermID *tid) >+{ >+#if defined(HAVE_GETAUDIT_ADDR) >+ tid->at_port = sav_port; >+ tid->at_type = sav_iptype; >+ tid->at_addr[0] = sav_machine[0]; >+ tid->at_addr[1] = sav_machine[1]; >+ tid->at_addr[2] = sav_machine[2]; >+ tid->at_addr[3] = sav_machine[3]; >+#else >+ tid->port = sav_port; >+ tid->machine = sav_machine[0]; >+#endif >+} >+ >+void >+audit_event(enum audit_event_type event) >+{ >+ char textbuf[BSM_TEXTBUFSZ]; >+ >+ if (cannot_audit(0)) >+ return; >+ >+ switch(event) { >+ case LOGOUT: >+ snprintf(textbuf, sizeof(textbuf), >+ gettext("sshd logout %s"), sav_name); >+ solaris_audit_record(0, textbuf, AUE_logout); >+ break; >+ >+ case NOLOGIN: >+ solaris_audit_record(1, >+ gettext("logins disabled by /etc/nologin"), AUE_openssh); >+ break; >+ >+ case LOGIN_EXCEED_MAXTRIES: >+ snprintf(textbuf, sizeof(textbuf), >+ gettext("too many tries for user %s"), sav_name); >+ solaris_audit_record(1, textbuf, AUE_openssh); >+ break; >+ >+ case ROOT_NOT_CONSOLE: >+ solaris_audit_record(2, gettext("not_console"), AUE_openssh); >+ break; >+ >+ case LOGIN_SUCCESS: >+ solaris_audit_session_setup(); >+ snprintf(textbuf, sizeof(textbuf), >+ gettext("successful login %s"), sav_name); >+ solaris_audit_record(0, textbuf, AUE_openssh); >+ break; >+ } >+} >+ >+static int >+selected(char *nam, uid_t uid, au_event_t event, int sf) >+{ >+ int rc, sorf; >+ char naflags[512]; >+ struct au_mask mask; >+ >+ mask.am_success = mask.am_failure = 0; >+ if (uid < 0) { >+ rc = getacna(naflags, 256); /* get non-attrib flags */ >+ if (rc == 0) >+ (void) getauditflagsbin(naflags, &mask); >+ } else { >+ rc = au_user_mask(nam, &mask); >+ } >+ >+ if (sf == 0) { >+ sorf = AU_PRS_SUCCESS; >+ } else { >+ sorf = AU_PRS_FAILURE; >+ } >+ rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD); >+ >+ return rc; >+} >+ >+# ifdef CUSTOM_FAILED_LOGIN >+void >+record_failed_login(const char *user, const char *ttyname) >+{ >+} >+# endif >+ >+#endif /* BSM */ >Index: openbsd-compat/solaris-bsm.h >=================================================================== >RCS file: openbsd-compat/solaris-bsm.h >diff -N openbsd-compat/solaris-bsm.h >--- /dev/null 1 Jan 1970 00:00:00 -0000 >+++ openbsd-compat/solaris-bsm.h 31 May 2004 11:34:19 -0000 >@@ -0,0 +1,98 @@ >+/* $Id$ */ >+ >+/* >+ * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved. >+ * Use is subject to license terms. >+ * >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR >+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES >+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. >+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, >+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT >+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, >+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY >+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF >+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ * >+ */ >+/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ >+ >+#include "includes.h" >+#ifdef USE_BSM_AUDIT >+ >+#define AUE_openssh 32800 >+ >+#include <bsm/audit.h> >+#include <bsm/libbsm.h> >+#include <bsm/audit_uevents.h> >+#include <bsm/audit_record.h> >+#include <locale.h> >+ >+#if defined(HAVE_GETAUDIT_ADDR) >+#define AuditInfoStruct auditinfo_addr >+#define AuditInfoTermID au_tid_addr_t >+#define GetAuditFunc(a,b) getaudit_addr((a),(b)) >+#define GetAuditFuncText "getaudit_addr" >+#define SetAuditFunc(a,b) setaudit_addr((a),(b)) >+#define SetAuditFuncText "setaudit_addr" >+#define AUToSubjectFunc au_to_subject_ex >+#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b)) >+#else >+#define AuditInfoStruct auditinfo >+#define AuditInfoTermID au_tid_t >+#define GetAuditFunc(a,b) getaudit(a) >+#define GetAuditFuncText "getaudit" >+#define SetAuditFunc(a,b) setaudit(a) >+#define SetAuditFuncText "setaudit" >+#define AUToSubjectFunc au_to_subject >+#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) >+#endif >+ >+static void solaris_audit_record(int typ, char *string, au_event_t event_no); >+static void solaris_audit_session_setup(void); >+static int selected(char *nam, uid_t uid, au_event_t event, int sf); >+ >+static void get_terminal_id(AuditInfoTermID *tid); >+ >+extern int cannot_audit(int); >+extern void aug_init(void); >+extern dev_t aug_get_port(void); >+extern int aug_get_machine(char *, uint32_t *, uint32_t *); >+extern void aug_save_auid(au_id_t); >+extern void aug_save_uid(uid_t); >+extern void aug_save_euid(uid_t); >+extern void aug_save_gid(gid_t); >+extern void aug_save_egid(gid_t); >+extern void aug_save_pid(pid_t); >+extern void aug_save_asid(au_asid_t); >+extern void aug_save_tid(dev_t, unsigned int); >+extern void aug_save_tid_ex(dev_t, uint32_t *, uint32_t); >+extern int aug_save_me(void); >+extern int aug_save_namask(void); >+extern void aug_save_event(au_event_t); >+extern void aug_save_sorf(int); >+extern void aug_save_text(char *); >+extern void aug_save_text1(char *); >+extern void aug_save_text2(char *); >+extern void aug_save_na(int); >+extern void aug_save_user(char *); >+extern void aug_save_path(char *); >+extern int aug_save_policy(void); >+extern void aug_save_afunc(int (*)(int)); >+extern int aug_audit(void); >+extern int aug_na_selected(void); >+extern int aug_selected(void); >+extern int aug_daemon_session(void); >+ >+#endif
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 125
:
131
|
192
|
355
|
438
|
500
|
560
|
618
|
619
|
647
|
753
|
754
|
755
|
756
|
793
|
794
|
795
|
796
|
800
|
804
|
820
|
826
|
845
|
846