- (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac

   defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
   parts by John R. Jackson.  ok djm@

6 files changed, 72 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 836cc0dfc..87ae13abe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20050220
+ - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac
+   defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support.  Configure
+   --with-audit=bsm to enable.  Patch originally from Sun Microsystems,
+   parts by John R. Jackson.  ok djm@
+
 20050216
  - (djm) write seed to temporary file and atomically rename into place; 
    ok dtucker@
@@ -2148,4 +2154,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $
+$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $
diff --git a/LICENCE b/LICENCE
index f9062bd51..ae03eb3a7 100644
--- a/LICENCE
+++ b/LICENCE
@@ -203,6 +203,7 @@ OpenSSH contains no GPL code.
         Wayne Schroeder
         William Jones
         Darren Tucker
+        Sun Microsystems
 
      * Redistribution and use in source and binary forms, with or without
      * modification, are permitted provided that the following conditions
diff --git a/Makefile.in b/Makefile.in
index c6cfef11a..71036c118 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $
+# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
         auth-krb5.o \
         auth2-gss.o gss-serv.o gss-serv-krb5.o \
-        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o
+        loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+        audit.o audit-bsm.o
 
 MANPAGES        = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN     = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
diff --git a/README.platform b/README.platform
index 4e7b84d39..af551de48 100644
--- a/README.platform
+++ b/README.platform
@@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel.
 
 Solaris
 -------
-Currently, sshd does not support BSM auditting.  This can show up as errors
-when editting cron entries via crontab.  See.
-http://bugzilla.mindrot.org/show_bug.cgi?id=125
+If you enable BSM auditing on Solaris, you need to update audit_event(4)
+for praudit(1m) to give sensible output.  The following line needs to be
+added to /etc/security/audit_event:
 
-$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $
+        32800:AUE_openssh:OpenSSH login:lo
+
+The BSM audit event range available for third party TCB applications is
+32768 - 65535.  Event number 32800 has been choosen for AUE_openssh.
+There is no official registry of 3rd party event numbers, so if this
+number is already in use on your system, you may change it at build time
+by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
+
+
+$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index fe6b002d4..1bf067a2f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $
+# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -881,6 +881,37 @@ AC_ARG_WITH(libedit,
         fi ]
 )
 
+AUDIT_MODULE=none
+AC_ARG_WITH(audit,
+        [  --with-audit=module     Enable EXPERIMENTAL audit support (modules=debug,bsm)],
+        [
+          AC_MSG_CHECKING(for supported audit module)
+          case "$withval" in
+          bsm)
+                AC_MSG_RESULT(bsm)
+                AUDIT_MODULE=bsm
+                dnl    Checks for headers, libs and functions
+                AC_CHECK_HEADERS(bsm/audit.h, [],
+                    [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)])
+                AC_CHECK_LIB(bsm, getaudit, [],
+                    [AC_MSG_ERROR(BSM enabled and required library not found)])
+                AC_CHECK_FUNCS(getaudit, [],
+                    [AC_MSG_ERROR(BSM enabled and required function not found)])
+                # These are optional
+                AC_CHECK_FUNCS(getaudit_addr gettext)
+                AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module])
+                ;;
+          debug)
+                AUDIT_MODULE=debug
+                AC_MSG_RESULT(debug)
+                AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
+                ;;
+          *)
+                AC_MSG_ERROR([Unknown audit module $withval])
+                ;;
+        esac ]
+)
+
 dnl    Checks for library functions. Please keep in alphabetical order
 AC_CHECK_FUNCS(\
         arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \
@@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T
 
 AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
 
+AC_CHECK_TYPES(in_addr_t,,,[#include <netinet/in.h>])
+
 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
         AC_TRY_COMPILE(
                 [
@@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then
         echo ""
 fi
 
+if test "$AUDIT_MODULE" = "bsm" ; then
+        echo "WARNING: BSM audit support is currently considered EXPERIMENTAL."
+        echo "See the Solaris section in README.platform for details."
+fi
diff --git a/defines.h b/defines.h
index 4d59408ad..7758bc37a 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */
+/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
 
 
 /* Constants */
@@ -288,6 +288,10 @@ struct	sockaddr_un {
 };
 #endif /* HAVE_SYS_UN_H */
 
+#ifndef HAVE_IN_ADDR_T
+typedef u_int32_t       in_addr_t;
+#endif
+
 #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
 #define _STRUCT_WINSIZE
 struct winsize {
@@ -530,6 +534,11 @@ struct winsize {
 # define getpgrp() getpgrp(0)
 #endif
 
+#ifdef USE_BSM_AUDIT
+# define SSH_AUDIT_EVENTS
+# define CUSTOM_SSH_AUDIT_EVENTS
+#endif
+
 /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
 # define OPENSSL_free(x) Free(x)