- (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM

   audit breakage in Solaris 11.  Patch from Magnus Johansson.

1 files changed, 78 insertions, 1 deletions

diff --git a/audit-bsm.c b/audit-bsm.c
index f196d4f1e..613559140 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */
 
 /*
  * TODO
@@ -45,6 +45,10 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef BROKEN_BSM_API
+#include <libscf.h>
+#endif
+
 #include "ssh.h"
 #include "log.h"
 #include "key.h"
@@ -114,6 +118,12 @@ extern int	aug_daemon_session(void);
 extern Authctxt *the_authctxt;
 static AuditInfoTermID ssh_bsm_tid;
 
+#ifdef BROKEN_BSM_API
+/* For some reason this constant is no longer defined
+   in Solaris 11. */
+#define BSM_TEXTBUFSZ 256
+#endif
+
 /* Below is the low-level BSM interface code */
 
 /*
@@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
 }
 #endif
 
+#ifdef BROKEN_BSM_API
+/*
+  In Solaris 11 the audit daemon has been moved to SMF. In the process
+  they simply dropped getacna() from the API, since it read from a now
+  non-existent config file. This function re-implements getacna() to
+  read from the SMF repository instead.
+ */
+int
+getacna(char *auditstring, int len)
+{
+        scf_handle_t *handle = NULL;
+        scf_property_t *property = NULL;
+        scf_value_t *value = NULL;
+        int ret = 0;
+
+        handle = scf_handle_create(SCF_VERSION);
+        if (handle == NULL) 
+                return -2; /* The man page for getacna on Solaris 10 states
+                              we should return -2 in case of error and set
+                              errno to indicate the error. We don't bother
+                              with errno here, though, since the only use
+                              of this function below doesn't check for errors
+                              anyway. 
+                           */
+
+        ret = scf_handle_bind(handle);
+        if (ret == -1) 
+                return -2;
+
+        property = scf_property_create(handle);
+        if (property == NULL) 
+                return -2;
+
+        ret = scf_handle_decode_fmri(handle, 
+             "svc:/system/auditd:default/:properties/preselection/naflags",
+                                     NULL, NULL, NULL, NULL, property, 0);
+        if (ret == -1) 
+                return -2;
+
+        value = scf_value_create(handle);
+        if (value == NULL) 
+                return -2;
+
+        ret = scf_property_get_value(property, value);
+        if (ret == -1) 
+                return -2;
+
+        ret = scf_value_get_astring(value, auditstring, len);
+        if (ret == -1) 
+                return -2;
+
+        scf_value_destroy(value);
+        scf_property_destroy(property);
+        scf_handle_destroy(handle);
+
+        return 0;
+}
+#endif
+
 /*
  * Check if the specified event is selected (enabled) for auditing.
  * Returns 1 if the event is selected, 0 if not and -1 on failure.
@@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no)
         (void) au_write(ad, au_to_text(string));
         (void) au_write(ad, AUToReturnFunc(typ, rc));
 
+#ifdef BROKEN_BSM_API
+        /* The last argument is the event modifier flags. For
+           some seemingly undocumented reason it was added in
+           Solaris 11. */
+        rc = au_close(ad, AU_TO_WRITE, event_no, 0);
+#else
         rc = au_close(ad, AU_TO_WRITE, event_no);
+#endif
+
         if (rc < 0)
                 error("BSM audit: %s failed to write \"%s\" record: %s",
                     __func__, string, strerror(errno));