3 files changed, 62 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index b67b29b09..0b2140320 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
  - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
    since it now conflicts with the helper function in misc.c.  From
    vinschen AT redhat.com.
+ - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
+   of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
+   Help and testing from csjp at FreeBSD org, vgiffin at apple com.  ok djm@
 
 20080224
  - (tim) [contrib/cygwin/ssh-host-config]
@@ -3621,4 +3624,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4839 2008/02/25 09:21:20 dtucker Exp $
+$Id: ChangeLog,v 1.4840 2008/02/25 10:05:04 dtucker Exp $
diff --git a/audit-bsm.c b/audit-bsm.c
index c26b4caed..2c417bc27 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */
 
 /*
  * TODO
@@ -40,7 +40,9 @@
 #include <sys/types.h>
 
 #include <errno.h>
+#include <netdb.h>
 #include <stdarg.h>
+#include <string.h>
 #include <unistd.h>
 
 #include "ssh.h"
@@ -62,8 +64,6 @@
 #if defined(HAVE_GETAUDIT_ADDR)
 #define AuditInfoStruct         auditinfo_addr
 #define AuditInfoTermID         au_tid_addr_t
-#define GetAuditFunc(a,b)       getaudit_addr((a),(b))
-#define GetAuditFuncText        "getaudit_addr"
 #define SetAuditFunc(a,b)       setaudit_addr((a),(b))
 #define SetAuditFuncText        "setaudit_addr"
 #define AUToSubjectFunc         au_to_subject_ex
@@ -71,18 +71,16 @@
 #else
 #define AuditInfoStruct         auditinfo
 #define AuditInfoTermID         au_tid_t
-#define GetAuditFunc(a,b)       getaudit(a)
-#define GetAuditFuncText        "getaudit"
 #define SetAuditFunc(a,b)       setaudit(a)
 #define SetAuditFuncText        "setaudit"
 #define AUToSubjectFunc         au_to_subject
 #define AUToReturnFunc(a,b)     au_to_return((a), (u_int)(b))
 #endif
 
+#ifndef cannot_audit
 extern int      cannot_audit(int);
+#endif
 extern void     aug_init(void);
-extern dev_t    aug_get_port(void);
-extern int      aug_get_machine(char *, u_int32_t *, u_int32_t *);
 extern void     aug_save_auid(au_id_t);
 extern void     aug_save_uid(uid_t);
 extern void     aug_save_euid(uid_t);
@@ -119,6 +117,51 @@ static AuditInfoTermID ssh_bsm_tid;
 /* Below is the low-level BSM interface code */
 
 /*
+ * aug_get_machine is only required on IPv6 capable machines, we use a
+ * different mechanism in audit_connection_from() for IPv4-only machines.
+ * getaudit_addr() is only present on IPv6 capable machines.
+ */
+#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
+extern int      aug_get_machine(char *, u_int32_t *, u_int32_t *);
+#else
+static int
+aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
+{
+        struct addrinfo *ai; 
+        struct sockaddr_in *in4;
+        struct sockaddr_in6 *in6;
+        int ret = 0, r;
+
+        if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
+                error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
+                    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+                return -1;
+        }
+        
+        switch (ai->ai_family) {
+        case AF_INET:
+                in4 = (struct sockaddr_in *)ai->ai_addr;
+                *type = AU_IPv4;
+                memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
+                break;
+#ifdef AU_IPv6
+        case AF_INET6: 
+                in6 = (struct sockaddr_in6 *)ai->ai_addr;
+                *type = AU_IPv6;
+                memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
+                break;
+#endif
+        default:
+                error("BSM audit: unknown address family for %.100s: %d",
+                    host, ai->ai_family);
+                ret = -1;
+        }
+        freeaddrinfo(ai);
+        return ret;
+}
+#endif
+
+/*
  * Check if the specified event is selected (enabled) for auditing.
  * Returns 1 if the event is selected, 0 if not and -1 on failure.
  */
diff --git a/configure.ac b/configure.ac
index 484d45d53..f9e2d8b34 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.389 2008/01/02 07:08:45 dtucker Exp $
+# $Id: configure.ac,v 1.390 2008/02/25 10:05:04 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.389 $)
+AC_REVISION($Revision: 1.390 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -423,6 +423,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
             [Use tunnel device compatibility to OpenBSD])
         AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
             [Prepend the address family to IP tunnel traffic])
+        m4_pattern_allow(AU_IPv)
+        AC_CHECK_DECL(AU_IPv4, [], 
+            AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+            [#include <bsm/audit.h>]
+        )
         ;;
 *-*-dragonfly*)
         SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -1226,7 +1231,7 @@ AC_ARG_WITH(audit,
                 AC_CHECK_FUNCS(getaudit, [],
                     [AC_MSG_ERROR(BSM enabled and required function not found)])
                 # These are optional
-                AC_CHECK_FUNCS(getaudit_addr)
+                AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
                 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
                 ;;
           debug)