diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | LICENCE | 1 | ||||
-rw-r--r-- | Makefile.in | 5 | ||||
-rw-r--r-- | README.platform | 17 | ||||
-rw-r--r-- | configure.ac | 39 | ||||
-rw-r--r-- | defines.h | 11 |
6 files changed, 72 insertions, 9 deletions
@@ -1,3 +1,9 @@ | |||
1 | 20050220 | ||
2 | - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac | ||
3 | defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure | ||
4 | --with-audit=bsm to enable. Patch originally from Sun Microsystems, | ||
5 | parts by John R. Jackson. ok djm@ | ||
6 | |||
1 | 20050216 | 7 | 20050216 |
2 | - (djm) write seed to temporary file and atomically rename into place; | 8 | - (djm) write seed to temporary file and atomically rename into place; |
3 | ok dtucker@ | 9 | ok dtucker@ |
@@ -2148,4 +2154,4 @@ | |||
2148 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2154 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2149 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2155 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2150 | 2156 | ||
2151 | $Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ | 2157 | $Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ |
@@ -203,6 +203,7 @@ OpenSSH contains no GPL code. | |||
203 | Wayne Schroeder | 203 | Wayne Schroeder |
204 | William Jones | 204 | William Jones |
205 | Darren Tucker | 205 | Darren Tucker |
206 | Sun Microsystems | ||
206 | 207 | ||
207 | * Redistribution and use in source and binary forms, with or without | 208 | * Redistribution and use in source and binary forms, with or without |
208 | * modification, are permitted provided that the following conditions | 209 | * modification, are permitted provided that the following conditions |
diff --git a/Makefile.in b/Makefile.in index c6cfef11a..71036c118 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | |||
85 | monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ | 85 | monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ |
86 | auth-krb5.o \ | 86 | auth-krb5.o \ |
87 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ | 87 | auth2-gss.o gss-serv.o gss-serv-krb5.o \ |
88 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o | 88 | loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
89 | audit.o audit-bsm.o | ||
89 | 90 | ||
90 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out | 91 | MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out |
91 | MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 | 92 | MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 |
diff --git a/README.platform b/README.platform index 4e7b84d39..af551de48 100644 --- a/README.platform +++ b/README.platform | |||
@@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel. | |||
32 | 32 | ||
33 | Solaris | 33 | Solaris |
34 | ------- | 34 | ------- |
35 | Currently, sshd does not support BSM auditting. This can show up as errors | 35 | If you enable BSM auditing on Solaris, you need to update audit_event(4) |
36 | when editting cron entries via crontab. See. | 36 | for praudit(1m) to give sensible output. The following line needs to be |
37 | http://bugzilla.mindrot.org/show_bug.cgi?id=125 | 37 | added to /etc/security/audit_event: |
38 | 38 | ||
39 | $Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $ | 39 | 32800:AUE_openssh:OpenSSH login:lo |
40 | |||
41 | The BSM audit event range available for third party TCB applications is | ||
42 | 32768 - 65535. Event number 32800 has been choosen for AUE_openssh. | ||
43 | There is no official registry of 3rd party event numbers, so if this | ||
44 | number is already in use on your system, you may change it at build time | ||
45 | by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. | ||
46 | |||
47 | |||
48 | $Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ | ||
diff --git a/configure.ac b/configure.ac index fe6b002d4..1bf067a2f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -881,6 +881,37 @@ AC_ARG_WITH(libedit, | |||
881 | fi ] | 881 | fi ] |
882 | ) | 882 | ) |
883 | 883 | ||
884 | AUDIT_MODULE=none | ||
885 | AC_ARG_WITH(audit, | ||
886 | [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], | ||
887 | [ | ||
888 | AC_MSG_CHECKING(for supported audit module) | ||
889 | case "$withval" in | ||
890 | bsm) | ||
891 | AC_MSG_RESULT(bsm) | ||
892 | AUDIT_MODULE=bsm | ||
893 | dnl Checks for headers, libs and functions | ||
894 | AC_CHECK_HEADERS(bsm/audit.h, [], | ||
895 | [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) | ||
896 | AC_CHECK_LIB(bsm, getaudit, [], | ||
897 | [AC_MSG_ERROR(BSM enabled and required library not found)]) | ||
898 | AC_CHECK_FUNCS(getaudit, [], | ||
899 | [AC_MSG_ERROR(BSM enabled and required function not found)]) | ||
900 | # These are optional | ||
901 | AC_CHECK_FUNCS(getaudit_addr gettext) | ||
902 | AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) | ||
903 | ;; | ||
904 | debug) | ||
905 | AUDIT_MODULE=debug | ||
906 | AC_MSG_RESULT(debug) | ||
907 | AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) | ||
908 | ;; | ||
909 | *) | ||
910 | AC_MSG_ERROR([Unknown audit module $withval]) | ||
911 | ;; | ||
912 | esac ] | ||
913 | ) | ||
914 | |||
884 | dnl Checks for library functions. Please keep in alphabetical order | 915 | dnl Checks for library functions. Please keep in alphabetical order |
885 | AC_CHECK_FUNCS(\ | 916 | AC_CHECK_FUNCS(\ |
886 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ | 917 | arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ |
@@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T | |||
1846 | 1877 | ||
1847 | AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) | 1878 | AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>]) |
1848 | 1879 | ||
1880 | AC_CHECK_TYPES(in_addr_t,,,[#include <netinet/in.h>]) | ||
1881 | |||
1849 | AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ | 1882 | AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ |
1850 | AC_TRY_COMPILE( | 1883 | AC_TRY_COMPILE( |
1851 | [ | 1884 | [ |
@@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then | |||
3195 | echo "" | 3228 | echo "" |
3196 | fi | 3229 | fi |
3197 | 3230 | ||
3231 | if test "$AUDIT_MODULE" = "bsm" ; then | ||
3232 | echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." | ||
3233 | echo "See the Solaris section in README.platform for details." | ||
3234 | fi | ||
@@ -25,7 +25,7 @@ | |||
25 | #ifndef _DEFINES_H | 25 | #ifndef _DEFINES_H |
26 | #define _DEFINES_H | 26 | #define _DEFINES_H |
27 | 27 | ||
28 | /* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ | 28 | /* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ |
29 | 29 | ||
30 | 30 | ||
31 | /* Constants */ | 31 | /* Constants */ |
@@ -288,6 +288,10 @@ struct sockaddr_un { | |||
288 | }; | 288 | }; |
289 | #endif /* HAVE_SYS_UN_H */ | 289 | #endif /* HAVE_SYS_UN_H */ |
290 | 290 | ||
291 | #ifndef HAVE_IN_ADDR_T | ||
292 | typedef u_int32_t in_addr_t; | ||
293 | #endif | ||
294 | |||
291 | #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) | 295 | #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) |
292 | #define _STRUCT_WINSIZE | 296 | #define _STRUCT_WINSIZE |
293 | struct winsize { | 297 | struct winsize { |
@@ -530,6 +534,11 @@ struct winsize { | |||
530 | # define getpgrp() getpgrp(0) | 534 | # define getpgrp() getpgrp(0) |
531 | #endif | 535 | #endif |
532 | 536 | ||
537 | #ifdef USE_BSM_AUDIT | ||
538 | # define SSH_AUDIT_EVENTS | ||
539 | # define CUSTOM_SSH_AUDIT_EVENTS | ||
540 | #endif | ||
541 | |||
533 | /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ | 542 | /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ |
534 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) | 543 | #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) |
535 | # define OPENSSL_free(x) Free(x) | 544 | # define OPENSSL_free(x) Free(x) |