summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/audit-bsm.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/audit-bsm.c')
-rw-r--r--crypto/openssh/audit-bsm.c79
1 files changed, 78 insertions, 1 deletions
diff --git a/crypto/openssh/audit-bsm.c b/crypto/openssh/audit-bsm.c
index f196d4f..6135591 100644
--- a/crypto/openssh/audit-bsm.c
+++ b/crypto/openssh/audit-bsm.c
@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */
/*
* TODO
@@ -45,6 +45,10 @@
#include <string.h>
#include <unistd.h>
+#ifdef BROKEN_BSM_API
+#include <libscf.h>
+#endif
+
#include "ssh.h"
#include "log.h"
#include "key.h"
@@ -114,6 +118,12 @@ extern int aug_daemon_session(void);
extern Authctxt *the_authctxt;
static AuditInfoTermID ssh_bsm_tid;
+#ifdef BROKEN_BSM_API
+/* For some reason this constant is no longer defined
+ in Solaris 11. */
+#define BSM_TEXTBUFSZ 256
+#endif
+
/* Below is the low-level BSM interface code */
/*
@@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
}
#endif
+#ifdef BROKEN_BSM_API
+/*
+ In Solaris 11 the audit daemon has been moved to SMF. In the process
+ they simply dropped getacna() from the API, since it read from a now
+ non-existent config file. This function re-implements getacna() to
+ read from the SMF repository instead.
+ */
+int
+getacna(char *auditstring, int len)
+{
+ scf_handle_t *handle = NULL;
+ scf_property_t *property = NULL;
+ scf_value_t *value = NULL;
+ int ret = 0;
+
+ handle = scf_handle_create(SCF_VERSION);
+ if (handle == NULL)
+ return -2; /* The man page for getacna on Solaris 10 states
+ we should return -2 in case of error and set
+ errno to indicate the error. We don't bother
+ with errno here, though, since the only use
+ of this function below doesn't check for errors
+ anyway.
+ */
+
+ ret = scf_handle_bind(handle);
+ if (ret == -1)
+ return -2;
+
+ property = scf_property_create(handle);
+ if (property == NULL)
+ return -2;
+
+ ret = scf_handle_decode_fmri(handle,
+ "svc:/system/auditd:default/:properties/preselection/naflags",
+ NULL, NULL, NULL, NULL, property, 0);
+ if (ret == -1)
+ return -2;
+
+ value = scf_value_create(handle);
+ if (value == NULL)
+ return -2;
+
+ ret = scf_property_get_value(property, value);
+ if (ret == -1)
+ return -2;
+
+ ret = scf_value_get_astring(value, auditstring, len);
+ if (ret == -1)
+ return -2;
+
+ scf_value_destroy(value);
+ scf_property_destroy(property);
+ scf_handle_destroy(handle);
+
+ return 0;
+}
+#endif
+
/*
* Check if the specified event is selected (enabled) for auditing.
* Returns 1 if the event is selected, 0 if not and -1 on failure.
@@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, au_event_t event_no)
(void) au_write(ad, au_to_text(string));
(void) au_write(ad, AUToReturnFunc(typ, rc));
+#ifdef BROKEN_BSM_API
+ /* The last argument is the event modifier flags. For
+ some seemingly undocumented reason it was added in
+ Solaris 11. */
+ rc = au_close(ad, AU_TO_WRITE, event_no, 0);
+#else
rc = au_close(ad, AU_TO_WRITE, event_no);
+#endif
+
if (rc < 0)
error("BSM audit: %s failed to write \"%s\" record: %s",
__func__, string, strerror(errno));
OpenPOWER on IntegriCloud