audit-bsm.c (181110) | audit-bsm.c (181111) |
---|---|
1/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */ | 1/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */ |
2 3/* 4 * TODO 5 * 6 * - deal with overlap between this and sys_auth_allowed_user 7 * sys_auth_record_login and record_failed_login. 8 */ 9 --- 25 unchanged lines hidden (view full) --- 35/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ 36 37#include "includes.h" 38#if defined(USE_BSM_AUDIT) 39 40#include <sys/types.h> 41 42#include <errno.h> | 2 3/* 4 * TODO 5 * 6 * - deal with overlap between this and sys_auth_allowed_user 7 * sys_auth_record_login and record_failed_login. 8 */ 9 --- 25 unchanged lines hidden (view full) --- 35/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */ 36 37#include "includes.h" 38#if defined(USE_BSM_AUDIT) 39 40#include <sys/types.h> 41 42#include <errno.h> |
43#include <netdb.h> |
|
43#include <stdarg.h> | 44#include <stdarg.h> |
45#include <string.h> |
|
44#include <unistd.h> 45 46#include "ssh.h" 47#include "log.h" 48#include "key.h" 49#include "hostfile.h" 50#include "auth.h" 51#include "xmalloc.h" --- 5 unchanged lines hidden (view full) --- 57#include <bsm/libbsm.h> 58#include <bsm/audit_uevents.h> 59#include <bsm/audit_record.h> 60#include <locale.h> 61 62#if defined(HAVE_GETAUDIT_ADDR) 63#define AuditInfoStruct auditinfo_addr 64#define AuditInfoTermID au_tid_addr_t | 46#include <unistd.h> 47 48#include "ssh.h" 49#include "log.h" 50#include "key.h" 51#include "hostfile.h" 52#include "auth.h" 53#include "xmalloc.h" --- 5 unchanged lines hidden (view full) --- 59#include <bsm/libbsm.h> 60#include <bsm/audit_uevents.h> 61#include <bsm/audit_record.h> 62#include <locale.h> 63 64#if defined(HAVE_GETAUDIT_ADDR) 65#define AuditInfoStruct auditinfo_addr 66#define AuditInfoTermID au_tid_addr_t |
65#define GetAuditFunc(a,b) getaudit_addr((a),(b)) 66#define GetAuditFuncText "getaudit_addr" | |
67#define SetAuditFunc(a,b) setaudit_addr((a),(b)) 68#define SetAuditFuncText "setaudit_addr" 69#define AUToSubjectFunc au_to_subject_ex 70#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b)) 71#else 72#define AuditInfoStruct auditinfo 73#define AuditInfoTermID au_tid_t | 67#define SetAuditFunc(a,b) setaudit_addr((a),(b)) 68#define SetAuditFuncText "setaudit_addr" 69#define AUToSubjectFunc au_to_subject_ex 70#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b)) 71#else 72#define AuditInfoStruct auditinfo 73#define AuditInfoTermID au_tid_t |
74#define GetAuditFunc(a,b) getaudit(a) 75#define GetAuditFuncText "getaudit" | |
76#define SetAuditFunc(a,b) setaudit(a) 77#define SetAuditFuncText "setaudit" 78#define AUToSubjectFunc au_to_subject 79#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) 80#endif 81 | 74#define SetAuditFunc(a,b) setaudit(a) 75#define SetAuditFuncText "setaudit" 76#define AUToSubjectFunc au_to_subject 77#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) 78#endif 79 |
80#ifndef cannot_audit |
|
82extern int cannot_audit(int); | 81extern int cannot_audit(int); |
82#endif |
|
83extern void aug_init(void); | 83extern void aug_init(void); |
84extern dev_t aug_get_port(void); 85extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); | |
86extern void aug_save_auid(au_id_t); 87extern void aug_save_uid(uid_t); 88extern void aug_save_euid(uid_t); 89extern void aug_save_gid(gid_t); 90extern void aug_save_egid(gid_t); 91extern void aug_save_pid(pid_t); 92extern void aug_save_asid(au_asid_t); 93extern void aug_save_tid(dev_t, unsigned int); --- 20 unchanged lines hidden (view full) --- 114#endif 115 116extern Authctxt *the_authctxt; 117static AuditInfoTermID ssh_bsm_tid; 118 119/* Below is the low-level BSM interface code */ 120 121/* | 84extern void aug_save_auid(au_id_t); 85extern void aug_save_uid(uid_t); 86extern void aug_save_euid(uid_t); 87extern void aug_save_gid(gid_t); 88extern void aug_save_egid(gid_t); 89extern void aug_save_pid(pid_t); 90extern void aug_save_asid(au_asid_t); 91extern void aug_save_tid(dev_t, unsigned int); --- 20 unchanged lines hidden (view full) --- 112#endif 113 114extern Authctxt *the_authctxt; 115static AuditInfoTermID ssh_bsm_tid; 116 117/* Below is the low-level BSM interface code */ 118 119/* |
120 * aug_get_machine is only required on IPv6 capable machines, we use a 121 * different mechanism in audit_connection_from() for IPv4-only machines. 122 * getaudit_addr() is only present on IPv6 capable machines. 123 */ 124#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR) 125extern int aug_get_machine(char *, u_int32_t *, u_int32_t *); 126#else 127static int 128aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type) 129{ 130 struct addrinfo *ai; 131 struct sockaddr_in *in4; 132 struct sockaddr_in6 *in6; 133 int ret = 0, r; 134 135 if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) { 136 error("BSM audit: getaddrinfo failed for %.100s: %.100s", host, 137 r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r)); 138 return -1; 139 } 140 141 switch (ai->ai_family) { 142 case AF_INET: 143 in4 = (struct sockaddr_in *)ai->ai_addr; 144 *type = AU_IPv4; 145 memcpy(addr, &in4->sin_addr, sizeof(struct in_addr)); 146 break; 147#ifdef AU_IPv6 148 case AF_INET6: 149 in6 = (struct sockaddr_in6 *)ai->ai_addr; 150 *type = AU_IPv6; 151 memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr)); 152 break; 153#endif 154 default: 155 error("BSM audit: unknown address family for %.100s: %d", 156 host, ai->ai_family); 157 ret = -1; 158 } 159 freeaddrinfo(ai); 160 return ret; 161} 162#endif 163 164/* |
|
122 * Check if the specified event is selected (enabled) for auditing. 123 * Returns 1 if the event is selected, 0 if not and -1 on failure. 124 */ 125static int 126selected(char *username, uid_t uid, au_event_t event, int sf) 127{ 128 int rc, sorf; 129 char naflags[512]; --- 208 unchanged lines hidden --- | 165 * Check if the specified event is selected (enabled) for auditing. 166 * Returns 1 if the event is selected, 0 if not and -1 on failure. 167 */ 168static int 169selected(char *username, uid_t uid, au_event_t event, int sf) 170{ 171 int rc, sorf; 172 char naflags[512]; --- 208 unchanged lines hidden --- |