Deleted Added
sdiff udiff text old ( 181110 ) new ( 181111 )
full compact
audit-bsm.c (181110) audit-bsm.c (181111)
1/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
1/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */
2
3/*
4 * TODO
5 *
6 * - deal with overlap between this and sys_auth_allowed_user
7 * sys_auth_record_login and record_failed_login.
8 */
9

--- 25 unchanged lines hidden (view full) ---

35/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
36
37#include "includes.h"
38#if defined(USE_BSM_AUDIT)
39
40#include <sys/types.h>
41
42#include <errno.h>
2
3/*
4 * TODO
5 *
6 * - deal with overlap between this and sys_auth_allowed_user
7 * sys_auth_record_login and record_failed_login.
8 */
9

--- 25 unchanged lines hidden (view full) ---

35/* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
36
37#include "includes.h"
38#if defined(USE_BSM_AUDIT)
39
40#include <sys/types.h>
41
42#include <errno.h>
43#include <netdb.h>
43#include <stdarg.h>
44#include <stdarg.h>
45#include <string.h>
44#include <unistd.h>
45
46#include "ssh.h"
47#include "log.h"
48#include "key.h"
49#include "hostfile.h"
50#include "auth.h"
51#include "xmalloc.h"

--- 5 unchanged lines hidden (view full) ---

57#include <bsm/libbsm.h>
58#include <bsm/audit_uevents.h>
59#include <bsm/audit_record.h>
60#include <locale.h>
61
62#if defined(HAVE_GETAUDIT_ADDR)
63#define AuditInfoStruct auditinfo_addr
64#define AuditInfoTermID au_tid_addr_t
46#include <unistd.h>
47
48#include "ssh.h"
49#include "log.h"
50#include "key.h"
51#include "hostfile.h"
52#include "auth.h"
53#include "xmalloc.h"

--- 5 unchanged lines hidden (view full) ---

59#include <bsm/libbsm.h>
60#include <bsm/audit_uevents.h>
61#include <bsm/audit_record.h>
62#include <locale.h>
63
64#if defined(HAVE_GETAUDIT_ADDR)
65#define AuditInfoStruct auditinfo_addr
66#define AuditInfoTermID au_tid_addr_t
65#define GetAuditFunc(a,b) getaudit_addr((a),(b))
66#define GetAuditFuncText "getaudit_addr"
67#define SetAuditFunc(a,b) setaudit_addr((a),(b))
68#define SetAuditFuncText "setaudit_addr"
69#define AUToSubjectFunc au_to_subject_ex
70#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
71#else
72#define AuditInfoStruct auditinfo
73#define AuditInfoTermID au_tid_t
67#define SetAuditFunc(a,b) setaudit_addr((a),(b))
68#define SetAuditFuncText "setaudit_addr"
69#define AUToSubjectFunc au_to_subject_ex
70#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
71#else
72#define AuditInfoStruct auditinfo
73#define AuditInfoTermID au_tid_t
74#define GetAuditFunc(a,b) getaudit(a)
75#define GetAuditFuncText "getaudit"
76#define SetAuditFunc(a,b) setaudit(a)
77#define SetAuditFuncText "setaudit"
78#define AUToSubjectFunc au_to_subject
79#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
80#endif
81
74#define SetAuditFunc(a,b) setaudit(a)
75#define SetAuditFuncText "setaudit"
76#define AUToSubjectFunc au_to_subject
77#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
78#endif
79
80#ifndef cannot_audit
82extern int cannot_audit(int);
81extern int cannot_audit(int);
82#endif
83extern void aug_init(void);
83extern void aug_init(void);
84extern dev_t aug_get_port(void);
85extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
86extern void aug_save_auid(au_id_t);
87extern void aug_save_uid(uid_t);
88extern void aug_save_euid(uid_t);
89extern void aug_save_gid(gid_t);
90extern void aug_save_egid(gid_t);
91extern void aug_save_pid(pid_t);
92extern void aug_save_asid(au_asid_t);
93extern void aug_save_tid(dev_t, unsigned int);

--- 20 unchanged lines hidden (view full) ---

114#endif
115
116extern Authctxt *the_authctxt;
117static AuditInfoTermID ssh_bsm_tid;
118
119/* Below is the low-level BSM interface code */
120
121/*
84extern void aug_save_auid(au_id_t);
85extern void aug_save_uid(uid_t);
86extern void aug_save_euid(uid_t);
87extern void aug_save_gid(gid_t);
88extern void aug_save_egid(gid_t);
89extern void aug_save_pid(pid_t);
90extern void aug_save_asid(au_asid_t);
91extern void aug_save_tid(dev_t, unsigned int);

--- 20 unchanged lines hidden (view full) ---

112#endif
113
114extern Authctxt *the_authctxt;
115static AuditInfoTermID ssh_bsm_tid;
116
117/* Below is the low-level BSM interface code */
118
119/*
120 * aug_get_machine is only required on IPv6 capable machines, we use a
121 * different mechanism in audit_connection_from() for IPv4-only machines.
122 * getaudit_addr() is only present on IPv6 capable machines.
123 */
124#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
125extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
126#else
127static int
128aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
129{
130 struct addrinfo *ai;
131 struct sockaddr_in *in4;
132 struct sockaddr_in6 *in6;
133 int ret = 0, r;
134
135 if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
136 error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
137 r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
138 return -1;
139 }
140
141 switch (ai->ai_family) {
142 case AF_INET:
143 in4 = (struct sockaddr_in *)ai->ai_addr;
144 *type = AU_IPv4;
145 memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
146 break;
147#ifdef AU_IPv6
148 case AF_INET6:
149 in6 = (struct sockaddr_in6 *)ai->ai_addr;
150 *type = AU_IPv6;
151 memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
152 break;
153#endif
154 default:
155 error("BSM audit: unknown address family for %.100s: %d",
156 host, ai->ai_family);
157 ret = -1;
158 }
159 freeaddrinfo(ai);
160 return ret;
161}
162#endif
163
164/*
122 * Check if the specified event is selected (enabled) for auditing.
123 * Returns 1 if the event is selected, 0 if not and -1 on failure.
124 */
125static int
126selected(char *username, uid_t uid, au_event_t event, int sf)
127{
128 int rc, sorf;
129 char naflags[512];

--- 208 unchanged lines hidden --- 		165 * Check if the specified event is selected (enabled) for auditing.
166 * Returns 1 if the event is selected, 0 if not and -1 on failure.
167 */
168static int
169selected(char *username, uid_t uid, au_event_t event, int sf)
170{
171 int rc, sorf;
172 char naflags[512];

--- 208 unchanged lines hidden ---