Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/022-solaris_audit.patch
author Jan Parcel <jan.parcel@oracle.com>
Tue, 25 Apr 2017 15:08:28 -0700
branchs11u3-sru
changeset 7946 165bf092aa9c
parent 6076 0d5715bee554
permissions -rw-r--r--
PSARC/2017/022 OpenSSH 7.4 25295722 upgrade OpenSSH to 7.4p1 25295787 problem in UTILITY/OPENSSH 25295804 problem in UTILITY/OPENSSH 25295822 problem in UTILITY/OPENSSH 25295840 problem in UTILITY/OPENSSH 25809379 Openssh 7.4p1 has 3 regressions, fixed in 7.5 25795760 openssh drops connection when GSSAPIAuthentication set to no
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     1
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     2
 
# Add Solaris Auditing configuration (--with-audit=solaris) to openssh-6.5p1.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     3
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     4
 
# Add phase 1 Solaris Auditing of sshd login/logout to openssh-6.5p1.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     5
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     6
 
# Additional Solaris Auditing should include audit of password
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     7
 
#  change.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     8
 
# Presuming it is appropriate, this patch should/will be updated
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     9
 
#  with additional files and updates to sources/audit-solaris.c
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    10
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    11
 
# Code is developed by the Solaris Audit team.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    12
 
# It should/will likely be contributed up stream when done.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    13
 
# This patch relies on sources/audit-solaris.c being copied into
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    14
 
#  the openssh source directory by the Makefile that configures
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    15
 
#  using --with-audit=solaris.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    16
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    17
 
# The up stream community has been contacted about the plans.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    18
 
#  No reply has yet been received.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    19
 
#
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    20
 
# An additional patch relying on the --with-audit=solaris configuration
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    21
 
#  should/will be created for sftp Solaris Audit and password change.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    22
 
#
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    23
 
diff -pur old/INSTALL new/INSTALL
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    24
 
--- old/INSTALL
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    25
 
+++ new/INSTALL
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    26
 
@@ -98,9 +98,13 @@ http://www.gnu.org/software/autoconf/
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    27
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    28
 
 Basic Security Module (BSM):
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    29
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    30
 
-Native BSM support is know to exist in Solaris from at least 2.5.1,
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    31
 
-FreeBSD 6.1 and OS X.  Alternatively, you may use the OpenBSM
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    32
 
-implementation (http://www.openbsm.org).
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    33
 
+Native BSM support is known to exist in Solaris from at least 2.5.1
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    34
 
+to Solaris 10.  From Solaris 11 the previously documented BSM (libbsm)
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    35
 
+interfaces are no longer public and are unsupported.  While not public
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    36
 
+interfaces, audit-solaris.c implements Solaris Audit from Solaris 11.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    37
 
+Native BSM support is known to exist in FreeBSD 6.1 and OS X.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    38
 
+Alternatively, you may use the OpenBSM implementation
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    39
 
+(http://www.openbsm.org).
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    40
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    41
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    42
 
 2. Building / Installation
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    43
 
@@ -153,8 +157,9 @@ name).
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    44
 
 There are a few other options to the configure script:
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    45
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    46
 
 --with-audit=[module] enable additional auditing via the specified module.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    47
 
-Currently, drivers for "debug" (additional info via syslog) and "bsm"
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    48
 
-(Sun's Basic Security Module) are supported.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    49
 
+Currently, drivers for "debug" (additional info via syslog), and "bsm"
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    50
 
+(Sun's Legacy Basic Security Module prior to Solaris 11), and "solaris"
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    51
 
+(Sun's Audit infrastructure from Solaris 11) are supported.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    52
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    53
 
 --with-pam enables PAM support. If PAM support is compiled in, it must
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    54
 
 also be enabled in sshd_config (refer to the UsePAM directive).
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    55
 
diff -pur old/Makefile.in new/Makefile.in
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    56
 
--- old/Makefile.in
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    57
 
+++ new/Makefile.in
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    58
 
@@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    59
 
 	sshconnect.o sshconnect1.o sshconnect2.o mux.o
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    60
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    61
 
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    62
 
-	audit.o audit-bsm.o audit-linux.o platform.o \
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    63
 
+	audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    64
 
 	sshpty.o sshlogin.o servconf.o serverloop.o \
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    65
 
 	auth.o auth2.o auth-options.o session.o \
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    66
 
 	auth2-chall.o groupaccess.o \
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    67
 
diff -pur old/README.platform new/README.platform
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    68
 
--- old/README.platform
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    69
 
+++ new/README.platform
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    70
 
@@ -71,8 +71,8 @@ zlib-devel and pam-devel, on Debian base
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    71
 
 libssl-dev, libz-dev and libpam-dev.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    72
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    73
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    74
 
-Solaris
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    75
 
--------
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    76
 
+Prior to Solaris 11
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    77
 
+-------------------
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    78
 
 If you enable BSM auditing on Solaris, you need to update audit_event(4)
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    79
 
 for praudit(1m) to give sensible output.  The following line needs to be
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    80
 
 added to /etc/security/audit_event:
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    81
 
@@ -85,6 +85,9 @@ There is no official registry of 3rd par
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    82
 
 number is already in use on your system, you may change it at build time
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    83
 
 by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    84
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    85
 
+From Solaris 11
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    86
 
+---------------
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    87
 
+Solaris Audit is supported by configuring --with-audit=solaris.
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    88
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    89
 
 Platforms using PAM
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    90
 
 -------------------
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    91
 
diff -pur old/config.h.in new/config.h.in
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    92
 
--- old/config.h.in
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
    93
 
+++ new/config.h.in
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
    94
 
@@ -1679,6 +1679,9 @@
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    95
 
 /* Use Linux audit module */
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    96
 
 #undef USE_LINUX_AUDIT
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    97
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    98
 
+/* Use Solaris audit module */
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
    99
 
+#undef USE_SOLARIS_AUDIT
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   100
 
+
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   101
 
 /* Enable OpenSSL engine support */
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   102
 
 #undef USE_OPENSSL_ENGINE
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   103
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   104
 
diff -pur old/configure.ac new/configure.ac
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   105
 
--- old/configure.ac
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   106
 
+++ new/configure.ac
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
   107
 
@@ -1560,10 +1560,21 @@ AC_ARG_WITH([libedit],
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   108
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   109
 
 AUDIT_MODULE=none
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   110
 
 AC_ARG_WITH([audit],
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   111
 
-	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   112
 
+	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)],
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   113
 
 	[
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   114
 
 	  AC_MSG_CHECKING([for supported audit module])
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   115
 
 	  case "$withval" in
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   116
 
+	  solaris)
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   117
 
+		AC_MSG_RESULT([solaris])
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   118
 
+		AUDIT_MODULE=solaris
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   119
 
+		dnl    Checks for headers, libs and functions
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   120
 
+		AC_CHECK_HEADERS([bsm/adt.h], [],
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   121
 
+		    [AC_MSG_ERROR([Solaris Audit enabled and bsm/adt.h not found])],
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   122
 
+		    []
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   123
 
+		)
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   124
 
+		SSHDLIBS="$SSHDLIBS -lbsm"
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   125
 
+		AC_DEFINE([USE_SOLARIS_AUDIT], [1], [Use Solaris audit module])
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   126
 
+		;;
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   127
 
 	  bsm)
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   128
 
 		AC_MSG_RESULT([bsm])
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   129
 
 		AUDIT_MODULE=bsm
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   130
 
diff -pur old/defines.h new/defines.h
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   131
 
--- old/defines.h
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   132
 
+++ new/defines.h
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
   133
 
@@ -645,6 +645,11 @@ struct winsize {
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   134
 
 # define CUSTOM_SSH_AUDIT_EVENTS
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   135
 
 #endif
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   136
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   137
 
+#ifdef USE_SOLARIS_AUDIT
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   138
 
+# define SSH_AUDIT_EVENTS
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   139
 
+# define CUSTOM_SSH_AUDIT_EVENTS
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   140
 
+#endif
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   141
 
+
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   142
 
 #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   143
 
 #  define __func__ __FUNCTION__
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   144
 
 #elif !defined(HAVE___func__)
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   145
 
diff -pur old/sshd.c new/sshd.c
6076
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   146
 
--- old/sshd.c
0d5715bee554 PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Zdenek Kotala <Zdenek.Kotala@oracle.com>
parents: 5324
diff changeset 
   147
 
+++ new/sshd.c
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
   148
 
@@ -2043,7 +2043,9 @@ main(int ac, char **av)
5324
5683175b6e99 PSARC/2015/395 OpenSSH 7.1p1
Jan Parcel <jan.parcel@oracle.com>
parents: 3946
diff changeset 
   149
 
 	}
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   150
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   151
 
 #ifdef SSH_AUDIT_EVENTS
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   152
 
+#ifndef	USE_SOLARIS_AUDIT
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   153
 
 	audit_event(SSH_AUTH_SUCCESS);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   154
 
+#endif	/* !USE_SOLARIS_AUDIT */
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   155
 
 #endif
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   156
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   157
 
 #ifdef GSSAPI
7946
165bf092aa9c PSARC/2017/022 OpenSSH 7.4
Jan Parcel <jan.parcel@oracle.com>
parents: 6076
diff changeset 
   158
 
@@ -2073,6 +2075,10 @@ main(int ac, char **av)
3946
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   159
 
 		do_pam_session();
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   160
 
 	}
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   161
 
 #endif
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   162
 
+#ifdef	USE_SOLARIS_AUDIT
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   163
 
+	/* Audit should take place after all successful pam */
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   164
 
+	audit_event(SSH_AUTH_SUCCESS);
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   165
 
+#endif	/* USE_SOLARIS_AUDIT */
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   166
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   167
 
 	/*
b1e0e68de63b PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
   168
 
 	 * In privilege separation, we fork another child and prepare
upstream/oracle/userland-gate