| author | Huie-Ying Lee <huieying.lee@oracle.com> |
| Fri, 13 Mar 2015 17:05:08 -0700 | |
| branch | s11-update |
| changeset 3946 | b1e0e68de63b |
| child 4503 | bf30d46ab06e |
| child 5324 | 5683175b6e99 |
| permissions | -rw-r--r-- |
|
3946
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
2 |
# Add Solaris Auditing configuration (--with-audit=solaris) to openssh-6.5p1. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
3 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
4 |
# Add phase 1 Solaris Auditing of sshd login/logout to openssh-6.5p1. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
5 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
6 |
# Additional Solaris Auditing should include audit of password |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
7 |
# change. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
8 |
# Presuming it is appropriate, this patch should/will be updated |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
9 |
# with additional files and updates to sources/audit-solaris.c |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
10 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
11 |
# Code is developed by the Solaris Audit team. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
# It should/will likely be contributed up stream when done. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
13 |
# This patch relies on sources/audit-solaris.c being copied into |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
14 |
# the openssh source directory by the Makefile that configures |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
15 |
# using --with-audit=solaris. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
16 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
17 |
# The up stream community has been contacted about the plans. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
18 |
# No reply has yet been received. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
19 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
20 |
# An additional patch relying on the --with-audit=solaris configuration |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
21 |
# should/will be created for sftp Solaris Audit and password change. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
22 |
# |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
23 |
--- orig/config.h.in 2014-11-05 13:11:59.968745838 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
24 |
+++ new/config.h.in 2014-10-13 14:00:31.117475979 -0700 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
25 |
@@ -1628,6 +1628,9 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
26 |
/* Use Linux audit module */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
27 |
#undef USE_LINUX_AUDIT |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
28 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
+/* Use Solaris audit module */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
+#undef USE_SOLARIS_AUDIT |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
+ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
/* Enable OpenSSL engine support */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
#undef USE_OPENSSL_ENGINE |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
34 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
35 |
--- orig/configure 2014-11-05 13:11:59.971959419 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
36 |
+++ new/configure 2014-12-04 08:43:59.945675841 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
37 |
@@ -1420,7 +1420,7 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
38 |
--with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
39 |
--with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
40 |
--with-libedit[=PATH] Enable libedit support for sftp |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
41 |
- --with-audit=module Enable audit support (modules=debug,bsm,linux) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
42 |
+ --with-audit=module Enable audit support (modules=debug,bsm,linux,solaris) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
43 |
--with-pie Build Position Independent Executables if possible |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
44 |
--with-ssl-dir=PATH Specify path to OpenSSL installation |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
45 |
--without-openssl-header-check Disable OpenSSL version consistency check |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
46 |
@@ -10185,6 +10185,27 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
47 |
$as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
48 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
49 |
;; |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
50 |
+ solaris) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
51 |
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: solaris" >&5
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
52 |
+$as_echo "solaris" >&6; } |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
53 |
+ AUDIT_MODULE=solaris |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
54 |
+ for ac_header in bsm/adt.h |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
55 |
+do : |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
56 |
+ ac_fn_c_check_header_compile "$LINENO" "bsm/adt.h" "ac_cv_header_bsm_adt_h" "" |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
57 |
+if test "x$ac_cv_header_bsm_adt_h" = xyes; then : |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
58 |
+ cat >>confdefs.h <<_ACEOF |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
59 |
+#define HAVE_ADT_H 1 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
60 |
+_ACEOF |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
61 |
+ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
62 |
+else |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
63 |
+ as_fn_error $? "Solaris Audit enabled and bsm/adt.h not found" "$LINENO" 5 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
64 |
+fi |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
65 |
+ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
66 |
+done |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
67 |
+ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
68 |
+ SSHDLIBS="$SSHDLIBS -lbsm" |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
69 |
+$as_echo "#define USE_SOLARIS_AUDIT 1" >>confdefs.h |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
70 |
+ ;; |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
71 |
debug) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
72 |
AUDIT_MODULE=debug |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
73 |
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
74 |
--- orig/defines.h 2014-01-17 05:12:38.000000000 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
75 |
+++ new/defines.h 2014-09-12 10:09:27.000000000 -0700 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
76 |
@@ -622,6 +622,11 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
77 |
# define CUSTOM_SSH_AUDIT_EVENTS |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
78 |
#endif |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
79 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
80 |
+#ifdef USE_SOLARIS_AUDIT |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
81 |
+# define SSH_AUDIT_EVENTS |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
82 |
+# define CUSTOM_SSH_AUDIT_EVENTS |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
83 |
+#endif |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
84 |
+ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
85 |
#if !defined(HAVE___func__) && defined(HAVE___FUNCTION__) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
86 |
# define __func__ __FUNCTION__ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
87 |
#elif !defined(HAVE___func__) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
88 |
--- orig/INSTALL 2013-03-06 17:33:35.000000000 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
89 |
+++ new/INSTALL 2014-12-04 08:41:24.369920230 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
90 |
@@ -97,9 +97,13 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
91 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
92 |
Basic Security Module (BSM): |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
93 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
94 |
-Native BSM support is know to exist in Solaris from at least 2.5.1, |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
95 |
-FreeBSD 6.1 and OS X. Alternatively, you may use the OpenBSM |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
96 |
-implementation (http://www.openbsm.org). |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
97 |
+Native BSM support is known to exist in Solaris from at least 2.5.1 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
98 |
+to Solaris 10. From Solaris 11 the previously documented BSM (libbsm) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
99 |
+interfaces are no longer public and are unsupported. While not public |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
100 |
+interfaces, audit-solaris.c implements Solaris Audit from Solaris 11. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
101 |
+Native BSM support is known to exist in FreeBSD 6.1 and OS X. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
102 |
+Alternatively, you may use the OpenBSM implementation |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
103 |
+(http://www.openbsm.org). |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
104 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
105 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
106 |
2. Building / Installation |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
107 |
@@ -152,8 +156,9 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
108 |
There are a few other options to the configure script: |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
109 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
110 |
--with-audit=[module] enable additional auditing via the specified module. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
111 |
-Currently, drivers for "debug" (additional info via syslog) and "bsm" |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
112 |
-(Sun's Basic Security Module) are supported. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
113 |
+Currently, drivers for "debug" (additional info via syslog), and "bsm" |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
114 |
+(Sun's Legacy Basic Security Module prior to Solaris 11), and "solaris" |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
115 |
+(Sun's Audit infrastructure from Solaris 11) are supported. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
116 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
117 |
--with-pam enables PAM support. If PAM support is compiled in, it must |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
118 |
also be enabled in sshd_config (refer to the UsePAM directive). |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
119 |
--- orig/Makefile.in 2014-11-12 15:18:05.366726810 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
120 |
+++ new/Makefile.in 2014-11-12 15:22:36.825227512 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
121 |
@@ -84,7 +84,7 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
122 |
roaming_common.o roaming_client.o |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
123 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
124 |
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
125 |
- audit.o audit-bsm.o audit-linux.o platform.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
126 |
+ audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
127 |
sshpty.o sshlogin.o servconf.o serverloop.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
128 |
auth.o auth1.o auth2.o auth-options.o session.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
129 |
auth-chall.o auth2-chall.o groupaccess.o \ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
130 |
--- orig/README.platform 2009-08-28 16:14:48.000000000 -0700 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
131 |
+++ new/README.platform 2014-09-12 09:45:50.000000000 -0700 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
132 |
@@ -68,8 +68,8 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
133 |
libssl-dev, libz-dev and libpam-dev. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
134 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
135 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
136 |
-Solaris |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
137 |
-------- |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
138 |
+Prior to Solaris 11 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
139 |
+------------------- |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
140 |
If you enable BSM auditing on Solaris, you need to update audit_event(4) |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
141 |
for praudit(1m) to give sensible output. The following line needs to be |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
142 |
added to /etc/security/audit_event: |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
143 |
@@ -82,6 +82,9 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
144 |
number is already in use on your system, you may change it at build time |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
145 |
by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
146 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
147 |
+From Solaris 11 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
148 |
+--------------- |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
149 |
+Solaris Audit is supported by configuring --with-audit=solaris. |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
150 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
151 |
Platforms using PAM |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
152 |
------------------- |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
153 |
--- orig/sshd.c 2014-11-05 13:11:59.974945893 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
154 |
+++ new/sshd.c 2014-11-10 13:33:12.279354856 -0800 |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
155 |
@@ -2139,7 +2139,9 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
156 |
#endif |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
157 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
158 |
#ifdef SSH_AUDIT_EVENTS |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
159 |
+#ifndef USE_SOLARIS_AUDIT |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
160 |
audit_event(SSH_AUTH_SUCCESS); |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
161 |
+#endif /* !USE_SOLARIS_AUDIT */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
162 |
#endif |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
163 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
164 |
#ifdef GSSAPI |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
165 |
@@ -2169,6 +2171,10 @@ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
166 |
do_pam_session(); |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
167 |
} |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
168 |
#endif |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
169 |
+#ifdef USE_SOLARIS_AUDIT |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
170 |
+ /* Audit should take place after all successful pam */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
171 |
+ audit_event(SSH_AUTH_SUCCESS); |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
172 |
+#endif /* USE_SOLARIS_AUDIT */ |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
173 |
|
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
174 |
/* |
|
b1e0e68de63b
PSARC 2012/335 OpenSSH migration
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
175 |
* In privilege separation, we fork another child and prepare |