Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/022-solaris_audit.patch
changeset 7649 69d7508f0d66
parent 5818 5f0e7a0f17c2
equal deleted inserted replaced
7648:20e09cf3cfaa 7649:69d7508f0d66 
    21 #  should/will be created for sftp Solaris Audit and password change.
 
    21 #  should/will be created for sftp Solaris Audit and password change.
 
    22 #
 
    22 #
 
    23 diff -pur old/INSTALL new/INSTALL
 
    23 diff -pur old/INSTALL new/INSTALL
 
    24 --- old/INSTALL
 
    24 --- old/INSTALL
 
    25 +++ new/INSTALL
 
    25 +++ new/INSTALL
 
    26 @@ -92,9 +92,13 @@ http://www.gnu.org/software/autoconf/
 
    26 @@ -98,9 +98,13 @@ http://www.gnu.org/software/autoconf/
 
    27  
    27  
    28  Basic Security Module (BSM):
 
    28  Basic Security Module (BSM):
 
    29  
    29  
    30 -Native BSM support is know to exist in Solaris from at least 2.5.1,
 
    30 -Native BSM support is know to exist in Solaris from at least 2.5.1,
 
    31 -FreeBSD 6.1 and OS X.  Alternatively, you may use the OpenBSM
 
    31 -FreeBSD 6.1 and OS X.  Alternatively, you may use the OpenBSM
 
    38 +Alternatively, you may use the OpenBSM implementation
 
    38 +Alternatively, you may use the OpenBSM implementation
 
    39 +(http://www.openbsm.org).
 
    39 +(http://www.openbsm.org).
 
    40  
    40  
    41  
    41  
    42  2. Building / Installation
 
    42  2. Building / Installation
 
    43 @@ -147,8 +151,9 @@ name).
 
    43 @@ -153,8 +157,9 @@ name).
 
    44  There are a few other options to the configure script:
 
    44  There are a few other options to the configure script:
 
    45  
    45  
    46  --with-audit=[module] enable additional auditing via the specified module.
 
    46  --with-audit=[module] enable additional auditing via the specified module.
 
    47 -Currently, drivers for "debug" (additional info via syslog) and "bsm"
 
    47 -Currently, drivers for "debug" (additional info via syslog) and "bsm"
 
    48 -(Sun's Basic Security Module) are supported.
 
    48 -(Sun's Basic Security Module) are supported.
 
    54  also be enabled in sshd_config (refer to the UsePAM directive).
 
    54  also be enabled in sshd_config (refer to the UsePAM directive).
 
    55 diff -pur old/Makefile.in new/Makefile.in
 
    55 diff -pur old/Makefile.in new/Makefile.in
 
    56 --- old/Makefile.in
 
    56 --- old/Makefile.in
 
    57 +++ new/Makefile.in
 
    57 +++ new/Makefile.in
 
    58 @@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
 
    58 @@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
 
    59  	roaming_common.o roaming_client.o
 
    59  	sshconnect.o sshconnect1.o sshconnect2.o mux.o
 
    60  
    60  
    61  SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 
    61  SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
 
    62 -	audit.o audit-bsm.o audit-linux.o platform.o \
 
    62 -	audit.o audit-bsm.o audit-linux.o platform.o \
 
    63 +	audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
 
    63 +	audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
 
    64  	sshpty.o sshlogin.o servconf.o serverloop.o \
 
    64  	sshpty.o sshlogin.o servconf.o serverloop.o \
 
    65  	auth.o auth1.o auth2.o auth-options.o session.o \
 
    65  	auth.o auth2.o auth-options.o session.o \
 
    66  	auth-chall.o auth2-chall.o groupaccess.o \
 
    66  	auth2-chall.o groupaccess.o \
 
    67 diff -pur old/README.platform new/README.platform
 
    67 diff -pur old/README.platform new/README.platform
 
    68 --- old/README.platform
 
    68 --- old/README.platform
 
    69 +++ new/README.platform
 
    69 +++ new/README.platform
 
    70 @@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian base
 
    70 @@ -71,8 +71,8 @@ zlib-devel and pam-devel, on Debian base
 
    71  libssl-dev, libz-dev and libpam-dev.
 
    71  libssl-dev, libz-dev and libpam-dev.
 
    72  
    72  
    73  
    73  
    74 -Solaris
 
    74 -Solaris
 
    75 --------
 
    75 --------
 
    76 +Prior to Solaris 11
 
    76 +Prior to Solaris 11
 
    77 +-------------------
 
    77 +-------------------
 
    78  If you enable BSM auditing on Solaris, you need to update audit_event(4)
 
    78  If you enable BSM auditing on Solaris, you need to update audit_event(4)
 
    79  for praudit(1m) to give sensible output.  The following line needs to be
 
    79  for praudit(1m) to give sensible output.  The following line needs to be
 
    80  added to /etc/security/audit_event:
 
    80  added to /etc/security/audit_event:
 
    81 @@ -82,6 +82,9 @@ There is no official registry of 3rd par
 
    81 @@ -85,6 +85,9 @@ There is no official registry of 3rd par
 
    82  number is already in use on your system, you may change it at build time
 
    82  number is already in use on your system, you may change it at build time
 
    83  by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
 
    83  by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
 
    84  
    84  
    85 +From Solaris 11
 
    85 +From Solaris 11
 
    86 +---------------
 
    86 +---------------
 
    89  Platforms using PAM
 
    89  Platforms using PAM
 
    90  -------------------
 
    90  -------------------
 
    91 diff -pur old/config.h.in new/config.h.in
 
    91 diff -pur old/config.h.in new/config.h.in
 
    92 --- old/config.h.in
 
    92 --- old/config.h.in
 
    93 +++ new/config.h.in
 
    93 +++ new/config.h.in
 
    94 @@ -1635,6 +1635,9 @@
 
    94 @@ -1679,6 +1679,9 @@
 
    95  /* Use Linux audit module */
 
    95  /* Use Linux audit module */
 
    96  #undef USE_LINUX_AUDIT
 
    96  #undef USE_LINUX_AUDIT
 
    97  
    97  
    98 +/* Use Solaris audit module */
 
    98 +/* Use Solaris audit module */
 
    99 +#undef USE_SOLARIS_AUDIT
 
    99 +#undef USE_SOLARIS_AUDIT
 
   102  #undef USE_OPENSSL_ENGINE
 
   102  #undef USE_OPENSSL_ENGINE
 
   103  
   103  
   104 diff -pur old/configure.ac new/configure.ac
 
   104 diff -pur old/configure.ac new/configure.ac
 
   105 --- old/configure.ac
 
   105 --- old/configure.ac
 
   106 +++ new/configure.ac
 
   106 +++ new/configure.ac
 
   107 @@ -1517,10 +1517,21 @@ AC_ARG_WITH([libedit],
 
   107 @@ -1560,10 +1560,21 @@ AC_ARG_WITH([libedit],
 
   108  
   108  
   109  AUDIT_MODULE=none
 
   109  AUDIT_MODULE=none
 
   110  AC_ARG_WITH([audit],
 
   110  AC_ARG_WITH([audit],
 
   111 -	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
 
   111 -	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
 
   112 +	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)],
 
   112 +	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)],
 
   128  		AC_MSG_RESULT([bsm])
 
   128  		AC_MSG_RESULT([bsm])
 
   129  		AUDIT_MODULE=bsm
 
   129  		AUDIT_MODULE=bsm
 
   130 diff -pur old/defines.h new/defines.h
 
   130 diff -pur old/defines.h new/defines.h
 
   131 --- old/defines.h
 
   131 --- old/defines.h
 
   132 +++ new/defines.h
 
   132 +++ new/defines.h
 
   133 @@ -635,6 +635,11 @@ struct winsize {
 
   133 @@ -645,6 +645,11 @@ struct winsize {
 
   134  # define CUSTOM_SSH_AUDIT_EVENTS
 
   134  # define CUSTOM_SSH_AUDIT_EVENTS
 
   135  #endif
 
   135  #endif
 
   136  
   136  
   137 +#ifdef USE_SOLARIS_AUDIT
 
   137 +#ifdef USE_SOLARIS_AUDIT
 
   138 +# define SSH_AUDIT_EVENTS
 
   138 +# define SSH_AUDIT_EVENTS
 
   143  #  define __func__ __FUNCTION__
 
   143  #  define __func__ __FUNCTION__
 
   144  #elif !defined(HAVE___func__)
 
   144  #elif !defined(HAVE___func__)
 
   145 diff -pur old/sshd.c new/sshd.c
 
   145 diff -pur old/sshd.c new/sshd.c
 
   146 --- old/sshd.c
 
   146 --- old/sshd.c
 
   147 +++ new/sshd.c
 
   147 +++ new/sshd.c
 
   148 @@ -2234,7 +2234,9 @@ main(int ac, char **av)
 
   148 @@ -2043,7 +2043,9 @@ main(int ac, char **av)
 
   149  	}
 
   149  	}
 
   150  
   150  
   151  #ifdef SSH_AUDIT_EVENTS
 
   151  #ifdef SSH_AUDIT_EVENTS
 
   152 +#ifndef	USE_SOLARIS_AUDIT
 
   152 +#ifndef	USE_SOLARIS_AUDIT
 
   153  	audit_event(SSH_AUTH_SUCCESS);
 
   153  	audit_event(SSH_AUTH_SUCCESS);
 
   154 +#endif	/* !USE_SOLARIS_AUDIT */
 
   154 +#endif	/* !USE_SOLARIS_AUDIT */
 
   155  #endif
 
   155  #endif
 
   156  
   156  
   157  #ifdef GSSAPI
 
   157  #ifdef GSSAPI
 
   158 @@ -2264,6 +2266,10 @@ main(int ac, char **av)
 
   158 @@ -2073,6 +2075,10 @@ main(int ac, char **av)
 
   159  		do_pam_session();
 
   159  		do_pam_session();
 
   160  	}
 
   160  	}
 
   161  #endif
 
   161  #endif
 
   162 +#ifdef	USE_SOLARIS_AUDIT
 
   162 +#ifdef	USE_SOLARIS_AUDIT
 
   163 +	/* Audit should take place after all successful pam */
 
   163 +	/* Audit should take place after all successful pam */
upstream/oracle/userland-gate