43 + *) AC_MSG_ERROR(["--with-solaris-audit does not take an argument."]) |
41 + *) AC_MSG_ERROR(["--with-solaris-audit does not take an argument."]) |
44 + ;; |
42 + ;; |
45 +esac]) |
43 +esac]) |
46 + |
44 + |
47 +dnl |
45 +dnl |
|
46 +dnl Check for use of Solaris audit with BSM or Linux audit |
|
47 +dnl |
|
48 +if test -n "$with_solaris_audit" && (test -n "$with_bsm_audit" || test -n "$with_linux_audit"); then |
|
49 + AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.]) |
|
50 +fi |
|
51 + |
|
52 + |
|
53 +dnl |
48 dnl Handle SSSD support. |
54 dnl Handle SSSD support. |
49 dnl |
55 dnl |
50 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], |
56 AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])], |
51 @@ -1979,6 +1994,13 @@ if test -n "$with_noexec"; then |
57 @@ -3820,6 +3843,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 |
52 fi |
|
53 |
|
54 dnl |
|
55 +dnl Check for use of Solaris audit with BSM or Linux audit |
|
56 +dnl |
|
57 +if test "${with_solaris_audit+set}" = set && ( test "${with_bsm_audit+set}" = set || test "${with_linux_audit+set}" = set); then |
|
58 + AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.]) |
|
59 +fi |
|
60 + |
|
61 +dnl |
|
62 dnl Check for mixing mutually exclusive and regular auth methods |
|
63 dnl |
|
64 AUTH_REG=${AUTH_REG# } |
|
65 @@ -3622,6 +3644,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1 |
|
66 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) |
58 AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.]) |
67 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) |
59 AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().]) |
68 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments]) |
60 AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.]) |
69 +AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.]) |
61 +AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.]) |
70 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union]) |
62 AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.]) |
71 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member]) |
63 AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.]) |
72 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member]) |
64 AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.]) |
73 diff -rupN sudo-1.8.6p7-orig/INSTALL sudo-1.8.6p7/INSTALL |
65 --- sudo-1.8.9p5/INSTALL 2014-03-26 22:55:50.218196304 +0100 |
74 --- sudo-1.8.6p7-orig/INSTALL 2013-02-25 11:42:43.000000000 -0800 |
66 +++ sudo-1.8.9p5/INSTALL 2014-03-26 22:55:37.278167183 +0100 |
75 +++ sudo-1.8.6p7/INSTALL 2013-12-18 14:06:38.000000000 -0800 |
67 @@ -386,6 +386,9 @@ |
76 @@ -159,6 +159,9 @@ Special features/options: |
68 the user name (separated by a slash) when creating the |
77 DIR should contain include and lib directories with skey.h |
69 principal name. |
78 and libskey.a respectively. |
|
79 |
70 |
80 + --with-solaris-audit |
71 + --with-solaris-audit |
81 + Enable audit support for Solaris systems. |
72 + Enable audit support for Solaris systems. |
82 + |
73 + |
83 --with-opie[=DIR] |
74 --with-opie[=DIR] |
84 Enable NRL OPIE OTP (One Time Password) support. If specified, |
75 Enable NRL OPIE OTP (One Time Password) support. If specified, |
85 DIR should contain include and lib directories with opie.h |
76 DIR should contain include and lib directories with opie.h |
86 diff -rupN sudo-1.8.6p7-orig/MANIFEST sudo-1.8.6p7/MANIFEST |
77 --- sudo-1.8.9p5/MANIFEST 2014-03-26 22:57:04.778504180 +0100 |
87 --- sudo-1.8.6p7-orig/MANIFEST 2013-02-25 11:42:43.000000000 -0800 |
78 +++ sudo-1.8.9p5/MANIFEST 2014-03-26 22:56:53.268979852 +0100 |
88 +++ sudo-1.8.6p7/MANIFEST 2013-12-18 13:46:06.000000000 -0800 |
79 @@ -369,6 +369,8 @@ |
89 @@ -261,6 +261,8 @@ plugins/sudoers/regress/sudoers/test8.to |
|
90 plugins/sudoers/regress/testsudoers/test1.out.ok |
|
91 plugins/sudoers/regress/testsudoers/test1.sh |
|
92 plugins/sudoers/set_perms.c |
80 plugins/sudoers/set_perms.c |
|
81 plugins/sudoers/sha2.c |
|
82 plugins/sudoers/sha2.h |
93 +plugins/sudoers/solaris_audit.c |
83 +plugins/sudoers/solaris_audit.c |
94 +plugins/sudoers/solaris_audit.h |
84 +plugins/sudoers/solaris_audit.h |
95 plugins/sudoers/sssd.c |
85 plugins/sudoers/sssd.c |
96 plugins/sudoers/sudo_nss.c |
86 plugins/sudoers/sudo_nss.c |
97 plugins/sudoers/sudo_nss.h |
87 plugins/sudoers/sudo_nss.h |
98 diff -rupN sudo-1.8.6p7-orig/mkdep.pl sudo-1.8.6p7/mkdep.pl |
88 --- sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:36.454013953 +0100 |
99 --- sudo-1.8.6p7-orig/mkdep.pl 2013-02-25 11:42:44.000000000 -0800 |
89 +++ sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:24.406067303 +0100 |
100 +++ sudo-1.8.6p7/mkdep.pl 2013-12-18 14:03:37.000000000 -0800 |
90 @@ -67,7 +67,7 @@ |
101 @@ -52,7 +52,7 @@ sub mkdep { |
|
102 $makefile =~ s:\@DEV\@::g; |
91 $makefile =~ s:\@DEV\@::g; |
103 $makefile =~ s:\@COMMON_OBJS\@:aix.lo:; |
92 $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:; |
104 $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:; |
93 $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:; |
105 - $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo sssd.lo:; |
94 - $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:; |
106 + $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo solaris_audit.lo sssd.lo:; |
95 + $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:; |
107 # XXX - fill in AUTH_OBJS from contents of the auth dir instead |
96 # XXX - fill in AUTH_OBJS from contents of the auth dir instead |
108 $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; |
97 $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:; |
109 $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mksigname.lo mktemp.lo nanosleep.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo utimes.lo globtest.o fnm_test.o:; |
98 $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo globtest.o fnm_test.o:; |
110 diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/audit.c sudo-1.8.6p7/plugins/sudoers/audit.c |
99 --- sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:28.211242562 +0100 |
111 --- sudo-1.8.6p7-orig/plugins/sudoers/audit.c 2013-02-25 11:46:09.000000000 -0800 |
100 +++ sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:08.314263649 +0100 |
112 +++ sudo-1.8.6p7/plugins/sudoers/audit.c 2013-12-18 13:48:56.000000000 -0800 |
|
113 @@ -43,6 +43,9 @@ |
101 @@ -43,6 +43,9 @@ |
114 #ifdef HAVE_LINUX_AUDIT |
102 #ifdef HAVE_LINUX_AUDIT |
115 # include "linux_audit.h" |
103 # include "linux_audit.h" |
116 #endif |
104 #endif |
117 +#ifdef HAVE_SOLARIS_AUDIT |
105 +#ifdef HAVE_SOLARIS_AUDIT |
118 +# include "solaris_audit.h" |
106 +# include "solaris_audit.h" |
119 +#endif |
107 +#endif |
120 |
108 |
121 void |
109 #define DEFAULT_TEXT_DOMAIN "sudoers" |
122 audit_success(char *exec_args[]) |
110 #include "gettext.h" |
123 @@ -56,6 +59,9 @@ audit_success(char *exec_args[]) |
111 @@ -59,6 +62,9 @@ |
124 #ifdef HAVE_LINUX_AUDIT |
112 #ifdef HAVE_LINUX_AUDIT |
125 linux_audit_command(exec_args, 1); |
113 linux_audit_command(exec_args, 1); |
126 #endif |
114 #endif |
127 +#ifdef HAVE_SOLARIS_AUDIT |
115 +#ifdef HAVE_SOLARIS_AUDIT |
128 + solaris_audit_success(exec_args); |
116 + solaris_audit_success(exec_args); |
129 +#endif |
117 +#endif |
130 } |
118 } |
131 |
119 |
132 debug_return; |
120 debug_return; |
133 @@ -75,6 +81,9 @@ audit_failure(char *exec_args[], char co |
121 @@ -82,6 +88,9 @@ |
134 #ifdef HAVE_LINUX_AUDIT |
122 #ifdef HAVE_LINUX_AUDIT |
135 linux_audit_command(exec_args, 0); |
123 linux_audit_command(exec_args, 0); |
136 #endif |
124 #endif |
137 +#ifdef HAVE_SOLARIS_AUDIT |
125 +#ifdef HAVE_SOLARIS_AUDIT |
138 + solaris_audit_failure(exec_args, fmt, ap); |
126 + solaris_audit_failure(exec_args, fmt, ap); |
139 +#endif |
127 +#endif |
140 va_end(ap); |
128 va_end(ap); |
141 } |
129 } |
142 |
130 |
143 diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in sudo-1.8.6p7/plugins/sudoers/Makefile.in |
131 --- sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:57.999081022 +0100 |
144 --- sudo-1.8.6p7-orig/plugins/sudoers/Makefile.in 2013-02-25 11:46:09.000000000 -0800 |
132 +++ sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:48.982043568 +0100 |
145 +++ sudo-1.8.6p7/plugins/sudoers/Makefile.in 2014-04-02 12:31:58.298858000 -0700 |
133 @@ -457,7 +457,7 @@ |
146 @@ -432,7 +432,7 @@ alias.lo: $(srcdir)/alias.c $(top_buildd |
|
147 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c |
134 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c |
148 audit.lo: $(srcdir)/audit.c $(top_builddir)/config.h $(incdir)/missing.h \ |
135 audit.lo: $(srcdir)/audit.c $(incdir)/gettext.h $(incdir)/missing.h \ |
149 $(srcdir)/logging.h $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h \ |
136 $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \ |
150 - $(srcdir)/linux_audit.h |
137 - $(srcdir)/logging.h $(top_builddir)/config.h \ |
151 + $(srcdir)/linux_audit.h $(srcdir)/solaris_audit.h |
138 + $(srcdir)/solaris_audit.h $(srcdir)/logging.h $(top_builddir)/config.h \ |
|
139 $(top_srcdir)/compat/stdbool.h |
152 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c |
140 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c |
153 boottime.lo: $(srcdir)/boottime.c $(top_builddir)/config.h $(incdir)/missing.h \ |
141 base64.lo: $(srcdir)/base64.c $(incdir)/missing.h $(incdir)/sudo_debug.h \ |
154 $(incdir)/sudo_debug.h |
142 @@ -659,6 +659,9 @@ |
155 @@ -728,6 +728,10 @@ sia.lo: $(authdir)/sia.c $(top_builddir) |
143 $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \ |
156 $(devdir)/def_data.h $(srcdir)/logging.h $(srcdir)/sudo_nss.h \ |
144 $(srcdir)/linux_audit.h $(top_builddir)/config.h |
157 $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h $(incdir)/gettext.h |
145 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c |
158 $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(authdir)/sia.c |
|
159 +solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \ |
146 +solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \ |
160 + $(srcdir)/sudoers.h $(incdir)/sudo_debug.h \ |
147 + $(srcdir)/sudoers.h $(incdir)/sudo_debug.h $(srcdir)/solaris_audit.h |
161 + $(srcdir)/solaris_audit.h |
|
162 + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c |
148 + $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c |
163 sssd.lo: $(srcdir)/sssd.c $(top_builddir)/config.h \ |
149 locale.lo: $(srcdir)/locale.c $(incdir)/alloc.h $(incdir)/fatal.h \ |
164 $(top_srcdir)/compat/dlfcn.h $(srcdir)/sudoers.h \ |
150 $(incdir)/gettext.h $(incdir)/missing.h $(srcdir)/logging.h \ |
165 $(top_srcdir)/compat/stdbool.h $(top_builddir)/pathnames.h \ |
151 $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h |
166 diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c |
152 diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c |
167 --- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c 1969-12-31 16:00:00.000000000 -0800 |
153 --- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c 1969-12-31 16:00:00.000000000 -0800 |
168 +++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.000000000 -0700 |
154 +++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.850924000 -0700 |
169 @@ -0,0 +1,95 @@ |
155 @@ -0,0 +1,95 @@ |
170 +/* |
156 +/* |
171 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
157 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
172 + */ |
158 + */ |
173 + |
159 + |
193 +adt_sudo_common(char *exec_args[]) |
179 +adt_sudo_common(char *exec_args[]) |
194 +{ |
180 +{ |
195 + int argc; |
181 + int argc; |
196 + |
182 + |
197 + if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { |
183 + if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { |
198 + log_error(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session")); |
184 + log_warning(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session")); |
199 + } |
185 + } |
200 + if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) { |
186 + if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) { |
201 + log_error(USE_ERRNO | NO_STDERR, _("sudo: alloc_event")); |
187 + log_warning(USE_ERRNO | NO_STDERR, _("sudo: alloc_event")); |
202 + } |
188 + } |
203 + if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) { |
189 + if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) { |
204 + log_error(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path")); |
190 + log_warning(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path")); |
205 + } |
191 + } |
206 + for (argc = 0; exec_args[argc] != NULL; argc++) { |
192 + for (argc = 0; exec_args[argc] != NULL; argc++) { |
207 + continue; |
193 + continue; |
208 + } |
194 + } |
209 + |
195 + |
210 + /* get the real executable name */ |
196 + /* get the real executable name */ |
211 + if (user_cmnd != NULL) { |
197 + if (user_cmnd != NULL) { |
212 + if (strlcpy(cmdpath, (const char *)user_cmnd, |
198 + if (strlcpy(cmdpath, (const char *)user_cmnd, |
213 + sizeof (cmdpath)) >= sizeof (cmdpath)) { |
199 + sizeof (cmdpath)) >= sizeof (cmdpath)) { |
214 + log_error(NO_STDERR, |
200 + log_warning(NO_STDERR, |
215 + _("sudo: truncated audit path " "user_cmnd: %s"), |
201 + _("sudo: truncated audit path " "user_cmnd: %s"), |
216 + user_cmnd); |
202 + user_cmnd); |
217 + } |
203 + } |
218 + } else { |
204 + } else { |
219 + if (strlcpy(cmdpath, (const char *)exec_args[0], |
205 + if (strlcpy(cmdpath, (const char *)exec_args[0], |
220 + sizeof (cmdpath)) >= sizeof (cmdpath)) { |
206 + sizeof (cmdpath)) >= sizeof (cmdpath)) { |
221 + log_error(NO_STDERR, |
207 + log_warning(NO_STDERR, |
222 + _("sudo: truncated audit path " "argv[0]: %s"), |
208 + _("sudo: truncated audit path " "argv[0]: %s"), |
223 + exec_args[0]); |
209 + exec_args[0]); |
224 + } |
210 + } |
225 + } |
211 + } |
226 + |
212 + |