|
1 # |
|
2 # Private symbol cannot_audit() was demoted to local in libbsm.so and is no |
|
3 # longer available to its consumers. For OpenSSH sshd this was causing runtime |
|
4 # linker errors at accepting connections from clients. |
|
5 # |
|
6 # On S12 audit is always enabled. As an interim solution to unbreak OpenSSH |
|
7 # with S12_57+ libbsm.so, we remove the calls to cannot_audit(). |
|
8 # |
|
9 # Symbol aug_get_machine was demoted to local too. OpenSSH configure checks |
|
10 # for aug_get_machine in libbsm.so and provides its own implementation if not |
|
11 # present. To avoid OpenSSH built on an S12_56- build machine failing with |
|
12 # run-time liker error on S12_57+ system, we overrule configure's |
|
13 # HAVE_AUG_GET_MACHINE directly in the code. |
|
14 # |
|
15 # This patch will be removed once 19629847 is integrated. |
|
16 # |
|
17 diff -ur old/audit-bsm.c new/audit-bsm.c |
|
18 --- old/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800 |
|
19 +++ new/audit-bsm.c 2014-09-18 05:16:43.210289238 -0700 |
|
20 @@ -81,9 +81,6 @@ |
|
21 #define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b)) |
|
22 #endif |
|
23 |
|
24 -#ifndef cannot_audit |
|
25 -extern int cannot_audit(int); |
|
26 -#endif |
|
27 extern void aug_init(void); |
|
28 extern void aug_save_auid(au_id_t); |
|
29 extern void aug_save_uid(uid_t); |
|
30 @@ -126,6 +123,8 @@ |
|
31 |
|
32 /* Below is the low-level BSM interface code */ |
|
33 |
|
34 +/* Force local definition of aug_get_machine */ |
|
35 +#undef HAVE_AUG_GET_MACHINE |
|
36 /* |
|
37 * aug_get_machine is only required on IPv6 capable machines, we use a |
|
38 * different mechanism in audit_connection_from() for IPv4-only machines. |
|
39 @@ -355,8 +354,6 @@ |
|
40 AuditInfoTermID *tid = &ssh_bsm_tid; |
|
41 char buf[1024]; |
|
42 |
|
43 - if (cannot_audit(0)) |
|
44 - return; |
|
45 debug3("BSM audit: connection from %.100s port %d", host, port); |
|
46 |
|
47 /* populate our terminal id structure */ |
|
48 @@ -400,8 +397,6 @@ |
|
49 static int logged_in = 0; |
|
50 const char *user = the_authctxt ? the_authctxt->user : "(unknown user)"; |
|
51 |
|
52 - if (cannot_audit(0)) |
|
53 - return; |
|
54 |
|
55 switch(event) { |
|
56 case SSH_AUTH_SUCCESS: |