--- a/components/sudo/patches/03-solaris_audit.patch Fri Mar 04 16:04:58 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,266 +0,0 @@
-Add Solaris auditing to sudo.
-Code was developed in-house.
-Plan is to contribute these changes upstream to
-the latest sudo release, currently 1.8.10p2.
-
---- sudo-1.8.9p5/config.h.in 2014-03-26 22:54:30.317626194 +0100
-+++ sudo-1.8.9p5/config.h.in 2014-03-26 22:54:07.840975014 +0100
-@@ -542,6 +542,9 @@
- /* Define to 1 if you have the `snprintf' function. */
- #undef HAVE_SNPRINTF
-
-+/* Define to 1 to enable Solaris audit support. */
-+#undef HAVE_SOLARIS_AUDIT
-+
- /* Define to 1 if you have the <spawn.h> header file. */
- #undef HAVE_SPAWN_H
-
---- sudo-1.8.9p5/configure.ac 2014-04-02 15:08:32.733744734 -0700
-+++ sudo-1.8.9p5/configure.ac 2014-04-02 15:01:57.931070340 -0700
-@@ -15,6 +15,7 @@ dnl
- dnl Variables that get substituted in the Makefile and man pages
- dnl
- AC_SUBST([HAVE_BSM_AUDIT])
-+AC_SUBST([HAVE_SOLARIS_AUDIT])
- AC_SUBST([SHELL])
- AC_SUBST([LIBTOOL])
- AC_SUBST([CFLAGS])
-@@ -322,6 +323,28 @@ AC_ARG_WITH(linux-audit, [AS_HELP_STRING
- esac])
-
- dnl
-+dnl Handle Solaris auditing support.
-+dnl
-+AC_ARG_WITH(solaris-audit, [AS_HELP_STRING([--with-solaris-audit], [enable Solaris audit support])],
-+[case $with_solaris_audit in
-+ yes) AC_DEFINE(HAVE_SOLARIS_AUDIT)
-+ SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
-+ SUDOERS_OBJS="${SUDOERS_OBJS} solaris_audit.lo"
-+ ;;
-+ no) ;;
-+ *) AC_MSG_ERROR(["--with-solaris-audit does not take an argument."])
-+ ;;
-+esac])
-+
-+dnl
-+dnl Check for use of Solaris audit with BSM or Linux audit
-+dnl
-+if test -n "$with_solaris_audit" && (test -n "$with_bsm_audit" || test -n "$with_linux_audit"); then
-+ AC_MSG_ERROR([BSM/Linux and Solaris auditing options are mutually exclusive.])
-+fi
-+
-+
-+dnl
- dnl Handle SSSD support.
- dnl
- AC_ARG_WITH(sssd, [AS_HELP_STRING([--with-sssd], [enable SSSD support])],
-@@ -3820,6 +3843,7 @@ AH_TEMPLATE(HAVE_SHL_LOAD, [Define to 1
- AH_TEMPLATE(HAVE_SKEY, [Define to 1 if you use S/Key.])
- AH_TEMPLATE(HAVE_SKEYACCESS, [Define to 1 if your S/Key library has skeyaccess().])
- AH_TEMPLATE(HAVE_RFC1938_SKEYCHALLENGE, [Define to 1 if the skeychallenge() function is RFC1938-compliant and takes 4 arguments.])
-+AH_TEMPLATE(HAVE_SOLARIS_AUDIT, [Define to 1 to enable Solaris audit support.])
- AH_TEMPLATE(HAVE_ST__TIM, [Define to 1 if your struct stat uses an st__tim union.])
- AH_TEMPLATE(HAVE_ST_MTIM, [Define to 1 if your struct stat has an st_mtim member.])
- AH_TEMPLATE(HAVE_ST_MTIMESPEC, [Define to 1 if your struct stat has an st_mtimespec member.])
---- sudo-1.8.9p5/INSTALL 2014-03-26 22:55:50.218196304 +0100
-+++ sudo-1.8.9p5/INSTALL 2014-03-26 22:55:37.278167183 +0100
-@@ -386,6 +386,9 @@
- the user name (separated by a slash) when creating the
- principal name.
-
-+ --with-solaris-audit
-+ Enable audit support for Solaris systems.
-+
- --with-opie[=DIR]
- Enable NRL OPIE OTP (One Time Password) support. If specified,
- DIR should contain include and lib directories with opie.h
---- sudo-1.8.9p5/MANIFEST 2014-03-26 22:57:04.778504180 +0100
-+++ sudo-1.8.9p5/MANIFEST 2014-03-26 22:56:53.268979852 +0100
-@@ -369,6 +369,8 @@
- plugins/sudoers/set_perms.c
- plugins/sudoers/sha2.c
- plugins/sudoers/sha2.h
-+plugins/sudoers/solaris_audit.c
-+plugins/sudoers/solaris_audit.h
- plugins/sudoers/sssd.c
- plugins/sudoers/sudo_nss.c
- plugins/sudoers/sudo_nss.h
---- sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:36.454013953 +0100
-+++ sudo-1.8.9p5/mkdep.pl 2014-03-26 22:58:24.406067303 +0100
-@@ -67,7 +67,7 @@
- $makefile =~ s:\@DEV\@::g;
- $makefile =~ s:\@COMMON_OBJS\@:aix.lo event_poll.lo event_select.lo:;
- $makefile =~ s:\@SUDO_OBJS\@:openbsd.o preload.o selinux.o sesh.o solaris.o sudo_noexec.lo:;
-- $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo sssd.lo:;
-+ $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo solaris_audit.lo sssd.lo:;
- # XXX - fill in AUTH_OBJS from contents of the auth dir instead
- $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
- $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo fnmatch.lo getaddrinfo.lo getcwd.lo getgrouplist.lo getline.lo getopt_long.lo glob.lo isblank.lo memrchr.lo memset_s.lo mksiglist.lo mksigname.lo mktemp.lo pw_dup.lo sig2str.lo siglist.lo signame.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo strtonum.lo utimes.lo globtest.o fnm_test.o:;
---- sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:28.211242562 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/audit.c 2014-03-26 22:59:08.314263649 +0100
-@@ -43,6 +43,9 @@
- #ifdef HAVE_LINUX_AUDIT
- # include "linux_audit.h"
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+# include "solaris_audit.h"
-+#endif
-
- #define DEFAULT_TEXT_DOMAIN "sudoers"
- #include "gettext.h"
-@@ -59,6 +62,9 @@
- #ifdef HAVE_LINUX_AUDIT
- linux_audit_command(exec_args, 1);
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+ solaris_audit_success(exec_args);
-+#endif
- }
-
- debug_return;
-@@ -82,6 +88,9 @@
- #ifdef HAVE_LINUX_AUDIT
- linux_audit_command(exec_args, 0);
- #endif
-+#ifdef HAVE_SOLARIS_AUDIT
-+ solaris_audit_failure(exec_args, fmt, ap);
-+#endif
- va_end(ap);
- }
-
---- sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:57.999081022 +0100
-+++ sudo-1.8.9p5/plugins/sudoers/Makefile.in 2014-03-26 23:02:48.982043568 +0100
-@@ -457,7 +457,7 @@
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/alias.c
- audit.lo: $(srcdir)/audit.c $(incdir)/gettext.h $(incdir)/missing.h \
- $(incdir)/sudo_debug.h $(srcdir)/bsm_audit.h $(srcdir)/linux_audit.h \
-- $(srcdir)/logging.h $(top_builddir)/config.h \
-+ $(srcdir)/solaris_audit.h $(srcdir)/logging.h $(top_builddir)/config.h \
- $(top_srcdir)/compat/stdbool.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/audit.c
- base64.lo: $(srcdir)/base64.c $(incdir)/missing.h $(incdir)/sudo_debug.h \
-@@ -659,6 +659,9 @@
- $(incdir)/gettext.h $(incdir)/missing.h $(incdir)/sudo_debug.h \
- $(srcdir)/linux_audit.h $(top_builddir)/config.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/linux_audit.c
-+solaris_audit.lo: $(srcdir)/solaris_audit.c $(top_builddir)/config.h \
-+ $(srcdir)/sudoers.h $(incdir)/sudo_debug.h $(srcdir)/solaris_audit.h
-+ $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(DEFS) $(srcdir)/solaris_audit.c
- locale.lo: $(srcdir)/locale.c $(incdir)/alloc.h $(incdir)/fatal.h \
- $(incdir)/gettext.h $(incdir)/missing.h $(srcdir)/logging.h \
- $(top_builddir)/config.h $(top_srcdir)/compat/stdbool.h
-diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c sudo-1.8.6p7/plugins/sudoers/solaris_audit.c
---- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.c 1969-12-31 16:00:00.000000000 -0800
-+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.c 2014-03-18 12:09:27.850924000 -0700
-@@ -0,0 +1,95 @@
-+/*
-+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-+ */
-+
-+#include <config.h>
-+#include <stdarg.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+#include <bsm/adt.h>
-+#include <bsm/adt_event.h>
-+
-+#include "sudoers.h"
-+#include "sudo_debug.h"
-+#include "solaris_audit.h"
-+
-+adt_session_data_t *ah; /* audit session handle */
-+adt_event_data_t *event; /* event to be generated */
-+char cwd[MAXPATHLEN];
-+char cmdpath[PATH_MAX];
-+
-+static void
-+adt_sudo_common(char *exec_args[])
-+{
-+ int argc;
-+
-+ if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
-+ log_warning(USE_ERRNO | NO_STDERR, _("sudo: adt_start_session"));
-+ }
-+ if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) {
-+ log_warning(USE_ERRNO | NO_STDERR, _("sudo: alloc_event"));
-+ }
-+ if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof (cwd))) == NULL) {
-+ log_warning(USE_ERRNO | NO_STDERR, _("sudo: can't add cwd path"));
-+ }
-+ for (argc = 0; exec_args[argc] != NULL; argc++) {
-+ continue;
-+ }
-+
-+ /* get the real executable name */
-+ if (user_cmnd != NULL) {
-+ if (strlcpy(cmdpath, (const char *)user_cmnd,
-+ sizeof (cmdpath)) >= sizeof (cmdpath)) {
-+ log_warning(NO_STDERR,
-+ _("sudo: truncated audit path " "user_cmnd: %s"),
-+ user_cmnd);
-+ }
-+ } else {
-+ if (strlcpy(cmdpath, (const char *)exec_args[0],
-+ sizeof (cmdpath)) >= sizeof (cmdpath)) {
-+ log_warning(NO_STDERR,
-+ _("sudo: truncated audit path " "argv[0]: %s"),
-+ exec_args[0]);
-+ }
-+ }
-+
-+ event->adt_sudo.cmdpath = cmdpath;
-+
-+ event->adt_sudo.argc = argc - 1;
-+ event->adt_sudo.argv = &exec_args[1];
-+ event->adt_sudo.envp = env_get();
-+}
-+
-+
-+void
-+solaris_audit_success(char *exec_args[])
-+{
-+ adt_sudo_common(exec_args);
-+
-+ if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
-+ log_warning(USE_ERRNO | NO_STDERR,
-+ _("sudo: adt_put_event(success)"));
-+ }
-+ adt_free_event(event);
-+ (void) adt_end_session(ah);
-+}
-+
-+void
-+solaris_audit_failure(char *exec_args[], char const *const fmt, va_list ap)
-+{
-+ adt_sudo_common(exec_args);
-+
-+ if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) {
-+ log_warning(USE_ERRNO | NO_STDERR,
-+ _("sudo: audit_failure message too long"));
-+ }
-+ if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
-+ log_warning(USE_ERRNO | NO_STDERR,
-+ _("sudo: adt_put_event(failure)"));
-+ }
-+ free(event->adt_sudo.errmsg);
-+ adt_free_event(event);
-+ (void) adt_end_session(ah);
-+}
-diff -rupN sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h sudo-1.8.6p7/plugins/sudoers/solaris_audit.h
---- sudo-1.8.6p7-orig/plugins/sudoers/solaris_audit.h 1969-12-31 16:00:00.000000000 -0800
-+++ sudo-1.8.6p7/plugins/sudoers/solaris_audit.h 2014-03-18 14:20:22.069087000 -0700
-@@ -0,0 +1,11 @@
-+/*
-+ * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-+ */
-+
-+#ifndef _SUDO_SOLARIS_AUDIT_H
-+#define _SUDO_SOLARIS_AUDIT_H
-+
-+void solaris_audit_success(char **);
-+void solaris_audit_failure(char **, char const * const, va_list);
-+
-+#endif /* _SUDO_SOLARIS_AUDIT_H */
-