#
# Add Solaris Auditing configuration (--with-audit=solaris) to openssh-6.5p1.
#
# Add phase 1 Solaris Auditing of sshd login/logout to openssh-6.5p1.
#
# Additional Solaris Auditing should include audit of password
#  change.
# Presuming it is appropriate, this patch should/will be updated
#  with additional files and updates to sources/audit-solaris.c 
#
# Code is developed by the Solaris Audit team.
# It should/will likely be contributed up stream when done.
# This patch relies on sources/audit-solaris.c being copied into
#  the openssh source directory by the Makefile that configures
#  using --with-audit=solaris.
#
# The up stream community has been contacted about the plans.
#  No reply has yet been received.
#
# An additional patch relying on the --with-audit=solaris configuration
#  should/will be created for sftp Solaris Audit and password change.
#
diff -pur old/INSTALL new/INSTALL
--- old/INSTALL
+++ new/INSTALL
@@ -92,9 +92,13 @@ http://www.gnu.org/software/autoconf/
 
 Basic Security Module (BSM):
 
-Native BSM support is know to exist in Solaris from at least 2.5.1,
-FreeBSD 6.1 and OS X.  Alternatively, you may use the OpenBSM
-implementation (http://www.openbsm.org).
+Native BSM support is known to exist in Solaris from at least 2.5.1
+to Solaris 10.  From Solaris 11 the previously documented BSM (libbsm)
+interfaces are no longer public and are unsupported.  While not public
+interfaces, audit-solaris.c implements Solaris Audit from Solaris 11.
+Native BSM support is known to exist in FreeBSD 6.1 and OS X.
+Alternatively, you may use the OpenBSM implementation
+(http://www.openbsm.org).
 
 
 2. Building / Installation
@@ -147,8 +151,9 @@ name).
 There are a few other options to the configure script:
 
 --with-audit=[module] enable additional auditing via the specified module.
-Currently, drivers for "debug" (additional info via syslog) and "bsm"
-(Sun's Basic Security Module) are supported.
+Currently, drivers for "debug" (additional info via syslog), and "bsm"
+(Sun's Legacy Basic Security Module prior to Solaris 11), and "solaris"
+(Sun's Audit infrastructure from Solaris 11) are supported.
 
 --with-pam enables PAM support. If PAM support is compiled in, it must
 also be enabled in sshd_config (refer to the UsePAM directive).
diff -pur old/Makefile.in new/Makefile.in
--- old/Makefile.in
+++ new/Makefile.in
@@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
 	roaming_common.o roaming_client.o
 
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
-	audit.o audit-bsm.o audit-linux.o platform.o \
+	audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
 	sshpty.o sshlogin.o servconf.o serverloop.o \
 	auth.o auth1.o auth2.o auth-options.o session.o \
 	auth-chall.o auth2-chall.o groupaccess.o \
diff -pur old/README.platform new/README.platform
--- old/README.platform
+++ new/README.platform
@@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian base
 libssl-dev, libz-dev and libpam-dev.
 
 
-Solaris
--------
+Prior to Solaris 11
+-------------------
 If you enable BSM auditing on Solaris, you need to update audit_event(4)
 for praudit(1m) to give sensible output.  The following line needs to be
 added to /etc/security/audit_event:
@@ -82,6 +82,9 @@ There is no official registry of 3rd par
 number is already in use on your system, you may change it at build time
 by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
 
+From Solaris 11
+---------------
+Solaris Audit is supported by configuring --with-audit=solaris.
 
 Platforms using PAM
 -------------------
diff -pur old/config.h.in new/config.h.in
--- old/config.h.in
+++ new/config.h.in
@@ -1635,6 +1635,9 @@
 /* Use Linux audit module */
 #undef USE_LINUX_AUDIT
 
+/* Use Solaris audit module */
+#undef USE_SOLARIS_AUDIT
+
 /* Enable OpenSSL engine support */
 #undef USE_OPENSSL_ENGINE
 
diff -pur old/configure.ac new/configure.ac
--- old/configure.ac
+++ new/configure.ac
@@ -1517,10 +1517,21 @@ AC_ARG_WITH([libedit],
 
 AUDIT_MODULE=none
 AC_ARG_WITH([audit],
-	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux)],
+	[  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)],
 	[
 	  AC_MSG_CHECKING([for supported audit module])
 	  case "$withval" in
+	  solaris)
+		AC_MSG_RESULT([solaris])
+		AUDIT_MODULE=solaris
+		dnl    Checks for headers, libs and functions
+		AC_CHECK_HEADERS([bsm/adt.h], [],
+		    [AC_MSG_ERROR([Solaris Audit enabled and bsm/adt.h not found])],
+		    []
+		)
+		SSHDLIBS="$SSHDLIBS -lbsm"
+		AC_DEFINE([USE_SOLARIS_AUDIT], [1], [Use Solaris audit module])
+		;;
 	  bsm)
 		AC_MSG_RESULT([bsm])
 		AUDIT_MODULE=bsm
diff -pur old/defines.h new/defines.h
--- old/defines.h
+++ new/defines.h
@@ -635,6 +635,11 @@ struct winsize {
 # define CUSTOM_SSH_AUDIT_EVENTS
 #endif
 
+#ifdef USE_SOLARIS_AUDIT
+# define SSH_AUDIT_EVENTS
+# define CUSTOM_SSH_AUDIT_EVENTS
+#endif
+
 #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
 #  define __func__ __FUNCTION__
 #elif !defined(HAVE___func__)
diff -pur old/sshd.c new/sshd.c
--- old/sshd.c
+++ new/sshd.c
@@ -2234,7 +2234,9 @@ main(int ac, char **av)
 	}
 
 #ifdef SSH_AUDIT_EVENTS
+#ifndef	USE_SOLARIS_AUDIT
 	audit_event(SSH_AUTH_SUCCESS);
+#endif	/* !USE_SOLARIS_AUDIT */
 #endif
 
 #ifdef GSSAPI
@@ -2264,6 +2266,10 @@ main(int ac, char **av)
 		do_pam_session();
 	}
 #endif
+#ifdef	USE_SOLARIS_AUDIT
+	/* Audit should take place after all successful pam */
+	audit_event(SSH_AUTH_SUCCESS);
+#endif	/* USE_SOLARIS_AUDIT */
 
 	/*
 	 * In privilege separation, we fork another child and prepare