#
# Private symbol cannot_audit() was demoted to local in libbsm.so and is no
# longer available to its consumers. For OpenSSH sshd this was causing runtime
# linker errors at accepting connections from clients.
#
# On S12 audit is always enabled. As an interim solution to unbreak OpenSSH
# with S12_57+ libbsm.so, we remove the calls to cannot_audit().
#
# Symbol aug_get_machine was demoted to local too. OpenSSH configure checks
# for aug_get_machine in libbsm.so and provides its own implementation if not
# present. To avoid OpenSSH built on an S12_56- build machine failing with
# run-time liker error on S12_57+ system, we overrule configure's
# HAVE_AUG_GET_MACHINE directly in the code.
#
# This patch will be removed once 19629847 is integrated.
#
diff -ur old/audit-bsm.c new/audit-bsm.c
--- old/audit-bsm.c	2012-02-23 15:40:43.000000000 -0800
+++ new/audit-bsm.c	2014-09-18 05:16:43.210289238 -0700
@@ -81,9 +81,6 @@
 #define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
 #endif
 
-#ifndef cannot_audit
-extern int	cannot_audit(int);
-#endif
 extern void	aug_init(void);
 extern void	aug_save_auid(au_id_t);
 extern void	aug_save_uid(uid_t);
@@ -126,6 +123,8 @@
 
 /* Below is the low-level BSM interface code */
 
+/* Force local definition of aug_get_machine */
+#undef HAVE_AUG_GET_MACHINE
 /*
  * aug_get_machine is only required on IPv6 capable machines, we use a
  * different mechanism in audit_connection_from() for IPv4-only machines.
@@ -355,8 +354,6 @@
 	AuditInfoTermID *tid = &ssh_bsm_tid;
 	char buf[1024];
 
-	if (cannot_audit(0))
-		return;
 	debug3("BSM audit: connection from %.100s port %d", host, port);
 
 	/* populate our terminal id structure */
@@ -400,8 +397,6 @@
 	static int logged_in = 0;
 	const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";
 
-	if (cannot_audit(0))
-		return;
 
 	switch(event) {
 	case SSH_AUTH_SUCCESS: