#
# Private symbol cannot_audit() was demoted to local in libbsm.so and is no
# longer available to its consumers. For OpenSSH sshd this was causing runtime
# linker errors at accepting connections from clients.
#
# On S12 audit is always enabled. As an interim solution to unbreak OpenSSH
# with S12_57+ libbsm.so, we remove the calls to cannot_audit().
#
# Symbol aug_get_machine was demoted to local too. OpenSSH configure checks
# for aug_get_machine in libbsm.so and provides its own implementation if not
# present. To avoid OpenSSH built on an S12_56- build machine failing with
# run-time liker error on S12_57+ system, we overrule configure's
# HAVE_AUG_GET_MACHINE directly in the code.
#
# This patch will be removed once 19629847 is integrated.
#
diff -ur old/audit-bsm.c new/audit-bsm.c
--- old/audit-bsm.c 2012-02-23 15:40:43.000000000 -0800
+++ new/audit-bsm.c 2014-09-18 05:16:43.210289238 -0700
@@ -81,9 +81,6 @@
#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
#endif
-#ifndef cannot_audit
-extern int cannot_audit(int);
-#endif
extern void aug_init(void);
extern void aug_save_auid(au_id_t);
extern void aug_save_uid(uid_t);
@@ -126,6 +123,8 @@
/* Below is the low-level BSM interface code */
+/* Force local definition of aug_get_machine */
+#undef HAVE_AUG_GET_MACHINE
/*
* aug_get_machine is only required on IPv6 capable machines, we use a
* different mechanism in audit_connection_from() for IPv4-only machines.
@@ -355,8 +354,6 @@
AuditInfoTermID *tid = &ssh_bsm_tid;
char buf[1024];
- if (cannot_audit(0))
- return;
debug3("BSM audit: connection from %.100s port %d", host, port);
/* populate our terminal id structure */
@@ -400,8 +397,6 @@
static int logged_in = 0;
const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";
- if (cannot_audit(0))
- return;
switch(event) {
case SSH_AUTH_SUCCESS: