--- a/components/krb5/patches/077-solaris-audit.patch Sat Dec 17 21:18:50 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,239 +0,0 @@
-#
-# This patch provides a check to see if bsm is supported and if so then
-# configures the build for the KRB5KDC audit plugin support for Solaris based
-# systems.
-#
-# The patch also builds a temporary audit module for kadmind that provides a
-# temporary solution until an adminstrative plugin framework is available,
-# upstream.
-#
-# This patch is not intended to be contributed to MIT as the changes are Solaris
-# specific and, in the case for kadmind, a temporary solution.
-#
-# Patch source: in-house
-#
---- a/src/config/pre.in
-+++ b/src/config/pre.in
[email protected]@ -212,6 +212,7 @@ MODULE_DIR = @[email protected]/krb5/plugins
- KRB5_DB_MODULE_DIR = $(MODULE_DIR)/kdb
- KRB5_PA_MODULE_DIR = $(MODULE_DIR)/preauth
- KRB5_AD_MODULE_DIR = $(MODULE_DIR)/authdata
-+KRB5_AU_MODULE_DIR = $(MODULE_DIR)/audit
- KRB5_LIBKRB5_MODULE_DIR = $(MODULE_DIR)/libkrb5
- KRB5_TLS_MODULE_DIR = $(MODULE_DIR)/tls
- KRB5_LOCALEDIR = @[email protected]
---- a/src/configure.in
-+++ b/src/configure.in
[email protected]@ -188,7 +188,7 @@ if test "$withval" = yes; then
- fi
-
- # Check which (if any) audit plugin to build
--audit_plugin=""
-+audit_plugin="solaris"
- AC_ARG_ENABLE([audit-plugin],
- AC_HELP_STRING([--enable-audit-plugin=IMPL],
- [use audit plugin @<:@ do not use audit @:>@]), , enableval=no)
[email protected]@ -203,6 +203,13 @@ if test "$enableval" != no; then
- audit_plugin=plugins/audit/simple ],
- AC_MSG_ERROR([libaudit not found or undefined symbol audit_log_user_message]))
- ;;
-+ solaris)
-+ AC_CHECK_LIB(bsm, adt_start_session,
-+ [AUDIT_IMPL_LIBS=-lbsm
-+ K5_GEN_MAKEFILE(plugins/audit/solaris)
-+ audit_plugin=plugins/audit/solaris ],
-+ AC_MSG_ERROR([bsm not found or undefined symbol adt_start_session]))
-+ ;;
- *)
- AC_MSG_ERROR([Unknown audit plugin implementation $enableval.])
- ;;
---- a/src/kadmin/server/deps
-+++ b/src/kadmin/server/deps
[email protected]@ -132,4 +132,23 @@ $(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTO
- $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
- $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h $(top_srcdir)/lib/kadm5/srv/server_acl.h \
-- ipropd_svc.c misc.h
-+ ipropd_svc.c misc.h kadmind_audit.h
-+$(OUTPRE)kadmind_audit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-+ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-+ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
-+ $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-+ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-+ $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
-+ $(BUILDTOP)/include/osconf.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
-+ $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
-+ $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
-+ $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
-+ $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
-+ $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
-+ $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
-+ $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-platform.h \
-+ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
-+ $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
-+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
-+ $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h $(top_srcdir)/lib/kadm5/srv/server_acl.h \
-+ kadmind_audit.c kadmind_audit.h
---- a/src/kadmin/server/ipropd_svc.c
-+++ b/src/kadmin/server/ipropd_svc.c
[email protected]@ -191,6 +191,9 @@ iprop_get_updates_1_svc(kdb_last_t *arg,
- DPRINT("%s: PERMISSION DENIED: clprinc=`%s'\n\tsvcprinc=`%s'\n",
- whoami, client_name, service_name);
-
-+ audit_kadmind("Incremental updates", "null", client_name, service_name,
-+ "Unauthorized request", rqstp->rq_xprt, ret.ret);
-+
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
- client_name, service_name,
- client_addr(rqstp->rq_xprt));
[email protected]@ -217,6 +220,10 @@ iprop_get_updates_1_svc(kdb_last_t *arg,
- ((kret == 0) ? "success" : error_message(kret)),
- client_name, service_name);
-
-+ audit_kadmind("Incremental updates", "null", client_name, service_name,
-+ ((kret == 0) ? "success" : (char *)error_message(kret)), rqstp->rq_xprt,
-+ ret.ret);
-+
- krb5_klog_syslog(LOG_NOTICE,
- _("Request: %s, %s, %s, client=%s, service=%s, addr=%s"),
- whoami,
[email protected]@ -336,6 +343,10 @@ ipropx_resync(uint32_t vers, struct svc_
- ret.ret = UPDATE_PERM_DENIED;
-
- DPRINT("%s: Permission denied\n", whoami);
-+
-+ audit_kadmind("Full resync", "null", client_name, service_name,
-+ "Unauthorized request", rqstp->rq_xprt, ret.ret);
-+
- krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
- client_name, service_name,
- client_addr(rqstp->rq_xprt));
[email protected]@ -444,6 +455,10 @@ ipropx_resync(uint32_t vers, struct svc_
- DPRINT("%s: spawned resync process %d, client=%s, "
- "service=%s, addr=%s\n", whoami, fret, client_name,
- service_name, client_addr(rqstp->rq_xprt));
-+
-+ audit_kadmind("Full resync", "null", client_name, service_name,
-+ "success", rqstp->rq_xprt, ret.ret);
-+
- krb5_klog_syslog(LOG_NOTICE,
- _("Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"),
- whoami, fret,
---- a/src/kadmin/server/Makefile.in
-+++ b/src/kadmin/server/Makefile.in
[email protected]@ -7,13 +7,15 @@ LOCALINCLUDES = -I$(top_srcdir)/lib/gssa
- -I$(BUILDTOP)/lib/gssapi/krb5 -I$(top_srcdir)/lib/kadm5/srv
-
- PROG = kadmind
--OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o
--SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c
-+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o \
-+ kadmind_audit.o
-+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c \
-+ kadmind_audit.c
-
- all:: $(PROG)
-
- $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) $(VERTO_DEPLIB)
-- $(CC_LINK) -o $(PROG) $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(VERTO_LIBS) -lpam
-+ $(CC_LINK) -o $(PROG) $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(VERTO_LIBS) -lpam -lbsm
-
- install::
- $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG)
---- a/src/kadmin/server/misc.h
-+++ b/src/kadmin/server/misc.h
[email protected]@ -8,6 +8,7 @@
- #define _MISC_H 1
-
- #include "net-server.h" /* for krb5_fulladdr */
-+#include "kadmind_audit.h"
-
- int
- setup_gss_names(struct svc_req *, gss_buffer_desc *,
---- a/src/kadmin/server/server_stubs.c
-+++ b/src/kadmin/server/server_stubs.c
[email protected]@ -312,6 +312,29 @@ log_unauth(
- slen = server->length;
- trunc_name(&slen, &sdots);
-
-+ {
-+ char *client_str = NULL, *server_str = NULL;
-+ int len;
-+
-+ len = asprintf(&client_str, "%.*s%s", (int)clen, (char *)client->value,
-+ cdots);
-+ if (len == -1)
-+ return ENOMEM;
-+
-+ len = asprintf(&server_str, "%.*s%s", (int)slen, (char *)server->value,
-+ sdots);
-+ if (len == -1) {
-+ free(client_str);
-+ return ENOMEM;
-+ }
-+
-+ audit_kadmind(op, target, client_str, server_str,
-+ _("Unauthorized request"), rqstp->rq_xprt, 1);
-+
-+ free(client_str);
-+ free(server_str);
-+ }
-+
- /* okay to cast lengths to int because trunc_name limits max value */
- return krb5_klog_syslog(LOG_NOTICE,
- _("Unauthorized request: %s, %.*s%s, "
[email protected]@ -343,6 +366,29 @@ log_done(
- slen = server->length;
- trunc_name(&slen, &sdots);
-
-+ {
-+ char *client_str = NULL, *server_str = NULL;
-+ int len;
-+
-+ len = asprintf(&client_str, "%.*s%s", (int)clen, (char *)client->value,
-+ cdots);
-+ if (len == -1)
-+ return ENOMEM;
-+
-+ len = asprintf(&server_str, "%.*s%s", (int)slen, (char *)server->value,
-+ sdots);
-+ if (len == -1) {
-+ free(client_str);
-+ return ENOMEM;
-+ }
-+
-+ audit_kadmind(op, target, client_str, server_str, (char *)errmsg,
-+ rqstp->rq_xprt, strcmp("success", errmsg) ? 1 : 0);
-+
-+ free(client_str);
-+ free(server_str);
-+ }
-+
- /* okay to cast lengths to int because trunc_name limits max value */
- return krb5_klog_syslog(LOG_NOTICE,
- _("Request: %s, %.*s%s, %s, "
---- a/src/kdc/kdc_audit.c
-+++ b/src/kdc/kdc_audit.c
[email protected]@ -80,6 +80,11 @@ load_audit_modules(krb5_context context)
- if (context == NULL || handles != NULL)
- return EINVAL;
-
-+ ret = k5_plugin_register_dyn(context, PLUGIN_INTERFACE_AUDIT, "solaris",
-+ "audit");
-+ if (ret)
-+ return ret;
-+
- /* Get audit plugin vtable. */
- ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_AUDIT, &modules);
- if (ret)
---- a/src/Makefile.in
-+++ b/src/Makefile.in
[email protected]@ -65,7 +65,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO
- $(FILE_CATDIR) \
- $(KRB5_LIBDIR) $(KRB5_INCDIR) \
- $(KRB5_DB_MODULE_DIR) $(KRB5_PA_MODULE_DIR) \
-- $(KRB5_AD_MODULE_DIR) \
-+ $(KRB5_AD_MODULE_DIR) $(KRB5_AU_MODULE_DIR) \
- $(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) \
- @[email protected] @[email protected]/krb5kdc \
- @[email protected] @[email protected]/krb5kdc \--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/krb5/patches/078-solaris-audit.patch Sat Dec 17 22:06:01 2016 -0800
@@ -0,0 +1,239 @@
+#
+# This patch provides a check to see if bsm is supported and if so then
+# configures the build for the KRB5KDC audit plugin support for Solaris based
+# systems.
+#
+# The patch also builds a temporary audit module for kadmind that provides a
+# temporary solution until an adminstrative plugin framework is available,
+# upstream.
+#
+# This patch is not intended to be contributed to MIT as the changes are Solaris
+# specific and, in the case for kadmind, a temporary solution.
+#
+# Patch source: in-house
+#
+--- a/src/config/pre.in
++++ b/src/config/pre.in
[email protected]@ -212,6 +212,7 @@ MODULE_DIR = @[email protected]/krb5/plugins
+ KRB5_DB_MODULE_DIR = $(MODULE_DIR)/kdb
+ KRB5_PA_MODULE_DIR = $(MODULE_DIR)/preauth
+ KRB5_AD_MODULE_DIR = $(MODULE_DIR)/authdata
++KRB5_AU_MODULE_DIR = $(MODULE_DIR)/audit
+ KRB5_LIBKRB5_MODULE_DIR = $(MODULE_DIR)/libkrb5
+ KRB5_TLS_MODULE_DIR = $(MODULE_DIR)/tls
+ KRB5_LOCALEDIR = @[email protected]
+--- a/src/configure.in
++++ b/src/configure.in
[email protected]@ -188,7 +188,7 @@ if test "$withval" = yes; then
+ fi
+
+ # Check which (if any) audit plugin to build
+-audit_plugin=""
++audit_plugin="solaris"
+ AC_ARG_ENABLE([audit-plugin],
+ AC_HELP_STRING([--enable-audit-plugin=IMPL],
+ [use audit plugin @<:@ do not use audit @:>@]), , enableval=no)
[email protected]@ -203,6 +203,13 @@ if test "$enableval" != no; then
+ audit_plugin=plugins/audit/simple ],
+ AC_MSG_ERROR([libaudit not found or undefined symbol audit_log_user_message]))
+ ;;
++ solaris)
++ AC_CHECK_LIB(bsm, adt_start_session,
++ [AUDIT_IMPL_LIBS=-lbsm
++ K5_GEN_MAKEFILE(plugins/audit/solaris)
++ audit_plugin=plugins/audit/solaris ],
++ AC_MSG_ERROR([bsm not found or undefined symbol adt_start_session]))
++ ;;
+ *)
+ AC_MSG_ERROR([Unknown audit plugin implementation $enableval.])
+ ;;
+--- a/src/kadmin/server/deps
++++ b/src/kadmin/server/deps
[email protected]@ -132,4 +132,23 @@ $(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTO
+ $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
+ $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h $(top_srcdir)/lib/kadm5/srv/server_acl.h \
+- ipropd_svc.c misc.h
++ ipropd_svc.c misc.h kadmind_audit.h
++$(OUTPRE)kadmind_audit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
++ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
++ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
++ $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
++ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
++ $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
++ $(BUILDTOP)/include/osconf.h $(COM_ERR_DEPS) $(VERTO_DEPS) \
++ $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
++ $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
++ $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
++ $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
++ $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
++ $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
++ $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-platform.h \
++ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
++ $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
++ $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/net-server.h \
++ $(top_srcdir)/lib/gssapi/krb5/gssapi_krb5.h $(top_srcdir)/lib/kadm5/srv/server_acl.h \
++ kadmind_audit.c kadmind_audit.h
+--- a/src/kadmin/server/ipropd_svc.c
++++ b/src/kadmin/server/ipropd_svc.c
[email protected]@ -191,6 +191,9 @@ iprop_get_updates_1_svc(kdb_last_t *arg,
+ DPRINT("%s: PERMISSION DENIED: clprinc=`%s'\n\tsvcprinc=`%s'\n",
+ whoami, client_name, service_name);
+
++ audit_kadmind("Incremental updates", "null", client_name, service_name,
++ "Unauthorized request", rqstp->rq_xprt, ret.ret);
++
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
+ client_name, service_name,
+ client_addr(rqstp->rq_xprt));
[email protected]@ -217,6 +220,10 @@ iprop_get_updates_1_svc(kdb_last_t *arg,
+ ((kret == 0) ? "success" : error_message(kret)),
+ client_name, service_name);
+
++ audit_kadmind("Incremental updates", "null", client_name, service_name,
++ ((kret == 0) ? "success" : (char *)error_message(kret)), rqstp->rq_xprt,
++ ret.ret);
++
+ krb5_klog_syslog(LOG_NOTICE,
+ _("Request: %s, %s, %s, client=%s, service=%s, addr=%s"),
+ whoami,
[email protected]@ -336,6 +343,10 @@ ipropx_resync(uint32_t vers, struct svc_
+ ret.ret = UPDATE_PERM_DENIED;
+
+ DPRINT("%s: Permission denied\n", whoami);
++
++ audit_kadmind("Full resync", "null", client_name, service_name,
++ "Unauthorized request", rqstp->rq_xprt, ret.ret);
++
+ krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami,
+ client_name, service_name,
+ client_addr(rqstp->rq_xprt));
[email protected]@ -444,6 +455,10 @@ ipropx_resync(uint32_t vers, struct svc_
+ DPRINT("%s: spawned resync process %d, client=%s, "
+ "service=%s, addr=%s\n", whoami, fret, client_name,
+ service_name, client_addr(rqstp->rq_xprt));
++
++ audit_kadmind("Full resync", "null", client_name, service_name,
++ "success", rqstp->rq_xprt, ret.ret);
++
+ krb5_klog_syslog(LOG_NOTICE,
+ _("Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"),
+ whoami, fret,
+--- a/src/kadmin/server/Makefile.in
++++ b/src/kadmin/server/Makefile.in
[email protected]@ -7,13 +7,15 @@ LOCALINCLUDES = -I$(top_srcdir)/lib/gssa
+ -I$(BUILDTOP)/lib/gssapi/krb5 -I$(top_srcdir)/lib/kadm5/srv
+
+ PROG = kadmind
+-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o
+-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c
++OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o \
++ kadmind_audit.o
++SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c \
++ kadmind_audit.c
+
+ all:: $(PROG)
+
+ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) $(VERTO_DEPLIB)
+- $(CC_LINK) -o $(PROG) $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(VERTO_LIBS) -lpam
++ $(CC_LINK) -o $(PROG) $(OBJS) $(APPUTILS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(VERTO_LIBS) -lpam -lbsm
+
+ install::
+ $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG)
+--- a/src/kadmin/server/misc.h
++++ b/src/kadmin/server/misc.h
[email protected]@ -8,6 +8,7 @@
+ #define _MISC_H 1
+
+ #include "net-server.h" /* for krb5_fulladdr */
++#include "kadmind_audit.h"
+
+ int
+ setup_gss_names(struct svc_req *, gss_buffer_desc *,
+--- a/src/kadmin/server/server_stubs.c
++++ b/src/kadmin/server/server_stubs.c
[email protected]@ -312,6 +312,29 @@ log_unauth(
+ slen = server->length;
+ trunc_name(&slen, &sdots);
+
++ {
++ char *client_str = NULL, *server_str = NULL;
++ int len;
++
++ len = asprintf(&client_str, "%.*s%s", (int)clen, (char *)client->value,
++ cdots);
++ if (len == -1)
++ return ENOMEM;
++
++ len = asprintf(&server_str, "%.*s%s", (int)slen, (char *)server->value,
++ sdots);
++ if (len == -1) {
++ free(client_str);
++ return ENOMEM;
++ }
++
++ audit_kadmind(op, target, client_str, server_str,
++ _("Unauthorized request"), rqstp->rq_xprt, 1);
++
++ free(client_str);
++ free(server_str);
++ }
++
+ /* okay to cast lengths to int because trunc_name limits max value */
+ return krb5_klog_syslog(LOG_NOTICE,
+ _("Unauthorized request: %s, %.*s%s, "
[email protected]@ -343,6 +366,29 @@ log_done(
+ slen = server->length;
+ trunc_name(&slen, &sdots);
+
++ {
++ char *client_str = NULL, *server_str = NULL;
++ int len;
++
++ len = asprintf(&client_str, "%.*s%s", (int)clen, (char *)client->value,
++ cdots);
++ if (len == -1)
++ return ENOMEM;
++
++ len = asprintf(&server_str, "%.*s%s", (int)slen, (char *)server->value,
++ sdots);
++ if (len == -1) {
++ free(client_str);
++ return ENOMEM;
++ }
++
++ audit_kadmind(op, target, client_str, server_str, (char *)errmsg,
++ rqstp->rq_xprt, strcmp("success", errmsg) ? 1 : 0);
++
++ free(client_str);
++ free(server_str);
++ }
++
+ /* okay to cast lengths to int because trunc_name limits max value */
+ return krb5_klog_syslog(LOG_NOTICE,
+ _("Request: %s, %.*s%s, %s, "
+--- a/src/kdc/kdc_audit.c
++++ b/src/kdc/kdc_audit.c
[email protected]@ -80,6 +80,11 @@ load_audit_modules(krb5_context context)
+ if (context == NULL || handles != NULL)
+ return EINVAL;
+
++ ret = k5_plugin_register_dyn(context, PLUGIN_INTERFACE_AUDIT, "solaris",
++ "audit");
++ if (ret)
++ return ret;
++
+ /* Get audit plugin vtable. */
+ ret = k5_plugin_load_all(context, PLUGIN_INTERFACE_AUDIT, &modules);
+ if (ret)
+--- a/src/Makefile.in
++++ b/src/Makefile.in
[email protected]@ -65,7 +65,7 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROO
+ $(FILE_CATDIR) \
+ $(KRB5_LIBDIR) $(KRB5_INCDIR) \
+ $(KRB5_DB_MODULE_DIR) $(KRB5_PA_MODULE_DIR) \
+- $(KRB5_AD_MODULE_DIR) \
++ $(KRB5_AD_MODULE_DIR) $(KRB5_AU_MODULE_DIR) \
+ $(KRB5_LIBKRB5_MODULE_DIR) $(KRB5_TLS_MODULE_DIR) \
+ @[email protected] @[email protected]/krb5kdc \
+ @[email protected] @[email protected]/krb5kdc \