1 From 6d74600c9a8d52d7b03fd4274a415e980b77d4b6 Mon Sep 17 00:00:00 2001
2 From: oracle <solaris@oracle.com>
3 Date: Mon, 3 Aug 2015 14:37:01 -0700
4 Subject: [PATCH 14/30] Solaris Auditing support
5
6 #
7 # Add Solaris Auditing configuration (--with-audit=solaris) to openssh-6.5p1.
8 #
9 # Add phase 1 Solaris Auditing of sshd login/logout to openssh-6.5p1.
10 #
11 # Additional Solaris Auditing should include audit of password
12 # change.
13 # Presuming it is appropriate, this patch should/will be updated
14 # with additional files and updates to sources/audit-solaris.c
15 #
16 # Code is developed by the Solaris Audit team.
17 # It should/will likely be contributed up stream when done.
18 # This patch relies on sources/audit-solaris.c being copied into
19 # the openssh source directory by the Makefile that configures
20 # using --with-audit=solaris.
21 #
22 # The up stream community has been contacted about the plans.
23 # No reply has yet been received.
24 #
53 +interfaces, audit-solaris.c implements Solaris Audit from Solaris 11.
54 +Native BSM support is known to exist in FreeBSD 6.1 and OS X.
55 +Alternatively, you may use the OpenBSM implementation
56 +(http://www.openbsm.org).
57
58
59 2. Building / Installation
60 @@ -147,8 +151,9 @@ name).
61 There are a few other options to the configure script:
62
63 --with-audit=[module] enable additional auditing via the specified module.
64 -Currently, drivers for "debug" (additional info via syslog) and "bsm"
65 -(Sun's Basic Security Module) are supported.
66 +Currently, drivers for "debug" (additional info via syslog), and "bsm"
67 +(Sun's Legacy Basic Security Module prior to Solaris 11), and "solaris"
68 +(Sun's Audit infrastructure from Solaris 11) are supported.
69
70 --with-pam enables PAM support. If PAM support is compiled in, it must
71 also be enabled in sshd_config (refer to the UsePAM directive).
72 diff --git a/Makefile.in b/Makefile.in
73 index 5bf2a06..e19c665 100644
74 --- a/Makefile.in
75 +++ b/Makefile.in
76 @@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
77 roaming_common.o roaming_client.o
78
79 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
80 - audit.o audit-bsm.o audit-linux.o platform.o \
81 + audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
82 sshpty.o sshlogin.o servconf.o serverloop.o \
83 auth.o auth1.o auth2.o auth-options.o session.o \
84 auth-chall.o auth2-chall.o groupaccess.o \
85 diff --git a/README.platform b/README.platform
86 index d198232..6949998 100644
87 --- a/README.platform
88 +++ b/README.platform
89 @@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian based distros these may be
90 libssl-dev, libz-dev and libpam-dev.
91
92
93 -Solaris
94 --------
95 +Prior to Solaris 11
96 +-------------------
659 + __auditd_debug("%d/%d:%d-adt_set_user(ADT_ssh, 0, "
660 + "fail=%s): %s", getpid(), getuid(), geteuid(),
661 + pam_strerror(NULL, pamerr), strerror(errno));
662 + } else if (adt_put_event(event, ADT_FAILURE,
663 + ADT_FAIL_PAM + pamerr) != 0) {
664 + error("adt_put_event(ADT_ssh, fail=%s): %s",
665 + pam_strerror(NULL, pamerr), strerror(errno));
666 + __auditd_debug("%d/%d:%d-adt_put_event(ADT_ssh, fail=%s): %s",
667 + getpid(), getuid(), geteuid(), pam_strerror(NULL, pamerr),
668 + strerror(errno));
669 + }
670 + __auditd_debug("%d/%d:%d-audit_fail+put_event() ah=%p\n", getpid(),
671 + getuid(), geteuid(), (void *)ah);
672 + /* should audit authentication with failed password change here. */
673 + adt_free_event(event);
674 +done:
675 + (void) adt_end_session(ah);
676 +}
677 +#endif /* USE_SOLARIS_AUDIT */
678 diff --git a/configure.ac b/configure.ac
679 index 81edc01..27b95cb 100644
680 --- a/configure.ac
681 +++ b/configure.ac
682 @@ -1518,7 +1518,7 @@ AC_ARG_WITH([libedit],
683
684 AUDIT_MODULE=none
685 AC_ARG_WITH([audit],
686 - [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
687 + [ --with-audit=module Enable audit support (modules=debug,bsm,linux,solaris)],
688 [
689 AC_MSG_CHECKING([for supported audit module])
690 case "$withval" in
691 @@ -1555,6 +1555,13 @@ AC_ARG_WITH([audit],
692 SSHDLIBS="$SSHDLIBS -laudit"
693 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
694 ;;
695 + solaris)
696 + AC_MSG_RESULT([solaris])
697 + AUDIT_MODULE=solaris
698 + AC_CHECK_HEADERS([bsm/adt.h])
699 + SSHDLIBS="$SSHDLIBS -lbsm"
700 + AC_DEFINE([USE_SOLARIS_AUDIT], [1], [Use Solaris audit module])
701 + ;;
702 debug)
703 AUDIT_MODULE=debug
704 AC_MSG_RESULT([debug])
705 diff --git a/defines.h b/defines.h
706 index fa0ccba..f2c1678 100644
707 --- a/defines.h
708 +++ b/defines.h
709 @@ -635,6 +635,11 @@ struct winsize {
710 # define CUSTOM_SSH_AUDIT_EVENTS
711 #endif
712
713 +#ifdef USE_SOLARIS_AUDIT
714 +# define SSH_AUDIT_EVENTS
715 +# define CUSTOM_SSH_AUDIT_EVENTS
716 +#endif
717 +
718 #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
719 # define __func__ __FUNCTION__
720 #elif !defined(HAVE___func__)
721 diff --git a/sshd.c b/sshd.c
722 index 5a00ae2..f577f75 100644
723 --- a/sshd.c
724 +++ b/sshd.c
725 @@ -2228,7 +2228,9 @@ main(int ac, char **av)
726 }
727
728 #ifdef SSH_AUDIT_EVENTS
729 +#ifndef USE_SOLARIS_AUDIT
730 audit_event(SSH_AUTH_SUCCESS);
731 +#endif /* !USE_SOLARIS_AUDIT */
732 #endif
733
734 #ifdef GSSAPI
735 @@ -2258,6 +2260,10 @@ main(int ac, char **av)
736 do_pam_session();
737 }
738 #endif
739 +#ifdef USE_SOLARIS_AUDIT
740 + /* Audit should take place after all successful pam */
741 + audit_event(SSH_AUTH_SUCCESS);
742 +#endif /* USE_SOLARIS_AUDIT */
743
744 /*
745 * In privilege separation, we fork another child and prepare
746 --
747 2.3.2 (Apple Git-55)
748
|
1 From b60fe491735349ba901b371dc8a0d1cd5ab163da Mon Sep 17 00:00:00 2001
2 From: oracle <solaris@oracle.com>
3 Date: Mon, 3 Aug 2015 14:37:01 -0700
4 Subject: [PATCH 15/36] Solaris Auditing support
5
6 #
7 # Add Solaris Auditing configuration (--with-audit=solaris) to openssh-6.5p1.
8 #
9 # Add phase 1 Solaris Auditing of sshd login/logout to openssh-6.5p1.
10 #
11 # Additional Solaris Auditing should include audit of password
12 # change.
13 # Presuming it is appropriate, this patch should/will be updated
14 # with additional files and updates to sources/audit-solaris.c
15 #
16 # Code is developed by the Solaris Audit team.
17 # It should/will likely be contributed up stream when done.
18 # This patch relies on sources/audit-solaris.c being copied into
19 # the openssh source directory by the Makefile that configures
20 # using --with-audit=solaris.
21 #
22 # The up stream community has been contacted about the plans.
23 # No reply has yet been received.
24 #
53 +interfaces, audit-solaris.c implements Solaris Audit from Solaris 11.
54 +Native BSM support is known to exist in FreeBSD 6.1 and OS X.
55 +Alternatively, you may use the OpenBSM implementation
56 +(http://www.openbsm.org).
57
58
59 2. Building / Installation
60 @@ -147,8 +151,9 @@ name).
61 There are a few other options to the configure script:
62
63 --with-audit=[module] enable additional auditing via the specified module.
64 -Currently, drivers for "debug" (additional info via syslog) and "bsm"
65 -(Sun's Basic Security Module) are supported.
66 +Currently, drivers for "debug" (additional info via syslog), and "bsm"
67 +(Sun's Legacy Basic Security Module prior to Solaris 11), and "solaris"
68 +(Sun's Audit infrastructure from Solaris 11) are supported.
69
70 --with-pam enables PAM support. If PAM support is compiled in, it must
71 also be enabled in sshd_config (refer to the UsePAM directive).
72 diff --git a/Makefile.in b/Makefile.in
73 index 121a261..62e6a84 100644
74 --- a/Makefile.in
75 +++ b/Makefile.in
76 @@ -101,7 +101,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
77 roaming_common.o roaming_client.o
78
79 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
80 - audit.o audit-bsm.o audit-linux.o platform.o \
81 + audit.o audit-bsm.o audit-linux.o audit-solaris.o platform.o \
82 sshpty.o sshlogin.o servconf.o serverloop.o \
83 auth.o auth1.o auth2.o auth-options.o session.o \
84 auth-chall.o auth2-chall.o groupaccess.o \
85 diff --git a/README.platform b/README.platform
86 index d198232..6949998 100644
87 --- a/README.platform
88 +++ b/README.platform
89 @@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian based distros these may be
90 libssl-dev, libz-dev and libpam-dev.
91
92
93 -Solaris
94 --------
95 +Prior to Solaris 11
96 +-------------------
659 + __auditd_debug("%d/%d:%d-adt_set_user(ADT_ssh, 0, "
660 + "fail=%s): %s", getpid(), getuid(), geteuid(),
661 + pam_strerror(NULL, pamerr), strerror(errno));
662 + } else if (adt_put_event(event, ADT_FAILURE,
663 + ADT_FAIL_PAM + pamerr) != 0) {
664 + error("adt_put_event(ADT_ssh, fail=%s): %s",
665 + pam_strerror(NULL, pamerr), strerror(errno));
666 + __auditd_debug("%d/%d:%d-adt_put_event(ADT_ssh, fail=%s): %s",
667 + getpid(), getuid(), geteuid(), pam_strerror(NULL, pamerr),
668 + strerror(errno));
669 + }
670 + __auditd_debug("%d/%d:%d-audit_fail+put_event() ah=%p\n", getpid(),
671 + getuid(), geteuid(), (void *)ah);
672 + /* should audit authentication with failed password change here. */
673 + adt_free_event(event);
674 +done:
675 + (void) adt_end_session(ah);
676 +}
677 +#endif /* USE_SOLARIS_AUDIT */
678 diff --git a/configure.ac b/configure.ac
679 index 2985819..b38b1b3 100644
680 --- a/configure.ac
681 +++ b/configure.ac
682 @@ -1547,7 +1547,7 @@ AC_ARG_WITH([libedit],
683
684 AUDIT_MODULE=none
685 AC_ARG_WITH([audit],
686 - [ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
687 + [ --with-audit=module Enable audit support (modules=debug,bsm,linux,solaris)],
688 [
689 AC_MSG_CHECKING([for supported audit module])
690 case "$withval" in
691 @@ -1584,6 +1584,13 @@ AC_ARG_WITH([audit],
692 SSHDLIBS="$SSHDLIBS -laudit"
693 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module])
694 ;;
695 + solaris)
696 + AC_MSG_RESULT([solaris])
697 + AUDIT_MODULE=solaris
698 + AC_CHECK_HEADERS([bsm/adt.h])
699 + SSHDLIBS="$SSHDLIBS -lbsm"
700 + AC_DEFINE([USE_SOLARIS_AUDIT], [1], [Use Solaris audit module])
701 + ;;
702 debug)
703 AUDIT_MODULE=debug
704 AC_MSG_RESULT([debug])
705 diff --git a/defines.h b/defines.h
706 index fa0ccba..f2c1678 100644
707 --- a/defines.h
708 +++ b/defines.h
709 @@ -635,6 +635,11 @@ struct winsize {
710 # define CUSTOM_SSH_AUDIT_EVENTS
711 #endif
712
713 +#ifdef USE_SOLARIS_AUDIT
714 +# define SSH_AUDIT_EVENTS
715 +# define CUSTOM_SSH_AUDIT_EVENTS
716 +#endif
717 +
718 #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
719 # define __func__ __FUNCTION__
720 #elif !defined(HAVE___func__)
721 diff --git a/sshd.c b/sshd.c
722 index 7e519d4..87032ec 100644
723 --- a/sshd.c
724 +++ b/sshd.c
725 @@ -2234,7 +2234,9 @@ main(int ac, char **av)
726 }
727
728 #ifdef SSH_AUDIT_EVENTS
729 +#ifndef USE_SOLARIS_AUDIT
730 audit_event(SSH_AUTH_SUCCESS);
731 +#endif /* !USE_SOLARIS_AUDIT */
732 #endif
733
734 #ifdef GSSAPI
735 @@ -2264,6 +2266,10 @@ main(int ac, char **av)
736 do_pam_session();
737 }
738 #endif
739 +#ifdef USE_SOLARIS_AUDIT
740 + /* Audit should take place after all successful pam */
741 + audit_event(SSH_AUTH_SUCCESS);
742 +#endif /* USE_SOLARIS_AUDIT */
743
744 /*
745 * In privilege separation, we fork another child and prepare
746 --
747 2.5.4 (Apple Git-61)
748
|