[Bug 125] add BSM audit support
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Feb 14 12:10:50 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=125
------- Additional Comments From djm at mindrot.org 2005-02-14 12:10 -------
(From update of attachment 820)
>Index: audit-bsm.c
...
>+/*
>+ * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
>+ * Use is subject to license terms.
If you have made substantial changes to this file, you should assert copyright
too.
>+#ifndef HAVE_GETTEXT
>+# define gettext(a) (a)
>+#endif
Is this necessary for auditing? Can we just scrub out the couple of gettext
references? We don't internationalise any other messages from sshd...
>Index: audit-bsm.h
...
>+#include "includes.h"
>+#ifdef USE_BSM_AUDIT
>+
>+#ifndef AUE_openssh
>+# define AUE_openssh 32800
>+#endif
>+#include <bsm/audit.h>
>+#include <bsm/libbsm.h>
>+#include <bsm/audit_uevents.h>
>+#include <bsm/audit_record.h>
>+#include <locale.h>
>+
>+#if defined(HAVE_GETAUDIT_ADDR)
>+#define AuditInfoStruct auditinfo_addr
>+#define AuditInfoTermID au_tid_addr_t
>+#define GetAuditFunc(a,b) getaudit_addr((a),(b))
>+#define GetAuditFuncText "getaudit_addr"
>+#define SetAuditFunc(a,b) setaudit_addr((a),(b))
>+#define SetAuditFuncText "setaudit_addr"
>+#define AUToSubjectFunc au_to_subject_ex
>+#define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
>+#else
>+#define AuditInfoStruct auditinfo
>+#define AuditInfoTermID au_tid_t
>+#define GetAuditFunc(a,b) getaudit(a)
>+#define GetAuditFuncText "getaudit"
>+#define SetAuditFunc(a,b) setaudit(a)
>+#define SetAuditFuncText "setaudit"
>+#define AUToSubjectFunc au_to_subject
>+#define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
>+#endif
>+
>+extern int cannot_audit(int);
>+extern void aug_init(void);
>+extern dev_t aug_get_port(void);
>+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
>+extern void aug_save_auid(au_id_t);
>+extern void aug_save_uid(uid_t);
>+extern void aug_save_euid(uid_t);
>+extern void aug_save_gid(gid_t);
>+extern void aug_save_egid(gid_t);
>+extern void aug_save_pid(pid_t);
>+extern void aug_save_asid(au_asid_t);
>+extern void aug_save_tid(dev_t, unsigned int);
>+extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
>+extern int aug_save_me(void);
>+extern int aug_save_namask(void);
>+extern void aug_save_event(au_event_t);
>+extern void aug_save_sorf(int);
>+extern void aug_save_text(char *);
>+extern void aug_save_text1(char *);
>+extern void aug_save_text2(char *);
>+extern void aug_save_na(int);
>+extern void aug_save_user(char *);
>+extern void aug_save_path(char *);
>+extern int aug_save_policy(void);
>+extern void aug_save_afunc(int (*)(int));
>+extern int aug_audit(void);
>+extern int aug_na_selected(void);
>+extern int aug_selected(void);
>+extern int aug_daemon_session(void);
Wouldn't most of this stuff be better off living in audit-bsm.c? It isn't used
elsewhere in the tree.
>Index: configure.ac
...
>+ # These are optional
>+ AC_CHECK_FUNCS(getaudit_addr gettext)
Ditto comment about gettext above.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list