[Bug 125] add BSM audit support

Mon Feb 14 12:10:50 EST 2005

http://bugzilla.mindrot.org/show_bug.cgi?id=125

------- Additional Comments From djm at mindrot.org  2005-02-14 12:10 -------
(From update of attachment 820)
>Index: audit-bsm.c
...
>+/*
>+ * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
>+ * Use is subject to license terms.

If you have made substantial changes to this file, you should assert copyright
too.

>+#ifndef HAVE_GETTEXT
>+# define gettext(a)	(a)
>+#endif

Is this necessary for auditing? Can we just scrub out the couple of gettext
references? We don't internationalise any other messages from sshd...

>Index: audit-bsm.h
...
>+#include "includes.h"
>+#ifdef USE_BSM_AUDIT
>+
>+#ifndef AUE_openssh
>+# define AUE_openssh     32800
>+#endif
>+#include <bsm/audit.h>
>+#include <bsm/libbsm.h>
>+#include <bsm/audit_uevents.h>
>+#include <bsm/audit_record.h>
>+#include <locale.h>
>+
>+#if defined(HAVE_GETAUDIT_ADDR)
>+#define	AuditInfoStruct		auditinfo_addr
>+#define AuditInfoTermID		au_tid_addr_t
>+#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
>+#define GetAuditFuncText	"getaudit_addr"
>+#define SetAuditFunc(a,b)	setaudit_addr((a),(b))
>+#define SetAuditFuncText	"setaudit_addr"
>+#define AUToSubjectFunc		au_to_subject_ex
>+#define AUToReturnFunc(a,b)	au_to_return32((a), (int32_t)(b))
>+#else
>+#define	AuditInfoStruct		auditinfo
>+#define AuditInfoTermID		au_tid_t
>+#define GetAuditFunc(a,b)	getaudit(a)
>+#define GetAuditFuncText	"getaudit"
>+#define SetAuditFunc(a,b)	setaudit(a)
>+#define SetAuditFuncText	"setaudit"
>+#define AUToSubjectFunc		au_to_subject
>+#define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
>+#endif
>+
>+extern int	cannot_audit(int);
>+extern void	aug_init(void);
>+extern dev_t	aug_get_port(void);
>+extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
>+extern void	aug_save_auid(au_id_t);
>+extern void	aug_save_uid(uid_t);
>+extern void	aug_save_euid(uid_t);
>+extern void	aug_save_gid(gid_t);
>+extern void	aug_save_egid(gid_t);
>+extern void	aug_save_pid(pid_t);
>+extern void	aug_save_asid(au_asid_t);
>+extern void	aug_save_tid(dev_t, unsigned int);
>+extern void	aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
>+extern int	aug_save_me(void);
>+extern int	aug_save_namask(void);
>+extern void	aug_save_event(au_event_t);
>+extern void	aug_save_sorf(int);
>+extern void	aug_save_text(char *);
>+extern void	aug_save_text1(char *);
>+extern void	aug_save_text2(char *);
>+extern void	aug_save_na(int);
>+extern void	aug_save_user(char *);
>+extern void	aug_save_path(char *);
>+extern int	aug_save_policy(void);
>+extern void	aug_save_afunc(int (*)(int));
>+extern int	aug_audit(void);
>+extern int	aug_na_selected(void);
>+extern int	aug_selected(void);
>+extern int	aug_daemon_session(void);

Wouldn't most of this stuff be better off living in audit-bsm.c? It isn't used
elsewhere in the tree.

>Index: configure.ac
...
>+		# These are optional
>+		AC_CHECK_FUNCS(getaudit_addr gettext)

Ditto comment about gettext above.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.