Potential Patch

[Ben Lindstrom]

On Mon, 26 Jul 2004, Darren J Moffat wrote:
[..]
>
> The BSM audit APIs were written by Sun and are very specific to Solaris
> and the system calls that we have.  They were never part of any standard
> or proposed standard.  I don't believe we (Sun) actually documented them
> sufficiently enough for anyone to clone them just to use them, and even
> then our docs are pretty poor/hard to use in this area.  The actual
> audit events themselves and the data that gets recorded are sometimes
> even specific to a given Solaris release.
>

No clue.. They could have attempted to mimic the BSM API.  Without an
Apple contact this can all be just guess work.

> I've looked in the Darwin CVS and they don't have the Solaris BSM audit
> patch applied there. However I can't see any reason why Apple would add
> that patch unless they had the support.
>

I see it in their drop code they provide.  They have
an openbsd-compat/solaris*.c file that has some #ifdef __APPLE__
hacks within in it .

> So are you really 100% sure that the sshd you were looking at was the
> one that Apple shipped ?
>
Virgin sshd on my OS/X laptop.

yume:~ mouring$ strings /usr/sbin/sshd | grep -i solaris
mm_solaris_audit_bad_pw
mm_solaris_audit_maxtrys
mm_solaris_audit_not_console
BSM audit: solaris_audit_record failed to write "%s" record: %s
BSM audit: solaris_audit_session_setup: %s failed: %s
BSM solaris_audit_setup_session: calling get_terminal_id
yume:~ mouring$ uname -a
Darwin yume.local 7.4.0 Darwin Kernel Version 7.4.0: Wed May 12 16:58:24
PDT 2004; root:xnu/xnu-517.7.7.obj~7/RELEASE_PPC  Power Macintosh powerpc
yume:~ mouring$ sshd -V
sshd: option requires an argument -- V
sshd version OpenSSH_3.6.1p1+CAN-2003-0693

<shrug> I've been ignoring this up to now due to tack of documentation and
apple contacts to chat wih on the topic.

- Ben