- (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation

of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD). Help and testing from csjp at FreeBSD org, vgiffin at apple com. ok djm@
2024-12-22 10:00:14 +00:00 · 2008-02-25 21:05:04 +11:00 · 2008-02-25 21:05:04 +11:00 · acada07b52
commit acada07b52
parent 2c2ac033c1
3 changed files with 62 additions and 11 deletions
--- a/5
+++ b/5
@ -2,6 +2,9 @@
 - (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
   since it now conflicts with the helper function in misc.c.  From
   vinschen AT redhat.com.
+ - (dtucker) [configure.ac audit-bsm.c] Bug #1420: Add a local implementation
+   of aug_get_machine for systems that don't have their own (eg OS X, FreeBSD).
+   Help and testing from csjp at FreeBSD org, vgiffin at apple com.  ok djm@

 20080224
 - (tim) [contrib/cygwin/ssh-host-config]
@ -3621,4 +3624,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4839 2008/02/25 09:21:20 dtucker Exp $
+$Id: ChangeLog,v 1.4840 2008/02/25 10:05:04 dtucker Exp $
--- a/audit-bsm.c
+++ b/audit-bsm.c
@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
+/* $Id: audit-bsm.c,v 1.6 2008/02/25 10:05:04 dtucker Exp $ */

 /*
 * TODO
@ -40,7 +40,9 @@
 #include <sys/types.h>

 #include <errno.h>
+#include <netdb.h>
 #include <stdarg.h>
+#include <string.h>
 #include <unistd.h>

 #include "ssh.h"
@ -62,8 +64,6 @@
 #if defined(HAVE_GETAUDIT_ADDR)
 #define	AuditInfoStruct		auditinfo_addr
 #define AuditInfoTermID		au_tid_addr_t
-#define GetAuditFunc(a,b)	getaudit_addr((a),(b))
-#define GetAuditFuncText	"getaudit_addr"
 #define SetAuditFunc(a,b)	setaudit_addr((a),(b))
 #define SetAuditFuncText	"setaudit_addr"
 #define AUToSubjectFunc		au_to_subject_ex
@ -71,18 +71,16 @@
 #else
 #define	AuditInfoStruct		auditinfo
 #define AuditInfoTermID		au_tid_t
-#define GetAuditFunc(a,b)	getaudit(a)
-#define GetAuditFuncText	"getaudit"
 #define SetAuditFunc(a,b)	setaudit(a)
 #define SetAuditFuncText	"setaudit"
 #define AUToSubjectFunc		au_to_subject
 #define AUToReturnFunc(a,b)	au_to_return((a), (u_int)(b))
 #endif

+#ifndef cannot_audit
 extern int	cannot_audit(int);
+#endif
 extern void	aug_init(void);
-extern dev_t	aug_get_port(void);
-extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
 extern void	aug_save_auid(au_id_t);
 extern void	aug_save_uid(uid_t);
 extern void	aug_save_euid(uid_t);
@ -118,6 +116,51 @@ static AuditInfoTermID ssh_bsm_tid;

 /* Below is the low-level BSM interface code */

+/*
+ * aug_get_machine is only required on IPv6 capable machines, we use a
+ * different mechanism in audit_connection_from() for IPv4-only machines.
+ * getaudit_addr() is only present on IPv6 capable machines.
+ */
+#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
+extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
+#else
+static int
+aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
+{
+	struct addrinfo *ai; 
+	struct sockaddr_in *in4;
+	struct sockaddr_in6 *in6;
+	int ret = 0, r;
+
+	if ((r = getaddrinfo(host, NULL, NULL, &ai)) != 0) {
+		error("BSM audit: getaddrinfo failed for %.100s: %.100s", host,
+		    r == EAI_SYSTEM ? strerror(errno) : gai_strerror(r));
+		return -1;
+	}
+	
+	switch (ai->ai_family) {
+	case AF_INET:
+		in4 = (struct sockaddr_in *)ai->ai_addr;
+		*type = AU_IPv4;
+		memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));
+		break;
+#ifdef AU_IPv6
+	case AF_INET6: 
+		in6 = (struct sockaddr_in6 *)ai->ai_addr;
+		*type = AU_IPv6;
+		memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));
+		break;
+#endif
+	default:
+		error("BSM audit: unknown address family for %.100s: %d",
+		    host, ai->ai_family);
+		ret = -1;
+	}
+	freeaddrinfo(ai);
+	return ret;
+}
+#endif
+
 /*
 * Check if the specified event is selected (enabled) for auditing.
 * Returns 1 if the event is selected, 0 if not and -1 on failure.
--- a/configure.ac
+++ b/configure.ac
@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.389 2008/01/02 07:08:45 dtucker Exp $
+# $Id: configure.ac,v 1.390 2008/02/25 10:05:04 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.389 $)
+AC_REVISION($Revision: 1.390 $)
 AC_CONFIG_SRCDIR([ssh.c])

 AC_CONFIG_HEADER(config.h)
@ -423,6 +423,11 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 	    [Use tunnel device compatibility to OpenBSD])
 	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
 	    [Prepend the address family to IP tunnel traffic])
+	m4_pattern_allow(AU_IPv)
+	AC_CHECK_DECL(AU_IPv4, [], 
+	    AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+	    [#include <bsm/audit.h>]
+	)
 	;;
 *-*-dragonfly*)
 	SSHDLIBS="$SSHDLIBS -lcrypt"
@ -1226,7 +1231,7 @@ AC_ARG_WITH(audit,
 		AC_CHECK_FUNCS(getaudit, [],
 		    [AC_MSG_ERROR(BSM enabled and required function not found)])
 		# These are optional
-		AC_CHECK_FUNCS(getaudit_addr)
+		AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
 		AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
 		;;
 	  debug)