Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 1420] BSM support on Mac OS X
bugzilla-daemon at bugzilla
Dec 21, 2007, 6:23 AM
Post #1 of 13 (2459 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #1 from Darren Tucker <dtucker@zip.com.au> 2007-12-22 01:23:43 ---
(From update of attachment 1417)

>+#if defined(__APPLE__)
>+ /* don't have a aug_get_machine */
>+ tid->at_addr[0] = inet_addr(host);
>+ tid->at_type = 0;
>+ snprintf(buf, sizeof(buf), "%08x", tid->at_addr[0]);
>+ debug3("BSM audit: machine ID %s", buf);

A cleaner way to do this is implement aug_get_machine as a static
function in this file, and activate it based on the presence (or not)
of aug_get_machine. I believe FreeBSD would also benefit from this.

I will post an alternative patch.

>- AC_CHECK_FUNCS(getaudit_addr)
>+ AC_CHECK_FUNCS(getaudit_addr,
>+ [
>+ case "$host" in
>+ *-*-darwin7* | *-*-darwin8*)
>+ AC_MSG_CHECKING(for getaudit_addr usability)
>+ AC_MSG_RESULT(no)
>+ ;;
>+ *) AC_DEFINE(HAVE_GETAUDIT_ADDR,

Could you please explain why this is needed? darwin7 and darwin8 have
a getaudit_addr but it doesn't work?

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Dec 21, 2007, 8:00 AM
Post #2 of 13 (2400 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #2 from Darren Tucker <dtucker@zip.com.au> 2007-12-22 02:59:58 ---
(From update of attachment 1417)
>+#if defined(__APPLE__)
>+ /* don't have a aug_get_machine */
>+ tid->at_addr[0] = inet_addr(host);
>+ tid->at_type = 0;
>+ snprintf(buf, sizeof(buf), "%08x", tid->at_addr[0]);
>+ debug3("BSM audit: machine ID %s", buf);
>+#else

How does this cope with connections from IPv6 addresses?

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Dec 23, 2007, 11:40 AM
Post #3 of 13 (2391 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Darren Tucker <dtucker@zip.com.au> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1417 is|0 |1
obsolete| |




--- Comment #3 from Darren Tucker <dtucker@zip.com.au> 2007-12-24 06:40:29 ---
Created an attachment (id=1422)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1422)
Implement aug_get_machine for BSM audit support

This should work on OS X (modulo the query I have about handling IPv6
connections) and FreeBSD/OpenBSM (untested).

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Dec 31, 2007, 2:21 AM
Post #4 of 13 (2387 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Darren Tucker <dtucker@zip.com.au> changed:

What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
CC| |dtucker@zip.com.au




--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 2, 2008, 1:28 PM
Post #5 of 13 (2393 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #4 from Disco Vince Giffin <vgiffin@apple.com> 2008-01-03 08:28:22 ---
(In reply to comment #2)
> (From update of attachment 1417 [details])
> >+#if defined(__APPLE__)
> >+ /* don't have a aug_get_machine */
> >+ tid->at_addr[0] = inet_addr(host);
> >+ tid->at_type = 0;
> >+ snprintf(buf, sizeof(buf), "%08x", tid->at_addr[0]);
> >+ debug3("BSM audit: machine ID %s", buf);
> >+#else
>
> How does this cope with connections from IPv6 addresses?

This, unfortunately, does not cope with IPv6 addresses. I have filed a
bug in our system to have this addressed.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 2, 2008, 1:40 PM
Post #6 of 13 (2382 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #5 from Darren Tucker <dtucker@zip.com.au> 2008-01-03 08:40:55 ---
(In reply to comment #4)
> This, unfortunately, does not cope with IPv6 addresses. I have filed a
> bug in our system to have this addressed.

The code I posted (attachment #1422) does cope with IPv6 addresses, but
since the original patch doesn't I'm not sure that it will write a
record of the correct format.

On Solaris, AU_IPv6 = 16 and AU_IPv4 = 4. (There's also comment in
the header about them being the sizes of the addresses which might
cause trouble down the track if code assumes that's always the case and
another address types happen to be 16 bytes...)

>From patch 1417, it appears that Apple have made record type 0 to be
IPv4, the question is what's IPv6? My patch assumes 1.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 2, 2008, 4:32 PM
Post #7 of 13 (2386 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #6 from Disco Vince Giffin <vgiffin@apple.com> 2008-01-03 11:32:43 ---
(In reply to comment #5)
> (In reply to comment #4)
> > This, unfortunately, does not cope with IPv6 addresses. I have filed a
> > bug in our system to have this addressed.
>
> The code I posted (attachment #1422 [details]) does cope with IPv6 addresses, but
> since the original patch doesn't I'm not sure that it will write a
> record of the correct format.
>
> On Solaris, AU_IPv6 = 16 and AU_IPv4 = 4. (There's also comment in
> the header about them being the sizes of the addresses which might
> cause trouble down the track if code assumes that's always the case and
> another address types happen to be 16 bytes...)
>
> From patch 1417, it appears that Apple have made record type 0 to be
> IPv4, the question is what's IPv6? My patch assumes 1.

When this patch was created, we only supported IPv4 so the type was
just set to 0 (and not used). I expect that we will adopt the types
that are used in OpenBSM (AU_IPv6 = 16 and AU_IPv4 = 4) when IPv6
support is added.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 3, 2008, 2:47 AM
Post #8 of 13 (2379 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Darren Tucker <dtucker@zip.com.au> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1422 is|0 |1
obsolete| |




--- Comment #7 from Darren Tucker <dtucker@zip.com.au> 2008-01-03 21:47:51 ---
Created an attachment (id=1433)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1433)
Add aug_get_machine, make AU_IPv6 optional

In that case I think this is the way to do it. The patch should have
equivalent behaviour to your original patch on current platforms, and
should also work when AU_IPv6 is added. Could you please confirm?

Also: if there are any users of OpenBSM and/or FreeBSD out there that
could also test that would be appreciated.

Thanks.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 3, 2008, 11:41 AM
Post #9 of 13 (2382 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #8 from Disco Vince Giffin <vgiffin@apple.com> 2008-01-04 06:41:47 ---
(In reply to comment #7)
> In that case I think this is the way to do it. The patch should have
> equivalent behaviour to your original patch on current platforms, and
> should also work when AU_IPv6 is added. Could you please confirm?

This looks good.

Thank you, sir.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 7, 2008, 8:21 PM
Post #10 of 13 (2370 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Darren Tucker <dtucker@zip.com.au> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1353




--- Comment #9 from Darren Tucker <dtucker@zip.com.au> 2008-01-08 15:21:27 ---
(In reply to comment #8)
> This looks good.

By "looks good" do you mean that it behaves correctly when tested? If
it has been tested then I'm ok with putting it in 4.8.

> Thank you, sir.

You're welcome.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 7, 2008, 8:22 PM
Post #11 of 13 (2367 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Darren Tucker <dtucker@zip.com.au> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1433| |ok?
Flag| |




--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 19, 2008, 11:58 AM
Post #12 of 13 (2335 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420


Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #1433|ok? |ok+
Flag| |




--- Comment #10 from Damien Miller <djm@mindrot.org> 2008-01-20 06:58:51 ---
(From update of attachment 1433)
ok

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1420] BSM support on Mac OS X [ In reply to ]
bugzilla-daemon at bugzilla
Jan 21, 2008, 1:13 PM
Post #13 of 13 (2322 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=1420





--- Comment #11 from Disco Vince Giffin <vgiffin@apple.com> 2008-01-22 08:13:10 ---
(In reply to comment #9)
> (In reply to comment #8)
> > This looks good.
>
> By "looks good" do you mean that it behaves correctly when tested? If
> it has been tested then I'm ok with putting it in 4.8.

Yes. Our normal build process doesn't run autoconf, so I did have to
run that manually and augment the patch (with hunks for configure and
config.h.in). After that it worked as expected.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal