Bugzilla Bug 298506: a first cut at Solaris auditing. The patch is
authorwtchang%redhat.com
Tue, 16 May 2006 01:04:05 +0000
changeset 7055 b4fdd7dfac22da8d287e0383e508482eccf150aa
parent 7053 a83b79e20de2147ef6d3d70bae0086d69908e50b
child 7059 cf7521a6661bcc008bdd3bf1704a805d955ab60d
push idunknown
push userunknown
push dateunknown
bugs298506
Bugzilla Bug 298506: a first cut at Solaris auditing. The patch is contributed by Glen Beasley of Sun. r=wtc. Modified Files: cmd/platlibs.mk lib/softoken/config.mk lib/softoken/fipstokn.c
security/nss/cmd/platlibs.mk
security/nss/lib/softoken/config.mk
security/nss/lib/softoken/fipstokn.c
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -131,16 +131,20 @@ EXTRA_SHARED_LIBS += \
 else
 EXTRA_SHARED_LIBS += \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
 	-lnspr4 \
 	$(NULL)
 endif
+
+ifeq ($(OS_TARGET), SunOS)
+OS_LIBS += -lbsm
+endif
 endif
 
 else # USE_STATIC_LIBS
 # can't do this in manifest.mn because OS_ARCH isn't defined there.
 ifeq ($(OS_ARCH), WINNT)
 
 # $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
 EXTRA_LIBS += \
--- a/security/nss/lib/softoken/config.mk
+++ b/security/nss/lib/softoken/config.mk
@@ -86,16 +86,17 @@ EXTRA_SHARED_LIBS += \
 	-lnspr4 \
 	$(NULL)
 endif
 
 ifeq ($(OS_TARGET),SunOS)
 # The -R '$ORIGIN' linker option instructs this library to search for its
 # dependencies in the same directory where it resides.
 MKSHLIB += -R '$$ORIGIN'
+OS_LIBS += -lbsm 
 endif
 
 ifeq ($(OS_TARGET),WINCE)
 DEFINES += -DDBM_USING_NSPR
 endif
 
 # indicates dependency on freebl static lib
 $(SHARED_LIBRARY): $(CRYPTOLIB)
--- a/security/nss/lib/softoken/fipstokn.c
+++ b/security/nss/lib/softoken/fipstokn.c
@@ -61,16 +61,21 @@
 #include <ctype.h>
 
 #ifdef XP_UNIX
 #define NSS_AUDIT_WITH_SYSLOG 1
 #include <syslog.h>
 #include <unistd.h>
 #endif
 
+#ifdef SOLARIS
+#include <bsm/libbsm.h>
+#define AUE_FIPS_AUDIT 34444
+#endif
+
 #ifdef LINUX
 #include <pthread.h>
 #include <dlfcn.h>
 #define LIBAUDIT_NAME "libaudit.so.0"
 #ifndef AUDIT_USER
 #define AUDIT_USER 1005  /* message type: message from userspace */
 #endif
 static void *libaudit_handle;
@@ -349,16 +354,44 @@ sftk_LogAuditMessage(NSSAuditSeverity se
 	    return;
 	}
 	audit_log_user_message_func(audit_fd, AUDIT_USER, message,
 				    NULL, NULL, NULL, result);
 	audit_close_func(audit_fd);
 	PR_smprintf_free(message);
     }
 #endif /* LINUX */
+#ifdef SOLARIS
+    {
+        int rd;
+        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
+
+        if (!message) {
+            return;
+        }
+
+        /* open the record descriptor */
+        if ((rd = au_open()) == -1) {
+            PR_smprintf_free(message);
+            return;
+        }
+
+        /* write the audit tokens to the audit record */
+        if (au_write(rd, au_to_text(message))) {
+            (void)au_close(rd, AU_TO_NO_WRITE, AUE_FIPS_AUDIT);
+            PR_smprintf_free(message);
+            return;
+        }
+
+        /* close the record and send it to the audit trail */
+        (void)au_close(rd, AU_TO_WRITE, AUE_FIPS_AUDIT);
+
+        PR_smprintf_free(message);
+    }
+#endif /* SOLARIS */
 #else
     /* do nothing */
 #endif
 }
 
 
 /**********************************************************************
  *