Remove AUDIT_SHELL option

The concept of logging shell commands through audit subsystem
is not useful because it is too hard to configure, requires special
privledges, doesn't handle background commands, and is missing the
necessary information...

13 files changed, 4 insertions, 146 deletions

diff --git a/Makefile.in b/Makefile.in
index f792c37..421458f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -365,8 +365,6 @@ MALLOC_LIBRARY = @MALLOC_LIBRARY@
 MALLOC_LDFLAGS = @MALLOC_LDFLAGS@
 MALLOC_DEP = @MALLOC_DEP@
 
-AUDIT_LIB = @AUDIT_LIB@
-
 ALLOC_HEADERS = $(ALLOC_LIBSRC)/getpagesize.h $(ALLOC_LIBSRC)/shmalloc.h \
 		$(ALLOC_LIBSRC)/imalloc.h $(ALLOC_LIBSRC)/mstats.h \
 		$(ALLOC_LIBSRC)/table.h $(ALLOC_LIBSRC)/watch.h
diff --git a/config-bot.h b/config-bot.h
index aca6578..ffa393b 100644
--- a/config-bot.h
+++ b/config-bot.h
@@ -97,11 +97,6 @@
 #  define RESTRICTED_SHELL_NAME "rbash"
 #endif
 
-/* If the shell is called by this name, it will become audited. */
-#if defined (AUDIT_SHELL)
-#  define AUDIT_SHELL_NAME "vbash"
-#endif
-
 /***********************************************************/
 /* Make sure feature defines have necessary prerequisites. */
 /***********************************************************/
diff --git a/config.h.in b/config.h.in
index e1846a8..0ae1f1c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -81,11 +81,6 @@
    flag. */
 #undef RESTRICTED_SHELL
 
-/* Define AUDIT_SHELL if you want the generated shell to audit all
-   actions performed by root account.  The shell thus generated can become
-   audited by being run with the name "vbash". */
-#undef AUDIT_SHELL
-
 /* Define DISABLED_BUILTINS if you want "builtin foo" to always run the
    shell builtin "foo", even if it has been disabled with "enable -n foo". */
 #undef DISABLED_BUILTINS
diff --git a/configure b/configure
index 9e31790..d97ef5b 100755
--- a/configure
+++ b/configure
@@ -678,7 +678,6 @@ HELPDIR
 HELPDIRDEFINE
 HELPINSTALL
 HELPSTRINGS
-AUDIT_LIB
 CC
 CFLAGS
 LDFLAGS
@@ -2468,13 +2467,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 
 fi
-if test $opt_audit = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define AUDIT_SHELL 1
-_ACEOF
-
-AUDIT_LIB='-laudit'
-fi
 if test $opt_process_subst = yes; then
 cat >>confdefs.h <<\_ACEOF
 #define PROCESS_SUBSTITUTION 1
diff --git a/configure.in b/configure.in
index 9807f68..7c1aac2 100644
--- a/configure.in
+++ b/configure.in
@@ -256,10 +256,6 @@ fi
 if test $opt_restricted = yes; then
 AC_DEFINE(RESTRICTED_SHELL)
 fi
-if test $opt_audit = yes; then
-AC_DEFINE(AUDIT_SHELL)
-AUDIT_LIB='-laudit'
-fi
 if test $opt_process_subst = yes; then
 AC_DEFINE(PROCESS_SUBSTITUTION)
 fi
@@ -361,8 +357,6 @@ AC_SUBST(HELPDIRDEFINE)
 AC_SUBST(HELPINSTALL)
 AC_SUBST(HELPSTRINGS)
 
-AC_SUBST(AUDIT_LIB)
-
 echo ""
 echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}"
 echo ""
diff --git a/debian/control b/debian/control
index ad32344..5efa3fe 100644
--- a/debian/control
+++ b/debian/control
@@ -4,15 +4,13 @@ Priority: optional
 Maintainer: Vyatta Package Maintainers <maintainers@vyatta.com>
 Standards-Version: 3.6.2
 Build-Depends: autoconf, patch, bison, libncurses5-dev, texinfo, autotools-dev, 
-	       debhelper (>= 4.1), texi2html, locales, libaudit-dev
+	       debhelper (>= 4.1), texi2html, locales
 Build-Depends-Indep: tetex-bin
 
 Package: vyatta-bash
 Architecture: any
 Pre-Depends: ${shlibs:Pre-Depends}
-Depends: base-files (>= 2.1.12), debianutils (>= 2.15),
- bash (>= 3.1), libaudit0
-Suggests: auditd
+Depends: base-files (>= 2.1.12), debianutils (>= 2.15), bash (>= 3.1)
 Section: shells
 Priority: optional
 Description: The Vyatta Shell based on GNU bash
diff --git a/debian/rules b/debian/rules
index 95f95bf..0ff2789 100755
--- a/debian/rules
+++ b/debian/rules
@@ -43,7 +43,6 @@ d	= debian/$(p)
 conf_args = \
 	--with-curses \
 	--disable-net-redirections \
-	--enable-audit \
 	--enable-largefile \
 	--prefix=/usr \
 	--infodir=/usr/share/info \
diff --git a/doc/bash.1 b/doc/bash.1
index 8cc22b8..fe0dba0 100644
--- a/doc/bash.1
+++ b/doc/bash.1
@@ -155,12 +155,6 @@ single-character options to be recognized.
 .PP
 .PD 0
 .TP
-.B \-\-audit
-The shell logs all commands run by the root user (see
-.SM
-.B "AUDIT SHELL"
-below).
-.TP
 .B \-\-debugger
 Arrange for the debugger profile to be executed before the shell
 starts.
@@ -8802,17 +8796,6 @@ turns off any restrictions in the shell spawned to execute the
 script.
 .\" end of rbash.1
 .if \n(zY=1 .ig zY
-.SH "AUDIT SHELL"
-.zY
-.PP
-If
-.B bash
-is started with the name
-.BR aubash ,
-or the
-.B \-\-audit
-option is supplied at invocation, the shell logs all commands issued by the root user to the audit system.
-.if \n(zY=1 .ig zY
 .SH "SEE ALSO"
 .PD 0
 .TP
diff --git a/eval.c b/eval.c
index 8c8d39c..293d177 100644
--- a/eval.c
+++ b/eval.c
@@ -45,12 +45,6 @@
 #  include "bashhist.h"
 #endif
 
-#if defined (AUDIT_SHELL)
-#  include "filecntl.h"
-#  include <libaudit.h>
-#  include <errno.h>
-#endif
-
 extern int EOF_reached;
 extern int indirection_level;
 extern int posixly_correct;
@@ -68,51 +62,13 @@ extern char *current_readline_line;
 extern int current_readline_line_index;
 #endif
 
-#if defined (AUDIT_SHELL)
-static int audit_fd = -1;
-static char *audit_tty;
-
-static int
-audit_start ()
-{
-  if (audit_fd < 0)
-    {
-      audit_fd = audit_open ();
-      if (audit_fd < 0) 
-	{
-	  if (errno != EINVAL && errno != EPROTONOSUPPORT 
-	      && errno != EAFNOSUPPORT)
-	    return -1;
-	}
-      else
-	SET_CLOSE_ON_EXEC(audit_fd);
-    }
-
-  if (audit_tty == NULL)
-    {
-      char *tty = ttyname(fileno(stdin));
-      if (tty)
-	audit_tty = strdup(tty);
-    }
-
-  return 0;
-}
-
-static void
-audit (result)
-        int result;
-{
-  audit_log_user_command (audit_fd, AUDIT_USER_CMD, current_readline_line,
-			  audit_tty, result == EXECUTION_SUCCESS);
-}
-#endif
 
 /* Read and execute commands until EOF is reached.  This assumes that
    the input source has already been initialized. */
 int
 reader_loop ()
 {
-  int our_indirection_level, result;
+  int our_indirection_level;
   COMMAND * volatile current_command;
 
   current_command = (COMMAND *)NULL;
@@ -120,11 +76,6 @@ reader_loop ()
 
   our_indirection_level = ++indirection_level;
 
-#if defined (AUDIT_SHELL)
-  if (audited && interactive_shell && audit_start () < 0)
-	  return EXECUTION_FAILURE;
-#endif
-
   while (EOF_Reached == 0)
     {
       int code;
@@ -200,10 +151,7 @@ reader_loop ()
 	      executing = 1;
 	      stdin_redir = 0;
 
-	      result = execute_command (current_command);
-#if defined (AUDIT_SHELL)
-	      audit (result);
-#endif
+	      execute_command (current_command);
 
 	    exec_done:
 	      QUIT;
diff --git a/externs.h b/externs.h
index f60d354..bc28eda 100644
--- a/externs.h
+++ b/externs.h
@@ -77,10 +77,6 @@ extern int shell_is_restricted __P((char *));
 extern int maybe_make_restricted __P((char *));
 #endif
 
-#if defined (AUDIT_SHELL)
-extern int maybe_make_audited __P((char *));
-#endif
-
 extern void unset_bash_input __P((int));
 extern void get_current_user_info __P((void));
 
diff --git a/flags.c b/flags.c
index e50d6dc..0c0868b 100644
--- a/flags.c
+++ b/flags.c
@@ -142,12 +142,6 @@ int restricted = 0;		/* currently restricted */
 int restricted_shell = 0;	/* shell was started in restricted mode. */
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-/* Non-zero means that this shell is audited. An audited shell records
-   each command that the root user executes. */
-int audited = 0;		/* shell was started in audit mode. */
-#endif /* AUDIT_SHELL */
-
 /* Non-zero means that this shell is running in `privileged' mode.  This
    is required if the shell is to run setuid.  If the `-p' option is
    not supplied at startup, and the real and effective uids or gids
diff --git a/flags.h b/flags.h
index 1ee63c8..f16e604 100644
--- a/flags.h
+++ b/flags.h
@@ -66,10 +66,6 @@ extern int restricted;
 extern int restricted_shell;
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-extern int audited;
-#endif /* AUDIT_SHELL */
-
 extern int *find_flag __P((int));
 extern int change_flag __P((int, int));
 extern char *which_set_flags __P((void));
diff --git a/shell.c b/shell.c
index 9836035..1aac510 100644
--- a/shell.c
+++ b/shell.c
@@ -236,9 +236,6 @@ struct {
 #if defined (RESTRICTED_SHELL)
   { "restricted", Int, &restricted, (char **)0x0 },
 #endif
-#if defined (AUDIT_SHELL)
-  { "audit", Int, &audited, (char **)0x0 },
-#endif
   { "verbose", Int, &echo_input_at_read, (char **)0x0 },
   { "version", Int, &do_version, (char **)0x0 },
   { "wordexp", Int, &wordexp_only, (char **)0x0 },
@@ -637,10 +634,6 @@ main (argc, argv, env)
     maybe_make_restricted (shell_name);
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-    maybe_make_audited (shell_name);
-#endif
-
   if (wordexp_only)
     {
       startup_state = 3;
@@ -1140,29 +1133,6 @@ maybe_make_restricted (name)
 }
 #endif /* RESTRICTED_SHELL */
 
-#if defined (AUDIT_SHELL)
-/* Perhaps make this shell an `audited' one, based on NAME.  If the
-   basename of NAME is "vbash", then this shell is audited.  The
-   name of the audited shell is a configurable option, see config.h.
-   In an audited shell, all actions performed by root will be logged
-   to the audit system.
-   Do this also if `audited' is already set to 1 maybe the shell was
-   started with --audit. */
-int
-maybe_make_audited (name)
-     char *name;
-{
-  char *temp;
-
-  temp = base_pathname (name);
-  if (*temp == '-')
-    temp++;
-  if (audited || (STREQ (temp, AUDIT_SHELL_NAME)))
-    audited = 1;
-  return (audited);
-}
-#endif /* AUDIT_SHELL */
-
 /* Fetch the current set of uids and gids and return 1 if we're running
    setuid or setgid. */
 static int