diff options
| -rw-r--r-- | Makefile.in | 2 | ||||
| -rw-r--r-- | config-bot.h | 5 | ||||
| -rw-r--r-- | config.h.in | 5 | ||||
| -rwxr-xr-x | configure | 8 | ||||
| -rw-r--r-- | configure.in | 6 | ||||
| -rw-r--r-- | debian/control | 6 | ||||
| -rwxr-xr-x | debian/rules | 1 | ||||
| -rw-r--r-- | doc/bash.1 | 17 | ||||
| -rw-r--r-- | eval.c | 56 | ||||
| -rw-r--r-- | externs.h | 4 | ||||
| -rw-r--r-- | flags.c | 6 | ||||
| -rw-r--r-- | flags.h | 4 | ||||
| -rw-r--r-- | shell.c | 30 |
13 files changed, 4 insertions, 146 deletions
diff --git a/Makefile.in b/Makefile.in index f792c37..421458f 100644 --- a/Makefile.in +++ b/Makefile.in @@ -365,8 +365,6 @@ MALLOC_LIBRARY = @MALLOC_LIBRARY@ MALLOC_LDFLAGS = @MALLOC_LDFLAGS@ MALLOC_DEP = @MALLOC_DEP@ -AUDIT_LIB = @AUDIT_LIB@ - ALLOC_HEADERS = $(ALLOC_LIBSRC)/getpagesize.h $(ALLOC_LIBSRC)/shmalloc.h \ $(ALLOC_LIBSRC)/imalloc.h $(ALLOC_LIBSRC)/mstats.h \ $(ALLOC_LIBSRC)/table.h $(ALLOC_LIBSRC)/watch.h diff --git a/config-bot.h b/config-bot.h index aca6578..ffa393b 100644 --- a/config-bot.h +++ b/config-bot.h @@ -97,11 +97,6 @@ # define RESTRICTED_SHELL_NAME "rbash" #endif -/* If the shell is called by this name, it will become audited. */ -#if defined (AUDIT_SHELL) -# define AUDIT_SHELL_NAME "vbash" -#endif - /***********************************************************/ /* Make sure feature defines have necessary prerequisites. */ /***********************************************************/ diff --git a/config.h.in b/config.h.in index e1846a8..0ae1f1c 100644 --- a/config.h.in +++ b/config.h.in @@ -81,11 +81,6 @@ flag. */ #undef RESTRICTED_SHELL -/* Define AUDIT_SHELL if you want the generated shell to audit all - actions performed by root account. The shell thus generated can become - audited by being run with the name "vbash". */ -#undef AUDIT_SHELL - /* Define DISABLED_BUILTINS if you want "builtin foo" to always run the shell builtin "foo", even if it has been disabled with "enable -n foo". */ #undef DISABLED_BUILTINS @@ -678,7 +678,6 @@ HELPDIR HELPDIRDEFINE HELPINSTALL HELPSTRINGS -AUDIT_LIB CC CFLAGS LDFLAGS @@ -2468,13 +2467,6 @@ cat >>confdefs.h <<\_ACEOF _ACEOF fi -if test $opt_audit = yes; then -cat >>confdefs.h <<\_ACEOF -#define AUDIT_SHELL 1 -_ACEOF - -AUDIT_LIB='-laudit' -fi if test $opt_process_subst = yes; then cat >>confdefs.h <<\_ACEOF #define PROCESS_SUBSTITUTION 1 diff --git a/configure.in b/configure.in index 9807f68..7c1aac2 100644 --- a/configure.in +++ b/configure.in @@ -256,10 +256,6 @@ fi if test $opt_restricted = yes; then AC_DEFINE(RESTRICTED_SHELL) fi -if test $opt_audit = yes; then -AC_DEFINE(AUDIT_SHELL) -AUDIT_LIB='-laudit' -fi if test $opt_process_subst = yes; then AC_DEFINE(PROCESS_SUBSTITUTION) fi @@ -361,8 +357,6 @@ AC_SUBST(HELPDIRDEFINE) AC_SUBST(HELPINSTALL) AC_SUBST(HELPSTRINGS) -AC_SUBST(AUDIT_LIB) - echo "" echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}" echo "" diff --git a/debian/control b/debian/control index ad32344..5efa3fe 100644 --- a/debian/control +++ b/debian/control @@ -4,15 +4,13 @@ Priority: optional Maintainer: Vyatta Package Maintainers <maintainers@vyatta.com> Standards-Version: 3.6.2 Build-Depends: autoconf, patch, bison, libncurses5-dev, texinfo, autotools-dev, - debhelper (>= 4.1), texi2html, locales, libaudit-dev + debhelper (>= 4.1), texi2html, locales Build-Depends-Indep: tetex-bin Package: vyatta-bash Architecture: any Pre-Depends: ${shlibs:Pre-Depends} -Depends: base-files (>= 2.1.12), debianutils (>= 2.15), - bash (>= 3.1), libaudit0 -Suggests: auditd +Depends: base-files (>= 2.1.12), debianutils (>= 2.15), bash (>= 3.1) Section: shells Priority: optional Description: The Vyatta Shell based on GNU bash diff --git a/debian/rules b/debian/rules index 95f95bf..0ff2789 100755 --- a/debian/rules +++ b/debian/rules @@ -43,7 +43,6 @@ d = debian/$(p) conf_args = \ --with-curses \ --disable-net-redirections \ - --enable-audit \ --enable-largefile \ --prefix=/usr \ --infodir=/usr/share/info \ @@ -155,12 +155,6 @@ single-character options to be recognized. .PP .PD 0 .TP -.B \-\-audit -The shell logs all commands run by the root user (see -.SM -.B "AUDIT SHELL" -below). -.TP .B \-\-debugger Arrange for the debugger profile to be executed before the shell starts. @@ -8802,17 +8796,6 @@ turns off any restrictions in the shell spawned to execute the script. .\" end of rbash.1 .if \n(zY=1 .ig zY -.SH "AUDIT SHELL" -.zY -.PP -If -.B bash -is started with the name -.BR aubash , -or the -.B \-\-audit -option is supplied at invocation, the shell logs all commands issued by the root user to the audit system. -.if \n(zY=1 .ig zY .SH "SEE ALSO" .PD 0 .TP @@ -45,12 +45,6 @@ # include "bashhist.h" #endif -#if defined (AUDIT_SHELL) -# include "filecntl.h" -# include <libaudit.h> -# include <errno.h> -#endif - extern int EOF_reached; extern int indirection_level; extern int posixly_correct; @@ -68,51 +62,13 @@ extern char *current_readline_line; extern int current_readline_line_index; #endif -#if defined (AUDIT_SHELL) -static int audit_fd = -1; -static char *audit_tty; - -static int -audit_start () -{ - if (audit_fd < 0) - { - audit_fd = audit_open (); - if (audit_fd < 0) - { - if (errno != EINVAL && errno != EPROTONOSUPPORT - && errno != EAFNOSUPPORT) - return -1; - } - else - SET_CLOSE_ON_EXEC(audit_fd); - } - - if (audit_tty == NULL) - { - char *tty = ttyname(fileno(stdin)); - if (tty) - audit_tty = strdup(tty); - } - - return 0; -} - -static void -audit (result) - int result; -{ - audit_log_user_command (audit_fd, AUDIT_USER_CMD, current_readline_line, - audit_tty, result == EXECUTION_SUCCESS); -} -#endif /* Read and execute commands until EOF is reached. This assumes that the input source has already been initialized. */ int reader_loop () { - int our_indirection_level, result; + int our_indirection_level; COMMAND * volatile current_command; current_command = (COMMAND *)NULL; @@ -120,11 +76,6 @@ reader_loop () our_indirection_level = ++indirection_level; -#if defined (AUDIT_SHELL) - if (audited && interactive_shell && audit_start () < 0) - return EXECUTION_FAILURE; -#endif - while (EOF_Reached == 0) { int code; @@ -200,10 +151,7 @@ reader_loop () executing = 1; stdin_redir = 0; - result = execute_command (current_command); -#if defined (AUDIT_SHELL) - audit (result); -#endif + execute_command (current_command); exec_done: QUIT; @@ -77,10 +77,6 @@ extern int shell_is_restricted __P((char *)); extern int maybe_make_restricted __P((char *)); #endif -#if defined (AUDIT_SHELL) -extern int maybe_make_audited __P((char *)); -#endif - extern void unset_bash_input __P((int)); extern void get_current_user_info __P((void)); @@ -142,12 +142,6 @@ int restricted = 0; /* currently restricted */ int restricted_shell = 0; /* shell was started in restricted mode. */ #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -/* Non-zero means that this shell is audited. An audited shell records - each command that the root user executes. */ -int audited = 0; /* shell was started in audit mode. */ -#endif /* AUDIT_SHELL */ - /* Non-zero means that this shell is running in `privileged' mode. This is required if the shell is to run setuid. If the `-p' option is not supplied at startup, and the real and effective uids or gids @@ -66,10 +66,6 @@ extern int restricted; extern int restricted_shell; #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -extern int audited; -#endif /* AUDIT_SHELL */ - extern int *find_flag __P((int)); extern int change_flag __P((int, int)); extern char *which_set_flags __P((void)); @@ -236,9 +236,6 @@ struct { #if defined (RESTRICTED_SHELL) { "restricted", Int, &restricted, (char **)0x0 }, #endif -#if defined (AUDIT_SHELL) - { "audit", Int, &audited, (char **)0x0 }, -#endif { "verbose", Int, &echo_input_at_read, (char **)0x0 }, { "version", Int, &do_version, (char **)0x0 }, { "wordexp", Int, &wordexp_only, (char **)0x0 }, @@ -637,10 +634,6 @@ main (argc, argv, env) maybe_make_restricted (shell_name); #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) - maybe_make_audited (shell_name); -#endif - if (wordexp_only) { startup_state = 3; @@ -1140,29 +1133,6 @@ maybe_make_restricted (name) } #endif /* RESTRICTED_SHELL */ -#if defined (AUDIT_SHELL) -/* Perhaps make this shell an `audited' one, based on NAME. If the - basename of NAME is "vbash", then this shell is audited. The - name of the audited shell is a configurable option, see config.h. - In an audited shell, all actions performed by root will be logged - to the audit system. - Do this also if `audited' is already set to 1 maybe the shell was - started with --audit. */ -int -maybe_make_audited (name) - char *name; -{ - char *temp; - - temp = base_pathname (name); - if (*temp == '-') - temp++; - if (audited || (STREQ (temp, AUDIT_SHELL_NAME))) - audited = 1; - return (audited); -} -#endif /* AUDIT_SHELL */ - /* Fetch the current set of uids and gids and return 1 if we're running setuid or setgid. */ static int |