summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.in2
-rw-r--r--config-bot.h5
-rw-r--r--config.h.in5
-rwxr-xr-xconfigure8
-rw-r--r--configure.in6
-rw-r--r--debian/control6
-rwxr-xr-xdebian/rules1
-rw-r--r--doc/bash.117
-rw-r--r--eval.c56
-rw-r--r--externs.h4
-rw-r--r--flags.c6
-rw-r--r--flags.h4
-rw-r--r--shell.c30
13 files changed, 4 insertions, 146 deletions
diff --git a/Makefile.in b/Makefile.in
index f792c37..421458f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -365,8 +365,6 @@ MALLOC_LIBRARY = @MALLOC_LIBRARY@
MALLOC_LDFLAGS = @MALLOC_LDFLAGS@
MALLOC_DEP = @MALLOC_DEP@
-AUDIT_LIB = @AUDIT_LIB@
-
ALLOC_HEADERS = $(ALLOC_LIBSRC)/getpagesize.h $(ALLOC_LIBSRC)/shmalloc.h \
$(ALLOC_LIBSRC)/imalloc.h $(ALLOC_LIBSRC)/mstats.h \
$(ALLOC_LIBSRC)/table.h $(ALLOC_LIBSRC)/watch.h
diff --git a/config-bot.h b/config-bot.h
index aca6578..ffa393b 100644
--- a/config-bot.h
+++ b/config-bot.h
@@ -97,11 +97,6 @@
# define RESTRICTED_SHELL_NAME "rbash"
#endif
-/* If the shell is called by this name, it will become audited. */
-#if defined (AUDIT_SHELL)
-# define AUDIT_SHELL_NAME "vbash"
-#endif
-
/***********************************************************/
/* Make sure feature defines have necessary prerequisites. */
/***********************************************************/
diff --git a/config.h.in b/config.h.in
index e1846a8..0ae1f1c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -81,11 +81,6 @@
flag. */
#undef RESTRICTED_SHELL
-/* Define AUDIT_SHELL if you want the generated shell to audit all
- actions performed by root account. The shell thus generated can become
- audited by being run with the name "vbash". */
-#undef AUDIT_SHELL
-
/* Define DISABLED_BUILTINS if you want "builtin foo" to always run the
shell builtin "foo", even if it has been disabled with "enable -n foo". */
#undef DISABLED_BUILTINS
diff --git a/configure b/configure
index 9e31790..d97ef5b 100755
--- a/configure
+++ b/configure
@@ -678,7 +678,6 @@ HELPDIR
HELPDIRDEFINE
HELPINSTALL
HELPSTRINGS
-AUDIT_LIB
CC
CFLAGS
LDFLAGS
@@ -2468,13 +2467,6 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
fi
-if test $opt_audit = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define AUDIT_SHELL 1
-_ACEOF
-
-AUDIT_LIB='-laudit'
-fi
if test $opt_process_subst = yes; then
cat >>confdefs.h <<\_ACEOF
#define PROCESS_SUBSTITUTION 1
diff --git a/configure.in b/configure.in
index 9807f68..7c1aac2 100644
--- a/configure.in
+++ b/configure.in
@@ -256,10 +256,6 @@ fi
if test $opt_restricted = yes; then
AC_DEFINE(RESTRICTED_SHELL)
fi
-if test $opt_audit = yes; then
-AC_DEFINE(AUDIT_SHELL)
-AUDIT_LIB='-laudit'
-fi
if test $opt_process_subst = yes; then
AC_DEFINE(PROCESS_SUBSTITUTION)
fi
@@ -361,8 +357,6 @@ AC_SUBST(HELPDIRDEFINE)
AC_SUBST(HELPINSTALL)
AC_SUBST(HELPSTRINGS)
-AC_SUBST(AUDIT_LIB)
-
echo ""
echo "Beginning configuration for bash-$BASHVERS-$RELSTATUS for ${host_cpu}-${host_vendor}-${host_os}"
echo ""
diff --git a/debian/control b/debian/control
index ad32344..5efa3fe 100644
--- a/debian/control
+++ b/debian/control
@@ -4,15 +4,13 @@ Priority: optional
Maintainer: Vyatta Package Maintainers <maintainers@vyatta.com>
Standards-Version: 3.6.2
Build-Depends: autoconf, patch, bison, libncurses5-dev, texinfo, autotools-dev,
- debhelper (>= 4.1), texi2html, locales, libaudit-dev
+ debhelper (>= 4.1), texi2html, locales
Build-Depends-Indep: tetex-bin
Package: vyatta-bash
Architecture: any
Pre-Depends: ${shlibs:Pre-Depends}
-Depends: base-files (>= 2.1.12), debianutils (>= 2.15),
- bash (>= 3.1), libaudit0
-Suggests: auditd
+Depends: base-files (>= 2.1.12), debianutils (>= 2.15), bash (>= 3.1)
Section: shells
Priority: optional
Description: The Vyatta Shell based on GNU bash
diff --git a/debian/rules b/debian/rules
index 95f95bf..0ff2789 100755
--- a/debian/rules
+++ b/debian/rules
@@ -43,7 +43,6 @@ d = debian/$(p)
conf_args = \
--with-curses \
--disable-net-redirections \
- --enable-audit \
--enable-largefile \
--prefix=/usr \
--infodir=/usr/share/info \
diff --git a/doc/bash.1 b/doc/bash.1
index 8cc22b8..fe0dba0 100644
--- a/doc/bash.1
+++ b/doc/bash.1
@@ -155,12 +155,6 @@ single-character options to be recognized.
.PP
.PD 0
.TP
-.B \-\-audit
-The shell logs all commands run by the root user (see
-.SM
-.B "AUDIT SHELL"
-below).
-.TP
.B \-\-debugger
Arrange for the debugger profile to be executed before the shell
starts.
@@ -8802,17 +8796,6 @@ turns off any restrictions in the shell spawned to execute the
script.
.\" end of rbash.1
.if \n(zY=1 .ig zY
-.SH "AUDIT SHELL"
-.zY
-.PP
-If
-.B bash
-is started with the name
-.BR aubash ,
-or the
-.B \-\-audit
-option is supplied at invocation, the shell logs all commands issued by the root user to the audit system.
-.if \n(zY=1 .ig zY
.SH "SEE ALSO"
.PD 0
.TP
diff --git a/eval.c b/eval.c
index 8c8d39c..293d177 100644
--- a/eval.c
+++ b/eval.c
@@ -45,12 +45,6 @@
# include "bashhist.h"
#endif
-#if defined (AUDIT_SHELL)
-# include "filecntl.h"
-# include <libaudit.h>
-# include <errno.h>
-#endif
-
extern int EOF_reached;
extern int indirection_level;
extern int posixly_correct;
@@ -68,51 +62,13 @@ extern char *current_readline_line;
extern int current_readline_line_index;
#endif
-#if defined (AUDIT_SHELL)
-static int audit_fd = -1;
-static char *audit_tty;
-
-static int
-audit_start ()
-{
- if (audit_fd < 0)
- {
- audit_fd = audit_open ();
- if (audit_fd < 0)
- {
- if (errno != EINVAL && errno != EPROTONOSUPPORT
- && errno != EAFNOSUPPORT)
- return -1;
- }
- else
- SET_CLOSE_ON_EXEC(audit_fd);
- }
-
- if (audit_tty == NULL)
- {
- char *tty = ttyname(fileno(stdin));
- if (tty)
- audit_tty = strdup(tty);
- }
-
- return 0;
-}
-
-static void
-audit (result)
- int result;
-{
- audit_log_user_command (audit_fd, AUDIT_USER_CMD, current_readline_line,
- audit_tty, result == EXECUTION_SUCCESS);
-}
-#endif
/* Read and execute commands until EOF is reached. This assumes that
the input source has already been initialized. */
int
reader_loop ()
{
- int our_indirection_level, result;
+ int our_indirection_level;
COMMAND * volatile current_command;
current_command = (COMMAND *)NULL;
@@ -120,11 +76,6 @@ reader_loop ()
our_indirection_level = ++indirection_level;
-#if defined (AUDIT_SHELL)
- if (audited && interactive_shell && audit_start () < 0)
- return EXECUTION_FAILURE;
-#endif
-
while (EOF_Reached == 0)
{
int code;
@@ -200,10 +151,7 @@ reader_loop ()
executing = 1;
stdin_redir = 0;
- result = execute_command (current_command);
-#if defined (AUDIT_SHELL)
- audit (result);
-#endif
+ execute_command (current_command);
exec_done:
QUIT;
diff --git a/externs.h b/externs.h
index f60d354..bc28eda 100644
--- a/externs.h
+++ b/externs.h
@@ -77,10 +77,6 @@ extern int shell_is_restricted __P((char *));
extern int maybe_make_restricted __P((char *));
#endif
-#if defined (AUDIT_SHELL)
-extern int maybe_make_audited __P((char *));
-#endif
-
extern void unset_bash_input __P((int));
extern void get_current_user_info __P((void));
diff --git a/flags.c b/flags.c
index e50d6dc..0c0868b 100644
--- a/flags.c
+++ b/flags.c
@@ -142,12 +142,6 @@ int restricted = 0; /* currently restricted */
int restricted_shell = 0; /* shell was started in restricted mode. */
#endif /* RESTRICTED_SHELL */
-#if defined (AUDIT_SHELL)
-/* Non-zero means that this shell is audited. An audited shell records
- each command that the root user executes. */
-int audited = 0; /* shell was started in audit mode. */
-#endif /* AUDIT_SHELL */
-
/* Non-zero means that this shell is running in `privileged' mode. This
is required if the shell is to run setuid. If the `-p' option is
not supplied at startup, and the real and effective uids or gids
diff --git a/flags.h b/flags.h
index 1ee63c8..f16e604 100644
--- a/flags.h
+++ b/flags.h
@@ -66,10 +66,6 @@ extern int restricted;
extern int restricted_shell;
#endif /* RESTRICTED_SHELL */
-#if defined (AUDIT_SHELL)
-extern int audited;
-#endif /* AUDIT_SHELL */
-
extern int *find_flag __P((int));
extern int change_flag __P((int, int));
extern char *which_set_flags __P((void));
diff --git a/shell.c b/shell.c
index 9836035..1aac510 100644
--- a/shell.c
+++ b/shell.c
@@ -236,9 +236,6 @@ struct {
#if defined (RESTRICTED_SHELL)
{ "restricted", Int, &restricted, (char **)0x0 },
#endif
-#if defined (AUDIT_SHELL)
- { "audit", Int, &audited, (char **)0x0 },
-#endif
{ "verbose", Int, &echo_input_at_read, (char **)0x0 },
{ "version", Int, &do_version, (char **)0x0 },
{ "wordexp", Int, &wordexp_only, (char **)0x0 },
@@ -637,10 +634,6 @@ main (argc, argv, env)
maybe_make_restricted (shell_name);
#endif /* RESTRICTED_SHELL */
-#if defined (AUDIT_SHELL)
- maybe_make_audited (shell_name);
-#endif
-
if (wordexp_only)
{
startup_state = 3;
@@ -1140,29 +1133,6 @@ maybe_make_restricted (name)
}
#endif /* RESTRICTED_SHELL */
-#if defined (AUDIT_SHELL)
-/* Perhaps make this shell an `audited' one, based on NAME. If the
- basename of NAME is "vbash", then this shell is audited. The
- name of the audited shell is a configurable option, see config.h.
- In an audited shell, all actions performed by root will be logged
- to the audit system.
- Do this also if `audited' is already set to 1 maybe the shell was
- started with --audit. */
-int
-maybe_make_audited (name)
- char *name;
-{
- char *temp;
-
- temp = base_pathname (name);
- if (*temp == '-')
- temp++;
- if (audited || (STREQ (temp, AUDIT_SHELL_NAME)))
- audited = 1;
- return (audited);
-}
-#endif /* AUDIT_SHELL */
-
/* Fetch the current set of uids and gids and return 1 if we're running
setuid or setgid. */
static int