version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2013/07/22 10:46:12
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 2009 Christian S.J. Peron |
* Copyright (c) 2009 Christian S.J. Peron |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 57 audit_sudo_selected(int sf)
|
Line 57 audit_sudo_selected(int sf)
|
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
if (errno == ENOSYS) { |
if (errno == ENOSYS) { |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
mask = &ainfo.ai_mask; |
mask = &ainfo.ai_mask; |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
} else |
} else |
mask = &ainfo_addr.ai_mask; |
mask = &ainfo_addr.ai_mask; |
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
Line 87 bsm_audit_success(char **exec_args)
|
Line 87 bsm_audit_success(char **exec_args)
|
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
return; |
return; |
error(1, _("Could not determine audit condition")); | fatal(_("Could not determine audit condition")); |
} |
} |
if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
debug_return; |
debug_return; |
Line 98 bsm_audit_success(char **exec_args)
|
Line 98 bsm_audit_success(char **exec_args)
|
if (!audit_sudo_selected(0)) |
if (!audit_sudo_selected(0)) |
debug_return; |
debug_return; |
if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
error(1, _("getauid failed")); | fatal("getauid"); |
if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
error(1, _("au_open: failed")); | fatal("au_open"); |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
Line 109 bsm_audit_success(char **exec_args)
|
Line 109 bsm_audit_success(char **exec_args)
|
* NB: We should probably watch out for ERANGE here. |
* NB: We should probably watch out for ERANGE here. |
*/ |
*/ |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_return32(0, 0); |
tok = au_to_return32(0, 0); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
error(1, _("unable to commit audit record")); | fatal(_("unable to commit audit record")); |
debug_return; |
debug_return; |
} |
} |
|
|
Line 150 bsm_audit_failure(char **exec_args, char const *const
|
Line 150 bsm_audit_failure(char **exec_args, char const *const
|
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { |
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { |
if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
debug_return; |
debug_return; |
error(1, _("Could not determine audit condition")); | fatal(_("Could not determine audit condition")); |
} |
} |
if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
debug_return; |
debug_return; |
if (!audit_sudo_selected(1)) |
if (!audit_sudo_selected(1)) |
debug_return; |
debug_return; |
if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
error(1, _("getauid: failed")); | fatal("getauid"); |
if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
error(1, _("au_open: failed")); | fatal("au_open"); |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
} else if (errno == ENOSYS) { |
} else if (errno == ENOSYS) { |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
(void) vsnprintf(text, sizeof(text), fmt, ap); |
(void) vsnprintf(text, sizeof(text), fmt, ap); |
tok = au_to_text(text); |
tok = au_to_text(text); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_text: failed")); | fatal("au_to_text"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_return32(EPERM, 1); |
tok = au_to_return32(EPERM, 1); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
error(1, _("unable to commit audit record")); | fatal(_("unable to commit audit record")); |
debug_return; |
debug_return; |
} |
} |