|
version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2013/07/22 10:46:12
|
|
Line 1
|
Line 1
|
| /* |
/* |
| * Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
| * Copyright (c) 2009 Christian S.J. Peron |
* Copyright (c) 2009 Christian S.J. Peron |
| * |
* |
| * Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
|
Line 57 audit_sudo_selected(int sf)
|
Line 57 audit_sudo_selected(int sf)
|
| if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
| if (errno == ENOSYS) { |
if (errno == ENOSYS) { |
| if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| mask = &ainfo.ai_mask; |
mask = &ainfo.ai_mask; |
| } else |
} else |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| } else |
} else |
| mask = &ainfo_addr.ai_mask; |
mask = &ainfo_addr.ai_mask; |
| sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
|
Line 87 bsm_audit_success(char **exec_args)
|
Line 87 bsm_audit_success(char **exec_args)
|
| if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
| if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
| return; |
return; |
| error(1, _("Could not determine audit condition")); | fatal(_("Could not determine audit condition")); |
| } |
} |
| if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
| debug_return; |
debug_return; |
|
Line 98 bsm_audit_success(char **exec_args)
|
Line 98 bsm_audit_success(char **exec_args)
|
| if (!audit_sudo_selected(0)) |
if (!audit_sudo_selected(0)) |
| debug_return; |
debug_return; |
| if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
| error(1, _("getauid failed")); | fatal("getauid"); |
| if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
| error(1, _("au_open: failed")); | fatal("au_open"); |
| if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
| tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
| getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
|
Line 109 bsm_audit_success(char **exec_args)
|
Line 109 bsm_audit_success(char **exec_args)
|
| * NB: We should probably watch out for ERANGE here. |
* NB: We should probably watch out for ERANGE here. |
| */ |
*/ |
| if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
| getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
| } else |
} else |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| tok = au_to_return32(0, 0); |
tok = au_to_return32(0, 0); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
| error(1, _("unable to commit audit record")); | fatal(_("unable to commit audit record")); |
| debug_return; |
debug_return; |
| } |
} |
| |
|
|
Line 150 bsm_audit_failure(char **exec_args, char const *const
|
Line 150 bsm_audit_failure(char **exec_args, char const *const
|
| if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { |
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { |
| if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
| debug_return; |
debug_return; |
| error(1, _("Could not determine audit condition")); | fatal(_("Could not determine audit condition")); |
| } |
} |
| if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
| debug_return; |
debug_return; |
| if (!audit_sudo_selected(1)) |
if (!audit_sudo_selected(1)) |
| debug_return; |
debug_return; |
| if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
| error(1, _("getauid: failed")); | fatal("getauid"); |
| if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
| error(1, _("au_open: failed")); | fatal("au_open"); |
| if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
| tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
| getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
| } else if (errno == ENOSYS) { |
} else if (errno == ENOSYS) { |
| if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
| getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
| } else |
} else |
| error(1, _("getaudit: failed")); | fatal("getaudit"); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| (void) vsnprintf(text, sizeof(text), fmt, ap); |
(void) vsnprintf(text, sizeof(text), fmt, ap); |
| tok = au_to_text(text); |
tok = au_to_text(text); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_text: failed")); | fatal("au_to_text"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| tok = au_to_return32(EPERM, 1); |
tok = au_to_return32(EPERM, 1); |
| if (tok == NULL) |
if (tok == NULL) |
| error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
| au_write(aufd, tok); |
au_write(aufd, tok); |
| if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
| error(1, _("unable to commit audit record")); | fatal(_("unable to commit audit record")); |
| debug_return; |
debug_return; |
| } |
} |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bsm_audit.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers