version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.5, 2014/06/15 16:12:54
|
Line 1
|
Line 1
|
/* |
/* |
* Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com> | * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com> |
* Copyright (c) 2009 Christian S.J. Peron |
* Copyright (c) 2009 Christian S.J. Peron |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
Line 30
|
Line 30
|
#include <errno.h> |
#include <errno.h> |
#include <unistd.h> |
#include <unistd.h> |
|
|
#include "gettext.h" | #define DEFAULT_TEXT_DOMAIN "sudoers" |
#include "error.h" | #include "gettext.h" /* must be included before missing.h */ |
| |
| #include "missing.h" |
| #include "fatal.h" |
#include "sudo_debug.h" |
#include "sudo_debug.h" |
#include "bsm_audit.h" |
#include "bsm_audit.h" |
|
|
Line 57 audit_sudo_selected(int sf)
|
Line 60 audit_sudo_selected(int sf)
|
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { |
if (errno == ENOSYS) { |
if (errno == ENOSYS) { |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
mask = &ainfo.ai_mask; |
mask = &ainfo.ai_mask; |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
} else |
} else |
mask = &ainfo_addr.ai_mask; |
mask = &ainfo_addr.ai_mask; |
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; |
Line 87 bsm_audit_success(char **exec_args)
|
Line 90 bsm_audit_success(char **exec_args)
|
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
return; |
return; |
error(1, _("Could not determine audit condition")); | fatal(U_("Could not determine audit condition")); |
} |
} |
if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
debug_return; |
debug_return; |
Line 98 bsm_audit_success(char **exec_args)
|
Line 101 bsm_audit_success(char **exec_args)
|
if (!audit_sudo_selected(0)) |
if (!audit_sudo_selected(0)) |
debug_return; |
debug_return; |
if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
error(1, _("getauid failed")); | fatal("getauid"); |
if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
error(1, _("au_open: failed")); | fatal("au_open"); |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
Line 109 bsm_audit_success(char **exec_args)
|
Line 112 bsm_audit_success(char **exec_args)
|
* NB: We should probably watch out for ERANGE here. |
* NB: We should probably watch out for ERANGE here. |
*/ |
*/ |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_return32(0, 0); |
tok = au_to_return32(0, 0); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
|
#ifdef __sun |
|
if (au_close(aufd, 1, AUE_sudo, 0) == -1) |
|
#else |
if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
error(1, _("unable to commit audit record")); | #endif |
| fatal(U_("unable to commit audit record")); |
debug_return; |
debug_return; |
} |
} |
|
|
Line 147 bsm_audit_failure(char **exec_args, char const *const
|
Line 154 bsm_audit_failure(char **exec_args, char const *const
|
/* |
/* |
* If we are not auditing, don't cut an audit record; just return. |
* If we are not auditing, don't cut an audit record; just return. |
*/ |
*/ |
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { | if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { |
if (errno == AUDIT_NOT_CONFIGURED) |
if (errno == AUDIT_NOT_CONFIGURED) |
debug_return; |
debug_return; |
error(1, _("Could not determine audit condition")); | fatal(U_("Could not determine audit condition")); |
} |
} |
if (au_cond == AUC_NOAUDIT) |
if (au_cond == AUC_NOAUDIT) |
debug_return; |
debug_return; |
if (!audit_sudo_selected(1)) |
if (!audit_sudo_selected(1)) |
debug_return; |
debug_return; |
if (getauid(&auid) < 0) |
if (getauid(&auid) < 0) |
error(1, _("getauid: failed")); | fatal("getauid"); |
if ((aufd = au_open()) == -1) |
if ((aufd = au_open()) == -1) |
error(1, _("au_open: failed")); | fatal("au_open"); |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
getuid(), pid, pid, &ainfo_addr.ai_termid); |
} else if (errno == ENOSYS) { |
} else if (errno == ENOSYS) { |
if (getaudit(&ainfo) < 0) |
if (getaudit(&ainfo) < 0) |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
tok = au_to_subject(auid, geteuid(), getegid(), getuid(), |
getuid(), pid, pid, &ainfo.ai_termid); |
getuid(), pid, pid, &ainfo.ai_termid); |
} else |
} else |
error(1, _("getaudit: failed")); | fatal("getaudit"); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_subject: failed")); | fatal("au_to_subject"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_exec_args(exec_args); |
tok = au_to_exec_args(exec_args); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_exec_args: failed")); | fatal("au_to_exec_args"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
(void) vsnprintf(text, sizeof(text), fmt, ap); |
(void) vsnprintf(text, sizeof(text), fmt, ap); |
tok = au_to_text(text); |
tok = au_to_text(text); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_text: failed")); | fatal("au_to_text"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
tok = au_to_return32(EPERM, 1); |
tok = au_to_return32(EPERM, 1); |
if (tok == NULL) |
if (tok == NULL) |
error(1, _("au_to_return32: failed")); | fatal("au_to_return32"); |
au_write(aufd, tok); |
au_write(aufd, tok); |
|
#ifdef __sun |
|
if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1) |
|
#else |
if (au_close(aufd, 1, AUE_sudo) == -1) |
if (au_close(aufd, 1, AUE_sudo) == -1) |
error(1, _("unable to commit audit record")); | #endif |
| fatal(U_("unable to commit audit record")); |
debug_return; |
debug_return; |
} |
} |