Annotation of embedaddon/sudo/plugins/sudoers/bsm_audit.c, revision 1.1.1.4
1.1 misho 1: /*
1.1.1.3 misho 2: * Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3: * Copyright (c) 2009 Christian S.J. Peron
4: *
5: * Permission to use, copy, modify, and distribute this software for any
6: * purpose with or without fee is hereby granted, provided that the above
7: * copyright notice and this permission notice appear in all copies.
8: *
9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: */
17:
18: #include <config.h>
19:
20: #include <sys/types.h>
21:
22: #include <bsm/audit.h>
23: #include <bsm/libbsm.h>
24: #include <bsm/audit_uevents.h>
25:
26: #include <stdio.h>
27: #include <string.h>
28: #include <stdarg.h>
29: #include <pwd.h>
30: #include <errno.h>
31: #include <unistd.h>
32:
1.1.1.4 ! misho 33: #include "missing.h"
! 34: #include "fatal.h"
1.1.1.2 misho 35: #include "gettext.h"
36: #include "sudo_debug.h"
1.1 misho 37: #include "bsm_audit.h"
38:
39: /*
40: * Solaris auditon() returns EINVAL if BSM audit not configured.
41: * OpenBSM returns ENOSYS for unimplemented options.
42: */
43: #ifdef __sun
44: # define AUDIT_NOT_CONFIGURED EINVAL
45: #else
46: # define AUDIT_NOT_CONFIGURED ENOSYS
47: #endif
48:
49: static int
50: audit_sudo_selected(int sf)
51: {
52: auditinfo_addr_t ainfo_addr;
53: struct au_mask *mask;
54: auditinfo_t ainfo;
55: int rc, sorf;
1.1.1.2 misho 56: debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT)
1.1 misho 57:
58: if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) {
59: if (errno == ENOSYS) {
60: if (getaudit(&ainfo) < 0)
1.1.1.3 misho 61: fatal("getaudit");
1.1 misho 62: mask = &ainfo.ai_mask;
63: } else
1.1.1.3 misho 64: fatal("getaudit");
1.1 misho 65: } else
66: mask = &ainfo_addr.ai_mask;
67: sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
68: rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD);
1.1.1.2 misho 69: debug_return_int(rc);
1.1 misho 70: }
71:
72: void
73: bsm_audit_success(char **exec_args)
74: {
75: auditinfo_addr_t ainfo_addr;
76: auditinfo_t ainfo;
77: token_t *tok;
78: au_id_t auid;
79: long au_cond;
80: int aufd;
81: pid_t pid;
1.1.1.2 misho 82: debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT)
1.1 misho 83:
84: pid = getpid();
85: /*
86: * If we are not auditing, don't cut an audit record; just return.
87: */
88: if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
89: if (errno == AUDIT_NOT_CONFIGURED)
90: return;
1.1.1.3 misho 91: fatal(_("Could not determine audit condition"));
1.1 misho 92: }
93: if (au_cond == AUC_NOAUDIT)
1.1.1.2 misho 94: debug_return;
1.1 misho 95: /*
96: * Check to see if the preselection masks are interested in seeing
97: * this event.
98: */
99: if (!audit_sudo_selected(0))
1.1.1.2 misho 100: debug_return;
1.1 misho 101: if (getauid(&auid) < 0)
1.1.1.3 misho 102: fatal("getauid");
1.1 misho 103: if ((aufd = au_open()) == -1)
1.1.1.3 misho 104: fatal("au_open");
1.1 misho 105: if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
106: tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
107: getuid(), pid, pid, &ainfo_addr.ai_termid);
108: } else if (errno == ENOSYS) {
109: /*
110: * NB: We should probably watch out for ERANGE here.
111: */
112: if (getaudit(&ainfo) < 0)
1.1.1.3 misho 113: fatal("getaudit");
1.1 misho 114: tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
115: getuid(), pid, pid, &ainfo.ai_termid);
116: } else
1.1.1.3 misho 117: fatal("getaudit");
1.1 misho 118: if (tok == NULL)
1.1.1.3 misho 119: fatal("au_to_subject");
1.1 misho 120: au_write(aufd, tok);
121: tok = au_to_exec_args(exec_args);
122: if (tok == NULL)
1.1.1.3 misho 123: fatal("au_to_exec_args");
1.1 misho 124: au_write(aufd, tok);
125: tok = au_to_return32(0, 0);
126: if (tok == NULL)
1.1.1.3 misho 127: fatal("au_to_return32");
1.1 misho 128: au_write(aufd, tok);
1.1.1.4 ! misho 129: #ifdef __sun
! 130: if (au_close(aufd, 1, AUE_sudo, 0) == -1)
! 131: #else
1.1 misho 132: if (au_close(aufd, 1, AUE_sudo) == -1)
1.1.1.4 ! misho 133: #endif
1.1.1.3 misho 134: fatal(_("unable to commit audit record"));
1.1.1.2 misho 135: debug_return;
1.1 misho 136: }
137:
138: void
139: bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap)
140: {
141: auditinfo_addr_t ainfo_addr;
142: auditinfo_t ainfo;
143: char text[256];
144: token_t *tok;
145: long au_cond;
146: au_id_t auid;
147: pid_t pid;
148: int aufd;
1.1.1.2 misho 149: debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT)
1.1 misho 150:
151: pid = getpid();
152: /*
153: * If we are not auditing, don't cut an audit record; just return.
154: */
1.1.1.4 ! misho 155: if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
1.1 misho 156: if (errno == AUDIT_NOT_CONFIGURED)
1.1.1.2 misho 157: debug_return;
1.1.1.3 misho 158: fatal(_("Could not determine audit condition"));
1.1 misho 159: }
160: if (au_cond == AUC_NOAUDIT)
1.1.1.2 misho 161: debug_return;
1.1 misho 162: if (!audit_sudo_selected(1))
1.1.1.2 misho 163: debug_return;
1.1 misho 164: if (getauid(&auid) < 0)
1.1.1.3 misho 165: fatal("getauid");
1.1 misho 166: if ((aufd = au_open()) == -1)
1.1.1.3 misho 167: fatal("au_open");
1.1 misho 168: if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
169: tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
170: getuid(), pid, pid, &ainfo_addr.ai_termid);
171: } else if (errno == ENOSYS) {
172: if (getaudit(&ainfo) < 0)
1.1.1.3 misho 173: fatal("getaudit");
1.1 misho 174: tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
175: getuid(), pid, pid, &ainfo.ai_termid);
176: } else
1.1.1.3 misho 177: fatal("getaudit");
1.1 misho 178: if (tok == NULL)
1.1.1.3 misho 179: fatal("au_to_subject");
1.1 misho 180: au_write(aufd, tok);
181: tok = au_to_exec_args(exec_args);
182: if (tok == NULL)
1.1.1.3 misho 183: fatal("au_to_exec_args");
1.1 misho 184: au_write(aufd, tok);
185: (void) vsnprintf(text, sizeof(text), fmt, ap);
186: tok = au_to_text(text);
187: if (tok == NULL)
1.1.1.3 misho 188: fatal("au_to_text");
1.1 misho 189: au_write(aufd, tok);
190: tok = au_to_return32(EPERM, 1);
191: if (tok == NULL)
1.1.1.3 misho 192: fatal("au_to_return32");
1.1 misho 193: au_write(aufd, tok);
1.1.1.4 ! misho 194: #ifdef __sun
! 195: if (au_close(aufd, 1, AUE_sudo, PAD_FAILURE) == -1)
! 196: #else
1.1 misho 197: if (au_close(aufd, 1, AUE_sudo) == -1)
1.1.1.4 ! misho 198: #endif
1.1.1.3 misho 199: fatal(_("unable to commit audit record"));
1.1.1.2 misho 200: debug_return;
1.1 misho 201: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bsm_audit.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / plugins / sudoers