static int
do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock)
{
auditinfo_addr_t ai;
/* get audit characteristics of process */
if (getaudit_addr(&ai, sizeof (ai)) < 0) {
return (errno);
}
/*
* if terminal ID already set, i.e. non-zero, then just return
*/
if (ai.ai_termid.at_port ||
ai.ai_termid.at_addr[0] ||
ai.ai_termid.at_addr[1] ||
ai.ai_termid.at_addr[2] ||
ai.ai_termid.at_addr[3]) {
return (0);
}
ai.ai_termid.at_port = ((peer->sin6_port<<16) | (sock->sin6_port));
ai.ai_termid.at_type = AU_IPv6;
bcopy(&peer->sin6_addr, ai.ai_termid.at_addr, 16);
if (setaudit_addr(&ai, sizeof (ai)) < 0) {
return (errno);
}
return (0);
}
/*ARGSUSED1*/
int
auditsys(struct auditcalls *uap, rval_t *rvp)
{
int err;
int result = 0;
if (audit_active == C2AUDIT_DISABLED)
return (ENOTSUP);
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
case BSM_AUDIT:
if (audit_active == C2AUDIT_UNLOADED)
return (0);
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
if (audit_active == C2AUDIT_LOADED) {
result = auditdoor((int)uap->a1);
break;
}
default:
if (audit_active == C2AUDIT_LOADED) {
result = EINVAL;
break;
}
/* Return a different error when not privileged */
err = secpolicy_audit_config(CRED());
if (err == 0)
return (EINVAL);
else
return (err);
}
rvp->r_vals = result;
return (result);
}
void
priv_audit_setaudit_addr(int asroot, int injail, struct test *test)
{
int error;
error = setaudit_addr(&aia, sizeof(aia));
if (asroot && injail)
expect("priv_audit_setaudit_addr(asroot, injail)", error, -1,
ENOSYS);
if (asroot && !injail)
expect("priv_audit_setaudit_addr(asroot, !injail)", error, 0,
0);
if (!asroot && injail)
expect("priv_audit_setaudit_addr(!asroot, injail)", error,
-1, ENOSYS);
if (!asroot && !injail)
expect("priv_audit_setaudit_addr(!asroot, !injail)", error,
-1, EPERM);
}
int
_auditsys(struct auditcalls *uap, rval_t *rvp)
{
int result = 0;
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDIT:
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
result = auditdoor((int)uap->a1);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
default:
result = EINVAL;
}
rvp->r_vals = result;
return (result);
}
/*
* set the audit characteristics for the inetd started process.
* inetd is setting the uid.
*/
void
audit_inetd_session_setup(struct passwd *pwd)
{
struct auditinfo_addr info;
au_mask_t mask;
info.ai_auid = pwd->pw_uid;
mask.am_success = 0;
mask.am_failure = 0;
(void) au_user_mask(pwd->pw_name, &mask);
info.ai_mask.am_success = mask.am_success;
info.ai_mask.am_failure = mask.am_failure;
info.ai_asid = getpid();
info.ai_termid = audit_inetd_tid;
if (setaudit_addr(&info, sizeof (info)) < 0) {
perror("inetd: setaudit_addr");
exit(1);
}
}
int
main(int argc, char *argv [])
{
struct sockaddr_in6 *sin6;
struct sockaddr_in *sin;
auditinfo_addr_t aia;
struct addrinfo *res;
struct passwd *pwd;
char *r, *prog;
int ch, error;
prog = argv[0];
bzero(&aia, sizeof(aia));
aia.ai_termid.at_type = AU_IPv4;
while ((ch = getopt(argc, argv, "a:m:s:p:")) != -1)
switch (ch) {
case 'a':
aflag = optarg;
break;
case 'm':
mflag = optarg;
break;
case 's':
sflag = optarg;
break;
case 'p':
aia.ai_termid.at_port = htons(atoi(optarg));
break;
default:
usage(prog);
/* NOT REACHED */
}
argc -= optind;
argv += optind;
if (argc == 0)
usage(prog);
if (aflag) {
pwd = getpwnam(aflag);
if (pwd == NULL) {
aia.ai_auid = strtoul(aflag, &r, 10);
if (r != NULL)
errx(1, "%s: invalid user", aflag);
} else
aia.ai_auid = pwd->pw_uid;
}
if (mflag) {
if (getauditflagsbin(mflag, &aia.ai_mask) < 0)
err(1, "getauditflagsbin");
}
if (sflag) {
error = getaddrinfo(sflag, NULL, NULL, &res);
if (error)
errx(1, "%s", gai_strerror(error));
switch (res->ai_family) {
case PF_INET6:
sin6 = (struct sockaddr_in6 *) res->ai_addr;
bcopy(&sin6->sin6_addr.s6_addr,
&aia.ai_termid.at_addr[0],
sizeof(struct in6_addr));
aia.ai_termid.at_type = AU_IPv6;
break;
case PF_INET:
sin = (struct sockaddr_in *) res->ai_addr;
bcopy(&sin->sin_addr.s_addr,
&aia.ai_termid.at_addr[0],
sizeof(struct in_addr));
aia.ai_termid.at_type = AU_IPv4;
break;
}
}
if (setaudit_addr(&aia, sizeof(aia)) < 0)
err(1, "setaudit_addr");
(void) execvp(*argv, argv);
err(1, "%s", *argv);
}
