/* * Collects audit information for the current process and creates a subject * token from it. */ token_t * au_to_me(void) { auditinfo_t auinfo; auditinfo_addr_t aia; /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ if (getaudit_addr(&aia, sizeof(aia)) != 0) { if (errno == ENOSYS) { if (getaudit(&auinfo) != 0) return (NULL); return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid)); } else { /* getaudit_addr(2) failed for some other reason. */ return (NULL); } } return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(), getgid(), getpid(), aia.ai_asid, &aia.ai_termid)); }
static int do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock) { auditinfo_addr_t ai; /* get audit characteristics of process */ if (getaudit_addr(&ai, sizeof (ai)) < 0) { return (errno); } /* * if terminal ID already set, i.e. non-zero, then just return */ if (ai.ai_termid.at_port || ai.ai_termid.at_addr[0] || ai.ai_termid.at_addr[1] || ai.ai_termid.at_addr[2] || ai.ai_termid.at_addr[3]) { return (0); } ai.ai_termid.at_port = ((peer->sin6_port<<16) | (sock->sin6_port)); ai.ai_termid.at_type = AU_IPv6; bcopy(&peer->sin6_addr, ai.ai_termid.at_addr, 16); if (setaudit_addr(&ai, sizeof (ai)) < 0) { return (errno); } return (0); }
void bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap) { auditinfo_addr_t ainfo_addr; auditinfo_t ainfo; char text[256]; token_t *tok; long au_cond; au_id_t auid; pid_t pid; int aufd; debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* * If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) debug_return; error(1, _("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; if (!audit_sudo_selected(1)) debug_return; if (getauid(&auid) < 0) error(1, _("getauid: failed")); if ((aufd = au_open()) == -1) error(1, _("au_open: failed")); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) error(1, _("getaudit: failed")); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else error(1, _("getaudit: failed")); if (tok == NULL) error(1, _("au_to_subject: failed")); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) error(1, _("au_to_exec_args: failed")); au_write(aufd, tok); (void) vsnprintf(text, sizeof(text), fmt, ap); tok = au_to_text(text); if (tok == NULL) error(1, _("au_to_text: failed")); au_write(aufd, tok); tok = au_to_return32(EPERM, 1); if (tok == NULL) error(1, _("au_to_return32: failed")); au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) error(1, _("unable to commit audit record")); debug_return; }
void audit_ftpd_logout(void) { int rd; /* audit record descriptor */ uid_t euid; gid_t egid; uid_t uid; gid_t gid; pid_t pid; struct auditinfo_addr info; if (cannot_audit(0)) { return; } (void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL); /* see if terminal id already set */ if (getaudit_addr(&info, sizeof (info)) < 0) { perror("getaudit"); } /* determine if we're preselected */ if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS, AU_PRS_USECACHE) == 0) { (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL); return; } euid = geteuid(); egid = getegid(); uid = getuid(); gid = getgid(); pid = getpid(); rd = au_open(); /* add subject token */ (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid, egid, uid, gid, pid, pid, &info.ai_termid)); if (is_system_labeled()) (void) au_write(rd, au_to_mylabel()); /* add return token */ errno = 0; #ifdef _LP64 (void) au_write(rd, au_to_return64(0, (int64_t)0)); #else (void) au_write(rd, au_to_return32(0, (int32_t)0)); #endif /* write audit record */ if (au_close(rd, 1, AUE_ftpd_logout) < 0) { (void) au_close(rd, 0, 0); } (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL); }
/*ARGSUSED1*/ int auditsys(struct auditcalls *uap, rval_t *rvp) { int err; int result = 0; if (audit_active == C2AUDIT_DISABLED) return (ENOTSUP); switch (uap->code) { case BSM_GETAUID: result = getauid((caddr_t)uap->a1); break; case BSM_SETAUID: result = setauid((caddr_t)uap->a1); break; case BSM_GETAUDIT: result = getaudit((caddr_t)uap->a1); break; case BSM_GETAUDIT_ADDR: result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_SETAUDIT: result = setaudit((caddr_t)uap->a1); break; case BSM_SETAUDIT_ADDR: result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITCTL: result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3); break; case BSM_AUDIT: if (audit_active == C2AUDIT_UNLOADED) return (0); result = audit((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITDOOR: if (audit_active == C2AUDIT_LOADED) { result = auditdoor((int)uap->a1); break; } default: if (audit_active == C2AUDIT_LOADED) { result = EINVAL; break; } /* Return a different error when not privileged */ err = secpolicy_audit_config(CRED()); if (err == 0) return (EINVAL); else return (err); } rvp->r_vals = result; return (result); }
int priv_audit_setaudit_setup(int asroot, int injail, struct test *test) { if (getaudit(&ai) < 0) { warn("priv_audit_setaudit_setup: getaudit"); return (-1); } if (getaudit_addr(&aia, sizeof(aia)) < 0) { warn("priv_audit_setaudit_setup: getaudit_addr"); return (-1); } return (0); }
static void auditid(void) { auditinfo_t auditinfo; auditinfo_addr_t ainfo_addr; int ret, extended; extended = 0; ret = getaudit(&auditinfo); if (ret < 0 && errno == E2BIG) { if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) err(1, "getaudit_addr"); extended = 1; } else if (ret < 0) err(1, "getaudit"); if (extended != 0) { (void) printf("auid=%d\n" "mask.success=0x%08x\n" "mask.failure=0x%08x\n" "asid=%d\n" "termid_addr.port=0x%08jx\n" "termid_addr.addr[0]=0x%08x\n" "termid_addr.addr[1]=0x%08x\n" "termid_addr.addr[2]=0x%08x\n" "termid_addr.addr[3]=0x%08x\n", ainfo_addr.ai_auid, ainfo_addr.ai_mask.am_success, ainfo_addr.ai_mask.am_failure, ainfo_addr.ai_asid, (uintmax_t)ainfo_addr.ai_termid.at_port, ainfo_addr.ai_termid.at_addr[0], ainfo_addr.ai_termid.at_addr[1], ainfo_addr.ai_termid.at_addr[2], ainfo_addr.ai_termid.at_addr[3]); } else { (void) printf("auid=%d\n" "mask.success=0x%08x\n" "mask.failure=0x%08x\n" "asid=%d\n" "termid.port=0x%08jx\n" "termid.machine=0x%08x\n", auditinfo.ai_auid, auditinfo.ai_mask.am_success, auditinfo.ai_mask.am_failure, auditinfo.ai_asid, (uintmax_t)auditinfo.ai_termid.port, auditinfo.ai_termid.machine); } }
void priv_audit_getaudit_addr(int asroot, int injail, struct test *test) { auditinfo_addr_t aia; int error; error = getaudit_addr(&aia, sizeof(aia)); if (asroot && injail) expect("priv_audit_getaudit_addr(asroot, injail)", error, -1, ENOSYS); if (asroot && !injail) expect("priv_audit_getaudit_addr(asroot, !injail)", error, 0, 0); if (!asroot && injail) expect("priv_audit_getaudit_addr(!asroot, injail)", error, -1, ENOSYS); if (!asroot && !injail) expect("priv_audit_getaudit_addr(!asroot, !injail)", error, -1, EPERM); }
int _auditsys(struct auditcalls *uap, rval_t *rvp) { int result = 0; switch (uap->code) { case BSM_GETAUID: result = getauid((caddr_t)uap->a1); break; case BSM_SETAUID: result = setauid((caddr_t)uap->a1); break; case BSM_GETAUDIT: result = getaudit((caddr_t)uap->a1); break; case BSM_GETAUDIT_ADDR: result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_SETAUDIT: result = setaudit((caddr_t)uap->a1); break; case BSM_SETAUDIT_ADDR: result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDIT: result = audit((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITDOOR: result = auditdoor((int)uap->a1); break; case BSM_AUDITCTL: result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3); break; default: result = EINVAL; } rvp->r_vals = result; return (result); }
static int audit_sudo_selected(int sf) { auditinfo_addr_t ainfo_addr; struct au_mask *mask; auditinfo_t ainfo; int rc, sorf; debug_decl(audit_sudo_selected, SUDO_DEBUG_AUDIT) if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) < 0) { if (errno == ENOSYS) { if (getaudit(&ainfo) < 0) error(1, _("getaudit: failed")); mask = &ainfo.ai_mask; } else error(1, _("getaudit: failed")); } else mask = &ainfo_addr.ai_mask; sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE; rc = au_preselect(AUE_sudo, mask, sorf, AU_PRS_REREAD); debug_return_int(rc); }
static mach_port_t get_gssd_port(void) { mach_port_t mp, hgssdp; kern_return_t kr; auditinfo_addr_t ai; au_asid_t asid; if (getaudit_addr(&ai, sizeof(auditinfo_addr_t))) { perror("getaudit_addr"); exit(EXIT_FAILURE); } asid = ai.ai_asid; if (seteuid(0)) { Log("Could not get privilege"); exit(EXIT_FAILURE); } kr = host_get_gssd_port(mach_host_self(), &hgssdp); if (kr != KERN_SUCCESS) { Log("host_get_gssd_port(): %s\n", mach_error_string(kr)); exit(EXIT_FAILURE); } if (seteuid(uid)) { Log("Could not drop privilege"); exit(EXIT_FAILURE); } kr = mach_gss_lookup(hgssdp, uid, asid, &mp); if (kr != KERN_SUCCESS) { Log("Could not lookup port for asid = %d, uid = %d: %s\n", asid, uid, mach_error_string(kr)); } mach_port_deallocate(mach_host_self(), hgssdp); return (mp); }
/* * General purpose audit submission mechanism for userspace. */ int audit_submit(short au_event, au_id_t auid, char status, int reterr, const char *fmt, ...) { char text[MAX_AUDITSTRING_LEN]; token_t *token; int acond; va_list ap; pid_t pid; int error, afd, subj_ex; struct auditinfo ai; struct auditinfo_addr aia; au_tid_t atid; if (audit_get_cond(&acond) != 0) { /* * If auditon(2) returns ENOSYS, then audit has not been * compiled into the kernel, so just return. */ if (errno == ENOSYS) return (0); error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", strerror(errno)); errno = error; return (-1); } if (acond == AUC_NOAUDIT) return (0); afd = au_open(); if (afd < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", strerror(errno)); errno = error; return (-1); } /* * Try to use getaudit_addr(2) first. If this kernel does not support * it, then fall back on to getaudit(2). */ subj_ex = 0; error = getaudit_addr(&aia, sizeof(aia)); if (error < 0 && errno == ENOSYS) { error = getaudit(&ai); if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", strerror(errno)); errno = error; return (-1); } /* * Convert this auditinfo_t to an auditinfo_addr_t to make the * following code less complicated wrt to preselection and * subject token generation. */ aia.ai_auid = ai.ai_auid; aia.ai_mask = ai.ai_mask; aia.ai_asid = ai.ai_asid; aia.ai_termid.at_type = AU_IPv4; aia.ai_termid.at_addr[0] = ai.ai_termid.machine; aia.ai_termid.at_port = ai.ai_termid.port; } else if (error < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", strerror(errno)); errno = error; return (-1); } /* * NB: We should be performing pre-selection here now that we have the * masks for this process. */ if (aia.ai_termid.at_type == AU_IPv6) subj_ex = 1; pid = getpid(); if (subj_ex == 0) { atid.port = aia.ai_termid.at_port; atid.machine = aia.ai_termid.at_addr[0]; token = au_to_subject32(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &atid); } else token = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getgid(), pid, pid, &aia.ai_termid); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build subject token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (fmt != NULL) { va_start(ap, fmt); (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); va_end(ap); token = au_to_text(text); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: failed to generate text token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } } token = au_to_return32(au_errno_to_bsm(status), reterr); if (token == NULL) { syslog(LOG_AUTH | LOG_ERR, "audit: unable to build return token"); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = EPERM; return (-1); } if (au_write(afd, token) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: au_write failed: %s", strerror(errno)); (void) au_close(afd, AU_TO_NO_WRITE, au_event); errno = error; return (-1); } if (au_close(afd, AU_TO_WRITE, au_event) < 0) { error = errno; syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); errno = error; return (-1); } return (0); }
int audit_inetd_service( char *service_name, /* name of service */ struct passwd *pwd) /* password */ { int set_audit = 0; /* flag - set audit characteristics */ auditinfo_addr_t ai; dprintf(("audit_inetd_service()\n")); if (auditingisoff) return (0); if (preselected == 0) return (0); /* * set default values. We will overwrite them when appropriate. */ if (getaudit_addr(&ai, sizeof (ai))) { perror("inetd"); exit(1); } aug_save_auid(ai.ai_auid); /* Audit ID */ aug_save_uid(getuid()); /* User ID */ aug_save_euid(geteuid()); /* Effective User ID */ aug_save_gid(getgid()); /* Group ID */ aug_save_egid(getegid()); /* Effective Group ID */ aug_save_pid(getpid()); /* process ID */ aug_save_asid(getpid()); /* session ID */ /* * do the best we can. We have no way to determine if the * request is from a system service or from the root user. * We will consider all root requests to be system service * operations for now. We'll readdress this when we devise a * better algorithm. */ if (pwd != NULL && (pwd->pw_uid)) { aug_save_auid(pwd->pw_uid); /* Audit ID */ aug_save_uid(pwd->pw_uid); /* User ID */ aug_save_euid(pwd->pw_uid); /* Effective User ID */ aug_save_gid(pwd->pw_gid); /* Group ID */ aug_save_egid(pwd->pw_gid); /* Effective Group ID */ set_audit = 1; } aug_save_text(service_name); aug_save_sorf(0); (void) aug_audit(); /* * Note that we will only do this if non-attributable auditing set. * we might want to change things so this is always called. */ if (set_audit) audit_inetd_session_setup(pwd); return (0); }
int audit_crontab_modify(char *path, char *tmp_path, int sorf) { int r, create = 0; char *diffs = NULL; if (cannot_audit(0)) { return (0); } else { au_event_t event; char *anc_name; auditinfo_addr_t ai; if (getaudit_addr(&ai, sizeof (ai))) { return (-1); } r = audit_crontab_get_diffs(path, tmp_path, &diffs); if (r == AUDIT_GET_DIFFS_NO_DIFFS) { return (0); } if (diffs != NULL && r != AUDIT_GET_DIFFS_ERR) { aug_save_text(diffs); free(diffs); } if (r == AUDIT_GET_DIFFS_NO_CRONTAB) { create = 1; if (diffs == NULL) aug_save_text(""); } /* * create an ancilary file if audit characteristics exist * else delete an ancilary if if one exists */ anc_name = audit_cron_make_anc_name(path); if (anc_name == NULL) r = -1; else if (audit_crontab_process_not_audited()) { (void) unlink(anc_name); free(anc_name); } else { r = audit_cron_setinfo(anc_name, &ai); free(anc_name); } aug_init(); aug_save_auid(ai.ai_auid); aug_save_euid(geteuid()); aug_save_egid(getegid()); aug_save_uid(getuid()); aug_save_gid(getgid()); aug_save_pid(getpid()); aug_save_asid(ai.ai_asid); aug_save_tid_ex(ai.ai_termid.at_port, ai.ai_termid.at_addr, ai.ai_termid.at_type); aug_save_path(path); event = (create) ? AUE_crontab_create : AUE_crontab_mod; aug_save_event(event); aug_save_sorf(sorf); if (aug_audit() != 0) return (-1); return (r); } }
static void generate_record( char *locuser, /* username of local user */ int err, /* error status */ /* (=0 success, >0 error code) */ char *msg) /* error message */ { int rd; /* audit record descriptor */ char buf[256]; /* temporary buffer */ uid_t uid; gid_t gid; uid_t ruid; /* real uid */ gid_t rgid; /* real gid */ pid_t pid; struct passwd *pwd; uid_t ceuid; /* current effective uid */ struct auditinfo_addr info; if (cannot_audit(0)) { return; } pwd = getpwnam(locuser); if (pwd == NULL) { uid = (uid_t)-1; gid = (gid_t)-1; } else { uid = pwd->pw_uid; gid = pwd->pw_gid; } ceuid = geteuid(); /* save current euid */ (void) seteuid(0); /* change to root so you can audit */ /* determine if we're preselected */ if (!selected(uid, locuser, AUE_ftpd, err)) { (void) seteuid(ceuid); return; } ruid = getuid(); /* get real uid */ rgid = getgid(); /* get real gid */ pid = getpid(); /* see if terminal id already set */ if (getaudit_addr(&info, sizeof (info)) < 0) { perror("getaudit"); } rd = au_open(); /* add subject token */ (void) au_write(rd, au_to_subject_ex(uid, uid, gid, ruid, rgid, pid, pid, &info.ai_termid)); if (is_system_labeled()) (void) au_write(rd, au_to_mylabel()); /* add return token */ errno = 0; if (err) { /* add reason for failure */ if (err == UNKNOWN_USER) (void) snprintf(buf, sizeof (buf), "%s %s", msg, locuser); else (void) snprintf(buf, sizeof (buf), "%s", msg); (void) au_write(rd, au_to_text(buf)); #ifdef _LP64 (void) au_write(rd, au_to_return64(-1, (int64_t)err)); #else (void) au_write(rd, au_to_return32(-1, (int32_t)err)); #endif } else { #ifdef _LP64 (void) au_write(rd, au_to_return64(0, (int64_t)0)); #else (void) au_write(rd, au_to_return32(0, (int32_t)0)); #endif } /* write audit record */ if (au_close(rd, 1, AUE_ftpd) < 0) { (void) au_close(rd, 0, 0); } (void) seteuid(ceuid); }
void bsm_audit_success(char **exec_args) { auditinfo_addr_t ainfo_addr; auditinfo_t ainfo; token_t *tok; au_id_t auid; long au_cond; int aufd; pid_t pid; debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT) pid = getpid(); /* * If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) { if (errno == AUDIT_NOT_CONFIGURED) return; error(1, _("Could not determine audit condition")); } if (au_cond == AUC_NOAUDIT) debug_return; /* * Check to see if the preselection masks are interested in seeing * this event. */ if (!audit_sudo_selected(0)) debug_return; if (getauid(&auid) < 0) error(1, _("getauid failed")); if ((aufd = au_open()) == -1) error(1, _("au_open: failed")); if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) { tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo_addr.ai_termid); } else if (errno == ENOSYS) { /* * NB: We should probably watch out for ERANGE here. */ if (getaudit(&ainfo) < 0) error(1, _("getaudit: failed")); tok = au_to_subject(auid, geteuid(), getegid(), getuid(), getuid(), pid, pid, &ainfo.ai_termid); } else error(1, _("getaudit: failed")); if (tok == NULL) error(1, _("au_to_subject: failed")); au_write(aufd, tok); tok = au_to_exec_args(exec_args); if (tok == NULL) error(1, _("au_to_exec_args: failed")); au_write(aufd, tok); tok = au_to_return32(0, 0); if (tok == NULL) error(1, _("au_to_return32: failed")); au_write(aufd, tok); if (au_close(aufd, 1, AUE_sudo) == -1) error(1, _("unable to commit audit record")); debug_return; }