void
bsm_audit_failure(char **exec_args, char const *const fmt, va_list ap)
{
auditinfo_addr_t ainfo_addr;
auditinfo_t ainfo;
char text[256];
token_t *tok;
long au_cond;
au_id_t auid;
pid_t pid;
int aufd;
debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT)
pid = getpid();
/*
* If we are not auditing, don't cut an audit record; just return.
*/
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
if (errno == AUDIT_NOT_CONFIGURED)
debug_return;
error(1, _("Could not determine audit condition"));
}
if (au_cond == AUC_NOAUDIT)
debug_return;
if (!audit_sudo_selected(1))
debug_return;
if (getauid(&auid) < 0)
error(1, _("getauid: failed"));
if ((aufd = au_open()) == -1)
error(1, _("au_open: failed"));
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo_addr.ai_termid);
} else if (errno == ENOSYS) {
if (getaudit(&ainfo) < 0)
error(1, _("getaudit: failed"));
tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo.ai_termid);
} else
error(1, _("getaudit: failed"));
if (tok == NULL)
error(1, _("au_to_subject: failed"));
au_write(aufd, tok);
tok = au_to_exec_args(exec_args);
if (tok == NULL)
error(1, _("au_to_exec_args: failed"));
au_write(aufd, tok);
(void) vsnprintf(text, sizeof(text), fmt, ap);
tok = au_to_text(text);
if (tok == NULL)
error(1, _("au_to_text: failed"));
au_write(aufd, tok);
tok = au_to_return32(EPERM, 1);
if (tok == NULL)
error(1, _("au_to_return32: failed"));
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_sudo) == -1)
error(1, _("unable to commit audit record"));
debug_return;
}
void
audit_ftpd_logout(void)
{
int rd; /* audit record descriptor */
uid_t euid;
gid_t egid;
uid_t uid;
gid_t gid;
pid_t pid;
struct auditinfo_addr info;
if (cannot_audit(0)) {
return;
}
(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
/* see if terminal id already set */
if (getaudit_addr(&info, sizeof (info)) < 0) {
perror("getaudit");
}
/* determine if we're preselected */
if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
AU_PRS_USECACHE) == 0) {
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
NULL);
return;
}
euid = geteuid();
egid = getegid();
uid = getuid();
gid = getgid();
pid = getpid();
rd = au_open();
/* add subject token */
(void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
egid, uid, gid, pid, pid, &info.ai_termid));
if (is_system_labeled())
(void) au_write(rd, au_to_mylabel());
/* add return token */
errno = 0;
#ifdef _LP64
(void) au_write(rd, au_to_return64(0, (int64_t)0));
#else
(void) au_write(rd, au_to_return32(0, (int32_t)0));
#endif
/* write audit record */
if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
(void) au_close(rd, 0, 0);
}
(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
}
void
AuditLogger::writeSubject()
{
assert(mClientInfoSet);
token_t *token;
// @@@ terminal ID is not carried in the audit trailer nowadays, but
// this code should be harmless: it replicates the current logic in
// audit_submit()
if (AU_IPv4 == mTerminalId.at_type)
token = au_to_subject32(mAuditId, mEuid, mEgid, mRuid, mRgid, mPid, mAuditSessionId, &mOldTerminalId);
else
token = au_to_subject_ex(mAuditId, mEuid, mEgid, mRuid, mRgid, mPid, mAuditSessionId, &mTerminalId);
writeToken(token, "subject");
}
/*
* General purpose audit submission mechanism for userspace.
*/
int
audit_submit(short au_event, au_id_t auid, char status,
int reterr, const char *fmt, ...)
{
char text[MAX_AUDITSTRING_LEN];
token_t *token;
int acond;
va_list ap;
pid_t pid;
int error, afd, subj_ex;
struct auditinfo ai;
struct auditinfo_addr aia;
au_tid_t atid;
if (audit_get_cond(&acond) != 0) {
/*
* If auditon(2) returns ENOSYS, then audit has not been
* compiled into the kernel, so just return.
*/
if (errno == ENOSYS)
return (0);
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
strerror(errno));
errno = error;
return (-1);
}
if (acond == AUC_NOAUDIT)
return (0);
afd = au_open();
if (afd < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
strerror(errno));
errno = error;
return (-1);
}
/*
* Try to use getaudit_addr(2) first. If this kernel does not support
* it, then fall back on to getaudit(2).
*/
subj_ex = 0;
error = getaudit_addr(&aia, sizeof(aia));
if (error < 0 && errno == ENOSYS) {
error = getaudit(&ai);
if (error < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
strerror(errno));
errno = error;
return (-1);
}
/*
* Convert this auditinfo_t to an auditinfo_addr_t to make the
* following code less complicated wrt to preselection and
* subject token generation.
*/
aia.ai_auid = ai.ai_auid;
aia.ai_mask = ai.ai_mask;
aia.ai_asid = ai.ai_asid;
aia.ai_termid.at_type = AU_IPv4;
aia.ai_termid.at_addr[0] = ai.ai_termid.machine;
aia.ai_termid.at_port = ai.ai_termid.port;
} else if (error < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s",
strerror(errno));
errno = error;
return (-1);
}
/*
* NB: We should be performing pre-selection here now that we have the
* masks for this process.
*/
if (aia.ai_termid.at_type == AU_IPv6)
subj_ex = 1;
pid = getpid();
if (subj_ex == 0) {
atid.port = aia.ai_termid.at_port;
atid.machine = aia.ai_termid.at_addr[0];
token = au_to_subject32(auid, geteuid(), getegid(),
getuid(), getgid(), pid, pid, &atid);
} else
token = au_to_subject_ex(auid, geteuid(), getegid(),
getuid(), getgid(), pid, pid, &aia.ai_termid);
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: unable to build subject token");
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = EPERM;
return (-1);
}
if (au_write(afd, token) < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR,
"audit: au_write failed: %s", strerror(errno));
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = error;
return (-1);
}
if (fmt != NULL) {
va_start(ap, fmt);
(void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
va_end(ap);
token = au_to_text(text);
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: failed to generate text token");
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = EPERM;
return (-1);
}
if (au_write(afd, token) < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR,
"audit: au_write failed: %s", strerror(errno));
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = error;
return (-1);
}
}
token = au_to_return32(au_errno_to_bsm(status), reterr);
if (token == NULL) {
syslog(LOG_AUTH | LOG_ERR,
"audit: unable to build return token");
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = EPERM;
return (-1);
}
if (au_write(afd, token) < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR,
"audit: au_write failed: %s", strerror(errno));
(void) au_close(afd, AU_TO_NO_WRITE, au_event);
errno = error;
return (-1);
}
if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
error = errno;
syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
errno = error;
return (-1);
}
return (0);
}
static void
generate_record(
char *locuser, /* username of local user */
int err, /* error status */
/* (=0 success, >0 error code) */
char *msg) /* error message */
{
int rd; /* audit record descriptor */
char buf[256]; /* temporary buffer */
uid_t uid;
gid_t gid;
uid_t ruid; /* real uid */
gid_t rgid; /* real gid */
pid_t pid;
struct passwd *pwd;
uid_t ceuid; /* current effective uid */
struct auditinfo_addr info;
if (cannot_audit(0)) {
return;
}
pwd = getpwnam(locuser);
if (pwd == NULL) {
uid = (uid_t)-1;
gid = (gid_t)-1;
} else {
uid = pwd->pw_uid;
gid = pwd->pw_gid;
}
ceuid = geteuid(); /* save current euid */
(void) seteuid(0); /* change to root so you can audit */
/* determine if we're preselected */
if (!selected(uid, locuser, AUE_ftpd, err)) {
(void) seteuid(ceuid);
return;
}
ruid = getuid(); /* get real uid */
rgid = getgid(); /* get real gid */
pid = getpid();
/* see if terminal id already set */
if (getaudit_addr(&info, sizeof (info)) < 0) {
perror("getaudit");
}
rd = au_open();
/* add subject token */
(void) au_write(rd, au_to_subject_ex(uid, uid, gid,
ruid, rgid, pid, pid, &info.ai_termid));
if (is_system_labeled())
(void) au_write(rd, au_to_mylabel());
/* add return token */
errno = 0;
if (err) {
/* add reason for failure */
if (err == UNKNOWN_USER)
(void) snprintf(buf, sizeof (buf),
"%s %s", msg, locuser);
else
(void) snprintf(buf, sizeof (buf), "%s", msg);
(void) au_write(rd, au_to_text(buf));
#ifdef _LP64
(void) au_write(rd, au_to_return64(-1, (int64_t)err));
#else
(void) au_write(rd, au_to_return32(-1, (int32_t)err));
#endif
} else {
#ifdef _LP64
(void) au_write(rd, au_to_return64(0, (int64_t)0));
#else
(void) au_write(rd, au_to_return32(0, (int32_t)0));
#endif
}
/* write audit record */
if (au_close(rd, 1, AUE_ftpd) < 0) {
(void) au_close(rd, 0, 0);
}
(void) seteuid(ceuid);
}
/*
* audit_audit:
* Cut and audit record if it is selected.
* Return 0, if successfully written.
* Return 0, if not written, and not expected to write.
* Return -1, if not written because of unexpected error.
*/
int
audit_audit(door_data_t *door_dp)
{
int ad;
if (can_audit() == 0) {
return (0);
}
if (door_dp->audit_na) {
if (!audit_na_selected(door_dp)) {
return (0);
}
} else if (!audit_selected(door_dp)) {
return (0);
}
if ((ad = au_open()) == -1) {
return (-1);
}
(void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
door_dp->audit_euid,
door_dp->audit_egid,
door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
door_dp->audit_asid, &door_dp->audit_tid));
if (is_system_labeled())
(void) au_write(ad, au_to_mylabel());
if (door_dp->audit_policy & AUDIT_GROUP) {
int ng;
int maxgrp = getgroups(0, NULL);
gid_t *grplst = alloca(maxgrp * sizeof (gid_t));
if ((ng = getgroups(maxgrp, grplst))) {
(void) au_write(ad, au_to_newgroups(ng, grplst));
}
}
if (strlen(door_dp->audit_text) != 0) {
(void) au_write(ad, au_to_text(door_dp->audit_text));
}
if (strlen(door_dp->audit_text1) != 0) {
(void) au_write(ad, au_to_text(door_dp->audit_text1));
}
if (door_dp->audit_path != NULL) {
(void) au_write(ad, au_to_path(door_dp->audit_path));
}
#ifdef _LP64
(void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
(int64_t)door_dp->audit_sorf));
#else
(void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
(int32_t)door_dp->audit_sorf));
#endif
if (au_close(ad, 1, door_dp->audit_event) < 0) {
(void) au_close(ad, 0, 0);
return (-1);
}
return (0);
}
void
bsm_audit_success(char **exec_args)
{
auditinfo_addr_t ainfo_addr;
auditinfo_t ainfo;
token_t *tok;
au_id_t auid;
long au_cond;
int aufd;
pid_t pid;
debug_decl(bsm_audit_success, SUDO_DEBUG_AUDIT)
pid = getpid();
/*
* If we are not auditing, don't cut an audit record; just return.
*/
if (auditon(A_GETCOND, (caddr_t)&au_cond, sizeof(long)) < 0) {
if (errno == AUDIT_NOT_CONFIGURED)
return;
error(1, _("Could not determine audit condition"));
}
if (au_cond == AUC_NOAUDIT)
debug_return;
/*
* Check to see if the preselection masks are interested in seeing
* this event.
*/
if (!audit_sudo_selected(0))
debug_return;
if (getauid(&auid) < 0)
error(1, _("getauid failed"));
if ((aufd = au_open()) == -1)
error(1, _("au_open: failed"));
if (getaudit_addr(&ainfo_addr, sizeof(ainfo_addr)) == 0) {
tok = au_to_subject_ex(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo_addr.ai_termid);
} else if (errno == ENOSYS) {
/*
* NB: We should probably watch out for ERANGE here.
*/
if (getaudit(&ainfo) < 0)
error(1, _("getaudit: failed"));
tok = au_to_subject(auid, geteuid(), getegid(), getuid(),
getuid(), pid, pid, &ainfo.ai_termid);
} else
error(1, _("getaudit: failed"));
if (tok == NULL)
error(1, _("au_to_subject: failed"));
au_write(aufd, tok);
tok = au_to_exec_args(exec_args);
if (tok == NULL)
error(1, _("au_to_exec_args: failed"));
au_write(aufd, tok);
tok = au_to_return32(0, 0);
if (tok == NULL)
error(1, _("au_to_return32: failed"));
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_sudo) == -1)
error(1, _("unable to commit audit record"));
debug_return;
}
