static int do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock) { auditinfo_addr_t ai; /* get audit characteristics of process */ if (getaudit_addr(&ai, sizeof (ai)) < 0) { return (errno); } /* * if terminal ID already set, i.e. non-zero, then just return */ if (ai.ai_termid.at_port || ai.ai_termid.at_addr[0] || ai.ai_termid.at_addr[1] || ai.ai_termid.at_addr[2] || ai.ai_termid.at_addr[3]) { return (0); } ai.ai_termid.at_port = ((peer->sin6_port<<16) | (sock->sin6_port)); ai.ai_termid.at_type = AU_IPv6; bcopy(&peer->sin6_addr, ai.ai_termid.at_addr, 16); if (setaudit_addr(&ai, sizeof (ai)) < 0) { return (errno); } return (0); }
/*ARGSUSED1*/ int auditsys(struct auditcalls *uap, rval_t *rvp) { int err; int result = 0; if (audit_active == C2AUDIT_DISABLED) return (ENOTSUP); switch (uap->code) { case BSM_GETAUID: result = getauid((caddr_t)uap->a1); break; case BSM_SETAUID: result = setauid((caddr_t)uap->a1); break; case BSM_GETAUDIT: result = getaudit((caddr_t)uap->a1); break; case BSM_GETAUDIT_ADDR: result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_SETAUDIT: result = setaudit((caddr_t)uap->a1); break; case BSM_SETAUDIT_ADDR: result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITCTL: result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3); break; case BSM_AUDIT: if (audit_active == C2AUDIT_UNLOADED) return (0); result = audit((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITDOOR: if (audit_active == C2AUDIT_LOADED) { result = auditdoor((int)uap->a1); break; } default: if (audit_active == C2AUDIT_LOADED) { result = EINVAL; break; } /* Return a different error when not privileged */ err = secpolicy_audit_config(CRED()); if (err == 0) return (EINVAL); else return (err); } rvp->r_vals = result; return (result); }
void priv_audit_setaudit_addr(int asroot, int injail, struct test *test) { int error; error = setaudit_addr(&aia, sizeof(aia)); if (asroot && injail) expect("priv_audit_setaudit_addr(asroot, injail)", error, -1, ENOSYS); if (asroot && !injail) expect("priv_audit_setaudit_addr(asroot, !injail)", error, 0, 0); if (!asroot && injail) expect("priv_audit_setaudit_addr(!asroot, injail)", error, -1, ENOSYS); if (!asroot && !injail) expect("priv_audit_setaudit_addr(!asroot, !injail)", error, -1, EPERM); }
int _auditsys(struct auditcalls *uap, rval_t *rvp) { int result = 0; switch (uap->code) { case BSM_GETAUID: result = getauid((caddr_t)uap->a1); break; case BSM_SETAUID: result = setauid((caddr_t)uap->a1); break; case BSM_GETAUDIT: result = getaudit((caddr_t)uap->a1); break; case BSM_GETAUDIT_ADDR: result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_SETAUDIT: result = setaudit((caddr_t)uap->a1); break; case BSM_SETAUDIT_ADDR: result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDIT: result = audit((caddr_t)uap->a1, (int)uap->a2); break; case BSM_AUDITDOOR: result = auditdoor((int)uap->a1); break; case BSM_AUDITCTL: result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3); break; default: result = EINVAL; } rvp->r_vals = result; return (result); }
/* * set the audit characteristics for the inetd started process. * inetd is setting the uid. */ void audit_inetd_session_setup(struct passwd *pwd) { struct auditinfo_addr info; au_mask_t mask; info.ai_auid = pwd->pw_uid; mask.am_success = 0; mask.am_failure = 0; (void) au_user_mask(pwd->pw_name, &mask); info.ai_mask.am_success = mask.am_success; info.ai_mask.am_failure = mask.am_failure; info.ai_asid = getpid(); info.ai_termid = audit_inetd_tid; if (setaudit_addr(&info, sizeof (info)) < 0) { perror("inetd: setaudit_addr"); exit(1); } }
int main(int argc, char *argv []) { struct sockaddr_in6 *sin6; struct sockaddr_in *sin; auditinfo_addr_t aia; struct addrinfo *res; struct passwd *pwd; char *r, *prog; int ch, error; prog = argv[0]; bzero(&aia, sizeof(aia)); aia.ai_termid.at_type = AU_IPv4; while ((ch = getopt(argc, argv, "a:m:s:p:")) != -1) switch (ch) { case 'a': aflag = optarg; break; case 'm': mflag = optarg; break; case 's': sflag = optarg; break; case 'p': aia.ai_termid.at_port = htons(atoi(optarg)); break; default: usage(prog); /* NOT REACHED */ } argc -= optind; argv += optind; if (argc == 0) usage(prog); if (aflag) { pwd = getpwnam(aflag); if (pwd == NULL) { aia.ai_auid = strtoul(aflag, &r, 10); if (r != NULL) errx(1, "%s: invalid user", aflag); } else aia.ai_auid = pwd->pw_uid; } if (mflag) { if (getauditflagsbin(mflag, &aia.ai_mask) < 0) err(1, "getauditflagsbin"); } if (sflag) { error = getaddrinfo(sflag, NULL, NULL, &res); if (error) errx(1, "%s", gai_strerror(error)); switch (res->ai_family) { case PF_INET6: sin6 = (struct sockaddr_in6 *) res->ai_addr; bcopy(&sin6->sin6_addr.s6_addr, &aia.ai_termid.at_addr[0], sizeof(struct in6_addr)); aia.ai_termid.at_type = AU_IPv6; break; case PF_INET: sin = (struct sockaddr_in *) res->ai_addr; bcopy(&sin->sin_addr.s_addr, &aia.ai_termid.at_addr[0], sizeof(struct in_addr)); aia.ai_termid.at_type = AU_IPv4; break; } } if (setaudit_addr(&aia, sizeof(aia)) < 0) err(1, "setaudit_addr"); (void) execvp(*argv, argv); err(1, "%s", *argv); }