static int
do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock)
{
auditinfo_t ai;
/* get audit characteristics of process */
if (getaudit(&ai) < 0) {
return (errno);
}
/*
* if terminal ID already set, i.e. non-zero, then just return
*/
if (ai.ai_termid.port || ai.ai_termid.machine) {
return (0);
}
ai.ai_termid.port = (peer->sin_port<<16 | sock->sin_port);
ai.ai_termid.machine = (uint32_t)peer->sin_addr.s_addr;
if (setaudit(&ai) < 0) {
return (errno);
}
return (0);
}
int main (int argc, const char *argv[])
{
int suid = (getuid() != geteuid());
if (argc != 2) {
printf ("usage: audit_test <audit file>\n");
return 1;
}
int fd = open (argv[1], O_RDWR | O_CREAT, 0600);
if (fd < 0) {
perror (argv[1]);
return 1;
}
close(fd);
if (auditctl (argv[1])) {
perror ("auditctl");
return 1;
}
auditinfo_t ai;
memset (&ai, 0, sizeof (auditinfo_t));
ai.ai_auid = getuid();
ai.ai_asid = getpid();
ai.ai_mask.am_failure = AU_PROCESS | AU_FCREATE | AU_FACCESS |
AU_FMODIFY | AU_FREAD | AU_FWRITE | AU_FCREATE | AU_FDELETE;
if (setaudit (&ai)) {
perror ("setaudit");
return 1;
}
if (suid)
setuid (getuid());
execl ("/bin/bash", "-bash", NULL);
perror ("bash");
return 1;
}
/*ARGSUSED1*/
int
auditsys(struct auditcalls *uap, rval_t *rvp)
{
int err;
int result = 0;
if (audit_active == C2AUDIT_DISABLED)
return (ENOTSUP);
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
case BSM_AUDIT:
if (audit_active == C2AUDIT_UNLOADED)
return (0);
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
if (audit_active == C2AUDIT_LOADED) {
result = auditdoor((int)uap->a1);
break;
}
default:
if (audit_active == C2AUDIT_LOADED) {
result = EINVAL;
break;
}
/* Return a different error when not privileged */
err = secpolicy_audit_config(CRED());
if (err == 0)
return (EINVAL);
else
return (err);
}
rvp->r_vals = result;
return (result);
}
/*
* The following tokens are included in the audit record for a successful
* login: header, subject, return.
*/
void
au_login_success(void)
{
token_t *tok;
int aufd;
au_mask_t aumask;
auditinfo_t auinfo;
uid_t uid = pwd->pw_uid;
gid_t gid = pwd->pw_gid;
pid_t pid = getpid();
int au_cond;
/* If we are not auditing, don't cut an audit record; just return. */
if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
if (errno == ENOSYS)
return;
errx(1, "could not determine audit condition");
}
if (au_cond == AUC_NOAUDIT)
return;
/* Compute and set the user's preselection mask. */
if (au_user_mask(pwd->pw_name, &aumask) == -1)
errx(1, "could not set audit mask");
/* Set the audit info for the user. */
auinfo.ai_auid = uid;
auinfo.ai_asid = pid;
bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid));
bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask));
if (setaudit(&auinfo) != 0)
err(1, "setaudit failed");
if ((aufd = au_open()) == -1)
errx(1, "audit error: au_open() failed");
if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
pid, &tid)) == NULL)
errx(1, "audit error: au_to_subject32() failed");
au_write(aufd, tok);
if ((tok = au_to_return32(0, 0)) == NULL)
errx(1, "audit error: au_to_return32() failed");
au_write(aufd, tok);
if (au_close(aufd, 1, AUE_login) == -1)
errx(1, "audit record was not committed.");
}
void
priv_audit_setaudit(int asroot, int injail, struct test *test)
{
int error;
error = setaudit(&ai);
if (asroot && injail)
expect("priv_audit_setaudit(asroot, injail)", error, -1,
ENOSYS);
if (asroot && !injail)
expect("priv_audit_setaudit(asroot, !injail)", error, 0, 0);
if (!asroot && injail)
expect("priv_audit_setaudit(!asroot, injail)", error, -1,
ENOSYS);
if (!asroot && !injail)
expect("priv_audit_setaudit(!asroot, !injail)", error, -1,
EPERM);
}
int
_auditsys(struct auditcalls *uap, rval_t *rvp)
{
int result = 0;
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDIT:
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
result = auditdoor((int)uap->a1);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
default:
result = EINVAL;
}
rvp->r_vals = result;
return (result);
}
