| bsm_wrappers.c (185573) | bsm_wrappers.c (186647) |
|---|---|
| 1/*- 2 * Copyright (c) 2004 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * | 1/*- 2 * Copyright (c) 2004 Apple Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 12 unchanged lines hidden (view full) --- 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 * |
| 29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#26 $ | 29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $ |
| 30 */ 31 32#ifdef __APPLE__ 33#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 34#endif 35 36#include <sys/param.h> 37#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 64 char text[MAX_AUDITSTRING_LEN]; 65 token_t *token; 66 long acond; 67 va_list ap; 68 pid_t pid; 69 int error, afd, subj_ex; 70 struct auditinfo ai; 71 struct auditinfo_addr aia; | 30 */ 31 32#ifdef __APPLE__ 33#define _SYS_AUDIT_H /* Prevent include of sys/audit.h. */ 34#endif 35 36#include <sys/param.h> 37#include <sys/stat.h> --- 26 unchanged lines hidden (view full) --- 64 char text[MAX_AUDITSTRING_LEN]; 65 token_t *token; 66 long acond; 67 va_list ap; 68 pid_t pid; 69 int error, afd, subj_ex; 70 struct auditinfo ai; 71 struct auditinfo_addr aia; |
| 72 au_tid_t atid; |
|
| 72 73 if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { 74 /* 75 * If auditon(2) returns ENOSYS, then audit has not been 76 * compiled into the kernel, so just return. 77 */ 78 if (errno == ENOSYS) 79 return (0); 80 error = errno; 81 syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 82 strerror(errno)); 83 errno = error; 84 return (-1); 85 } 86 if (acond == AUC_NOAUDIT) 87 return (0); | 73 74 if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { 75 /* 76 * If auditon(2) returns ENOSYS, then audit has not been 77 * compiled into the kernel, so just return. 78 */ 79 if (errno == ENOSYS) 80 return (0); 81 error = errno; 82 syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", 83 strerror(errno)); 84 errno = error; 85 return (-1); 86 } 87 if (acond == AUC_NOAUDIT) 88 return (0); |
| 88 /* XXXCSJP we should be doing a pre-select here */ | |
| 89 afd = au_open(); 90 if (afd < 0) { 91 error = errno; 92 syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 93 strerror(errno)); 94 errno = error; 95 return (-1); 96 } 97 /* | 89 afd = au_open(); 90 if (afd < 0) { 91 error = errno; 92 syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", 93 strerror(errno)); 94 errno = error; 95 return (-1); 96 } 97 /* |
| 98 * Some operating systems do not have getaudit_addr(2) implemented 99 * yet. So we try to use getaudit(2) first, if the subject is 100 * using IPv6, then we will have to try getaudit_addr(2). Failing 101 * this, we return error. | 98 * Try to use getaudit_addr(2) first. If this kernel does not support 99 * it, then fall back on to getaudit(2). |
| 102 */ 103 subj_ex = 0; | 100 */ 101 subj_ex = 0; |
| 104 error = getaudit(&ai); 105 if (error < 0 && errno == E2BIG) { 106 error = getaudit_addr(&aia, sizeof(aia)); 107 if (error == 0) 108 subj_ex = 1; 109 } 110 if (error < 0) { | 102 error = getaudit_addr(&aia, sizeof(aia)); 103 if (error < 0 && errno == ENOSYS) { 104 error = getaudit(&ai); 105 if (error < 0) { 106 error = errno; 107 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", 108 strerror(errno)); 109 errno = error; 110 return (-1); 111 } 112 /* 113 * Convert this auditinfo_t to an auditinfo_addr_t to make the 114 * following code less complicated wrt to preselection and 115 * subject token generation. 116 */ 117 aia.ai_auid = ai.ai_auid; 118 aia.ai_mask = ai.ai_mask; 119 aia.ai_asid = ai.ai_asid; 120 aia.ai_termid.at_type = AU_IPv4; 121 aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 122 aia.ai_termid.at_port = ai.ai_termid.port; 123 } else if (error < 0) { |
| 111 error = errno; | 124 error = errno; |
| 112 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s", | 125 syslog(LOG_AUTH | LOG_ERR, "audit: getaudit_addr failed: %s", |
| 113 strerror(errno)); 114 errno = error; 115 return (-1); 116 } | 126 strerror(errno)); 127 errno = error; 128 return (-1); 129 } |
| 130 /* 131 * NB: We should be performing pre-selection here now that we have the 132 * masks for this process. 133 */ 134 if (aia.ai_termid.at_type == AU_IPv6) 135 subj_ex = 1; |
|
| 117 pid = getpid(); | 136 pid = getpid(); |
| 118 if (subj_ex == 0) | 137 if (subj_ex == 0) { 138 atid.port = aia.ai_termid.at_port; 139 atid.machine = aia.ai_termid.at_addr[0]; |
| 119 token = au_to_subject32(auid, geteuid(), getegid(), | 140 token = au_to_subject32(auid, geteuid(), getegid(), |
| 120 getuid(), getgid(), pid, pid, &ai.ai_termid); 121 else | 141 getuid(), getgid(), pid, pid, &atid); 142 } else |
| 122 token = au_to_subject_ex(auid, geteuid(), getegid(), 123 getuid(), getgid(), pid, pid, &aia.ai_termid); 124 if (token == NULL) { 125 syslog(LOG_AUTH | LOG_ERR, 126 "audit: unable to build subject token"); 127 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 128 errno = EPERM; 129 return (-1); --- 22 unchanged lines hidden (view full) --- 152 error = errno; 153 syslog(LOG_AUTH | LOG_ERR, 154 "audit: au_write failed: %s", strerror(errno)); 155 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 156 errno = error; 157 return (-1); 158 } 159 } | 143 token = au_to_subject_ex(auid, geteuid(), getegid(), 144 getuid(), getgid(), pid, pid, &aia.ai_termid); 145 if (token == NULL) { 146 syslog(LOG_AUTH | LOG_ERR, 147 "audit: unable to build subject token"); 148 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 149 errno = EPERM; 150 return (-1); --- 22 unchanged lines hidden (view full) --- 173 error = errno; 174 syslog(LOG_AUTH | LOG_ERR, 175 "audit: au_write failed: %s", strerror(errno)); 176 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 177 errno = error; 178 return (-1); 179 } 180 } |
| 160 token = au_to_return32(status, reterr); | 181 token = au_to_return32(status, au_errno_to_bsm(reterr)); |
| 161 if (token == NULL) { 162 syslog(LOG_AUTH | LOG_ERR, 163 "audit: enable to build return token"); 164 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 165 errno = EPERM; 166 return (-1); 167 } 168 if (au_write(afd, token) < 0) { --- 301 unchanged lines hidden --- | 182 if (token == NULL) { 183 syslog(LOG_AUTH | LOG_ERR, 184 "audit: enable to build return token"); 185 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 186 errno = EPERM; 187 return (-1); 188 } 189 if (au_write(afd, token) < 0) { --- 301 unchanged lines hidden --- |