Cross Reference: /freebsd-10.3-release/contrib/openbsm/libbsm/bsm

Deleted Added

sdiff udiff text old ( 186647 ) new ( 191273 )

full compact

bsm_wrappers.c (186647)	bsm_wrappers.c (191273)
1/*-	1/*-
2 * Copyright (c) 2004 Apple Inc.	2 * Copyright (c) 2004-2009 Apple Inc.
3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 *	3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of Apple Inc. ("Apple") nor the names of 14 * its contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 *
29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#28 $	29 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#31 $
30 / 31 32#ifdef __APPLE__ 33#define _SYS_AUDIT_H / Prevent include of sys/audit.h. / 34#endif 35 36#include <sys/param.h> 37#include <sys/stat.h> 38 39#ifdef __APPLE__ 40#include <sys/queue.h> / Our bsm/audit.h doesn't include queue.h. / 41#endif 42 43#include <sys/sysctl.h> 44 45#include <bsm/libbsm.h> 46 47#include <unistd.h> 48#include <syslog.h> 49#include <stdarg.h> 50#include <string.h> 51#include <errno.h> 52 53/ These are not advertised in libbsm.h / 54int audit_set_terminal_port(dev_t p); 55int audit_set_terminal_host(uint32_t m); 56 57/ 58 * General purpose audit submission mechanism for userspace. 59 / 60int 61audit_submit(short au_event, au_id_t auid, char status, 62 int reterr, const char fmt, ...) 63{ 64 char text[MAX_AUDITSTRING_LEN]; 65 token_t *token;	30 / 31 32#ifdef __APPLE__ 33#define _SYS_AUDIT_H / Prevent include of sys/audit.h. / 34#endif 35 36#include <sys/param.h> 37#include <sys/stat.h> 38 39#ifdef __APPLE__ 40#include <sys/queue.h> / Our bsm/audit.h doesn't include queue.h. / 41#endif 42 43#include <sys/sysctl.h> 44 45#include <bsm/libbsm.h> 46 47#include <unistd.h> 48#include <syslog.h> 49#include <stdarg.h> 50#include <string.h> 51#include <errno.h> 52 53/ These are not advertised in libbsm.h / 54int audit_set_terminal_port(dev_t p); 55int audit_set_terminal_host(uint32_t m); 56 57/ 58 * General purpose audit submission mechanism for userspace. 59 / 60int 61audit_submit(short au_event, au_id_t auid, char status, 62 int reterr, const char fmt, ...) 63{ 64 char text[MAX_AUDITSTRING_LEN]; 65 token_t *token;
66 long acond;	66 int acond;
67 va_list ap; 68 pid_t pid; 69 int error, afd, subj_ex; 70 struct auditinfo ai; 71 struct auditinfo_addr aia; 72 au_tid_t atid; 73	67 va_list ap; 68 pid_t pid; 69 int error, afd, subj_ex; 70 struct auditinfo ai; 71 struct auditinfo_addr aia; 72 au_tid_t atid; 73
74 if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {	74 if (audit_get_cond(&acond) != 0) {
75 /* 76 * If auditon(2) returns ENOSYS, then audit has not been 77 * compiled into the kernel, so just return. 78 / 79 if (errno == ENOSYS) 80 return (0); 81 error = errno; 82 syslog(LOG_AUTH \| LOG_ERR, "audit: auditon failed: %s", 83 strerror(errno)); 84 errno = error; 85 return (-1); 86 } 87 if (acond == AUC_NOAUDIT) 88 return (0); 89 afd = au_open(); 90 if (afd < 0) { 91 error = errno; 92 syslog(LOG_AUTH \| LOG_ERR, "audit: au_open failed: %s", 93 strerror(errno)); 94 errno = error; 95 return (-1); 96 } 97 / 98 * Try to use getaudit_addr(2) first. If this kernel does not support 99 * it, then fall back on to getaudit(2). 100 / 101* subj_ex = 0; 102 error = getaudit_addr(&aia, sizeof(aia)); 103 if (error < 0 && errno == ENOSYS) { 104 error = getaudit(&ai); 105 if (error < 0) { 106 error = errno; 107 syslog(LOG_AUTH \| LOG_ERR, "audit: getaudit failed: %s", 108 strerror(errno)); 109 errno = error; 110 return (-1); 111 } 112 /* 113 * Convert this auditinfo_t to an auditinfo_addr_t to make the 114 * following code less complicated wrt to preselection and 115 * subject token generation. 116 / 117* aia.ai_auid = ai.ai_auid; 118 aia.ai_mask = ai.ai_mask; 119 aia.ai_asid = ai.ai_asid; 120 aia.ai_termid.at_type = AU_IPv4; 121 aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 122 aia.ai_termid.at_port = ai.ai_termid.port; 123 } else if (error < 0) { 124 error = errno; 125 syslog(LOG_AUTH \| LOG_ERR, "audit: getaudit_addr failed: %s", 126 strerror(errno)); 127 errno = error; 128 return (-1); 129 } 130 /* 131 * NB: We should be performing pre-selection here now that we have the 132 * masks for this process. 133 / 134* if (aia.ai_termid.at_type == AU_IPv6) 135 subj_ex = 1; 136 pid = getpid(); 137 if (subj_ex == 0) { 138 atid.port = aia.ai_termid.at_port; 139 atid.machine = aia.ai_termid.at_addr[0]; 140 token = au_to_subject32(auid, geteuid(), getegid(), 141 getuid(), getgid(), pid, pid, &atid); 142 } else 143 token = au_to_subject_ex(auid, geteuid(), getegid(), 144 getuid(), getgid(), pid, pid, &aia.ai_termid); 145 if (token == NULL) { 146 syslog(LOG_AUTH \| LOG_ERR, 147 "audit: unable to build subject token"); 148 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 149 errno = EPERM; 150 return (-1); 151 } 152 if (au_write(afd, token) < 0) { 153 error = errno; 154 syslog(LOG_AUTH \| LOG_ERR, 155 "audit: au_write failed: %s", strerror(errno)); 156 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 157 errno = error; 158 return (-1); 159 } 160 if (fmt != NULL) { 161 va_start(ap, fmt); 162 (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 163 va_end(ap); 164 token = au_to_text(text); 165 if (token == NULL) { 166 syslog(LOG_AUTH \| LOG_ERR, 167 "audit: failed to generate text token"); 168 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 169 errno = EPERM; 170 return (-1); 171 } 172 if (au_write(afd, token) < 0) { 173 error = errno; 174 syslog(LOG_AUTH \| LOG_ERR, 175 "audit: au_write failed: %s", strerror(errno)); 176 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 177 errno = error; 178 return (-1); 179 } 180 }	75 /* 76 * If auditon(2) returns ENOSYS, then audit has not been 77 * compiled into the kernel, so just return. 78 / 79 if (errno == ENOSYS) 80 return (0); 81 error = errno; 82 syslog(LOG_AUTH \| LOG_ERR, "audit: auditon failed: %s", 83 strerror(errno)); 84 errno = error; 85 return (-1); 86 } 87 if (acond == AUC_NOAUDIT) 88 return (0); 89 afd = au_open(); 90 if (afd < 0) { 91 error = errno; 92 syslog(LOG_AUTH \| LOG_ERR, "audit: au_open failed: %s", 93 strerror(errno)); 94 errno = error; 95 return (-1); 96 } 97 / 98 * Try to use getaudit_addr(2) first. If this kernel does not support 99 * it, then fall back on to getaudit(2). 100 / 101* subj_ex = 0; 102 error = getaudit_addr(&aia, sizeof(aia)); 103 if (error < 0 && errno == ENOSYS) { 104 error = getaudit(&ai); 105 if (error < 0) { 106 error = errno; 107 syslog(LOG_AUTH \| LOG_ERR, "audit: getaudit failed: %s", 108 strerror(errno)); 109 errno = error; 110 return (-1); 111 } 112 /* 113 * Convert this auditinfo_t to an auditinfo_addr_t to make the 114 * following code less complicated wrt to preselection and 115 * subject token generation. 116 / 117* aia.ai_auid = ai.ai_auid; 118 aia.ai_mask = ai.ai_mask; 119 aia.ai_asid = ai.ai_asid; 120 aia.ai_termid.at_type = AU_IPv4; 121 aia.ai_termid.at_addr[0] = ai.ai_termid.machine; 122 aia.ai_termid.at_port = ai.ai_termid.port; 123 } else if (error < 0) { 124 error = errno; 125 syslog(LOG_AUTH \| LOG_ERR, "audit: getaudit_addr failed: %s", 126 strerror(errno)); 127 errno = error; 128 return (-1); 129 } 130 /* 131 * NB: We should be performing pre-selection here now that we have the 132 * masks for this process. 133 / 134* if (aia.ai_termid.at_type == AU_IPv6) 135 subj_ex = 1; 136 pid = getpid(); 137 if (subj_ex == 0) { 138 atid.port = aia.ai_termid.at_port; 139 atid.machine = aia.ai_termid.at_addr[0]; 140 token = au_to_subject32(auid, geteuid(), getegid(), 141 getuid(), getgid(), pid, pid, &atid); 142 } else 143 token = au_to_subject_ex(auid, geteuid(), getegid(), 144 getuid(), getgid(), pid, pid, &aia.ai_termid); 145 if (token == NULL) { 146 syslog(LOG_AUTH \| LOG_ERR, 147 "audit: unable to build subject token"); 148 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 149 errno = EPERM; 150 return (-1); 151 } 152 if (au_write(afd, token) < 0) { 153 error = errno; 154 syslog(LOG_AUTH \| LOG_ERR, 155 "audit: au_write failed: %s", strerror(errno)); 156 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 157 errno = error; 158 return (-1); 159 } 160 if (fmt != NULL) { 161 va_start(ap, fmt); 162 (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); 163 va_end(ap); 164 token = au_to_text(text); 165 if (token == NULL) { 166 syslog(LOG_AUTH \| LOG_ERR, 167 "audit: failed to generate text token"); 168 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 169 errno = EPERM; 170 return (-1); 171 } 172 if (au_write(afd, token) < 0) { 173 error = errno; 174 syslog(LOG_AUTH \| LOG_ERR, 175 "audit: au_write failed: %s", strerror(errno)); 176 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 177 errno = error; 178 return (-1); 179 } 180 }
181 token = au_to_return32(status, au_errno_to_bsm(reterr));	181 token = au_to_return32(au_errno_to_bsm(status), reterr);
182 if (token == NULL) { 183 syslog(LOG_AUTH \| LOG_ERR, 184 "audit: enable to build return token"); 185 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 186 errno = EPERM; 187 return (-1); 188 } 189 if (au_write(afd, token) < 0) { 190 error = errno; 191 syslog(LOG_AUTH \| LOG_ERR, 192 "audit: au_write failed: %s", strerror(errno)); 193 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 194 errno = error; 195 return (-1); 196 } 197 if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 198 error = errno; 199 syslog(LOG_AUTH \| LOG_ERR, "audit: record not committed"); 200 errno = error; 201 return (-1); 202 } 203 return (0); 204} 205 206int 207audit_set_terminal_port(dev_t p) 208{ 209* struct stat st; 210 211 if (p == NULL) 212 return (kAUBadParamErr); 213 214#ifdef NODEV 215 p = NODEV; 216#else 217* p = -1; 218#endif 219* 220 /* for /usr/bin/login, try fstat() first / 221* if (fstat(STDIN_FILENO, &st) != 0) { 222 if (errno != EBADF) { 223 syslog(LOG_ERR, "fstat() failed (%s)", 224 strerror(errno)); 225 return (kAUStatErr); 226 } 227 if (stat("/dev/console", &st) != 0) { 228 syslog(LOG_ERR, "stat() failed (%s)", 229 strerror(errno)); 230 return (kAUStatErr); 231 } 232 } 233 p = st.st_rdev; 234* return (kAUNoErr); 235} 236 237int 238audit_set_terminal_host(uint32_t m) 239{ 240* 241#ifdef KERN_HOSTID 242 int name[2] = { CTL_KERN, KERN_HOSTID }; 243 size_t len; 244 245 if (m == NULL) 246 return (kAUBadParamErr); 247 m = 0; 248* len = sizeof(m); 249* if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 250 syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 251 return (kAUSysctlErr); 252 } 253 return (kAUNoErr); 254#else 255 m = -1; 256* return (kAUNoErr); 257#endif 258} 259 260int 261audit_set_terminal_id(au_tid_t tid) 262{ 263* int ret; 264 265 if (tid == NULL) 266 return (kAUBadParamErr); 267 if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 268 return (ret); 269 return (audit_set_terminal_host(&tid->machine)); 270} 271 272/* 273 * This is OK for those callers who have only one token to write. If you have 274 * multiple tokens that logically form part of the same audit record, you need 275 * to use the existing au_open()/au_write()/au_close() API: 276 * 277 * aufd = au_open(); 278 * tok = au_to_random_token_1(...); 279 * au_write(aufd, tok); 280 * tok = au_to_random_token_2(...); 281 * au_write(aufd, tok); 282 * ... 283 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 284 * 285 * Assumes, like all wrapper calls, that the caller has previously checked 286 * that auditing is enabled via the audit_get_state() call. 287 * 288 * XXX: Should be more robust against bad arguments. 289 / 290int 291audit_write(short event_code, token_t subject, token_t misctok, char retval, 292* int errcode) 293{ 294 int aufd; 295 char func = "audit_write()"; 296* token_t rettok; 297* 298 if ((aufd = au_open()) == -1) { 299 au_free_token(subject); 300 au_free_token(misctok); 301 syslog(LOG_ERR, "%s: au_open() failed", func); 302 return (kAUOpenErr); 303 } 304 305 /* Save subject. / 306* if (subject && au_write(aufd, subject) == -1) { 307 au_free_token(subject); 308 au_free_token(misctok); 309 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 310 syslog(LOG_ERR, "%s: write of subject failed", func); 311 return (kAUWriteSubjectTokErr); 312 } 313 314 /* Save the event-specific token. / 315* if (misctok && au_write(aufd, misctok) == -1) { 316 au_free_token(misctok); 317 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 318 syslog(LOG_ERR, "%s: write of caller token failed", func); 319 return (kAUWriteCallerTokErr); 320 } 321 322 /* Tokenize and save the return value. / 323* if ((rettok = au_to_return32(retval, errcode)) == NULL) { 324 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 325 syslog(LOG_ERR, "%s: au_to_return32() failed", func); 326 return (kAUMakeReturnTokErr); 327 } 328 329 if (au_write(aufd, rettok) == -1) { 330 au_free_token(rettok); 331 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 332 syslog(LOG_ERR, "%s: write of return code failed", func); 333 return (kAUWriteReturnTokErr); 334 } 335 336 /* 337 * We assume the caller wouldn't have bothered with this 338 * function if it hadn't already decided to keep the record. 339 / 340* if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 341 syslog(LOG_ERR, "%s: au_close() failed", func); 342 return (kAUCloseErr); 343 } 344 345 return (kAUNoErr); 346} 347 348/* 349 * Same caveats as audit_write(). In addition, this function explicitly 350 * assumes success; use audit_write_failure() on error. 351 / 352int 353audit_write_success(short event_code, token_t tok, au_id_t auid, uid_t euid, 354 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 355 au_tid_t tid) 356{ 357* char func = "audit_write_success()"; 358* token_t subject = NULL; 359* 360 /* Tokenize and save subject. / 361* subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 362 tid); 363 if (subject == NULL) { 364 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 365 return kAUMakeSubjectTokErr; 366 } 367 368 return (audit_write(event_code, subject, tok, 0, 0)); 369} 370 371/* 372 * Same caveats as audit_write(). In addition, this function explicitly 373 * assumes success; use audit_write_failure_self() on error. 374 / 375int 376audit_write_success_self(short event_code, token_t tok) 377{ 378 token_t subject; 379* char func = "audit_write_success_self()"; 380* 381 if ((subject = au_to_me()) == NULL) { 382 syslog(LOG_ERR, "%s: au_to_me() failed", func); 383 return (kAUMakeSubjectTokErr); 384 } 385 386 return (audit_write(event_code, subject, tok, 0, 0)); 387} 388 389/* 390 * Same caveats as audit_write(). In addition, this function explicitly 391 * assumes failure; use audit_write_success() otherwise. 392 * 393 * XXX This should let the caller pass an error return value rather than 394 * hard-coding -1. 395 / 396int 397audit_write_failure(short event_code, char errmsg, int errcode, au_id_t auid, 398 uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 399 au_tid_t tid) 400{ 401* char func = "audit_write_failure()"; 402* token_t subject, errtok; 403 404 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 405 if (subject == NULL) { 406 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 407 return (kAUMakeSubjectTokErr); 408 } 409 410 /* tokenize and save the error message / 411* if ((errtok = au_to_text(errmsg)) == NULL) { 412 au_free_token(subject); 413 syslog(LOG_ERR, "%s: au_to_text() failed", func); 414 return (kAUMakeTextTokErr); 415 } 416 417 return (audit_write(event_code, subject, errtok, -1, errcode)); 418} 419 420/* 421 * Same caveats as audit_write(). In addition, this function explicitly 422 * assumes failure; use audit_write_success_self() otherwise. 423 * 424 * XXX This should let the caller pass an error return value rather than 425 * hard-coding -1. 426 / 427int 428audit_write_failure_self(short event_code, char errmsg, int errret) 429{ 430 char func = "audit_write_failure_self()"; 431* token_t subject, errtok; 432 433 if ((subject = au_to_me()) == NULL) { 434 syslog(LOG_ERR, "%s: au_to_me() failed", func); 435 return (kAUMakeSubjectTokErr); 436 } 437 /* tokenize and save the error message / 438* if ((errtok = au_to_text(errmsg)) == NULL) { 439 au_free_token(subject); 440 syslog(LOG_ERR, "%s: au_to_text() failed", func); 441 return (kAUMakeTextTokErr); 442 } 443 return (audit_write(event_code, subject, errtok, -1, errret)); 444} 445 446/* 447 * For auditing errors during login. Such errors are implicitly 448 * non-attributable (i.e., not ascribable to any user). 449 * 450 * Assumes, like all wrapper calls, that the caller has previously checked 451 * that auditing is enabled via the audit_get_state() call. 452 / 453int 454audit_write_failure_na(short event_code, char errmsg, int errret, uid_t euid, 455 uid_t egid, pid_t pid, au_tid_t tid) 456{ 457* 458 return (audit_write_failure(event_code, errmsg, errret, -1, euid, 459 egid, -1, -1, pid, -1, tid)); 460} 461 462/* END OF au_write() WRAPPERS / 463* 464#ifdef __APPLE__ 465void 466audit_token_to_au32(audit_token_t atoken, uid_t auidp, uid_t euidp, 467 gid_t egidp, uid_t ruidp, gid_t rgidp, pid_t pidp, au_asid_t asidp, 468* au_tid_t tidp) 469{ 470* 471 if (auidp != NULL) 472 auidp = (uid_t)atoken.val[0]; 473* if (euidp != NULL) 474 euidp = (uid_t)atoken.val[1]; 475* if (egidp != NULL) 476 egidp = (gid_t)atoken.val[2]; 477* if (ruidp != NULL) 478 ruidp = (uid_t)atoken.val[3]; 479* if (rgidp != NULL) 480 rgidp = (gid_t)atoken.val[4]; 481* if (pidp != NULL) 482 pidp = (pid_t)atoken.val[5]; 483* if (asidp != NULL) 484 asidp = (au_asid_t)atoken.val[6]; 485* if (tidp != NULL) { 486 audit_set_terminal_host(&tidp->machine); 487 tidp->port = (dev_t)atoken.val[7]; 488 } 489} 490#endif /* !__APPLE__ */	182 if (token == NULL) { 183 syslog(LOG_AUTH \| LOG_ERR, 184 "audit: enable to build return token"); 185 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 186 errno = EPERM; 187 return (-1); 188 } 189 if (au_write(afd, token) < 0) { 190 error = errno; 191 syslog(LOG_AUTH \| LOG_ERR, 192 "audit: au_write failed: %s", strerror(errno)); 193 (void) au_close(afd, AU_TO_NO_WRITE, au_event); 194 errno = error; 195 return (-1); 196 } 197 if (au_close(afd, AU_TO_WRITE, au_event) < 0) { 198 error = errno; 199 syslog(LOG_AUTH \| LOG_ERR, "audit: record not committed"); 200 errno = error; 201 return (-1); 202 } 203 return (0); 204} 205 206int 207audit_set_terminal_port(dev_t p) 208{ 209* struct stat st; 210 211 if (p == NULL) 212 return (kAUBadParamErr); 213 214#ifdef NODEV 215 p = NODEV; 216#else 217* p = -1; 218#endif 219* 220 /* for /usr/bin/login, try fstat() first / 221* if (fstat(STDIN_FILENO, &st) != 0) { 222 if (errno != EBADF) { 223 syslog(LOG_ERR, "fstat() failed (%s)", 224 strerror(errno)); 225 return (kAUStatErr); 226 } 227 if (stat("/dev/console", &st) != 0) { 228 syslog(LOG_ERR, "stat() failed (%s)", 229 strerror(errno)); 230 return (kAUStatErr); 231 } 232 } 233 p = st.st_rdev; 234* return (kAUNoErr); 235} 236 237int 238audit_set_terminal_host(uint32_t m) 239{ 240* 241#ifdef KERN_HOSTID 242 int name[2] = { CTL_KERN, KERN_HOSTID }; 243 size_t len; 244 245 if (m == NULL) 246 return (kAUBadParamErr); 247 m = 0; 248* len = sizeof(m); 249* if (sysctl(name, 2, m, &len, NULL, 0) != 0) { 250 syslog(LOG_ERR, "sysctl() failed (%s)", strerror(errno)); 251 return (kAUSysctlErr); 252 } 253 return (kAUNoErr); 254#else 255 m = -1; 256* return (kAUNoErr); 257#endif 258} 259 260int 261audit_set_terminal_id(au_tid_t tid) 262{ 263* int ret; 264 265 if (tid == NULL) 266 return (kAUBadParamErr); 267 if ((ret = audit_set_terminal_port(&tid->port)) != kAUNoErr) 268 return (ret); 269 return (audit_set_terminal_host(&tid->machine)); 270} 271 272/* 273 * This is OK for those callers who have only one token to write. If you have 274 * multiple tokens that logically form part of the same audit record, you need 275 * to use the existing au_open()/au_write()/au_close() API: 276 * 277 * aufd = au_open(); 278 * tok = au_to_random_token_1(...); 279 * au_write(aufd, tok); 280 * tok = au_to_random_token_2(...); 281 * au_write(aufd, tok); 282 * ... 283 * au_close(aufd, AU_TO_WRITE, AUE_your_event_type); 284 * 285 * Assumes, like all wrapper calls, that the caller has previously checked 286 * that auditing is enabled via the audit_get_state() call. 287 * 288 * XXX: Should be more robust against bad arguments. 289 / 290int 291audit_write(short event_code, token_t subject, token_t misctok, char retval, 292* int errcode) 293{ 294 int aufd; 295 char func = "audit_write()"; 296* token_t rettok; 297* 298 if ((aufd = au_open()) == -1) { 299 au_free_token(subject); 300 au_free_token(misctok); 301 syslog(LOG_ERR, "%s: au_open() failed", func); 302 return (kAUOpenErr); 303 } 304 305 /* Save subject. / 306* if (subject && au_write(aufd, subject) == -1) { 307 au_free_token(subject); 308 au_free_token(misctok); 309 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 310 syslog(LOG_ERR, "%s: write of subject failed", func); 311 return (kAUWriteSubjectTokErr); 312 } 313 314 /* Save the event-specific token. / 315* if (misctok && au_write(aufd, misctok) == -1) { 316 au_free_token(misctok); 317 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 318 syslog(LOG_ERR, "%s: write of caller token failed", func); 319 return (kAUWriteCallerTokErr); 320 } 321 322 /* Tokenize and save the return value. / 323* if ((rettok = au_to_return32(retval, errcode)) == NULL) { 324 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 325 syslog(LOG_ERR, "%s: au_to_return32() failed", func); 326 return (kAUMakeReturnTokErr); 327 } 328 329 if (au_write(aufd, rettok) == -1) { 330 au_free_token(rettok); 331 (void)au_close(aufd, AU_TO_NO_WRITE, event_code); 332 syslog(LOG_ERR, "%s: write of return code failed", func); 333 return (kAUWriteReturnTokErr); 334 } 335 336 /* 337 * We assume the caller wouldn't have bothered with this 338 * function if it hadn't already decided to keep the record. 339 / 340* if (au_close(aufd, AU_TO_WRITE, event_code) < 0) { 341 syslog(LOG_ERR, "%s: au_close() failed", func); 342 return (kAUCloseErr); 343 } 344 345 return (kAUNoErr); 346} 347 348/* 349 * Same caveats as audit_write(). In addition, this function explicitly 350 * assumes success; use audit_write_failure() on error. 351 / 352int 353audit_write_success(short event_code, token_t tok, au_id_t auid, uid_t euid, 354 gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 355 au_tid_t tid) 356{ 357* char func = "audit_write_success()"; 358* token_t subject = NULL; 359* 360 /* Tokenize and save subject. / 361* subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, 362 tid); 363 if (subject == NULL) { 364 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 365 return kAUMakeSubjectTokErr; 366 } 367 368 return (audit_write(event_code, subject, tok, 0, 0)); 369} 370 371/* 372 * Same caveats as audit_write(). In addition, this function explicitly 373 * assumes success; use audit_write_failure_self() on error. 374 / 375int 376audit_write_success_self(short event_code, token_t tok) 377{ 378 token_t subject; 379* char func = "audit_write_success_self()"; 380* 381 if ((subject = au_to_me()) == NULL) { 382 syslog(LOG_ERR, "%s: au_to_me() failed", func); 383 return (kAUMakeSubjectTokErr); 384 } 385 386 return (audit_write(event_code, subject, tok, 0, 0)); 387} 388 389/* 390 * Same caveats as audit_write(). In addition, this function explicitly 391 * assumes failure; use audit_write_success() otherwise. 392 * 393 * XXX This should let the caller pass an error return value rather than 394 * hard-coding -1. 395 / 396int 397audit_write_failure(short event_code, char errmsg, int errcode, au_id_t auid, 398 uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, 399 au_tid_t tid) 400{ 401* char func = "audit_write_failure()"; 402* token_t subject, errtok; 403 404 subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid); 405 if (subject == NULL) { 406 syslog(LOG_ERR, "%s: au_to_subject32() failed", func); 407 return (kAUMakeSubjectTokErr); 408 } 409 410 /* tokenize and save the error message / 411* if ((errtok = au_to_text(errmsg)) == NULL) { 412 au_free_token(subject); 413 syslog(LOG_ERR, "%s: au_to_text() failed", func); 414 return (kAUMakeTextTokErr); 415 } 416 417 return (audit_write(event_code, subject, errtok, -1, errcode)); 418} 419 420/* 421 * Same caveats as audit_write(). In addition, this function explicitly 422 * assumes failure; use audit_write_success_self() otherwise. 423 * 424 * XXX This should let the caller pass an error return value rather than 425 * hard-coding -1. 426 / 427int 428audit_write_failure_self(short event_code, char errmsg, int errret) 429{ 430 char func = "audit_write_failure_self()"; 431* token_t subject, errtok; 432 433 if ((subject = au_to_me()) == NULL) { 434 syslog(LOG_ERR, "%s: au_to_me() failed", func); 435 return (kAUMakeSubjectTokErr); 436 } 437 /* tokenize and save the error message / 438* if ((errtok = au_to_text(errmsg)) == NULL) { 439 au_free_token(subject); 440 syslog(LOG_ERR, "%s: au_to_text() failed", func); 441 return (kAUMakeTextTokErr); 442 } 443 return (audit_write(event_code, subject, errtok, -1, errret)); 444} 445 446/* 447 * For auditing errors during login. Such errors are implicitly 448 * non-attributable (i.e., not ascribable to any user). 449 * 450 * Assumes, like all wrapper calls, that the caller has previously checked 451 * that auditing is enabled via the audit_get_state() call. 452 / 453int 454audit_write_failure_na(short event_code, char errmsg, int errret, uid_t euid, 455 uid_t egid, pid_t pid, au_tid_t tid) 456{ 457* 458 return (audit_write_failure(event_code, errmsg, errret, -1, euid, 459 egid, -1, -1, pid, -1, tid)); 460} 461 462/* END OF au_write() WRAPPERS / 463* 464#ifdef __APPLE__ 465void 466audit_token_to_au32(audit_token_t atoken, uid_t auidp, uid_t euidp, 467 gid_t egidp, uid_t ruidp, gid_t rgidp, pid_t pidp, au_asid_t asidp, 468* au_tid_t tidp) 469{ 470* 471 if (auidp != NULL) 472 auidp = (uid_t)atoken.val[0]; 473* if (euidp != NULL) 474 euidp = (uid_t)atoken.val[1]; 475* if (egidp != NULL) 476 egidp = (gid_t)atoken.val[2]; 477* if (ruidp != NULL) 478 ruidp = (uid_t)atoken.val[3]; 479* if (rgidp != NULL) 480 rgidp = (gid_t)atoken.val[4]; 481* if (pidp != NULL) 482 pidp = (pid_t)atoken.val[5]; 483* if (asidp != NULL) 484 asidp = (au_asid_t)atoken.val[6]; 485* if (tidp != NULL) { 486 audit_set_terminal_host(&tidp->machine); 487 tidp->port = (dev_t)atoken.val[7]; 488 } 489} 490#endif /* !__APPLE__ */
	491 492int 493audit_get_cond(int cond) 494{ 495* int ret; 496 497 ret = auditon(A_GETCOND, cond, sizeof(cond)); 498#ifdef A_OLDGETCOND 499* if ((0 != ret) && EINVAL == errno) { 500 long lcond = cond; 501* 502 ret = auditon(A_OLDGETCOND, &lcond, sizeof(lcond)); 503 cond = (int)lcond; 504* } 505#endif 506 return (ret); 507} 508 509int 510audit_set_cond(int cond) 511{ 512* int ret; 513 514 ret = auditon(A_SETCOND, cond, sizeof(cond)); 515#ifdef A_OLDSETCOND 516* if ((0 != ret) && (EINVAL == errno)) { 517 long lcond = (long)cond; 518* 519 ret = auditon(A_OLDSETCOND, &lcond, sizeof(lcond)); 520 cond = (int)lcond; 521* } 522#endif 523 return (ret); 524} 525 526int 527audit_get_policy(int policy) 528{ 529* int ret; 530 531 ret = auditon(A_GETPOLICY, policy, sizeof(policy)); 532#ifdef A_OLDGETPOLICY 533* if ((0 != ret) && (EINVAL == errno)){ 534 long lpolicy = (long)policy; 535* 536 ret = auditon(A_OLDGETPOLICY, &lpolicy, sizeof(lpolicy)); 537 policy = (int)lpolicy; 538* } 539#endif 540 return (ret); 541} 542 543int 544audit_set_policy(int policy) 545{ 546* int ret; 547 548 ret = auditon(A_SETPOLICY, policy, sizeof(policy)); 549#ifdef A_OLDSETPOLICY 550* if ((0 != ret) && (EINVAL == errno)){ 551 long lpolicy = (long)policy; 552* 553 ret = auditon(A_OLDSETPOLICY, &lpolicy, sizeof(lpolicy)); 554 policy = (int)lpolicy; 555* } 556#endif 557 return (ret); 558} 559 560int 561audit_get_qctrl(au_qctrl_t qctrl, size_t sz) 562{ 563* int ret; 564 565 if (sizeof(qctrl) != sz) { 566* errno = EINVAL; 567 return (-1); 568 } 569 570 ret = auditon(A_GETQCTRL, qctrl, sizeof(qctrl)); 571#ifdef A_OLDGETQCTRL 572* if ((0 != ret) && (EINVAL == errno)){ 573 struct old_qctrl { 574 size_t oq_hiwater; 575 size_t oq_lowater; 576 size_t oq_bufsz; 577 clock_t oq_delay; 578 int oq_minfree; 579 } oq; 580 581 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 582 oq.oq_lowater = (size_t)qctrl->aq_lowater; 583 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 584 oq.oq_delay = (clock_t)qctrl->aq_delay; 585 oq.oq_minfree = qctrl->aq_minfree; 586 587 ret = auditon(A_OLDGETQCTRL, &oq, sizeof(oq)); 588 589 qctrl->aq_hiwater = (int)oq.oq_hiwater; 590 qctrl->aq_lowater = (int)oq.oq_lowater; 591 qctrl->aq_bufsz = (int)oq.oq_bufsz; 592 qctrl->aq_delay = (int)oq.oq_delay; 593 qctrl->aq_minfree = oq.oq_minfree; 594 } 595#endif /* A_OLDGETQCTRL / 596* return (ret); 597} 598 599int 600audit_set_qctrl(au_qctrl_t qctrl, size_t sz) 601{ 602* int ret; 603 604 if (sizeof(qctrl) != sz) { 605* errno = EINVAL; 606 return (-1); 607 } 608 609 ret = auditon(A_SETQCTRL, qctrl, sz); 610#ifdef A_OLDSETQCTRL 611 if ((0 != ret) && (EINVAL == errno)) { 612 struct old_qctrl { 613 size_t oq_hiwater; 614 size_t oq_lowater; 615 size_t oq_bufsz; 616 clock_t oq_delay; 617 int oq_minfree; 618 } oq; 619 620 oq.oq_hiwater = (size_t)qctrl->aq_hiwater; 621 oq.oq_lowater = (size_t)qctrl->aq_lowater; 622 oq.oq_bufsz = (size_t)qctrl->aq_bufsz; 623 oq.oq_delay = (clock_t)qctrl->aq_delay; 624 oq.oq_minfree = qctrl->aq_minfree; 625 626 ret = auditon(A_OLDSETQCTRL, &oq, sizeof(oq)); 627 628 qctrl->aq_hiwater = (int)oq.oq_hiwater; 629 qctrl->aq_lowater = (int)oq.oq_lowater; 630 qctrl->aq_bufsz = (int)oq.oq_bufsz; 631 qctrl->aq_delay = (int)oq.oq_delay; 632 qctrl->aq_minfree = oq.oq_minfree; 633 } 634#endif /* A_OLDSETQCTRL / 635* return (ret); 636} 637 638int 639audit_send_trigger(int trigger) 640{ 641* 642 return (auditon(A_SENDTRIGGER, trigger, sizeof(trigger))); 643} 644* 645int 646audit_get_kaudit(auditinfo_addr_t aia, size_t sz) 647{ 648* 649 if (sizeof(aia) != sz) { 650* errno = EINVAL; 651 return (-1); 652 } 653 654 return (auditon(A_GETKAUDIT, aia, sz)); 655} 656 657int 658audit_set_kaudit(auditinfo_addr_t aia, size_t sz) 659{ 660* 661 if (sizeof(aia) != sz) { 662* errno = EINVAL; 663 return (-1); 664 } 665 666 return (auditon(A_SETKAUDIT, aia, sz)); 667} 668 669int 670audit_get_class(au_evclass_map_t evc_map, size_t sz) 671{ 672* 673 if (sizeof(evc_map) != sz) { 674* errno = EINVAL; 675 return (-1); 676 } 677 678 return (auditon(A_GETCLASS, evc_map, sz)); 679} 680 681int 682audit_set_class(au_evclass_map_t evc_map, size_t sz) 683{ 684* 685 if (sizeof(evc_map) != sz) { 686* errno = EINVAL; 687 return (-1); 688 } 689 690 return (auditon(A_SETCLASS, evc_map, sz)); 691} 692 693int 694audit_get_kmask(au_mask_t kmask, size_t sz) 695{ 696* if (sizeof(kmask) != sz) { 697* errno = EINVAL; 698 return (-1); 699 } 700 701 return (auditon(A_GETKMASK, kmask, sz)); 702} 703 704int 705audit_set_kmask(au_mask_t kmask, size_t sz) 706{ 707* if (sizeof(kmask) != sz) { 708* errno = EINVAL; 709 return (-1); 710 } 711 712 return (auditon(A_SETKMASK, kmask, sz)); 713} 714 715int 716audit_get_fsize(au_fstat_t fstat, size_t sz) 717{ 718* 719 if (sizeof(fstat) != sz) { 720* errno = EINVAL; 721 return (-1); 722 } 723 724 return (auditon(A_GETFSIZE, fstat, sz)); 725} 726 727int 728audit_set_fsize(au_fstat_t fstat, size_t sz) 729{ 730* 731 if (sizeof(fstat) != sz) { 732* errno = EINVAL; 733 return (-1); 734 } 735 736 return (auditon(A_SETFSIZE, fstat, sz)); 737} 738 739int 740audit_set_pmask(auditpinfo_t api, size_t sz) 741{ 742* 743 if (sizeof(api) != sz) { 744* errno = EINVAL; 745 return (-1); 746 } 747 748 return (auditon(A_SETPMASK, api, sz)); 749} 750 751int 752audit_get_pinfo(auditpinfo_t api, size_t sz) 753{ 754* 755 if (sizeof(api) != sz) { 756* errno = EINVAL; 757 return (-1); 758 } 759 760 return (auditon(A_GETPINFO, api, sz)); 761} 762 763int 764audit_get_pinfo_addr(auditpinfo_addr_t apia, size_t sz) 765{ 766* 767 if (sizeof(apia) != sz) { 768* errno = EINVAL; 769 return (-1); 770 } 771 772 return (auditon(A_GETPINFO_ADDR, apia, sz)); 773} 774 775int 776audit_get_sinfo_addr(auditinfo_addr_t aia, size_t sz) 777{ 778* 779 if (sizeof(aia) != sz) { 780* errno = EINVAL; 781 return (-1); 782 } 783 784 return (auditon(A_GETSINFO_ADDR, aia, sz)); 785} 786 787int 788audit_get_stat(au_stat_t stats, size_t sz) 789{ 790* 791 if (sizeof(stats) != sz) { 792* errno = EINVAL; 793 return (-1); 794 } 795 796 return (auditon(A_GETSTAT, stats, sz)); 797} 798 799int 800audit_set_stat(au_stat_t stats, size_t sz) 801{ 802* 803 if (sizeof(stats) != sz) { 804* errno = EINVAL; 805 return (-1); 806 } 807 808 return (auditon(A_GETSTAT, stats, sz)); 809} 810 811int 812audit_get_cwd(char path, size_t sz) 813{ 814* 815 return (auditon(A_GETCWD, path, sz)); 816} 817 818int 819audit_get_car(char path, size_t sz) 820{ 821* 822 return (auditon(A_GETCAR, path, sz)); 823}