1/*- 2 * Copyright (c) 2007 Robert M. M. Watson 3 * All rights reserved. 4 * 5 * This software was developed by Robert N. M. Watson for the TrustedBSD 6 * Project. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR, NCIRCLE NETWORK SECURITY, 21 * INC., OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 23 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 24 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 25 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 26 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32/* 33 * Confirm that privilege is required to submit an audit record; we don't 34 * actually submit a record, but instead rely on the fact that length 35 * validation of the record will occur after the kernel privilege check. 36 * 37 * XXX: It might be better to submit a nul record of some sort. 38 */ 39 40#include <sys/types.h> 41 42#include <bsm/audit.h> 43 44#include <err.h> 45#include <errno.h> 46#include <stdio.h> 47#include <string.h> 48 49#include "main.h" 50 51int 52priv_audit_submit_setup(int asroot, int injail, struct test *test) 53{ 54 55 /* 56 * XXXRW: It would be nice if we checked for audit being configured 57 * here. 58 */ 59 return (0); 60} 61 62void 63priv_audit_submit(int asroot, int injail, struct test *test) 64{ 65 char record[MAX_AUDIT_RECORD_SIZE+10]; 66 int error; 67 68 bzero(record, sizeof(record)); 69 error = audit(record, sizeof(record)); 70 if (asroot && injail) 71 expect("priv_audit_submit(asroot, injail)", error, -1, 72 ENOSYS); 73 if (asroot && !injail) 74 expect("priv_audit_submit(asroot, !injail)", error, -1, 75 EINVAL); 76 if (!asroot && injail) 77 expect("priv_audit_submit(!asroot, injail)", error, -1, 78 ENOSYS); 79 if (!asroot && !injail) 80 expect("priv_audit_submit(!asroot, !injail)", error, -1, 81 EPERM); 82} 83 84void 85priv_audit_submit_cleanup(int asroot, int injail, struct test *test) 86{ 87 88} 89