From owner-trustedbsd-cvs@FreeBSD.ORG Tue Apr 25 01:11:51 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B41D216A40F for ; Tue, 25 Apr 2006 01:11:51 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F0CE43D45 for ; Tue, 25 Apr 2006 01:11:36 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 2290B46D4C for ; Mon, 24 Apr 2006 21:11:36 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id C461E5BC22; Tue, 25 Apr 2006 01:10:50 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 2ED8616A41F; Tue, 25 Apr 2006 01:10:48 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A53F16A41A for ; Tue, 25 Apr 2006 01:10:48 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD1B443D48 for ; Tue, 25 Apr 2006 01:10:47 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3P1AlVc070734 for ; Tue, 25 Apr 2006 01:10:47 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3P1AlnH070726 for perforce@freebsd.org; Tue, 25 Apr 2006 01:10:47 GMT (envelope-from csjp@freebsd.org) Date: Tue, 25 Apr 2006 01:10:47 GMT Message-Id: <200604250110.k3P1AlnH070726@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 96045 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Apr 2006 01:11:51 -0000 http://perforce.freebsd.org/chv.cgi?CH=96045 Change 96045 by csjp@csjp_xor on 2006/04/25 01:10:40 Switch to use openbsm's audit_submit(3) instead of rolling our own. - Remove enums for audit success and failure - drop audit_su - drop prototype for audit_su Affected files ... .. //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#14 edit Differences ... ==== //depot/projects/trustedbsd/audit3/usr.bin/su/su.c#14 (text+ko) ==== @@ -137,7 +137,6 @@ } while (0) enum tristate { UNSET, YES, NO }; -enum auditevents { AUDIT_SU_FAILURE, AUDIT_SU_SUCCESS }; static pam_handle_t *pamh = NULL; static char **environ_pam; @@ -147,9 +146,6 @@ static void usage(void) __dead2; static void export_pam_environment(void); static int ok_to_export(const char *); -#ifdef USE_BSM_AUDIT -static void audit_su(au_id_t, int, const char *, ...); -#endif extern char **environ; @@ -224,7 +220,9 @@ if (strlen(user) > MAXLOGNAME - 1) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, "username too long"); + if (audit_submit(AUE_su, getuid(), + 1, EPERM, "username too long")) + errx(1, "Permission denied"); #endif errx(1, "username too long"); } @@ -257,8 +255,9 @@ pwd = getpwuid(ruid); if (pwd == NULL) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, - "unable to determain invoking subject"); + if (audit_submit(AUE_su, getuid(), 1, EPERM, + "unable to determain invoking subject")) + errx(1, "Permission denied"); #endif errx(1, "who are you?"); } @@ -298,15 +297,17 @@ retcode = pam_authenticate(pamh, 0); if (retcode != PAM_SUCCESS) { #ifdef USE_BSM_AUDIT - audit_su(ruid, AUDIT_SU_FAILURE, "bad su %s to %s on %s", - username, user, mytty); + if (audit_submit(AUE_su, ruid, 1, EPERM, "bad su %s to %s on %s", + username, user, mytty)) + errx(1, "Permission denied"); #endif syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s on %s", username, user, mytty); errx(1, "Sorry"); } #ifdef USE_BSM_AUDIT - audit_su(ruid, AUDIT_SU_SUCCESS, "successful authentication"); + if (audit_submit(AUE_su, ruid, 0, 0, "successful authentication")) + errx(1, "Permission denied"); #endif retcode = pam_get_item(pamh, PAM_USER, (const void **)&p); if (retcode == PAM_SUCCESS) @@ -317,8 +318,9 @@ pwd = getpwnam(user); if (pwd == NULL) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, - "unknown subject: %s", user); + if (audit_submit(AUE_su, getuid(), 1, EPERM, + "unknown subject: %s", user)) + errx(1, "Permission denied"); #endif errx(1, "unknown login: %s", user); } @@ -329,9 +331,10 @@ PAM_CHANGE_EXPIRED_AUTHTOK); if (retcode != PAM_SUCCESS) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, + if (audit_submit(AUE_su, getuid(), 1, EPERM, "pam_chauthtok: %s", - pam_strerror(pamh, retcode)); + pam_strerror(pamh, retcode))) + errx(1, "Permission denied"); #endif syslog(LOG_ERR, "pam_chauthtok: %s", pam_strerror(pamh, retcode)); @@ -340,8 +343,9 @@ } if (retcode != PAM_SUCCESS) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, "pam_acct_mgmt: %s", - pam_strerror(pamh, retcode)); + if (audit_submit(AUE_su, getuid(), 1, EPERM, "pam_acct_mgmt: %s", + pam_strerror(pamh, retcode))) + errx(1, "Permission denied"); #endif syslog(LOG_ERR, "pam_acct_mgmt: %s", pam_strerror(pamh, retcode)); @@ -354,8 +358,9 @@ else { if (ruid != 0) { #ifdef USE_BSM_AUDIT - audit_su(getuid(), AUDIT_SU_FAILURE, - "only root may use -c"); + if (audit_submit(AUE_su, getuid(), 1, EPERM, + "only root may use -c")) + errx(1, "Permission denied"); #endif errx(1, "only root may use -c"); } @@ -632,90 +637,3 @@ snprintf(buf, sizeof(buf), " on %s", p); return buf; } - -#ifdef USE_BSM_AUDIT -static void -audit_su(au_id_t au_ctx, int what, const char *fmt, ...) -{ - token_t *token; - long acond; - int afd; - au_tid_t termid; - pid_t pid; - char text[1024]; - va_list ap; - - if (auditon(A_GETCOND, &acond, sizeof(long)) < 0) { - /* - * If auditon(2) returns ENOSYS, then audit has not been - * compiled into the kernel, so just return. - */ - if (errno == ENOSYS) - return; - syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", - strerror(errno)); - errx(1, "Permission denied"); - } - if (acond == AUC_NOAUDIT) - return; - afd = au_open(); - if (afd < 0) { - syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", - strerror(errno)); - errx(1, "Permission denied"); - } - /* XXX what should we do for termid? */ - bzero(&termid, sizeof(termid)); - pid = getpid(); - token = au_to_subject32(au_ctx, geteuid(), getegid(), - getuid(), getgid(), pid, pid, &termid); - if (token == NULL) { - syslog(LOG_AUTH | LOG_ERR, - "audit: unable to build subject token"); - errx(1, "Permission denied"); - } - if (au_write(afd, token) < 0) { - syslog(LOG_AUTH | LOG_ERR, - "audit: au_write failed: %s", strerror(errno)); - errx(1, "Permission denied"); - } - if (fmt != NULL) { - va_start(ap, fmt); - (void) vsnprintf(&text[0], sizeof(text) - 1, fmt, ap); - va_end(ap); - token = au_to_text(&text[0]); - if (token == NULL) { - syslog(LOG_AUTH | LOG_ERR, - "audit: failed to generate text token"); - errx(1, "Permission denied"); - } - if (au_write(afd, token) < 0) { - syslog(LOG_AUTH | LOG_ERR, - "audit: au_write failed: %s", strerror(errno)); - errx(1, "Permission denied"); - } - } - switch (what) { - case AUDIT_SU_FAILURE: - token = au_to_return32(1, EPERM); - break; - case AUDIT_SU_SUCCESS: - token = au_to_return32(0, 0); - break; - } - if (token == NULL) { - syslog(LOG_AUTH | LOG_ERR, - "audit: enable to build return token"); - errx(1, "Permission denied"); - } - if (au_write(afd, token) < 0) { - syslog(LOG_AUTH | LOG_ERR, - "audit: au_write failed: %s", strerror(errno)); - errx(1, "Permission denied"); - } - if (au_close(afd, 1, AUE_su) < 0) { - syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); - errx(1, "Permission denied"); - } -} -#endif