From owner-p4-projects@FreeBSD.ORG Tue Apr 18 04:44:24 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BBBC916A404; Tue, 18 Apr 2006 04:44:24 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97D9116A401 for ; Tue, 18 Apr 2006 04:44:24 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5934843D45 for ; Tue, 18 Apr 2006 04:44:24 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3I4iOtJ029687 for ; Tue, 18 Apr 2006 04:44:24 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3I4iNNS029684 for perforce@freebsd.org; Tue, 18 Apr 2006 04:44:23 GMT (envelope-from csjp@freebsd.org) Date: Tue, 18 Apr 2006 04:44:23 GMT Message-Id: <200604180444.k3I4iNNS029684@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 95476 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 04:44:25 -0000 http://perforce.freebsd.org/chv.cgi?CH=95476 Change 95476 by csjp@csjp_xor on 2006/04/18 04:43:39 - Add to the openbsm programming API and introduce the audit_submit(3) in raw form. This is the first stab at things, so it's possible that things might change from here. - A sample implementation might be as follows: int audit_bad_su(char *from_login, char *to_login) { int error; error = audit_submit(AUE_su, getuid(), 1, EPERM, "bad su from %s to %s", from_login, to_login); return (error); } Will generate the followng audit record: header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0 text,bad su from from csjp to root return,failure : Operation not permitted,1 trailer,94 This function will be very useful for the on-going userspace integration of the audit code, and hopefully this little helper function can be used to prevent a lot of code replication. Discussed with: rwatson, wsalamon Affected files ... .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 edit .. //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#1 add .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#18 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#19 $ */ #ifndef _LIBBSM_H_ @@ -695,6 +695,9 @@ typedef struct tokenstr tokenstr_t; +int audit_submit(short au_event, au_id_t au_ctx, + char status, int reterr, const char *fmt, ...); + /* * Functions relating to querying audit class information. */ ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#20 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#21 $ */ #ifdef __APPLE__ @@ -46,6 +46,7 @@ #include #include +#include #include #include @@ -53,6 +54,110 @@ int audit_set_terminal_port(dev_t *p); int audit_set_terminal_host(uint32_t *m); +/* + * General purpose audit submission mechanism for userspace. + */ +int +audit_submit(short au_event, au_id_t au_ctx, char status, + int reterr, const char *fmt, ...) +{ + char text[MAX_AUDITSTRING_LEN]; + au_tid_t termid; + token_t *token; + long acond; + va_list ap; + pid_t pid; + int error, afd; + + if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) { + /* + * If auditon(2) returns ENOSYS, then audit has not been + * compiled into the kernel, so just return. + */ + if (errno == ENOSYS) + return (0); + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s", + strerror(errno)); + errno = error; + return (-1); + } + if (acond == AUC_NOAUDIT) + return (0); + afd = au_open(); + if (afd < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s", + strerror(errno)); + errno = error; + return (-1); + } + /* XXX what should we do for termid? */ + bzero(&termid, sizeof(termid)); + pid = getpid(); + token = au_to_subject32(au_ctx, geteuid(), getegid(), + getuid(), getgid(), pid, pid, &termid); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: unable to build subject token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + if (fmt != NULL) { + va_start(ap, fmt); + (void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap); + va_end(ap); + token = au_to_text(text); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: failed to generate text token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + } + token = au_to_return32(status, reterr); + if (token == NULL) { + syslog(LOG_AUTH | LOG_ERR, + "audit: enable to build return token"); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = EPERM; + return (-1); + } + if (au_write(afd, token) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, + "audit: au_write failed: %s", strerror(errno)); + (void) au_close(afd, AU_TO_NO_WRITE, au_event); + errno = error; + return (-1); + } + if (au_close(afd, AU_TO_WRITE, au_event) < 0) { + error = errno; + syslog(LOG_AUTH | LOG_ERR, "audit: record not committed"); + errno = error; + return (-1); + } + return (0); +} + int audit_set_terminal_port(dev_t *p) {