Integrate audit_submit(3) bits into su. This means that records for

successful and failed su attempts will be recorded using the AUE_su
event type (login or lo class) if auditing is present in the system.
Currently, the records will have a header, subject, text (with the
actual diagnostics), a return and trailer token.

See audit_submit(3) for more information.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
This commit is contained in:
Christian S.J. Peron 2006-09-01 13:39:02 +00:00
parent ae1078d657
commit 6319ad282f
2 changed files with 76 additions and 6 deletions

View File

@ -1,11 +1,19 @@
# @(#)Makefile 8.1 (Berkeley) 7/19/93
# $FreeBSD$
.include <bsd.own.mk>
PROG= su
DPADD= ${LIBUTIL} ${LIBPAM}
LDADD= -lutil ${MINUSLPAM}
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT
DPADD+= ${LIBBSM}
LDADD+= -lbsm
.endif
BINOWN= root
BINMODE=4555
PRECIOUSPROG=

View File

@ -81,6 +81,11 @@ __FBSDID("$FreeBSD$");
#include <sys/resource.h>
#include <sys/wait.h>
#ifdef USE_BSM_AUDIT
#include <bsm/libbsm.h>
#include <bsm/audit_uevents.h>
#endif
#include <err.h>
#include <errno.h>
#include <grp.h>
@ -93,6 +98,7 @@ __FBSDID("$FreeBSD$");
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <stdarg.h>
#include <security/pam_appl.h>
#include <security/openpam.h>
@ -164,6 +170,10 @@ main(int argc, char *argv[])
const char *p, *user, *shell, *mytty, **nargv;
struct sigaction sa, sa_int, sa_quit, sa_pipe;
int temp, fds[2];
#ifdef USE_BSM_AUDIT
const char *aerr;
au_id_t auid;
#endif
shell = class = cleanenv = NULL;
asme = asthem = fastlogin = statusp = 0;
@ -204,9 +214,6 @@ main(int argc, char *argv[])
usage();
/* NOTREACHED */
if (strlen(user) > MAXLOGNAME - 1)
errx(1, "username too long");
/*
* Try to provide more helpful debugging output if su(1) is running
* non-setuid, or was run from a file system not mounted setuid.
@ -214,6 +221,21 @@ main(int argc, char *argv[])
if (geteuid() != 0)
errx(1, "not running setuid");
#ifdef USE_BSM_AUDIT
if (getauid(&auid) < 0 && errno != ENOSYS) {
syslog(LOG_AUTH | LOG_ERR, "getauid: %s", strerror(errno));
errx(1, "Permission denied");
}
#endif
if (strlen(user) > MAXLOGNAME - 1) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid,
1, EPERM, "username too long: '%s'", user))
errx(1, "Permission denied");
#endif
errx(1, "username too long");
}
nargv = malloc(sizeof(char *) * (size_t)(argc + 4));
if (nargv == NULL)
errx(1, "malloc failure");
@ -239,8 +261,14 @@ main(int argc, char *argv[])
pwd = getpwnam(username);
if (username == NULL || pwd == NULL || pwd->pw_uid != ruid)
pwd = getpwuid(ruid);
if (pwd == NULL)
if (pwd == NULL) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 1, EPERM,
"unable to determine invoking subject: '%s'", username))
errx(1, "Permission denied");
#endif
errx(1, "who are you?");
}
username = strdup(pwd->pw_name);
if (username == NULL)
@ -275,10 +303,19 @@ main(int argc, char *argv[])
retcode = pam_authenticate(pamh, 0);
if (retcode != PAM_SUCCESS) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 1, EPERM, "bad su %s to %s on %s",
username, user, mytty))
errx(1, "Permission denied");
#endif
syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s on %s",
username, user, mytty);
errx(1, "Sorry");
}
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 0, 0, "successful authentication"))
errx(1, "Permission denied");
#endif
retcode = pam_get_item(pamh, PAM_USER, (const void **)&p);
if (retcode == PAM_SUCCESS)
user = p;
@ -286,20 +323,39 @@ main(int argc, char *argv[])
syslog(LOG_ERR, "pam_get_item(PAM_USER): %s",
pam_strerror(pamh, retcode));
pwd = getpwnam(user);
if (pwd == NULL)
if (pwd == NULL) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 1, EPERM,
"unknown subject: %s", user))
errx(1, "Permission denied");
#endif
errx(1, "unknown login: %s", user);
}
retcode = pam_acct_mgmt(pamh, 0);
if (retcode == PAM_NEW_AUTHTOK_REQD) {
retcode = pam_chauthtok(pamh,
PAM_CHANGE_EXPIRED_AUTHTOK);
if (retcode != PAM_SUCCESS) {
#ifdef USE_BSM_AUDIT
aerr = pam_strerror(pamh, retcode);
if (aerr == NULL)
aerr = "Unknown PAM error";
if (audit_submit(AUE_su, auid, 1, EPERM,
"pam_chauthtok: %s", aerr))
errx(1, "Permission denied");
#endif
syslog(LOG_ERR, "pam_chauthtok: %s",
pam_strerror(pamh, retcode));
errx(1, "Sorry");
}
}
if (retcode != PAM_SUCCESS) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 1, EPERM, "pam_acct_mgmt: %s",
pam_strerror(pamh, retcode)))
errx(1, "Permission denied");
#endif
syslog(LOG_ERR, "pam_acct_mgmt: %s",
pam_strerror(pamh, retcode));
errx(1, "Sorry");
@ -309,8 +365,14 @@ main(int argc, char *argv[])
if (class == NULL)
lc = login_getpwclass(pwd);
else {
if (ruid != 0)
if (ruid != 0) {
#ifdef USE_BSM_AUDIT
if (audit_submit(AUE_su, auid, 1, EPERM,
"only root may use -c"))
errx(1, "Permission denied");
#endif
errx(1, "only root may use -c");
}
lc = login_getclass(class);
if (lc == NULL)
errx(1, "unknown class: %s", class);