7a0a89d2cb
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual merge). Add libauditd build parts and add to auditd's linkage; force libbsm to build before libauditd. OpenBSM history for imported revisions below for reference. MFC after: 1 month Sponsored by: Apple Inc. Obtained from: TrustedBSD Project OpenBSM 1.1 alpha 4 - With the addition of BSM error number mapping, we also need to map the local error number passed to audit_submit(3) to a BSM error number, rather than have the caller perform that conversion. - Reallocate user audit events to avoid collisions with Solaris; adopt a more formal allocation scheme, and add some events allocated in Solaris that will be of immediate use on other platforms. - Add an event for Calife. - Add au_strerror(3), which allows generating strings for BSM errors directly, rather than requiring applications to map to the local error space, which might not be able to entirely represent the BSM error number space. - Major auditd rewrite for launchd(8) support. Add libauditd library that is shared between launchd and auditd. - Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for (re)starting auditing under launchd(8) on Mac OS X. - Add 'current' symlink to active audit trail. - Add crash recovery of previous audit trail file when detected on audit startup that it has not been properly terminated. - Add the event AUE_audit_recovery to indicated when an audit trail file has been recovered from not being properly terminated. This event is stored in the new audit trail file and includes the path of recovered audit trail file. - Mac OS X and FreeBSD dependent code in auditd.c is separated into auditd_darwin.c and auditd_fbsd.c files. - Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system calls. - For Mac OS X, we use ASL(3) instead of syslog(3) for logging. - Add support for NOTICE level logging. OpenBSM 1.1 alpha 3 - Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map between BSM error numbers (largely the Solaris definitions) and local errno(2) values for 32-bit and 64-bit return tokens. This is required as operating systems don't agree on some of the values of more recent error numbers. - Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the total size for the token. This buge. - Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
297 lines
6.7 KiB
C
297 lines
6.7 KiB
C
/*-
|
|
* Copyright (c) 2004 Apple Inc.
|
|
* Copyright (c) 2006 Robert N. M. Watson
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
|
|
* its contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
|
|
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#19 $
|
|
*/
|
|
|
|
#include <config/config.h>
|
|
|
|
#include <bsm/libbsm.h>
|
|
|
|
#include <string.h>
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
#include <pthread.h>
|
|
#endif
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#ifndef HAVE_STRLCPY
|
|
#include <compat/strlcpy.h>
|
|
#endif
|
|
|
|
/*
|
|
* Parse the contents of the audit_user file into au_user_ent structures.
|
|
*/
|
|
|
|
static FILE *fp = NULL;
|
|
static char linestr[AU_LINE_MAX];
|
|
static const char *user_delim = ":";
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
#endif
|
|
|
|
/*
|
|
* Parse one line from the audit_user file into the au_user_ent structure.
|
|
*/
|
|
static struct au_user_ent *
|
|
userfromstr(char *str, struct au_user_ent *u)
|
|
{
|
|
char *username, *always, *never;
|
|
char *last;
|
|
|
|
username = strtok_r(str, user_delim, &last);
|
|
always = strtok_r(NULL, user_delim, &last);
|
|
never = strtok_r(NULL, user_delim, &last);
|
|
|
|
if ((username == NULL) || (always == NULL) || (never == NULL))
|
|
return (NULL);
|
|
|
|
if (strlen(username) >= AU_USER_NAME_MAX)
|
|
return (NULL);
|
|
|
|
strlcpy(u->au_name, username, AU_USER_NAME_MAX);
|
|
if (getauditflagsbin(always, &(u->au_always)) == -1)
|
|
return (NULL);
|
|
|
|
if (getauditflagsbin(never, &(u->au_never)) == -1)
|
|
return (NULL);
|
|
|
|
return (u);
|
|
}
|
|
|
|
/*
|
|
* Rewind to beginning of the file
|
|
*/
|
|
static void
|
|
setauuser_locked(void)
|
|
{
|
|
|
|
if (fp != NULL)
|
|
fseek(fp, 0, SEEK_SET);
|
|
}
|
|
|
|
void
|
|
setauuser(void)
|
|
{
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_lock(&mutex);
|
|
#endif
|
|
setauuser_locked();
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_unlock(&mutex);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Close the file descriptor
|
|
*/
|
|
void
|
|
endauuser(void)
|
|
{
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_lock(&mutex);
|
|
#endif
|
|
if (fp != NULL) {
|
|
fclose(fp);
|
|
fp = NULL;
|
|
}
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_unlock(&mutex);
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Enumerate the au_user_ent structures from the file
|
|
*/
|
|
static struct au_user_ent *
|
|
getauuserent_r_locked(struct au_user_ent *u)
|
|
{
|
|
char *nl;
|
|
|
|
if ((fp == NULL) && ((fp = fopen(AUDIT_USER_FILE, "r")) == NULL))
|
|
return (NULL);
|
|
|
|
while (1) {
|
|
if (fgets(linestr, AU_LINE_MAX, fp) == NULL)
|
|
return (NULL);
|
|
|
|
/* Remove new lines. */
|
|
if ((nl = strrchr(linestr, '\n')) != NULL)
|
|
*nl = '\0';
|
|
|
|
/* Skip comments. */
|
|
if (linestr[0] == '#')
|
|
continue;
|
|
|
|
/* Get the next structure. */
|
|
if (userfromstr(linestr, u) == NULL)
|
|
return (NULL);
|
|
break;
|
|
}
|
|
|
|
return (u);
|
|
}
|
|
|
|
struct au_user_ent *
|
|
getauuserent_r(struct au_user_ent *u)
|
|
{
|
|
struct au_user_ent *up;
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_lock(&mutex);
|
|
#endif
|
|
up = getauuserent_r_locked(u);
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_unlock(&mutex);
|
|
#endif
|
|
return (up);
|
|
}
|
|
|
|
struct au_user_ent *
|
|
getauuserent(void)
|
|
{
|
|
static char user_ent_name[AU_USER_NAME_MAX];
|
|
static struct au_user_ent u;
|
|
|
|
bzero(&u, sizeof(u));
|
|
bzero(user_ent_name, sizeof(user_ent_name));
|
|
u.au_name = user_ent_name;
|
|
|
|
return (getauuserent_r(&u));
|
|
}
|
|
|
|
/*
|
|
* Find a au_user_ent structure matching the given user name.
|
|
*/
|
|
struct au_user_ent *
|
|
getauusernam_r(struct au_user_ent *u, const char *name)
|
|
{
|
|
struct au_user_ent *up;
|
|
|
|
if (name == NULL)
|
|
return (NULL);
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_lock(&mutex);
|
|
#endif
|
|
|
|
setauuser_locked();
|
|
while ((up = getauuserent_r_locked(u)) != NULL) {
|
|
if (strcmp(name, u->au_name) == 0) {
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_unlock(&mutex);
|
|
#endif
|
|
return (u);
|
|
}
|
|
}
|
|
|
|
#ifdef HAVE_PTHREAD_MUTEX_LOCK
|
|
pthread_mutex_unlock(&mutex);
|
|
#endif
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
struct au_user_ent *
|
|
getauusernam(const char *name)
|
|
{
|
|
static char user_ent_name[AU_USER_NAME_MAX];
|
|
static struct au_user_ent u;
|
|
|
|
bzero(&u, sizeof(u));
|
|
bzero(user_ent_name, sizeof(user_ent_name));
|
|
u.au_name = user_ent_name;
|
|
|
|
return (getauusernam_r(&u, name));
|
|
}
|
|
|
|
/*
|
|
* Read the default system wide audit classes from audit_control, combine with
|
|
* the per-user audit class and update the binary preselection mask.
|
|
*/
|
|
int
|
|
au_user_mask(char *username, au_mask_t *mask_p)
|
|
{
|
|
char auditstring[MAX_AUDITSTRING_LEN + 1];
|
|
char user_ent_name[AU_USER_NAME_MAX];
|
|
struct au_user_ent u, *up;
|
|
|
|
bzero(&u, sizeof(u));
|
|
bzero(user_ent_name, sizeof(user_ent_name));
|
|
u.au_name = user_ent_name;
|
|
|
|
/* Get user mask. */
|
|
if ((up = getauusernam_r(&u, username)) != NULL) {
|
|
if (-1 == getfauditflags(&up->au_always, &up->au_never,
|
|
mask_p))
|
|
return (-1);
|
|
return (0);
|
|
}
|
|
|
|
/* Read the default system mask. */
|
|
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
|
|
if (-1 == getauditflagsbin(auditstring, mask_p))
|
|
return (-1);
|
|
return (0);
|
|
}
|
|
|
|
/* No masks defined. */
|
|
return (-1);
|
|
}
|
|
|
|
/*
|
|
* Generate the process audit state by combining the audit masks passed as
|
|
* parameters with the system audit masks.
|
|
*/
|
|
int
|
|
getfauditflags(au_mask_t *usremask, au_mask_t *usrdmask, au_mask_t *lastmask)
|
|
{
|
|
char auditstring[MAX_AUDITSTRING_LEN + 1];
|
|
|
|
if ((usremask == NULL) || (usrdmask == NULL) || (lastmask == NULL))
|
|
return (-1);
|
|
|
|
lastmask->am_success = 0;
|
|
lastmask->am_failure = 0;
|
|
|
|
/* Get the system mask. */
|
|
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
|
|
if (getauditflagsbin(auditstring, lastmask) != 0)
|
|
return (-1);
|
|
}
|
|
|
|
ADDMASK(lastmask, usremask);
|
|
SUBMASK(lastmask, usrdmask);
|
|
|
|
return (0);
|
|
}
|