Index: head/usr.bin/login/login_audit.c =================================================================== --- head/usr.bin/login/login_audit.c (revision 309325) +++ head/usr.bin/login/login_audit.c (revision 309326) @@ -1,204 +1,204 @@ /* * Copyright (c) 2005 Apple Computer, Inc. * All rights reserved. * * @APPLE_BSD_LICENSE_HEADER_START@ * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of * its contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * @APPLE_BSD_LICENSE_HEADER_END@ */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include "login.h" /* * Audit data */ static au_tid_t tid; /* * The following tokens are included in the audit record for a successful * login: header, subject, return. */ void au_login_success(void) { token_t *tok; int aufd; au_mask_t aumask; auditinfo_t auinfo; uid_t uid = pwd->pw_uid; gid_t gid = pwd->pw_gid; pid_t pid = getpid(); int au_cond; /* If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno == ENOSYS) return; errx(1, "could not determine audit condition"); } if (au_cond == AUC_NOAUDIT) return; /* Compute and set the user's preselection mask. */ if (au_user_mask(pwd->pw_name, &aumask) == -1) - errx(1, "could not set audit mask"); + errx(1, "could not calculate audit mask"); /* Set the audit info for the user. */ auinfo.ai_auid = uid; auinfo.ai_asid = pid; bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid)); bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask)); if (setaudit(&auinfo) != 0) err(1, "setaudit failed"); if ((aufd = au_open()) == -1) errx(1, "audit error: au_open() failed"); if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, pid, &tid)) == NULL) errx(1, "audit error: au_to_subject32() failed"); au_write(aufd, tok); if ((tok = au_to_return32(0, 0)) == NULL) errx(1, "audit error: au_to_return32() failed"); au_write(aufd, tok); if (au_close(aufd, 1, AUE_login) == -1) errx(1, "audit record was not committed."); } /* * The following tokens are included in the audit record for failed * login attempts: header, subject, text, return. */ void au_login_fail(const char *errmsg, int na) { token_t *tok; int aufd; int au_cond; uid_t uid; gid_t gid; pid_t pid = getpid(); /* If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) { if (errno == ENOSYS) return; errx(1, "could not determine audit condition"); } if (au_cond == AUC_NOAUDIT) return; if ((aufd = au_open()) == -1) errx(1, "audit error: au_open() failed"); if (na) { /* * Non attributable event. Assuming that login is not called * within a user's session => auid,asid == -1. */ if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1, pid, -1, &tid)) == NULL) errx(1, "audit error: au_to_subject32() failed"); } else { /* We know the subject -- so use its value instead. */ uid = pwd->pw_uid; gid = pwd->pw_gid; if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, pid, &tid)) == NULL) errx(1, "audit error: au_to_subject32() failed"); } au_write(aufd, tok); /* Include the error message. */ if ((tok = au_to_text(errmsg)) == NULL) errx(1, "audit error: au_to_text() failed"); au_write(aufd, tok); if ((tok = au_to_return32(1, errno)) == NULL) errx(1, "audit error: au_to_return32() failed"); au_write(aufd, tok); if (au_close(aufd, 1, AUE_login) == -1) errx(1, "audit error: au_close() was not committed"); } /* * The following tokens are included in the audit record for a logout: * header, subject, return. */ void audit_logout(void) { token_t *tok; int aufd; uid_t uid = pwd->pw_uid; gid_t gid = pwd->pw_gid; pid_t pid = getpid(); int au_cond; /* If we are not auditing, don't cut an audit record; just return. */ if (auditon(A_GETCOND, &au_cond, sizeof(int)) < 0) { if (errno == ENOSYS) return; errx(1, "could not determine audit condition"); } if (au_cond == AUC_NOAUDIT) return; if ((aufd = au_open()) == -1) errx(1, "audit error: au_open() failed"); /* The subject that is created (euid, egid of the current process). */ if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid, pid, &tid)) == NULL) errx(1, "audit error: au_to_subject32() failed"); au_write(aufd, tok); if ((tok = au_to_return32(0, 0)) == NULL) errx(1, "audit error: au_to_return32() failed"); au_write(aufd, tok); if (au_close(aufd, 1, AUE_logout) == -1) errx(1, "audit record was not committed."); }