10 messages in org.freebsd.trustedbsd-audit[patch] to add support for BSM audit ...| From | Sent On | Attachments |
|---|---|---|
| Christian Peron | Nov 27, 2008 6:27 pm |  .diff |
| Robert Watson | Nov 29, 2008 7:08 am | |
| Christian Peron | Nov 29, 2008 7:31 am | |
| Todd C. Miller | Nov 30, 2008 2:48 pm | |
| Christian Peron | Nov 30, 2008 4:01 pm | |
| mm w | Nov 30, 2008 4:14 pm | |
| Christian Peron | Dec 4, 2008 2:27 pm | |
| mm w | Dec 4, 2008 2:57 pm | |
| Christian Peron | Dec 4, 2008 5:41 pm | |
| mm w | Dec 4, 2008 6:30 pm |
| Subject: | [patch] to add support for BSM audit records | |
|---|---|---|
| From: | Christian Peron (cs...@freebsd.org) | |
| Date: | Nov 27, 2008 6:27:25 pm | |
| List: | org.freebsd.trustedbsd-audit | |
| Attachments: | ||
Group,
I would like to propose a patch to add BSM audit support to sudo. This patch and associated files adds support for the Sun's Basic Security Module (BSM) Audit API and file format. It should be noted that currently FreeBSD, OS X and Solaris use BSM. I have not tested on Solaris or OS X but, this patch should build on both. This is a starting point, it's possible that I could be missing some key error conditions which require auditing.
Please review and send back any feedback/comments.
Thanks!
Index: Makefile.in =================================================================== RCS file: /cvs/sudo/Makefile.in,v retrieving revision 1.325 diff -u -r1.325 Makefile.in --- Makefile.in 3 Nov 2008 18:19:14 -0000 1.325 +++ Makefile.in 28 Nov 2008 01:29:46 -0000 @@ -102,7 +102,7 @@
PROGS = @PROGS@
-SRCS = aix.c alias.c alloc.c check.c closefrom.c def_data.c defaults.c env.c \
+SRCS = aix.c alias.c alloc.c bsm_audit.c check.c closefrom.c def_data.c
defaults.c env.c \
error.c fileops.c find_path.c fnmatch.c getcwd.c getprogname.c \
getspwuid.c gettime.c glob.c goodpath.c gram.c gram.y interfaces.c \
isblank.c lbuf.c ldap.c list.c logging.c match.c mkstemp.c memrchr.c \
@@ -226,6 +226,8 @@
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alias.c
alloc.o: $(srcdir)/alloc.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/alloc.c
+bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP)
+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/bsm_audit.c
check.o: $(srcdir)/check.c $(SUDODEP)
$(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/check.c
closefrom.o: $(srcdir)/closefrom.c config.h
Index: configure.in
===================================================================
RCS file: /cvs/sudo/configure.in,v
retrieving revision 1.536
diff -u -r1.536 configure.in
--- configure.in 26 Nov 2008 20:10:23 -0000 1.536
+++ configure.in 28 Nov 2008 01:29:46 -0000
@@ -13,6 +13,7 @@
dnl
dnl Variables that get substituted in the Makefile and man pages
dnl
+AC_SUBST(HAVE_BSM_AUDIT)
AC_SUBST(LIBTOOL)
AC_SUBST(CFLAGS)
AC_SUBST(PROGS)
@@ -201,6 +202,20 @@
;;
esac])
+dnl
+dnl Handle BSM auditing support.
+dnl
+AC_ARG_WITH(bsm-audit, [ --with-bsm-audit enable BSM audit support],
+[case $with_bsm_audit in
+ yes) AC_DEFINE(HAVE_BSM_AUDIT)
+ SUDO_LIBS="${SUDO_LIBS} -lbsm"
+ SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+ ;;
+ no) ;;
+ *) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
+ ;;
+esac])
+
AC_ARG_WITH(incpath, [ --with-incpath additional places to look for
include files],
[case $with_incpath in
yes) AC_MSG_ERROR(["must give --with-incpath an argument."])
@@ -2536,6 +2551,7 @@
AH_TEMPLATE(HAVE_AFS, [Define to 1 if you use AFS.])
AH_TEMPLATE(HAVE_AIXAUTH, [Define to 1 if you use AIX general authentication.])
AH_TEMPLATE(HAVE_BSD_AUTH_H, [Define to 1 if you use BSD authentication.])
+AH_TEMPLATE(HAVE_BSM_AUDIT, [Define to 1 to enable BSM auditing.])
AH_TEMPLATE(HAVE_DCE, [Define to 1 if you use OSF DCE.])
AH_TEMPLATE(HAVE_DD_FD, [Define to 1 if your `DIR' contains dd_fd.])
AH_TEMPLATE(HAVE_DIRFD, [Define to 1 if you have the `dirfd' function or
macro.])
Index: sudo.c
===================================================================
RCS file: /cvs/sudo/sudo.c,v
retrieving revision 1.500
diff -u -r1.500 sudo.c
--- sudo.c 18 Nov 2008 15:57:09 -0000 1.500
+++ sudo.c 28 Nov 2008 01:29:46 -0000
@@ -101,6 +101,10 @@
#include "interfaces.h"
#include "version.h"
+#ifdef HAVE_BSM_AUDIT
+#include "bsm_audit.h"
+#endif
+
#ifndef lint
__unused static const char rcsid[] = "$Sudo: sudo.c,v 1.500 2008/11/18 15:57:09
millert Exp $";
#endif /* lint */
@@ -382,9 +386,12 @@
/* Bail if a tty is required and we don't have one. */ if (def_requiretty) { - if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) + if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) { +#ifdef HAVE_BSM_AUDIT + audit_failure("no TTY"); +#endif log_error(NO_MAIL, "sorry, you must have a tty to run sudo"); - else + } else (void) close(fd); }
@@ -419,10 +426,17 @@
if (ISSET(validated, VALIDATE_OK)) {
/* Finally tell the user if the command did not exist. */
- if (cmnd_status == NOT_FOUND_DOT)
+ if (cmnd_status == NOT_FOUND_DOT) {
+#ifdef HAVE_BSM_AUDIT
+ audit_failure("command in current directory");
+#endif
errorx(1, "ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s'
you wish to run.", user_cmnd, user_cmnd, user_cmnd);
- else if (cmnd_status == NOT_FOUND)
+ } else if (cmnd_status == NOT_FOUND) {
+#ifdef HAVE_BSM_AUDIT
+ audit_failure("%s: command not found", user_cmnd);
+#endif
errorx(1, "%s: command not found", user_cmnd);
+ }
/* If user specified env vars make sure sudoers allows it. */ if (ISSET(sudo_mode, MODE_RUN) && !def_setenv) { @@ -509,14 +523,20 @@ closefrom(def_closefrom + 1);
#ifndef PROFILING - if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) + if (ISSET(sudo_mode, MODE_BACKGROUND) && fork() > 0) { +#ifdef HAVE_BSM_AUDIT + audit_success(); +#endif exit(0); - else { + } else { #ifdef HAVE_SELINUX if (is_selinux_enabled() > 0 && user_role != NULL) selinux_exec(user_role, user_type, NewArgv, ISSET(sudo_mode, MODE_LOGIN_SHELL)); #endif +#ifdef HAVE_BSM_AUDIT + audit_success(); +#endif execv(safe_cmnd, NewArgv); } #else @@ -533,6 +553,9 @@ } warning("unable to execute %s", safe_cmnd); exit(127); } else if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) { +#ifdef HAVE_BSM_AUDIT + audit_failure("No user or host"); +#endif log_denial(validated, 1); exit(1); } else { @@ -554,6 +577,9 @@ /* Just tell the user they are not allowed to run foo. */ log_denial(validated, 1); } +#ifdef HAVE_BSM_AUDIT + audit_failure("validation failure"); +#endif exit(1); } exit(0); /* not reached */ @@ -1313,8 +1339,12 @@ if ((runas_pw = sudo_getpwuid(atoi(user + 1))) == NULL) runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0); } else { - if ((runas_pw = sudo_getpwnam(user)) == NULL) + if ((runas_pw = sudo_getpwnam(user)) == NULL) { +#ifdef HAVE_BSM_AUDIT + audit_failure("unknown user: %s", user); +#endif log_error(NO_MAIL|MSG_ONLY, "unknown user: %s", user); + } } }
Index: auth/sudo_auth.c =================================================================== RCS file: /cvs/sudo/auth/sudo_auth.c,v retrieving revision 1.38 diff -u -r1.38 sudo_auth.c --- auth/sudo_auth.c 7 Nov 2008 17:45:52 -0000 1.38 +++ auth/sudo_auth.c 28 Nov 2008 01:29:46 -0000 @@ -108,11 +108,15 @@ (void) sigaction(SIGTSTP, &sa, &osa);
/* Make sure we have at least one auth method. */ - if (auth_switch[0].name == NULL) + if (auth_switch[0].name == NULL) { +#ifdef HAVE_BSM_AUDIT + audit_failure("no authentication methods"); +#endif log_error(0, "%s %s %s", "There are no authentication methods compiled into sudo!", "If you want to turn off authentication, use the", "--disable-authentication configure option."); + }
/* Set FLAG_ONEANDONLY if there is only one auth method. */ if (auth_switch[1].name == NULL) @@ -127,8 +131,12 @@ status = (auth->init)(pw, &prompt, auth); if (status == AUTH_FAILURE) CLR(auth->flags, FLAG_CONFIGURED); - else if (status == AUTH_FATAL) /* XXX log */ + else if (status == AUTH_FATAL) { /* XXX log */ +#ifdef HAVE_BSM_AUDIT + audit_failure("authentication failure"); +#endif exit(1); /* assume error msg already printed */ + }
if (NEEDS_USER(auth)) set_perms(PERM_ROOT); @@ -145,8 +153,12 @@ status = (auth->setup)(pw, &prompt, auth); if (status == AUTH_FAILURE) CLR(auth->flags, FLAG_CONFIGURED); - else if (status == AUTH_FATAL) /* XXX log */ + else if (status == AUTH_FATAL) {/* XXX log */ +#ifdef HAVE_BSM_AUDIT + audit_failure("authentication failure"); +#endif exit(1); /* assume error msg already printed */ + }
if (NEEDS_USER(auth)) set_perms(PERM_ROOT); @@ -193,8 +205,12 @@ set_perms(PERM_USER);
status = (auth->cleanup)(pw, auth); - if (status == AUTH_FATAL) /* XXX log */ + if (status == AUTH_FATAL) { /* XXX log */ +#ifdef HAVE_BSM_AUDIT + audit_failure("authentication failure"); +#endif exit(1); /* assume error msg already printed */ + }
if (NEEDS_USER(auth)) set_perms(PERM_ROOT); @@ -212,12 +228,18 @@ flags = 0; else flags = NO_MAIL; +#ifdef HAVE_BSM_AUDIT + audit_failure("authentication failure"); +#endif log_error(flags, "%d incorrect password attempt%s", def_passwd_tries - counter, (def_passwd_tries - counter == 1) ? "" : "s"); } /* FALLTHROUGH */ case AUTH_FATAL: +#ifdef HAVE_BSM_AUDIT + audit_failure("authentication failure"); +#endif exit(1); } /* NOTREACHED */
_______________________________________________ trus...@FreeBSD.org mailing list http://lists.freebsd.org/mailman/listinfo/trustedbsd-audit To unsubscribe, send any mail to "trus...@FreeBSD.org"