source: trunk/src/sh_calls.c@ 446

Last change on this file since 446 was 412, checked in by katerina, 12 years ago

Enhancements for ticket #312 (logrotate) and #313 (--enable-suid).

File size: 22.9 KB
RevLine 
[1]1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#ifdef HOST_IS_HPUX
23#define _XOPEN_SOURCE_EXTENDED
24#endif
25
26#include <stdlib.h>
27#include <string.h>
28#include <errno.h>
29
30#include <sys/types.h>
31#include <unistd.h>
32#include <sys/stat.h>
33#include <fcntl.h>
34#include <signal.h>
35#include <sys/socket.h>
[361]36#include <netdb.h>
[1]37#include <netinet/in.h>
38
39#ifndef S_SPLINT_S
40#include <arpa/inet.h>
41#else
42#define AF_INET 2
43#endif
44
45#include <time.h>
46
47#ifndef HAVE_LSTAT
48#define lstat stat
49#endif
50
51#include "samhain.h"
52#include "sh_error.h"
53#include "sh_calls.h"
[295]54#include "sh_ipvx.h"
[315]55#include "sh_sub.h"
56#include "sh_utils.h"
[1]57
58#undef FIL__
59#define FIL__ _("sh_calls.c")
60
[361]61extern int flag_err_debug;
62
[1]63char aud_err_message[64];
64
65typedef struct cht_struct
66{
[170]67 const char * str;
[1]68 unsigned long val;
69} cht_type;
70
71static cht_type aud_tab[] =
72{
73 { N_("execve"), AUD_EXEC },
74 { N_("utime"), AUD_UTIME },
75 { N_("unlink"), AUD_UNLINK },
76 { N_("dup"), AUD_DUP },
77 { N_("chdir"), AUD_CHDIR },
78 { N_("open"), AUD_OPEN },
79 { N_("kill"), AUD_KILL },
80 { N_("exit"), AUD_EXIT },
81 { N_("fork"), AUD_FORK },
82 { N_("setuid"), AUD_SETUID },
83 { N_("setgid"), AUD_SETGID },
84 { N_("pipe"), AUD_PIPE },
85 { NULL, 0 }
86};
87
88/* Set aud functions
89 */
[22]90int sh_aud_set_functions(const char * str_s)
[1]91{
92 int i = 0;
93
94 SL_ENTER(_("sh_aud_set_functions"));
95
96 if (str_s == NULL)
97 return -1;
98
99 while (aud_tab[i].str != NULL)
100 {
101 if (NULL != sl_strstr (str_s, _(aud_tab[i].str)))
102 {
103 sh.flag.audit = 1;
104 sh.flag.aud_mask |= aud_tab[i].val;
105 }
106 ++i;
107 }
108
109 SL_RETURN(0,_("sh_aud_set_functions"));
110}
111
112
113
114
115/* Need to catch EINTR for these functions.
116 */
[170]117long int retry_sigaction(const char * file, int line,
[1]118 int signum, const struct sigaction *act,
119 struct sigaction *oldact)
120{
121 int error;
122 long int val_retry = -1;
[132]123 char errbuf[SH_ERRBUF_SIZE];
[1]124 errno = 0;
125
126 SL_ENTER(_("retry_sigaction"));
127
128 do {
129 val_retry = sigaction(signum, act, oldact);
130 } while (val_retry < 0 && errno == EINTR);
131
132 error = errno;
133 if (val_retry < 0) {
134 sh_error_handle ((-1), file, line, error, MSG_ERR_SIGACT,
[132]135 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]136 (long) signum );
137 }
138 errno = error;
139 SL_RETURN(val_retry, _("retry_sigaction"));
140}
141
[295]142static struct sh_sockaddr bind_addr;
[1]143static int use_bind_addr = 0;
144
[20]145int sh_calls_set_bind_addr (const char * str)
[1]146{
[3]147 static int reject = 0;
148
149 if (reject == 1)
150 return (0);
151
152 if (sh.flag.opts == S_TRUE)
153 reject = 1;
154
[295]155#if defined(USE_IPVX)
156 if (0 == sh_ipvx_aton(str, &bind_addr))
157 return -1;
158#else
159 if (0 == inet_aton(str, &(bind_addr.sin.sin_addr)))
160 return -1;
161#endif
162
[1]163 use_bind_addr = 1;
164 return 0;
165}
166
167
[170]168long int retry_connect(const char * file, int line, int sockfd,
[1]169 struct sockaddr *serv_addr, int addrlen)
170{
171 int error;
172 long int val_retry = 0;
[132]173 char errbuf[SH_ERRBUF_SIZE];
[1]174
175 SL_ENTER(_("retry_connect"));
176
177 errno = 0;
178
179 if (0 != use_bind_addr)
180 {
[295]181 int slen = SH_SS_LEN(bind_addr);
182
183 val_retry = bind(sockfd, sh_ipvx_sockaddr_cast(&bind_addr), slen);
[1]184 }
185
186 if (val_retry == 0)
187 {
188 do {
[295]189 val_retry = connect(sockfd, serv_addr, addrlen);
[171]190 } while (val_retry < 0 && (errno == EINTR || errno == EINPROGRESS));
[1]191 }
192
193 error = errno;
194 if (val_retry != 0) {
[295]195 long eport;
196 char eaddr[SH_IP_BUF];
197
198 struct sh_sockaddr ss;
199 sh_ipvx_save(&ss, serv_addr->sa_family, serv_addr);
200 sh_ipvx_ntoa(eaddr, sizeof(eaddr), &ss);
201
202 if (serv_addr->sa_family == AF_INET)
203 eport = (long) ntohs(((struct sockaddr_in *)serv_addr)->sin_port);
204 else
205 eport = (long) ntohs(((struct sockaddr_in6 *)serv_addr)->sin6_port);
206
[1]207 sh_error_handle ((-1), file, line, error, MSG_ERR_CONNECT,
[132]208 sh_error_message(error, errbuf, sizeof(errbuf)),
[295]209 (long) sockfd, eport, eaddr);
[1]210 }
211 errno = error;
212 SL_RETURN(val_retry, _("retry_connect"));
213}
214
[170]215long int retry_accept(const char * file, int line, int fd,
[295]216 struct sh_sockaddr *serv_addr, int * addrlen)
[1]217{
218 int error;
219 long int val_retry = -1;
[132]220 char errbuf[SH_ERRBUF_SIZE];
[295]221 struct sockaddr_storage ss;
[132]222
[295]223 ACCEPT_TYPE_ARG3 my_addrlen = sizeof(ss);
[1]224
225 errno = 0;
226
227 SL_ENTER(_("retry_accept"));
228
229 do {
[295]230 val_retry = accept(fd, (struct sockaddr *)&ss, &my_addrlen);
[1]231 } while (val_retry < 0 && errno == EINTR);
[295]232
[1]233 error = errno;
234 if (val_retry < 0) {
235 sh_error_handle ((-1), file, line, error, MSG_ERR_ACCEPT,
[132]236 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]237 (long) fd );
238 }
[295]239 errno = error;
240
[361]241 if (flag_err_debug == SL_TRUE)
242 {
243 char ipbuf[SH_IP_BUF];
244 char buf[SH_BUFSIZE];
245#if defined(USE_IPVX)
246 sl_strlcpy(errbuf, _("Address family: "), sizeof(errbuf));
247 sl_strlcat(errbuf,
248 (ss.ss_family == AF_INET6) ? _("AF_INET6") : _("AF_INET"),
249 sizeof(errbuf));
250 getnameinfo((struct sockaddr *)&ss, my_addrlen,
251 ipbuf, sizeof(ipbuf), NULL, 0, NI_NUMERICHOST);
252#else
253 struct sockaddr_in sa;
254 char * p;
255 memcpy(&(sa), (struct sockaddr_in*)&ss, sizeof(struct sockaddr_in));
256 p = inet_ntoa(sa.sin_addr);
257 sl_strlcpy(ipbuf, p, sizeof(ipbuf));
258 sl_strlcpy(errbuf, _("Address family: AF_INET"), sizeof(errbuf));
259#endif
260 sl_strlcpy(buf, _("Address: "), sizeof(buf));
261 sl_strlcat(buf, ipbuf, sizeof(buf));
262 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
263 errbuf, _("retry_accept"));
264 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
265 buf, _("retry_accept"));
266 }
267
[295]268 sh_ipvx_save(serv_addr, ss.ss_family, (struct sockaddr *) &ss);
269
[361]270 if (flag_err_debug == SL_TRUE)
271 {
272 char ipbuf[SH_IP_BUF];
273 char ipbuf2[SH_IP_BUF];
274 char buf[SH_BUFSIZE];
275#if defined(USE_IPVX)
276 int len = (serv_addr->ss_family == AF_INET) ?
277 sizeof(struct sockaddr_in) :
278 sizeof(struct sockaddr_in6);
279 getnameinfo(sh_ipvx_sockaddr_cast(serv_addr), len,
280 ipbuf2, sizeof(ipbuf2), NULL, 0, NI_NUMERICHOST);
281#else
282 char * p = inet_ntoa((serv_addr->sin).sin_addr);
283 sl_strlcpy(ipbuf2, p, sizeof(ipbuf2));
284#endif
285 sh_ipvx_ntoa (ipbuf, sizeof(ipbuf), serv_addr);
286 sl_snprintf(buf, sizeof(buf), _("Address: %s / %s"),
287 ipbuf, ipbuf2);
288 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
289 buf, _("retry_accept"));
290 }
291
[307]292 *addrlen = (int) my_addrlen;
[1]293 SL_RETURN(val_retry, _("retry_accept"));
294}
295
[317]296static int sh_enable_use_sub = 0;
297
298#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
299static int sh_use_sub = 1;
300#else
[315]301static int sh_use_sub = 0;
[317]302#endif
[315]303
[317]304void sh_calls_enable_sub()
305{
306 sh_enable_use_sub = 1;
307 return;
308}
309
[315]310int sh_calls_set_sub (const char * str)
311{
[317]312 int ret = sh_util_flagval(str, &sh_use_sub);
313
314 if ((ret == 0) && (!sh_use_sub))
315 {
316 sh_kill_sub();
317 }
318 return ret;
[315]319}
320
[317]321long int retry_lstat_ns(const char * file, int line,
322 const char *file_name, struct stat *buf)
323{
324 int error;
325 long int val_retry = -1;
326 char errbuf[SH_ERRBUF_SIZE];
327
328 SL_ENTER(_("retry_lstat_ns"));
329
330 do {
331 val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/;
332 } while (val_retry < 0 && errno == EINTR);
333
334 error = errno;
335 if (val_retry < 0) {
336 (void) sh_error_message(error, aud_err_message, 64);
337 sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
338 sh_error_message(error, errbuf, sizeof(errbuf)),
339 file_name );
340 }
341 errno = error;
342
343 SL_RETURN(val_retry, _("retry_lstat_ns"));
344}
345
[170]346long int retry_lstat(const char * file, int line,
[1]347 const char *file_name, struct stat *buf)
348{
349 int error;
350 long int val_retry = -1;
[132]351 char errbuf[SH_ERRBUF_SIZE];
[1]352
353 SL_ENTER(_("retry_lstat"));
354
[317]355 if (sh_use_sub && sh_enable_use_sub)
[315]356 {
357 val_retry = sh_sub_lstat (file_name, buf);
358 }
359 else
360 {
361 do {
362 val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/;
363 } while (val_retry < 0 && errno == EINTR);
364 }
365
[1]366 error = errno;
367 if (val_retry < 0) {
[134]368 (void) sh_error_message(error, aud_err_message, 64);
[1]369 sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
[132]370 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]371 file_name );
372 }
373 errno = error;
[315]374
[1]375 SL_RETURN(val_retry, _("retry_lstat"));
376}
377
[170]378long int retry_stat(const char * file, int line,
[1]379 const char *file_name, struct stat *buf)
380{
381 int error;
382 long int val_retry = -1;
[132]383 char errbuf[SH_ERRBUF_SIZE];
[1]384
385 SL_ENTER(_("retry_stat"));
386
[317]387 if (sh_use_sub && sh_enable_use_sub)
[315]388 {
389 val_retry = sh_sub_stat (file_name, buf);
390 }
391 else
392 {
393 do {
394 val_retry = stat (file_name, buf);
395 } while (val_retry < 0 && errno == EINTR);
396 }
397
[1]398 error = errno;
399 if (val_retry < 0) {
[134]400 (void) sh_error_message(error, aud_err_message, 64);
[1]401 sh_error_handle ((-1), file, line, error, MSG_ERR_STAT,
[132]402 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]403 file_name );
404 }
405 errno = error;
[315]406
[1]407 SL_RETURN(val_retry, _("retry_stat"));
408}
409
[170]410long int retry_fstat(const char * file, int line, int filed, struct stat *buf)
[1]411{
412 int error;
413 long int val_retry = -1;
[132]414 char errbuf[SH_ERRBUF_SIZE];
[1]415
416 SL_ENTER(_("retry_fstat"));
417
418 do {
419 val_retry = fstat (filed, buf);
420 } while (val_retry < 0 && errno == EINTR);
421 error = errno;
422 if (val_retry < 0) {
423 sh_error_handle ((-1), file, line, error, MSG_ERR_FSTAT,
[132]424 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]425 (long) filed );
426 }
427 errno = error;
428 SL_RETURN(val_retry, _("retry_fstat"));
429}
430
[170]431long int retry_fcntl(const char * file, int line, int fd, int cmd, long arg)
[1]432{
433 int error;
434 long int val_retry = -1;
[132]435 char errbuf[SH_ERRBUF_SIZE];
[1]436 errno = 0;
437
438 SL_ENTER(_("retry_fcntl"));
439
440 if (cmd == F_GETFD || cmd == F_GETFL)
441 {
442 do {
443 val_retry = fcntl(fd, cmd);
444 } while (val_retry < 0 && errno == EINTR);
445 }
446 else
447 {
448 do {
449 val_retry = fcntl(fd, cmd, arg);
450 } while (val_retry < 0 && errno == EINTR);
451 }
452 error = errno;
453 if (val_retry < 0) {
454 sh_error_handle ((-1), file, line, error, MSG_ERR_FCNTL,
[132]455 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]456 (long) fd, (long) cmd, arg );
457 }
458 errno = error;
459 SL_RETURN(val_retry, _("retry_fcntl"));
460}
461
462long int retry_msleep (int sec, int millisec)
463{
464 int result = 0;
465#if defined(HAVE_NANOSLEEP)
466 struct timespec req, rem;
467#endif
468
[169]469 SL_ENTER(_("retry_msleep"));
[1]470
471 errno = 0;
472 if (millisec > 999) millisec = 999;
473 if (millisec < 0) millisec = 0;
474 if (sec < 0) sec = 0;
475
476#if defined(HAVE_NANOSLEEP)
477 /*@-usedef@*/
478 req.tv_sec = sec; rem.tv_sec = 0;
479 req.tv_nsec = millisec * 1000000; rem.tv_nsec = 0;
480 /*@+usedef@*/
481 do {
482 result = /*@-unrecog@*/nanosleep(&req, &rem)/*@+unrecog@*/;
483
484 req.tv_sec = rem.tv_sec; rem.tv_sec = 0;
485 req.tv_nsec = rem.tv_nsec; rem.tv_nsec = 0;
486
487 } while ((result == -1) && (errno == EINTR));
488#else
489 if (sec > 0)
490 {
[134]491 sleep (sec); /* nanosleep not available */
[1]492 }
493 else
494 {
495#ifdef HAVE_USLEEP
496 if (millisec > 0)
497 {
498 usleep(1000 * millisec);
499 }
500#else
501 if (millisec > 0)
502 {
503 sleep (1);
504 }
505#endif
506 }
507#endif
508 SL_RETURN(result, _("retry_msleep"));
509}
510
511/***************************************************
512 *
513 * Audit these functions.
514 *
515 ***************************************************/
516
[170]517long int retry_aud_execve (const char * file, int line,
[1]518 const char *dateiname, char * argv[],
519 char * envp[])
520{
521 uid_t a = geteuid();
522 gid_t b = getegid();
523 int i;
524 int error;
[132]525 char errbuf[SH_ERRBUF_SIZE];
[1]526
527 SL_ENTER(_("retry_aud_execve"));
528
529 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXEC) != 0)
530 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXEC,
531 dateiname, (long) a, (long) b );
532 do {
533 i = execve(dateiname, argv, envp);
534 } while (i < 0 && errno == EINTR);
535
536 error = errno;
537 if (i < 0) {
[132]538 sh_error_handle ((-1), file, line, error, MSG_ERR_EXEC,
539 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]540 dateiname, (long) a, (long) b );
541 }
542 errno = error;
543 SL_RETURN(i, _("retry_aud_execve"));
544}
545
546
[170]547long int retry_aud_utime (const char * file, int line,
548 char * path, struct utimbuf *buf)
[1]549{
550 long int val_return;
551 int error;
[132]552 char errbuf[SH_ERRBUF_SIZE];
[1]553 errno = 0;
554
555 SL_ENTER(_("retry_aud_utime"));
556
557 do {
558 val_return = utime (path, buf);
559 } while (val_return < 0 && errno == EINTR);
560
561 error = errno;
562 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UTIME) != 0)
563 sh_error_handle ((-1), file, line, 0, MSG_AUD_UTIME,
564 path,
565 (unsigned long) buf->actime,
566 (unsigned long) buf->modtime);
567 if (val_return < 0) {
568 sh_error_handle ((-1), file, line, error, MSG_ERR_UTIME,
[132]569 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]570 path,
571 (unsigned long) buf->actime,
572 (unsigned long) buf->modtime);
573 }
574 errno = error;
575 SL_RETURN(val_return, _("retry_aud_utime"));
576}
577
[170]578long int retry_aud_unlink (const char * file, int line,
[1]579 char * path)
580{
581 long int val_return;
582 int error;
[132]583 char errbuf[SH_ERRBUF_SIZE];
[1]584 errno = 0;
585
586 SL_ENTER(_("retry_aud_unlink"));
587
588 do {
589 val_return = unlink (path);
590 } while (val_return < 0 && errno == EINTR);
591
592 error = errno;
593 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UNLINK) != 0)
594 sh_error_handle ((-1), file, line, 0, MSG_AUD_UNLINK,
595 path);
596 if (val_return < 0) {
[132]597 sh_error_handle ((-1), file, line, error, MSG_ERR_UNLINK,
598 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]599 path);
600 }
601 errno = error;
602 SL_RETURN(val_return, _("retry_aud_unlink"));
603}
604
[170]605long int retry_aud_dup2 (const char * file, int line,
[1]606 int fd, int fd2)
607{
608 long int val_return;
609 int error;
[132]610 char errbuf[SH_ERRBUF_SIZE];
[1]611 errno = 0;
612
613 SL_ENTER(_("retry_aud_dup2"));
614
615 do {
616 val_return = dup2 (fd, fd2);
617 } while (val_return < 0 && errno == EINTR);
618
619 error = errno;
620 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
621 sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
622 (long) fd, val_return);
623 if (val_return < 0) {
624 sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
[132]625 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]626 (long) fd, val_return);
627 }
628 errno = error;
629 SL_RETURN(val_return, _("retry_aud_dup2"));
630}
631
[170]632long int retry_aud_dup (const char * file, int line,
[1]633 int fd)
634{
635 long int val_return;
636 int error;
[132]637 char errbuf[SH_ERRBUF_SIZE];
[1]638 errno = 0;
639
640 SL_ENTER(_("retry_aud_dup"));
641
642 do {
643 val_return = dup (fd);
644 } while (val_return < 0 && errno == EINTR);
645 error = errno;
646 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
647 sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
648 (long) fd, val_return);
649 if (val_return < 0) {
650 sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
[132]651 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]652 (long) fd, val_return);
653 }
654 errno = error;
655 SL_RETURN(val_return, _("retry_aud_dup"));
656}
657
658
659
[170]660long int retry_aud_chdir (const char * file, int line,
[1]661 const char *path)
662{
663 long int val_return;
664 int error = 0;
[132]665 char errbuf[SH_ERRBUF_SIZE];
[1]666 errno = 0;
667
668 SL_ENTER(_("retry_aud_chdir"));
669
670 do {
671 val_return = chdir (path);
672 } while (val_return < 0 && errno == EINTR);
673
674 error = errno;
675 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_CHDIR) != 0)
676 sh_error_handle ((-1), file, line, 0, MSG_AUD_CHDIR,
677 path);
678 if (val_return < 0) {
[132]679 sh_error_handle ((-1), file, line, error, MSG_ERR_CHDIR,
680 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]681 path);
682 }
683 errno = error;
684 SL_RETURN(val_return, _("retry_aud_chdir"));
685}
686
687
[170]688long int aud_open_noatime (const char * file, int line, int privs,
[1]689 const char *pathname, int flags, mode_t mode,
690 int * o_noatime)
691{
692 long int val_return;
693 int error;
[132]694 char errbuf[SH_ERRBUF_SIZE];
[1]695
696 SL_ENTER(_("aud_open"));
697
[412]698#ifdef USE_SUID
699 if (0 == strcmp(pathname, "/usr/bin/sudo"))
700 {
701 uid_t ruid; uid_t euid; uid_t suid;
702 getresuid(&ruid, &euid, &suid);
703 }
704 if (privs == SL_YESPRIV)
705 sl_set_suid();
706#else
707 /*@-noeffect@*/
708 (void) privs; /* fix compiler warning */
709 /*@+noeffect@*/
710#endif
711
[1]712 val_return = open (pathname, *o_noatime|flags, mode);
[412]713
714#ifdef USE_SUID
715 if (privs == SL_YESPRIV)
716 sl_unset_suid();
717#endif
718
[1]719 if ((val_return < 0) && (*o_noatime != 0))
720 {
721 val_return = open (pathname, flags, mode);
722 if (val_return >= 0)
723 *o_noatime = 0;
724 }
725 error = errno;
726
727 if (val_return < 0)
728 {
[134]729 (void) sh_error_message(error, aud_err_message, 64);
[1]730 }
731
732 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
733 {
734 sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
735 pathname, (long) flags, (long) mode, val_return);
736 }
737 if (val_return < 0) {
738 sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
[132]739 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]740 pathname, (long) flags, (long) mode, val_return);
741 }
742 errno = error;
743 SL_RETURN(val_return, _("aud_open"));
744}
745
[170]746long int aud_open (const char * file, int line, int privs,
[1]747 const char *pathname, int flags, mode_t mode)
748{
749 long int val_return;
750 int error;
[132]751 char errbuf[SH_ERRBUF_SIZE];
[1]752
753 SL_ENTER(_("aud_open"));
754
[412]755#ifdef USE_SUID
756 if (privs == SL_YESPRIV)
757 sl_set_suid();
758#else
[1]759 /*@-noeffect@*/
760 (void) privs; /* fix compiler warning */
761 /*@+noeffect@*/
[412]762#endif
[1]763
[412]764 val_return = open (pathname, flags, mode);
765
766#ifdef USE_SUID
767 if (privs == SL_YESPRIV)
768 sl_unset_suid();
769#endif
770
771 error = errno;
772
[1]773 if (val_return < 0)
774 {
[134]775 (void) sh_error_message(error, aud_err_message, 64);
[1]776 }
777
778 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
779 {
780 sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
781 pathname, (long) flags, (long) mode, val_return);
782 }
783 if (val_return < 0) {
784 sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
[132]785 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]786 pathname, (long) flags, (long) mode, val_return);
787 }
788 errno = error;
789 SL_RETURN(val_return, _("aud_open"));
790}
791
[170]792long int aud_kill (const char * file, int line, pid_t pid, int sig)
[1]793{
794 int myerror;
795 long int val_return = kill (pid, sig);
[132]796 char errbuf[SH_ERRBUF_SIZE];
[1]797 myerror = errno;
798
799 SL_ENTER(_("aud_kill"));
800
801 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_KILL) != 0)
802 sh_error_handle ((-1), file, line, 0, MSG_AUD_KILL,
803 (long) pid, (long) sig);
804 if (val_return < 0) {
805 sh_error_handle ((-1), file, line, myerror, MSG_ERR_KILL,
[132]806 sh_error_message(myerror, errbuf, sizeof(errbuf)),
[1]807 (long) pid, (long) sig);
808 }
809 errno = myerror;
810 SL_RETURN(val_return, _("aud_kill"));
811}
812
813/*@noreturn@*/
[170]814void aud_exit (const char * file, int line, int fd)
[1]815{
816 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
817 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
818 (long) fd);
819
820 SL_ENTER(_("aud_exit"));
821
822 sh.flag.exit = fd;
823 exit(fd);
824}
825
826/*@noreturn@*/
[170]827void aud__exit (const char * file, int line, int fd)
[1]828{
829 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
830 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
831 (long) fd);
832
833 SL_ENTER(_("aud__exit"));
834
835 sh.flag.exit = fd;
836 _exit(fd);
837}
838
[170]839pid_t aud_fork (const char * file, int line)
[1]840{
841 int error;
842 pid_t i = fork();
[132]843 char errbuf[SH_ERRBUF_SIZE];
[1]844
845 error = errno;
846 SL_ENTER(_("aud_fork"));
847
848 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_FORK) != 0 && (i > 0))
849 sh_error_handle ((-1), file, line, 0, MSG_AUD_FORK,
850 (long) i);
851 if (i == (pid_t) -1) {
852 sh_error_handle ((-1), file, line, error, MSG_ERR_FORK,
[132]853 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]854 (long) i);
855 }
856 errno = error;
857 SL_RETURN(i, _("aud_fork"));
858}
859
[170]860int aud_setuid (const char * file, int line, uid_t uid)
[1]861{
862 int error = 0;
863 int i = 0;
[132]864 char errbuf[SH_ERRBUF_SIZE];
[1]865
866 SL_ENTER(_("aud_setuid"));
867
868 if (uid != (uid_t) 0) {
869 i = setuid(uid);
870 error = errno;
871 }
872 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETUID) != 0)
873 sh_error_handle ((-1), file, line, 0, MSG_AUD_SETUID,
874 (long) uid);
875 if (uid == (uid_t) 0) {
876 i = setuid(uid);
877 error = errno;
878 }
879 if (i < 0) {
880 sh_error_handle ((-1), file, line, error, MSG_ERR_SETUID,
[132]881 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]882 (long) uid);
883 }
884 errno = error;
885 SL_RETURN(i, _("aud_setuid"));
886}
887
[170]888int aud_setgid (const char * file, int line, gid_t gid)
[1]889{
890 int error = 0;
891 int i = 0;
[132]892 char errbuf[SH_ERRBUF_SIZE];
[1]893
894 SL_ENTER(_("aud_setgid"));
895
896 if (gid != (gid_t) 0) {
897 i = setgid(gid);
898 error = errno;
899 }
900
901 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETGID) != 0)
902 sh_error_handle ((-1), file, line, 0, MSG_AUD_SETGID,
903 (long) gid);
904 if (gid == (gid_t) 0) {
905 i = setgid(gid);
906 error = errno;
907 }
908 if (i < 0) {
909 sh_error_handle ((-1), file, line, error, MSG_ERR_SETGID,
[132]910 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]911 (long) gid);
912 }
913 errno = error;
914 SL_RETURN(i, _("aud_setgid"));
915}
916
[170]917int aud_pipe (const char * file, int line, int * modus)
[1]918{
919 int error;
920 int i = pipe (modus);
[132]921 char errbuf[SH_ERRBUF_SIZE];
[1]922
923 SL_ENTER(_("aud_pipe"));
924
925 error = errno;
926 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_PIPE) != 0)
927 {
928 if (i < 0)
929 sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
930 (long) 0, (long) 0);
931 else
932 sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
933 (long) modus[0], (long) modus[1]);
934 }
935 if (i < 0) {
936 if (i < 0)
937 sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
[137]938 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]939 (long) 0, (long) 0);
940 else
941 sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
[132]942 sh_error_message(error, errbuf, sizeof(errbuf)),
[1]943 (long) modus[0], (long) modus[1]);
944 }
945 SL_RETURN(i, _("aud_pipe"));
946}
Note: See TracBrowser for help on using the repository browser.