Context Navigation

source: trunk/src/sh_calls.c@ 462

Last change on this file since 462 was 412, checked in by katerina, 12 years ago
Enhancements for ticket #312 (logrotate) and #313 (--enable-suid).
File size: 22.9 KB

Line
1	/* SAMHAIN file system integrity testing */
2	/* Copyright (C) 1999 Rainer Wichmann */
3	/* */
4	/* This program is free software; you can redistribute it */
5	/* and/or modify */
6	/* it under the terms of the GNU General Public License as */
7	/* published by */
8	/* the Free Software Foundation; either version 2 of the License, or */
9	/* (at your option) any later version. */
10	/* */
11	/* This program is distributed in the hope that it will be useful, */
12	/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13	/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14	/* GNU General Public License for more details. */
15	/* */
16	/* You should have received a copy of the GNU General Public License */
17	/* along with this program; if not, write to the Free Software */
18	/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20	#include "config_xor.h"
21
22	#ifdef HOST_IS_HPUX
23	#define _XOPEN_SOURCE_EXTENDED
24	#endif
25
26	#include <stdlib.h>
27	#include <string.h>
28	#include <errno.h>
29
30	#include <sys/types.h>
31	#include <unistd.h>
32	#include <sys/stat.h>
33	#include <fcntl.h>
34	#include <signal.h>
35	#include <sys/socket.h>
36	#include <netdb.h>
37	#include <netinet/in.h>
38
39	#ifndef S_SPLINT_S
40	#include <arpa/inet.h>
41	#else
42	#define AF_INET 2
43	#endif
44
45	#include <time.h>
46
47	#ifndef HAVE_LSTAT
48	#define lstat stat
49	#endif
50
51	#include "samhain.h"
52	#include "sh_error.h"
53	#include "sh_calls.h"
54	#include "sh_ipvx.h"
55	#include "sh_sub.h"
56	#include "sh_utils.h"
57
58	#undef FIL__
59	#define FIL__ _("sh_calls.c")
60
61	extern int flag_err_debug;
62
63	char aud_err_message[64];
64
65	typedef struct cht_struct
66	{
67	const char * str;
68	unsigned long val;
69	} cht_type;
70
71	static cht_type aud_tab[] =
72	{
73	{ N_("execve"), AUD_EXEC },
74	{ N_("utime"), AUD_UTIME },
75	{ N_("unlink"), AUD_UNLINK },
76	{ N_("dup"), AUD_DUP },
77	{ N_("chdir"), AUD_CHDIR },
78	{ N_("open"), AUD_OPEN },
79	{ N_("kill"), AUD_KILL },
80	{ N_("exit"), AUD_EXIT },
81	{ N_("fork"), AUD_FORK },
82	{ N_("setuid"), AUD_SETUID },
83	{ N_("setgid"), AUD_SETGID },
84	{ N_("pipe"), AUD_PIPE },
85	{ NULL, 0 }
86	};
87
88	/* Set aud functions
89	*/
90	int sh_aud_set_functions(const char * str_s)
91	{
92	int i = 0;
93
94	SL_ENTER(_("sh_aud_set_functions"));
95
96	if (str_s == NULL)
97	return -1;
98
99	while (aud_tab[i].str != NULL)
100	{
101	if (NULL != sl_strstr (str_s, _(aud_tab[i].str)))
102	{
103	sh.flag.audit = 1;
104	sh.flag.aud_mask \|= aud_tab[i].val;
105	}
106	++i;
107	}
108
109	SL_RETURN(0,_("sh_aud_set_functions"));
110	}
111
112
113
114
115	/* Need to catch EINTR for these functions.
116	*/
117	long int retry_sigaction(const char * file, int line,
118	int signum, const struct sigaction *act,
119	struct sigaction *oldact)
120	{
121	int error;
122	long int val_retry = -1;
123	char errbuf[SH_ERRBUF_SIZE];
124	errno = 0;
125
126	SL_ENTER(_("retry_sigaction"));
127
128	do {
129	val_retry = sigaction(signum, act, oldact);
130	} while (val_retry < 0 && errno == EINTR);
131
132	error = errno;
133	if (val_retry < 0) {
134	sh_error_handle ((-1), file, line, error, MSG_ERR_SIGACT,
135	sh_error_message(error, errbuf, sizeof(errbuf)),
136	(long) signum );
137	}
138	errno = error;
139	SL_RETURN(val_retry, _("retry_sigaction"));
140	}
141
142	static struct sh_sockaddr bind_addr;
143	static int use_bind_addr = 0;
144
145	int sh_calls_set_bind_addr (const char * str)
146	{
147	static int reject = 0;
148
149	if (reject == 1)
150	return (0);
151
152	if (sh.flag.opts == S_TRUE)
153	reject = 1;
154
155	#if defined(USE_IPVX)
156	if (0 == sh_ipvx_aton(str, &bind_addr))
157	return -1;
158	#else
159	if (0 == inet_aton(str, &(bind_addr.sin.sin_addr)))
160	return -1;
161	#endif
162
163	use_bind_addr = 1;
164	return 0;
165	}
166
167
168	long int retry_connect(const char * file, int line, int sockfd,
169	struct sockaddr *serv_addr, int addrlen)
170	{
171	int error;
172	long int val_retry = 0;
173	char errbuf[SH_ERRBUF_SIZE];
174
175	SL_ENTER(_("retry_connect"));
176
177	errno = 0;
178
179	if (0 != use_bind_addr)
180	{
181	int slen = SH_SS_LEN(bind_addr);
182
183	val_retry = bind(sockfd, sh_ipvx_sockaddr_cast(&bind_addr), slen);
184	}
185
186	if (val_retry == 0)
187	{
188	do {
189	val_retry = connect(sockfd, serv_addr, addrlen);
190	} while (val_retry < 0 && (errno == EINTR \|\| errno == EINPROGRESS));
191	}
192
193	error = errno;
194	if (val_retry != 0) {
195	long eport;
196	char eaddr[SH_IP_BUF];
197
198	struct sh_sockaddr ss;
199	sh_ipvx_save(&ss, serv_addr->sa_family, serv_addr);
200	sh_ipvx_ntoa(eaddr, sizeof(eaddr), &ss);
201
202	if (serv_addr->sa_family == AF_INET)
203	eport = (long) ntohs(((struct sockaddr_in *)serv_addr)->sin_port);
204	else
205	eport = (long) ntohs(((struct sockaddr_in6 *)serv_addr)->sin6_port);
206
207	sh_error_handle ((-1), file, line, error, MSG_ERR_CONNECT,
208	sh_error_message(error, errbuf, sizeof(errbuf)),
209	(long) sockfd, eport, eaddr);
210	}
211	errno = error;
212	SL_RETURN(val_retry, _("retry_connect"));
213	}
214
215	long int retry_accept(const char * file, int line, int fd,
216	struct sh_sockaddr serv_addr, int addrlen)
217	{
218	int error;
219	long int val_retry = -1;
220	char errbuf[SH_ERRBUF_SIZE];
221	struct sockaddr_storage ss;
222
223	ACCEPT_TYPE_ARG3 my_addrlen = sizeof(ss);
224
225	errno = 0;
226
227	SL_ENTER(_("retry_accept"));
228
229	do {
230	val_retry = accept(fd, (struct sockaddr *)&ss, &my_addrlen);
231	} while (val_retry < 0 && errno == EINTR);
232
233	error = errno;
234	if (val_retry < 0) {
235	sh_error_handle ((-1), file, line, error, MSG_ERR_ACCEPT,
236	sh_error_message(error, errbuf, sizeof(errbuf)),
237	(long) fd );
238	}
239	errno = error;
240
241	if (flag_err_debug == SL_TRUE)
242	{
243	char ipbuf[SH_IP_BUF];
244	char buf[SH_BUFSIZE];
245	#if defined(USE_IPVX)
246	sl_strlcpy(errbuf, _("Address family: "), sizeof(errbuf));
247	sl_strlcat(errbuf,
248	(ss.ss_family == AF_INET6) ? _("AF_INET6") : _("AF_INET"),
249	sizeof(errbuf));
250	getnameinfo((struct sockaddr *)&ss, my_addrlen,
251	ipbuf, sizeof(ipbuf), NULL, 0, NI_NUMERICHOST);
252	#else
253	struct sockaddr_in sa;
254	char * p;
255	memcpy(&(sa), (struct sockaddr_in*)&ss, sizeof(struct sockaddr_in));
256	p = inet_ntoa(sa.sin_addr);
257	sl_strlcpy(ipbuf, p, sizeof(ipbuf));
258	sl_strlcpy(errbuf, _("Address family: AF_INET"), sizeof(errbuf));
259	#endif
260	sl_strlcpy(buf, _("Address: "), sizeof(buf));
261	sl_strlcat(buf, ipbuf, sizeof(buf));
262	sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
263	errbuf, _("retry_accept"));
264	sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
265	buf, _("retry_accept"));
266	}
267
268	sh_ipvx_save(serv_addr, ss.ss_family, (struct sockaddr *) &ss);
269
270	if (flag_err_debug == SL_TRUE)
271	{
272	char ipbuf[SH_IP_BUF];
273	char ipbuf2[SH_IP_BUF];
274	char buf[SH_BUFSIZE];
275	#if defined(USE_IPVX)
276	int len = (serv_addr->ss_family == AF_INET) ?
277	sizeof(struct sockaddr_in) :
278	sizeof(struct sockaddr_in6);
279	getnameinfo(sh_ipvx_sockaddr_cast(serv_addr), len,
280	ipbuf2, sizeof(ipbuf2), NULL, 0, NI_NUMERICHOST);
281	#else
282	char * p = inet_ntoa((serv_addr->sin).sin_addr);
283	sl_strlcpy(ipbuf2, p, sizeof(ipbuf2));
284	#endif
285	sh_ipvx_ntoa (ipbuf, sizeof(ipbuf), serv_addr);
286	sl_snprintf(buf, sizeof(buf), _("Address: %s / %s"),
287	ipbuf, ipbuf2);
288	sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
289	buf, _("retry_accept"));
290	}
291
292	*addrlen = (int) my_addrlen;
293	SL_RETURN(val_retry, _("retry_accept"));
294	}
295
296	static int sh_enable_use_sub = 0;
297
298	#if defined (SH_WITH_CLIENT) \|\| defined (SH_STANDALONE)
299	static int sh_use_sub = 1;
300	#else
301	static int sh_use_sub = 0;
302	#endif
303
304	void sh_calls_enable_sub()
305	{
306	sh_enable_use_sub = 1;
307	return;
308	}
309
310	int sh_calls_set_sub (const char * str)
311	{
312	int ret = sh_util_flagval(str, &sh_use_sub);
313
314	if ((ret == 0) && (!sh_use_sub))
315	{
316	sh_kill_sub();
317	}
318	return ret;
319	}
320
321	long int retry_lstat_ns(const char * file, int line,
322	const char file_name, struct stat buf)
323	{
324	int error;
325	long int val_retry = -1;
326	char errbuf[SH_ERRBUF_SIZE];
327
328	SL_ENTER(_("retry_lstat_ns"));
329
330	do {
331	val_retry = /@-unrecog@/lstat (file_name, buf)/@+unrecog@/;
332	} while (val_retry < 0 && errno == EINTR);
333
334	error = errno;
335	if (val_retry < 0) {
336	(void) sh_error_message(error, aud_err_message, 64);
337	sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
338	sh_error_message(error, errbuf, sizeof(errbuf)),
339	file_name );
340	}
341	errno = error;
342
343	SL_RETURN(val_retry, _("retry_lstat_ns"));
344	}
345
346	long int retry_lstat(const char * file, int line,
347	const char file_name, struct stat buf)
348	{
349	int error;
350	long int val_retry = -1;
351	char errbuf[SH_ERRBUF_SIZE];
352
353	SL_ENTER(_("retry_lstat"));
354
355	if (sh_use_sub && sh_enable_use_sub)
356	{
357	val_retry = sh_sub_lstat (file_name, buf);
358	}
359	else
360	{
361	do {
362	val_retry = /@-unrecog@/lstat (file_name, buf)/@+unrecog@/;
363	} while (val_retry < 0 && errno == EINTR);
364	}
365
366	error = errno;
367	if (val_retry < 0) {
368	(void) sh_error_message(error, aud_err_message, 64);
369	sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
370	sh_error_message(error, errbuf, sizeof(errbuf)),
371	file_name );
372	}
373	errno = error;
374
375	SL_RETURN(val_retry, _("retry_lstat"));
376	}
377
378	long int retry_stat(const char * file, int line,
379	const char file_name, struct stat buf)
380	{
381	int error;
382	long int val_retry = -1;
383	char errbuf[SH_ERRBUF_SIZE];
384
385	SL_ENTER(_("retry_stat"));
386
387	if (sh_use_sub && sh_enable_use_sub)
388	{
389	val_retry = sh_sub_stat (file_name, buf);
390	}
391	else
392	{
393	do {
394	val_retry = stat (file_name, buf);
395	} while (val_retry < 0 && errno == EINTR);
396	}
397
398	error = errno;
399	if (val_retry < 0) {
400	(void) sh_error_message(error, aud_err_message, 64);
401	sh_error_handle ((-1), file, line, error, MSG_ERR_STAT,
402	sh_error_message(error, errbuf, sizeof(errbuf)),
403	file_name );
404	}
405	errno = error;
406
407	SL_RETURN(val_retry, _("retry_stat"));
408	}
409
410	long int retry_fstat(const char * file, int line, int filed, struct stat *buf)
411	{
412	int error;
413	long int val_retry = -1;
414	char errbuf[SH_ERRBUF_SIZE];
415
416	SL_ENTER(_("retry_fstat"));
417
418	do {
419	val_retry = fstat (filed, buf);
420	} while (val_retry < 0 && errno == EINTR);
421	error = errno;
422	if (val_retry < 0) {
423	sh_error_handle ((-1), file, line, error, MSG_ERR_FSTAT,
424	sh_error_message(error, errbuf, sizeof(errbuf)),
425	(long) filed );
426	}
427	errno = error;
428	SL_RETURN(val_retry, _("retry_fstat"));
429	}
430
431	long int retry_fcntl(const char * file, int line, int fd, int cmd, long arg)
432	{
433	int error;
434	long int val_retry = -1;
435	char errbuf[SH_ERRBUF_SIZE];
436	errno = 0;
437
438	SL_ENTER(_("retry_fcntl"));
439
440	if (cmd == F_GETFD \|\| cmd == F_GETFL)
441	{
442	do {
443	val_retry = fcntl(fd, cmd);
444	} while (val_retry < 0 && errno == EINTR);
445	}
446	else
447	{
448	do {
449	val_retry = fcntl(fd, cmd, arg);
450	} while (val_retry < 0 && errno == EINTR);
451	}
452	error = errno;
453	if (val_retry < 0) {
454	sh_error_handle ((-1), file, line, error, MSG_ERR_FCNTL,
455	sh_error_message(error, errbuf, sizeof(errbuf)),
456	(long) fd, (long) cmd, arg );
457	}
458	errno = error;
459	SL_RETURN(val_retry, _("retry_fcntl"));
460	}
461
462	long int retry_msleep (int sec, int millisec)
463	{
464	int result = 0;
465	#if defined(HAVE_NANOSLEEP)
466	struct timespec req, rem;
467	#endif
468
469	SL_ENTER(_("retry_msleep"));
470
471	errno = 0;
472	if (millisec > 999) millisec = 999;
473	if (millisec < 0) millisec = 0;
474	if (sec < 0) sec = 0;
475
476	#if defined(HAVE_NANOSLEEP)
477	/@-usedef@/
478	req.tv_sec = sec; rem.tv_sec = 0;
479	req.tv_nsec = millisec * 1000000; rem.tv_nsec = 0;
480	/@+usedef@/
481	do {
482	result = /@-unrecog@/nanosleep(&req, &rem)/@+unrecog@/;
483
484	req.tv_sec = rem.tv_sec; rem.tv_sec = 0;
485	req.tv_nsec = rem.tv_nsec; rem.tv_nsec = 0;
486
487	} while ((result == -1) && (errno == EINTR));
488	#else
489	if (sec > 0)
490	{
491	sleep (sec); /* nanosleep not available */
492	}
493	else
494	{
495	#ifdef HAVE_USLEEP
496	if (millisec > 0)
497	{
498	usleep(1000 * millisec);
499	}
500	#else
501	if (millisec > 0)
502	{
503	sleep (1);
504	}
505	#endif
506	}
507	#endif
508	SL_RETURN(result, _("retry_msleep"));
509	}
510
511	/***************************************************
512	*
513	* Audit these functions.
514	*
515	***************************************************/
516
517	long int retry_aud_execve (const char * file, int line,
518	const char dateiname, char argv[],
519	char * envp[])
520	{
521	uid_t a = geteuid();
522	gid_t b = getegid();
523	int i;
524	int error;
525	char errbuf[SH_ERRBUF_SIZE];
526
527	SL_ENTER(_("retry_aud_execve"));
528
529	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXEC) != 0)
530	sh_error_handle ((-1), file, line, 0, MSG_AUD_EXEC,
531	dateiname, (long) a, (long) b );
532	do {
533	i = execve(dateiname, argv, envp);
534	} while (i < 0 && errno == EINTR);
535
536	error = errno;
537	if (i < 0) {
538	sh_error_handle ((-1), file, line, error, MSG_ERR_EXEC,
539	sh_error_message(error, errbuf, sizeof(errbuf)),
540	dateiname, (long) a, (long) b );
541	}
542	errno = error;
543	SL_RETURN(i, _("retry_aud_execve"));
544	}
545
546
547	long int retry_aud_utime (const char * file, int line,
548	char * path, struct utimbuf *buf)
549	{
550	long int val_return;
551	int error;
552	char errbuf[SH_ERRBUF_SIZE];
553	errno = 0;
554
555	SL_ENTER(_("retry_aud_utime"));
556
557	do {
558	val_return = utime (path, buf);
559	} while (val_return < 0 && errno == EINTR);
560
561	error = errno;
562	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UTIME) != 0)
563	sh_error_handle ((-1), file, line, 0, MSG_AUD_UTIME,
564	path,
565	(unsigned long) buf->actime,
566	(unsigned long) buf->modtime);
567	if (val_return < 0) {
568	sh_error_handle ((-1), file, line, error, MSG_ERR_UTIME,
569	sh_error_message(error, errbuf, sizeof(errbuf)),
570	path,
571	(unsigned long) buf->actime,
572	(unsigned long) buf->modtime);
573	}
574	errno = error;
575	SL_RETURN(val_return, _("retry_aud_utime"));
576	}
577
578	long int retry_aud_unlink (const char * file, int line,
579	char * path)
580	{
581	long int val_return;
582	int error;
583	char errbuf[SH_ERRBUF_SIZE];
584	errno = 0;
585
586	SL_ENTER(_("retry_aud_unlink"));
587
588	do {
589	val_return = unlink (path);
590	} while (val_return < 0 && errno == EINTR);
591
592	error = errno;
593	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UNLINK) != 0)
594	sh_error_handle ((-1), file, line, 0, MSG_AUD_UNLINK,
595	path);
596	if (val_return < 0) {
597	sh_error_handle ((-1), file, line, error, MSG_ERR_UNLINK,
598	sh_error_message(error, errbuf, sizeof(errbuf)),
599	path);
600	}
601	errno = error;
602	SL_RETURN(val_return, _("retry_aud_unlink"));
603	}
604
605	long int retry_aud_dup2 (const char * file, int line,
606	int fd, int fd2)
607	{
608	long int val_return;
609	int error;
610	char errbuf[SH_ERRBUF_SIZE];
611	errno = 0;
612
613	SL_ENTER(_("retry_aud_dup2"));
614
615	do {
616	val_return = dup2 (fd, fd2);
617	} while (val_return < 0 && errno == EINTR);
618
619	error = errno;
620	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
621	sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
622	(long) fd, val_return);
623	if (val_return < 0) {
624	sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
625	sh_error_message(error, errbuf, sizeof(errbuf)),
626	(long) fd, val_return);
627	}
628	errno = error;
629	SL_RETURN(val_return, _("retry_aud_dup2"));
630	}
631
632	long int retry_aud_dup (const char * file, int line,
633	int fd)
634	{
635	long int val_return;
636	int error;
637	char errbuf[SH_ERRBUF_SIZE];
638	errno = 0;
639
640	SL_ENTER(_("retry_aud_dup"));
641
642	do {
643	val_return = dup (fd);
644	} while (val_return < 0 && errno == EINTR);
645	error = errno;
646	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
647	sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
648	(long) fd, val_return);
649	if (val_return < 0) {
650	sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
651	sh_error_message(error, errbuf, sizeof(errbuf)),
652	(long) fd, val_return);
653	}
654	errno = error;
655	SL_RETURN(val_return, _("retry_aud_dup"));
656	}
657
658
659
660	long int retry_aud_chdir (const char * file, int line,
661	const char *path)
662	{
663	long int val_return;
664	int error = 0;
665	char errbuf[SH_ERRBUF_SIZE];
666	errno = 0;
667
668	SL_ENTER(_("retry_aud_chdir"));
669
670	do {
671	val_return = chdir (path);
672	} while (val_return < 0 && errno == EINTR);
673
674	error = errno;
675	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_CHDIR) != 0)
676	sh_error_handle ((-1), file, line, 0, MSG_AUD_CHDIR,
677	path);
678	if (val_return < 0) {
679	sh_error_handle ((-1), file, line, error, MSG_ERR_CHDIR,
680	sh_error_message(error, errbuf, sizeof(errbuf)),
681	path);
682	}
683	errno = error;
684	SL_RETURN(val_return, _("retry_aud_chdir"));
685	}
686
687
688	long int aud_open_noatime (const char * file, int line, int privs,
689	const char *pathname, int flags, mode_t mode,
690	int * o_noatime)
691	{
692	long int val_return;
693	int error;
694	char errbuf[SH_ERRBUF_SIZE];
695
696	SL_ENTER(_("aud_open"));
697
698	#ifdef USE_SUID
699	if (0 == strcmp(pathname, "/usr/bin/sudo"))
700	{
701	uid_t ruid; uid_t euid; uid_t suid;
702	getresuid(&ruid, &euid, &suid);
703	}
704	if (privs == SL_YESPRIV)
705	sl_set_suid();
706	#else
707	/@-noeffect@/
708	(void) privs; /* fix compiler warning */
709	/@+noeffect@/
710	#endif
711
712	val_return = open (pathname, *o_noatime\|flags, mode);
713
714	#ifdef USE_SUID
715	if (privs == SL_YESPRIV)
716	sl_unset_suid();
717	#endif
718
719	if ((val_return < 0) && (*o_noatime != 0))
720	{
721	val_return = open (pathname, flags, mode);
722	if (val_return >= 0)
723	*o_noatime = 0;
724	}
725	error = errno;
726
727	if (val_return < 0)
728	{
729	(void) sh_error_message(error, aud_err_message, 64);
730	}
731
732	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
733	{
734	sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
735	pathname, (long) flags, (long) mode, val_return);
736	}
737	if (val_return < 0) {
738	sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
739	sh_error_message(error, errbuf, sizeof(errbuf)),
740	pathname, (long) flags, (long) mode, val_return);
741	}
742	errno = error;
743	SL_RETURN(val_return, _("aud_open"));
744	}
745
746	long int aud_open (const char * file, int line, int privs,
747	const char *pathname, int flags, mode_t mode)
748	{
749	long int val_return;
750	int error;
751	char errbuf[SH_ERRBUF_SIZE];
752
753	SL_ENTER(_("aud_open"));
754
755	#ifdef USE_SUID
756	if (privs == SL_YESPRIV)
757	sl_set_suid();
758	#else
759	/@-noeffect@/
760	(void) privs; /* fix compiler warning */
761	/@+noeffect@/
762	#endif
763
764	val_return = open (pathname, flags, mode);
765
766	#ifdef USE_SUID
767	if (privs == SL_YESPRIV)
768	sl_unset_suid();
769	#endif
770
771	error = errno;
772
773	if (val_return < 0)
774	{
775	(void) sh_error_message(error, aud_err_message, 64);
776	}
777
778	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
779	{
780	sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
781	pathname, (long) flags, (long) mode, val_return);
782	}
783	if (val_return < 0) {
784	sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
785	sh_error_message(error, errbuf, sizeof(errbuf)),
786	pathname, (long) flags, (long) mode, val_return);
787	}
788	errno = error;
789	SL_RETURN(val_return, _("aud_open"));
790	}
791
792	long int aud_kill (const char * file, int line, pid_t pid, int sig)
793	{
794	int myerror;
795	long int val_return = kill (pid, sig);
796	char errbuf[SH_ERRBUF_SIZE];
797	myerror = errno;
798
799	SL_ENTER(_("aud_kill"));
800
801	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_KILL) != 0)
802	sh_error_handle ((-1), file, line, 0, MSG_AUD_KILL,
803	(long) pid, (long) sig);
804	if (val_return < 0) {
805	sh_error_handle ((-1), file, line, myerror, MSG_ERR_KILL,
806	sh_error_message(myerror, errbuf, sizeof(errbuf)),
807	(long) pid, (long) sig);
808	}
809	errno = myerror;
810	SL_RETURN(val_return, _("aud_kill"));
811	}
812
813	/@noreturn@/
814	void aud_exit (const char * file, int line, int fd)
815	{
816	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
817	sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
818	(long) fd);
819
820	SL_ENTER(_("aud_exit"));
821
822	sh.flag.exit = fd;
823	exit(fd);
824	}
825
826	/@noreturn@/
827	void aud__exit (const char * file, int line, int fd)
828	{
829	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
830	sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
831	(long) fd);
832
833	SL_ENTER(_("aud__exit"));
834
835	sh.flag.exit = fd;
836	_exit(fd);
837	}
838
839	pid_t aud_fork (const char * file, int line)
840	{
841	int error;
842	pid_t i = fork();
843	char errbuf[SH_ERRBUF_SIZE];
844
845	error = errno;
846	SL_ENTER(_("aud_fork"));
847
848	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_FORK) != 0 && (i > 0))
849	sh_error_handle ((-1), file, line, 0, MSG_AUD_FORK,
850	(long) i);
851	if (i == (pid_t) -1) {
852	sh_error_handle ((-1), file, line, error, MSG_ERR_FORK,
853	sh_error_message(error, errbuf, sizeof(errbuf)),
854	(long) i);
855	}
856	errno = error;
857	SL_RETURN(i, _("aud_fork"));
858	}
859
860	int aud_setuid (const char * file, int line, uid_t uid)
861	{
862	int error = 0;
863	int i = 0;
864	char errbuf[SH_ERRBUF_SIZE];
865
866	SL_ENTER(_("aud_setuid"));
867
868	if (uid != (uid_t) 0) {
869	i = setuid(uid);
870	error = errno;
871	}
872	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETUID) != 0)
873	sh_error_handle ((-1), file, line, 0, MSG_AUD_SETUID,
874	(long) uid);
875	if (uid == (uid_t) 0) {
876	i = setuid(uid);
877	error = errno;
878	}
879	if (i < 0) {
880	sh_error_handle ((-1), file, line, error, MSG_ERR_SETUID,
881	sh_error_message(error, errbuf, sizeof(errbuf)),
882	(long) uid);
883	}
884	errno = error;
885	SL_RETURN(i, _("aud_setuid"));
886	}
887
888	int aud_setgid (const char * file, int line, gid_t gid)
889	{
890	int error = 0;
891	int i = 0;
892	char errbuf[SH_ERRBUF_SIZE];
893
894	SL_ENTER(_("aud_setgid"));
895
896	if (gid != (gid_t) 0) {
897	i = setgid(gid);
898	error = errno;
899	}
900
901	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETGID) != 0)
902	sh_error_handle ((-1), file, line, 0, MSG_AUD_SETGID,
903	(long) gid);
904	if (gid == (gid_t) 0) {
905	i = setgid(gid);
906	error = errno;
907	}
908	if (i < 0) {
909	sh_error_handle ((-1), file, line, error, MSG_ERR_SETGID,
910	sh_error_message(error, errbuf, sizeof(errbuf)),
911	(long) gid);
912	}
913	errno = error;
914	SL_RETURN(i, _("aud_setgid"));
915	}
916
917	int aud_pipe (const char * file, int line, int * modus)
918	{
919	int error;
920	int i = pipe (modus);
921	char errbuf[SH_ERRBUF_SIZE];
922
923	SL_ENTER(_("aud_pipe"));
924
925	error = errno;
926	if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_PIPE) != 0)
927	{
928	if (i < 0)
929	sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
930	(long) 0, (long) 0);
931	else
932	sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
933	(long) modus[0], (long) modus[1]);
934	}
935	if (i < 0) {
936	if (i < 0)
937	sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
938	sh_error_message(error, errbuf, sizeof(errbuf)),
939	(long) 0, (long) 0);
940	else
941	sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
942	sh_error_message(error, errbuf, sizeof(errbuf)),
943	(long) modus[0], (long) modus[1]);
944	}
945	SL_RETURN(i, _("aud_pipe"));
946	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: