source: trunk/src/sh_calls.c@ 479

Last change on this file since 479 was 473, checked in by katerina, 9 years ago

Fix for ticket #371 (use cppcheck instead of uno for static checking).

File size: 23.5 KB
Line 
1/* SAMHAIN file system integrity testing */
2/* Copyright (C) 1999 Rainer Wichmann */
3/* */
4/* This program is free software; you can redistribute it */
5/* and/or modify */
6/* it under the terms of the GNU General Public License as */
7/* published by */
8/* the Free Software Foundation; either version 2 of the License, or */
9/* (at your option) any later version. */
10/* */
11/* This program is distributed in the hope that it will be useful, */
12/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
13/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
14/* GNU General Public License for more details. */
15/* */
16/* You should have received a copy of the GNU General Public License */
17/* along with this program; if not, write to the Free Software */
18/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
19
20#include "config_xor.h"
21
22#ifdef HOST_IS_HPUX
23#define _XOPEN_SOURCE_EXTENDED
24#endif
25
26#include <stdlib.h>
27#include <string.h>
28#include <errno.h>
29
30#include <sys/types.h>
31#include <unistd.h>
32#include <sys/stat.h>
33#include <fcntl.h>
34#include <signal.h>
35#include <sys/socket.h>
36#include <netdb.h>
37#include <netinet/in.h>
38
39#ifndef S_SPLINT_S
40#include <arpa/inet.h>
41#else
42#define AF_INET 2
43#endif
44
45#include <time.h>
46
47#ifndef HAVE_LSTAT
48#define lstat stat
49#endif
50
51#include "samhain.h"
52#include "sh_error.h"
53#include "sh_calls.h"
54#include "sh_ipvx.h"
55#include "sh_sub.h"
56#include "sh_utils.h"
57
58#undef FIL__
59#define FIL__ _("sh_calls.c")
60
61extern int flag_err_debug;
62
63char aud_err_message[64];
64
65typedef struct cht_struct
66{
67 const char * str;
68 unsigned long val;
69} cht_type;
70
71static cht_type aud_tab[] =
72{
73 { N_("execve"), AUD_EXEC },
74 { N_("utime"), AUD_UTIME },
75 { N_("unlink"), AUD_UNLINK },
76 { N_("dup"), AUD_DUP },
77 { N_("chdir"), AUD_CHDIR },
78 { N_("open"), AUD_OPEN },
79 { N_("kill"), AUD_KILL },
80 { N_("exit"), AUD_EXIT },
81 { N_("fork"), AUD_FORK },
82 { N_("setuid"), AUD_SETUID },
83 { N_("setgid"), AUD_SETGID },
84 { N_("pipe"), AUD_PIPE },
85 { NULL, 0 }
86};
87
88/* Set aud functions
89 */
90int sh_aud_set_functions(const char * str_s)
91{
92 int i = 0;
93
94 SL_ENTER(_("sh_aud_set_functions"));
95
96 if (str_s == NULL)
97 return -1;
98
99 while (aud_tab[i].str != NULL)
100 {
101 if (NULL != sl_strstr (str_s, _(aud_tab[i].str)))
102 {
103 sh.flag.audit = 1;
104 sh.flag.aud_mask |= aud_tab[i].val;
105 }
106 ++i;
107 }
108
109 SL_RETURN(0,_("sh_aud_set_functions"));
110}
111
112
113
114
115/* Need to catch EINTR for these functions.
116 */
117long int retry_sigaction(const char * file, int line,
118 int signum, const struct sigaction *act,
119 struct sigaction *oldact)
120{
121 int error;
122 long int val_retry = -1;
123 char errbuf[SH_ERRBUF_SIZE];
124 errno = 0;
125
126 SL_ENTER(_("retry_sigaction"));
127
128 do {
129 val_retry = sigaction(signum, act, oldact);
130 } while (val_retry < 0 && errno == EINTR);
131
132 error = errno;
133 if (val_retry < 0) {
134 sh_error_handle ((-1), file, line, error, MSG_ERR_SIGACT,
135 sh_error_message(error, errbuf, sizeof(errbuf)),
136 (long) signum );
137 }
138 errno = error;
139 SL_RETURN(val_retry, _("retry_sigaction"));
140}
141
142static struct sh_sockaddr bind_addr;
143static int use_bind_addr = 0;
144
145int sh_calls_set_bind_addr (const char * str)
146{
147 static int reject = 0;
148
149 if (reject == 1)
150 return (0);
151
152 if (sh.flag.opts == S_TRUE)
153 reject = 1;
154
155 if (0 == sh_ipvx_aton(str, &bind_addr))
156 return -1;
157
158 use_bind_addr = 1;
159 return 0;
160}
161
162
163long int retry_connect(const char * file, int line, int sockfd,
164 struct sockaddr *serv_addr, int addrlen)
165{
166 int error;
167 int err_bind = 0;
168 long int val_retry = 0;
169 char errbuf[SH_ERRBUF_SIZE];
170
171 SL_ENTER(_("retry_connect"));
172
173 errno = 0;
174
175 if (use_bind_addr)
176 {
177 int slen = SH_SS_LEN(bind_addr);
178 struct sockaddr *b_addr = sh_ipvx_sockaddr_cast(&bind_addr);
179
180 if (bind_addr.ss_family == AF_INET)
181 b_addr->sa_family = AF_INET;
182#if defined(USE_IPVX)
183 else
184 b_addr->sa_family = AF_INET6;
185#endif
186 val_retry = bind(sockfd, b_addr, slen);
187 }
188
189 if (val_retry == 0)
190 {
191 do {
192 val_retry = connect(sockfd, serv_addr, addrlen);
193 } while (val_retry < 0 && (errno == EINTR || errno == EINPROGRESS));
194 }
195 else
196 {
197 err_bind = 1;
198 }
199
200 error = errno;
201 if (val_retry != 0) {
202 long eport = 0;
203 char eaddr[SH_IP_BUF];
204 char emesg[SH_BUFSIZE];
205 struct sockaddr *err_addr = serv_addr;
206 struct sh_sockaddr ss;
207
208 if (err_bind)
209 err_addr = sh_ipvx_sockaddr_cast(&bind_addr);
210
211 sh_ipvx_save(&ss, err_addr->sa_family, err_addr);
212 sh_ipvx_ntoa(eaddr, sizeof(eaddr), &ss);
213
214 if (err_addr->sa_family == AF_INET)
215 eport = (long) ntohs(((struct sockaddr_in *)serv_addr)->sin_port);
216#if defined(USE_IPVX)
217 else
218 eport = (long) ntohs(((struct sockaddr_in6 *)serv_addr)->sin6_port);
219#endif
220
221 sl_strlcpy(emesg, sh_error_message(error, errbuf, sizeof(errbuf)), sizeof(emesg));
222 sl_strlcat(emesg,
223 (err_addr->sa_family == AF_INET) ? _(", AF_INET") : _(", AF_INET6"),
224 sizeof(emesg));
225
226 sl_strlcat(emesg,
227 (err_bind) ? _(", bind") : _(", connect"),
228 sizeof(emesg));
229
230 sh_error_handle ((-1), file, line, error, MSG_ERR_CONNECT,
231 emesg,
232 (long) sockfd, eport, eaddr);
233 }
234 errno = error;
235 SL_RETURN(val_retry, _("retry_connect"));
236}
237
238long int retry_accept(const char * file, int line, int fd,
239 struct sh_sockaddr *serv_addr, int * addrlen)
240{
241 int error;
242 long int val_retry = -1;
243 char errbuf[SH_ERRBUF_SIZE];
244 struct sockaddr_storage ss;
245
246 ACCEPT_TYPE_ARG3 my_addrlen = sizeof(ss);
247
248 errno = 0;
249
250 SL_ENTER(_("retry_accept"));
251
252 do {
253 val_retry = accept(fd, (struct sockaddr *)&ss, &my_addrlen);
254 } while (val_retry < 0 && errno == EINTR);
255
256 error = errno;
257 if (val_retry < 0) {
258 sh_error_handle ((-1), file, line, error, MSG_ERR_ACCEPT,
259 sh_error_message(error, errbuf, sizeof(errbuf)),
260 (long) fd );
261 }
262 errno = error;
263
264 if (flag_err_debug == SL_TRUE)
265 {
266 char ipbuf[SH_IP_BUF];
267 char buf[SH_BUFSIZE];
268#if defined(USE_IPVX)
269 sl_strlcpy(errbuf, _("Address family: "), sizeof(errbuf));
270 sl_strlcat(errbuf,
271 (ss.ss_family == AF_INET6) ? _("AF_INET6") : _("AF_INET"),
272 sizeof(errbuf));
273 getnameinfo((struct sockaddr *)&ss, my_addrlen,
274 ipbuf, sizeof(ipbuf), NULL, 0, NI_NUMERICHOST);
275#else
276 struct sockaddr_in sa;
277 char * p;
278 memcpy(&(sa), (struct sockaddr_in*)&ss, sizeof(struct sockaddr_in));
279 p = inet_ntoa(sa.sin_addr);
280 sl_strlcpy(ipbuf, p, sizeof(ipbuf));
281 sl_strlcpy(errbuf, _("Address family: AF_INET"), sizeof(errbuf));
282#endif
283 sl_strlcpy(buf, _("Address: "), sizeof(buf));
284 sl_strlcat(buf, ipbuf, sizeof(buf));
285 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
286 errbuf, _("retry_accept"));
287 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
288 buf, _("retry_accept"));
289 }
290
291 sh_ipvx_save(serv_addr, ss.ss_family, (struct sockaddr *) &ss);
292
293 if (flag_err_debug == SL_TRUE)
294 {
295 char ipbuf[SH_IP_BUF];
296 char ipbuf2[SH_IP_BUF];
297 char buf[SH_BUFSIZE];
298#if defined(USE_IPVX)
299 int len = (serv_addr->ss_family == AF_INET) ?
300 sizeof(struct sockaddr_in) :
301 sizeof(struct sockaddr_in6);
302 getnameinfo(sh_ipvx_sockaddr_cast(serv_addr), len,
303 ipbuf2, sizeof(ipbuf2), NULL, 0, NI_NUMERICHOST);
304#else
305 char * p = inet_ntoa((serv_addr->sin).sin_addr);
306 sl_strlcpy(ipbuf2, p, sizeof(ipbuf2));
307#endif
308 sh_ipvx_ntoa (ipbuf, sizeof(ipbuf), serv_addr);
309 sl_snprintf(buf, sizeof(buf), _("Address: %s / %s"),
310 ipbuf, ipbuf2);
311 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN,
312 buf, _("retry_accept"));
313 }
314
315 *addrlen = (int) my_addrlen;
316 SL_RETURN(val_retry, _("retry_accept"));
317}
318
319static int sh_enable_use_sub = 0;
320
321#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE)
322static int sh_use_sub = 1;
323#else
324static int sh_use_sub = 0;
325#endif
326
327void sh_calls_enable_sub()
328{
329 sh_enable_use_sub = 1;
330 return;
331}
332
333int sh_calls_set_sub (const char * str)
334{
335 int ret = sh_util_flagval(str, &sh_use_sub);
336
337 if ((ret == 0) && (!sh_use_sub))
338 {
339 sh_kill_sub();
340 }
341 return ret;
342}
343
344long int retry_lstat_ns(const char * file, int line,
345 const char *file_name, struct stat *buf)
346{
347 int error;
348 long int val_retry = -1;
349 char errbuf[SH_ERRBUF_SIZE];
350
351 SL_ENTER(_("retry_lstat_ns"));
352
353 do {
354 val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/;
355 } while (val_retry < 0 && errno == EINTR);
356
357 error = errno;
358 if (val_retry < 0) {
359 (void) sh_error_message(error, aud_err_message, 64);
360 sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
361 sh_error_message(error, errbuf, sizeof(errbuf)),
362 file_name );
363 }
364 errno = error;
365
366 SL_RETURN(val_retry, _("retry_lstat_ns"));
367}
368
369long int retry_lstat(const char * file, int line,
370 const char *file_name, struct stat *buf)
371{
372 int error;
373 long int val_retry = -1;
374 char errbuf[SH_ERRBUF_SIZE];
375
376 SL_ENTER(_("retry_lstat"));
377
378 if (sh_use_sub && sh_enable_use_sub)
379 {
380 val_retry = sh_sub_lstat (file_name, buf);
381 }
382 else
383 {
384 do {
385 val_retry = /*@-unrecog@*/lstat (file_name, buf)/*@+unrecog@*/;
386 } while (val_retry < 0 && errno == EINTR);
387 }
388
389 error = errno;
390 if (val_retry < 0) {
391 (void) sh_error_message(error, aud_err_message, 64);
392 sh_error_handle ((-1), file, line, error, MSG_ERR_LSTAT,
393 sh_error_message(error, errbuf, sizeof(errbuf)),
394 file_name );
395 }
396 errno = error;
397
398 SL_RETURN(val_retry, _("retry_lstat"));
399}
400
401long int retry_stat(const char * file, int line,
402 const char *file_name, struct stat *buf)
403{
404 int error;
405 long int val_retry = -1;
406 char errbuf[SH_ERRBUF_SIZE];
407
408 SL_ENTER(_("retry_stat"));
409
410 if (sh_use_sub && sh_enable_use_sub)
411 {
412 val_retry = sh_sub_stat (file_name, buf);
413 }
414 else
415 {
416 do {
417 val_retry = stat (file_name, buf);
418 } while (val_retry < 0 && errno == EINTR);
419 }
420
421 error = errno;
422 if (val_retry < 0) {
423 (void) sh_error_message(error, aud_err_message, 64);
424 sh_error_handle ((-1), file, line, error, MSG_ERR_STAT,
425 sh_error_message(error, errbuf, sizeof(errbuf)),
426 file_name );
427 }
428 errno = error;
429
430 SL_RETURN(val_retry, _("retry_stat"));
431}
432
433long int retry_fstat(const char * file, int line, int filed, struct stat *buf)
434{
435 int error;
436 long int val_retry = -1;
437 char errbuf[SH_ERRBUF_SIZE];
438
439 SL_ENTER(_("retry_fstat"));
440
441 do {
442 val_retry = fstat (filed, buf);
443 } while (val_retry < 0 && errno == EINTR);
444 error = errno;
445 if (val_retry < 0) {
446 sh_error_handle ((-1), file, line, error, MSG_ERR_FSTAT,
447 sh_error_message(error, errbuf, sizeof(errbuf)),
448 (long) filed );
449 }
450 errno = error;
451 SL_RETURN(val_retry, _("retry_fstat"));
452}
453
454long int retry_fcntl(const char * file, int line, int fd, int cmd, long arg)
455{
456 int error;
457 long int val_retry = -1;
458 char errbuf[SH_ERRBUF_SIZE];
459 errno = 0;
460
461 SL_ENTER(_("retry_fcntl"));
462
463 if (cmd == F_GETFD || cmd == F_GETFL)
464 {
465 do {
466 val_retry = fcntl(fd, cmd);
467 } while (val_retry < 0 && errno == EINTR);
468 }
469 else
470 {
471 do {
472 val_retry = fcntl(fd, cmd, arg);
473 } while (val_retry < 0 && errno == EINTR);
474 }
475 error = errno;
476 if (val_retry < 0) {
477 sh_error_handle ((-1), file, line, error, MSG_ERR_FCNTL,
478 sh_error_message(error, errbuf, sizeof(errbuf)),
479 (long) fd, (long) cmd, arg );
480 }
481 errno = error;
482 SL_RETURN(val_retry, _("retry_fcntl"));
483}
484
485long int retry_msleep (int sec, int millisec)
486{
487 int result = 0;
488#if defined(HAVE_NANOSLEEP)
489 struct timespec req, rem;
490#endif
491
492 SL_ENTER(_("retry_msleep"));
493
494 errno = 0;
495 if (millisec > 999) millisec = 999;
496 if (millisec < 0) millisec = 0;
497 if (sec < 0) sec = 0;
498
499#if defined(HAVE_NANOSLEEP)
500 /*@-usedef@*/
501 req.tv_sec = sec; rem.tv_sec = 0;
502 req.tv_nsec = millisec * 1000000; rem.tv_nsec = 0;
503 /*@+usedef@*/
504 do {
505 result = /*@-unrecog@*/nanosleep(&req, &rem)/*@+unrecog@*/;
506
507 req.tv_sec = rem.tv_sec; rem.tv_sec = 0;
508 req.tv_nsec = rem.tv_nsec; rem.tv_nsec = 0;
509
510 } while ((result == -1) && (errno == EINTR));
511#else
512 if (sec > 0)
513 {
514 sleep (sec); /* nanosleep not available */
515 }
516 else
517 {
518#ifdef HAVE_USLEEP
519 if (millisec > 0)
520 {
521 usleep(1000 * millisec);
522 }
523#else
524 if (millisec > 0)
525 {
526 sleep (1);
527 }
528#endif
529 }
530#endif
531 SL_RETURN(result, _("retry_msleep"));
532}
533
534/***************************************************
535 *
536 * Audit these functions.
537 *
538 ***************************************************/
539
540long int retry_aud_execve (const char * file, int line,
541 const char *dateiname, char * argv[],
542 char * envp[])
543{
544 uid_t a = geteuid();
545 gid_t b = getegid();
546 int i;
547 int error;
548 char errbuf[SH_ERRBUF_SIZE];
549
550 SL_ENTER(_("retry_aud_execve"));
551
552 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXEC) != 0)
553 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXEC,
554 dateiname, (long) a, (long) b );
555 do {
556 i = execve(dateiname, argv, envp);
557 } while (i < 0 && errno == EINTR);
558
559 error = errno;
560 if (i < 0) {
561 sh_error_handle ((-1), file, line, error, MSG_ERR_EXEC,
562 sh_error_message(error, errbuf, sizeof(errbuf)),
563 dateiname, (long) a, (long) b );
564 }
565 errno = error;
566 SL_RETURN(i, _("retry_aud_execve"));
567}
568
569
570long int retry_aud_utime (const char * file, int line,
571 char * path, struct utimbuf *buf)
572{
573 long int val_return;
574 int error;
575 char errbuf[SH_ERRBUF_SIZE];
576 errno = 0;
577
578 SL_ENTER(_("retry_aud_utime"));
579
580 do {
581 val_return = utime (path, buf);
582 } while (val_return < 0 && errno == EINTR);
583
584 error = errno;
585 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UTIME) != 0)
586 sh_error_handle ((-1), file, line, 0, MSG_AUD_UTIME,
587 path,
588 (unsigned long) buf->actime,
589 (unsigned long) buf->modtime);
590 if (val_return < 0) {
591 sh_error_handle ((-1), file, line, error, MSG_ERR_UTIME,
592 sh_error_message(error, errbuf, sizeof(errbuf)),
593 path,
594 (unsigned long) buf->actime,
595 (unsigned long) buf->modtime);
596 }
597 errno = error;
598 SL_RETURN(val_return, _("retry_aud_utime"));
599}
600
601long int retry_aud_unlink (const char * file, int line,
602 char * path)
603{
604 long int val_return;
605 int error;
606 char errbuf[SH_ERRBUF_SIZE];
607 errno = 0;
608
609 SL_ENTER(_("retry_aud_unlink"));
610
611 do {
612 val_return = unlink (path);
613 } while (val_return < 0 && errno == EINTR);
614
615 error = errno;
616 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_UNLINK) != 0)
617 sh_error_handle ((-1), file, line, 0, MSG_AUD_UNLINK,
618 path);
619 if (val_return < 0) {
620 sh_error_handle ((-1), file, line, error, MSG_ERR_UNLINK,
621 sh_error_message(error, errbuf, sizeof(errbuf)),
622 path);
623 }
624 errno = error;
625 SL_RETURN(val_return, _("retry_aud_unlink"));
626}
627
628long int retry_aud_dup2 (const char * file, int line,
629 int fd, int fd2)
630{
631 long int val_return;
632 int error;
633 char errbuf[SH_ERRBUF_SIZE];
634 errno = 0;
635
636 SL_ENTER(_("retry_aud_dup2"));
637
638 do {
639 val_return = dup2 (fd, fd2);
640 } while (val_return < 0 && errno == EINTR);
641
642 error = errno;
643 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
644 sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
645 (long) fd, val_return);
646 if (val_return < 0) {
647 sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
648 sh_error_message(error, errbuf, sizeof(errbuf)),
649 (long) fd, val_return);
650 }
651 errno = error;
652 SL_RETURN(val_return, _("retry_aud_dup2"));
653}
654
655long int retry_aud_dup (const char * file, int line,
656 int fd)
657{
658 long int val_return;
659 int error;
660 char errbuf[SH_ERRBUF_SIZE];
661 errno = 0;
662
663 SL_ENTER(_("retry_aud_dup"));
664
665 do {
666 val_return = dup (fd);
667 } while (val_return < 0 && errno == EINTR);
668 error = errno;
669 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_DUP) != 0)
670 sh_error_handle ((-1), file, line, 0, MSG_AUD_DUP,
671 (long) fd, val_return);
672 if (val_return < 0) {
673 sh_error_handle ((-1), file, line, error, MSG_ERR_DUP,
674 sh_error_message(error, errbuf, sizeof(errbuf)),
675 (long) fd, val_return);
676 }
677 errno = error;
678 SL_RETURN(val_return, _("retry_aud_dup"));
679}
680
681
682
683long int retry_aud_chdir (const char * file, int line,
684 const char *path)
685{
686 long int val_return;
687 int error = 0;
688 char errbuf[SH_ERRBUF_SIZE];
689 errno = 0;
690
691 SL_ENTER(_("retry_aud_chdir"));
692
693 do {
694 val_return = chdir (path);
695 } while (val_return < 0 && errno == EINTR);
696
697 error = errno;
698 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_CHDIR) != 0)
699 sh_error_handle ((-1), file, line, 0, MSG_AUD_CHDIR,
700 path);
701 if (val_return < 0) {
702 sh_error_handle ((-1), file, line, error, MSG_ERR_CHDIR,
703 sh_error_message(error, errbuf, sizeof(errbuf)),
704 path);
705 }
706 errno = error;
707 SL_RETURN(val_return, _("retry_aud_chdir"));
708}
709
710
711long int aud_open_noatime (const char * file, int line, int privs,
712 const char *pathname, int flags, mode_t mode,
713 int * o_noatime)
714{
715 long int val_return;
716 int error;
717 char errbuf[SH_ERRBUF_SIZE];
718
719 SL_ENTER(_("aud_open"));
720
721#ifdef USE_SUID
722 if (0 == strcmp(pathname, "/usr/bin/sudo"))
723 {
724 uid_t ruid; uid_t euid; uid_t suid;
725 getresuid(&ruid, &euid, &suid);
726 }
727 if (privs == SL_YESPRIV)
728 sl_set_suid();
729#else
730 /*@-noeffect@*/
731 (void) privs; /* fix compiler warning */
732 /*@+noeffect@*/
733#endif
734
735 val_return = open (pathname, *o_noatime|flags, mode);
736
737#ifdef USE_SUID
738 if (privs == SL_YESPRIV)
739 sl_unset_suid();
740#endif
741
742 if ((val_return < 0) && (*o_noatime != 0))
743 {
744 val_return = open (pathname, flags, mode);
745 if (val_return >= 0)
746 *o_noatime = 0;
747 }
748 error = errno;
749
750 if (val_return < 0)
751 {
752 (void) sh_error_message(error, aud_err_message, 64);
753 }
754
755 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
756 {
757 sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
758 pathname, (long) flags, (long) mode, val_return);
759 }
760 if (val_return < 0) {
761 sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
762 sh_error_message(error, errbuf, sizeof(errbuf)),
763 pathname, (long) flags, (long) mode, val_return);
764 }
765 errno = error;
766 SL_RETURN(val_return, _("aud_open"));
767}
768
769long int aud_open (const char * file, int line, int privs,
770 const char *pathname, int flags, mode_t mode)
771{
772 long int val_return;
773 int error;
774 char errbuf[SH_ERRBUF_SIZE];
775
776 SL_ENTER(_("aud_open"));
777
778#ifdef USE_SUID
779 if (privs == SL_YESPRIV)
780 sl_set_suid();
781#else
782 /*@-noeffect@*/
783 (void) privs; /* fix compiler warning */
784 /*@+noeffect@*/
785#endif
786
787 val_return = open (pathname, flags, mode);
788
789#ifdef USE_SUID
790 if (privs == SL_YESPRIV)
791 sl_unset_suid();
792#endif
793
794 error = errno;
795
796 if (val_return < 0)
797 {
798 (void) sh_error_message(error, aud_err_message, 64);
799 }
800
801 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_OPEN) != 0)
802 {
803 sh_error_handle ((-1), file, line, 0, MSG_AUD_OPEN,
804 pathname, (long) flags, (long) mode, val_return);
805 }
806 if (val_return < 0) {
807 sh_error_handle ((-1), file, line, error, MSG_ERR_OPEN,
808 sh_error_message(error, errbuf, sizeof(errbuf)),
809 pathname, (long) flags, (long) mode, val_return);
810 }
811 errno = error;
812 SL_RETURN(val_return, _("aud_open"));
813}
814
815long int aud_kill (const char * file, int line, pid_t pid, int sig)
816{
817 int myerror;
818 long int val_return = kill (pid, sig);
819 char errbuf[SH_ERRBUF_SIZE];
820 myerror = errno;
821
822 SL_ENTER(_("aud_kill"));
823
824 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_KILL) != 0)
825 sh_error_handle ((-1), file, line, 0, MSG_AUD_KILL,
826 (long) pid, (long) sig);
827 if (val_return < 0) {
828 sh_error_handle ((-1), file, line, myerror, MSG_ERR_KILL,
829 sh_error_message(myerror, errbuf, sizeof(errbuf)),
830 (long) pid, (long) sig);
831 }
832 errno = myerror;
833 SL_RETURN(val_return, _("aud_kill"));
834}
835
836/*@noreturn@*/
837void aud_exit (const char * file, int line, int fd)
838{
839 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
840 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
841 (long) fd);
842
843 SL_ENTER(_("aud_exit"));
844
845 sh.flag.exit = fd;
846 exit(fd);
847}
848
849/*@noreturn@*/
850void aud__exit (const char * file, int line, int fd)
851{
852 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_EXIT) != 0)
853 sh_error_handle ((-1), file, line, 0, MSG_AUD_EXIT,
854 (long) fd);
855
856 SL_ENTER(_("aud__exit"));
857
858 sh.flag.exit = fd;
859 _exit(fd);
860}
861
862pid_t aud_fork (const char * file, int line)
863{
864 int error;
865 pid_t i = fork();
866 char errbuf[SH_ERRBUF_SIZE];
867
868 error = errno;
869 SL_ENTER(_("aud_fork"));
870
871 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_FORK) != 0 && (i > 0))
872 sh_error_handle ((-1), file, line, 0, MSG_AUD_FORK,
873 (long) i);
874 if (i == (pid_t) -1) {
875 sh_error_handle ((-1), file, line, error, MSG_ERR_FORK,
876 sh_error_message(error, errbuf, sizeof(errbuf)),
877 (long) i);
878 }
879 errno = error;
880 SL_RETURN(i, _("aud_fork"));
881}
882
883int aud_setuid (const char * file, int line, uid_t uid)
884{
885 int error = 0;
886 int i = 0;
887 char errbuf[SH_ERRBUF_SIZE];
888
889 SL_ENTER(_("aud_setuid"));
890
891 if (uid != (uid_t) 0) {
892 i = setuid(uid);
893 error = errno;
894 }
895 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETUID) != 0)
896 sh_error_handle ((-1), file, line, 0, MSG_AUD_SETUID,
897 (long) uid);
898 if (uid == (uid_t) 0) {
899 i = setuid(uid);
900 error = errno;
901 }
902 if (i < 0) {
903 sh_error_handle ((-1), file, line, error, MSG_ERR_SETUID,
904 sh_error_message(error, errbuf, sizeof(errbuf)),
905 (long) uid);
906 }
907 errno = error;
908 SL_RETURN(i, _("aud_setuid"));
909}
910
911int aud_setgid (const char * file, int line, gid_t gid)
912{
913 int error = 0;
914 int i = 0;
915 char errbuf[SH_ERRBUF_SIZE];
916
917 SL_ENTER(_("aud_setgid"));
918
919 if (gid != (gid_t) 0) {
920 i = setgid(gid);
921 error = errno;
922 }
923
924 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_SETGID) != 0)
925 sh_error_handle ((-1), file, line, 0, MSG_AUD_SETGID,
926 (long) gid);
927 if (gid == (gid_t) 0) {
928 i = setgid(gid);
929 error = errno;
930 }
931 if (i < 0) {
932 sh_error_handle ((-1), file, line, error, MSG_ERR_SETGID,
933 sh_error_message(error, errbuf, sizeof(errbuf)),
934 (long) gid);
935 }
936 errno = error;
937 SL_RETURN(i, _("aud_setgid"));
938}
939
940int aud_pipe (const char * file, int line, int * modus)
941{
942 int error;
943 int i = pipe (modus);
944 char errbuf[SH_ERRBUF_SIZE];
945
946 SL_ENTER(_("aud_pipe"));
947
948 error = errno;
949 if (sh.flag.audit != 0 && (sh.flag.aud_mask & AUD_PIPE) != 0)
950 {
951 if (i < 0)
952 sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
953 (long) 0, (long) 0);
954 else
955 sh_error_handle ((-1), file, line, 0, MSG_AUD_PIPE,
956 (long) modus[0], (long) modus[1]);
957 }
958 if (i < 0) {
959 if (i < 0)
960 sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
961 sh_error_message(error, errbuf, sizeof(errbuf)),
962 (long) 0, (long) 0);
963 else
964 sh_error_handle ((-1), file, line, error, MSG_ERR_PIPE,
965 sh_error_message(error, errbuf, sizeof(errbuf)),
966 (long) modus[0], (long) modus[1]);
967 }
968 SL_RETURN(i, _("aud_pipe"));
969}
Note: See TracBrowser for help on using the repository browser.