diff options
| author | Robert Watson <rwatson@FreeBSD.org> | 2016-08-20 20:28:08 +0000 |
|---|---|---|
| committer | Robert Watson <rwatson@FreeBSD.org> | 2016-08-20 20:28:08 +0000 |
| commit | 70a98c110e711d5c90954faaa02d76e79c64a10d (patch) | |
| tree | 93cc6894a70d43090940a3bd2d3b7a960bcb0e99 | |
| parent | e19497672ba9d7f4370c408edacf8be31d1427d6 (diff) | |
| download | src-70a98c110e711d5c90954faaa02d76e79c64a10d.tar.gz src-70a98c110e711d5c90954faaa02d76e79c64a10d.zip | |
Audit the accepted (or rejected) username argument to setlogin(2).
(NB: This was likely a mismerge from XNU in audit support, where the
text argument to setlogin(2) is captured -- but as a text token,
whereas this change uses the dedicated login-name field in struct
audit_record.)
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Notes
Notes:
svn path=/head/; revision=304544
| -rw-r--r-- | sys/kern/kern_prot.c | 1 | ||||
| -rw-r--r-- | sys/security/audit/audit.h | 6 | ||||
| -rw-r--r-- | sys/security/audit/audit_bsm.c | 4 |
3 files changed, 9 insertions, 2 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 797866dbd286..0a7de9f9ba4c 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2105,6 +2105,7 @@ sys_setlogin(struct thread *td, struct setlogin_args *uap) error = EINVAL; return (error); } + AUDIT_ARG_LOGIN(logintmp); PROC_LOCK(p); SESS_LOCK(p->p_session); strcpy(p->p_session->s_login, logintmp); diff --git a/sys/security/audit/audit.h b/sys/security/audit/audit.h index 559d571cbc45..4483d1b39e39 100644 --- a/sys/security/audit/audit.h +++ b/sys/security/audit/audit.h @@ -212,6 +212,11 @@ void audit_thread_free(struct thread *td); audit_arg_groupset((gidset), (gidset_size)); \ } while (0) +#define AUDIT_ARG_LOGIN(login) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_login((login)); \ +} while (0) + #define AUDIT_ARG_MODE(mode) do { \ if (AUDITING_TD(curthread)) \ audit_arg_mode((mode)); \ @@ -354,6 +359,7 @@ void audit_thread_free(struct thread *td); #define AUDIT_ARG_FFLAGS(fflags) #define AUDIT_ARG_GID(gid) #define AUDIT_ARG_GROUPSET(gidset, gidset_size) +#define AUDIT_ARG_LOGIN(login) #define AUDIT_ARG_MODE(mode) #define AUDIT_ARG_OWNER(uid, gid) #define AUDIT_ARG_PID(pid) diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c index c2614b4119bc..b4b1c67a3aec 100644 --- a/sys/security/audit/audit_bsm.c +++ b/sys/security/audit/audit_bsm.c @@ -1394,8 +1394,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau) break; case AUE_SETLOGIN: - if (ARG_IS_VALID(kar, ARG_TEXT)) { - tok = au_to_text(ar->ar_arg_text); + if (ARG_IS_VALID(kar, ARG_LOGIN)) { + tok = au_to_text(ar->ar_arg_login); kau_write(rec, tok); } break; |