diff options
-rw-r--r-- | usr/src/cmd/auditd/doorway.c | 27 | ||||
-rw-r--r-- | usr/src/lib/auditd_plugins/auditd.h | 5 | ||||
-rw-r--r-- | usr/src/lib/auditd_plugins/syslog/sysplugin.c | 16 | ||||
-rw-r--r-- | usr/src/lib/libbsm/common/adt.c | 49 | ||||
-rw-r--r-- | usr/src/lib/libc/port/gen/getutx.c | 1 | ||||
-rw-r--r-- | usr/src/lib/libc/port/locale/collate.c | 18 | ||||
-rw-r--r-- | usr/src/tools/find_elf/find_elf.c | 11 | ||||
-rw-r--r-- | usr/src/uts/intel/io/vmm/sys/vmm_kernel.h | 1 |
8 files changed, 84 insertions, 44 deletions
diff --git a/usr/src/cmd/auditd/doorway.c b/usr/src/cmd/auditd/doorway.c index c3fe37afe6..59509c2593 100644 --- a/usr/src/cmd/auditd/doorway.c +++ b/usr/src/cmd/auditd/doorway.c @@ -23,6 +23,10 @@ */ /* + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. + */ + +/* * Threads: * * auditd is thread 0 and does signal handling @@ -151,12 +155,12 @@ warn_or_fatal(int fatal, char *parting_shot) static void report_error(int rc, char *error_text, char *plugin_path) { - int warn = 0; char rcbuf[100]; /* short error name string */ char message[FATAL_MESSAGE_LEN]; int bad_count = 0; char *name; char empty[] = ".."; + boolean_t warn = B_FALSE, discard = B_FALSE; static int no_plug = 0; static int no_load = 0; @@ -174,17 +178,17 @@ report_error(int rc, char *error_text, char *plugin_path) switch (rc) { case INTERNAL_LOAD_ERROR: - warn = 1; + warn = B_TRUE; bad_count = ++no_load; (void) strcpy(rcbuf, "load_error"); break; case INTERNAL_SYS_ERROR: - warn = 1; + warn = B_TRUE; bad_count = ++no_thread; (void) strcpy(rcbuf, "sys_error"); break; case INTERNAL_CONFIG_ERROR: - warn = 1; + warn = B_TRUE; bad_count = ++no_plug; (void) strcpy(rcbuf, "config_error"); name = strdup("--"); @@ -192,17 +196,17 @@ report_error(int rc, char *error_text, char *plugin_path) case AUDITD_SUCCESS: break; case AUDITD_NO_MEMORY: /* no_memory */ - warn = 1; + warn = B_TRUE; bad_count = ++no_memory; (void) strcpy(rcbuf, "no_memory"); break; case AUDITD_INVALID: /* invalid */ - warn = 1; + warn = B_TRUE; bad_count = ++invalid; (void) strcpy(rcbuf, "invalid"); break; case AUDITD_RETRY: - warn = 1; + warn = B_TRUE; bad_count = ++retry; (void) strcpy(rcbuf, "retry"); break; @@ -210,10 +214,15 @@ report_error(int rc, char *error_text, char *plugin_path) (void) strcpy(rcbuf, "comm_fail"); break; case AUDITD_FATAL: /* failure */ - warn = 1; + warn = B_TRUE; bad_count = ++fail; (void) strcpy(rcbuf, "failure"); break; + case AUDITD_DISCARD: /* discarded - shouldn't get here */ + /* Don't report this one; it's a non-error. */ + discard = B_TRUE; + (void) strcpy(rcbuf, "discarded"); + break; default: (void) strcpy(rcbuf, "error"); break; @@ -222,7 +231,7 @@ report_error(int rc, char *error_text, char *plugin_path) bad_count, name, rcbuf, error_text)); if (warn) __audit_dowarn2("plugin", name, rcbuf, error_text, bad_count); - else { + else if (!discard) { (void) snprintf(message, FATAL_MESSAGE_LEN, gettext("audit plugin %s reported error = \"%s\": %s\n"), name, rcbuf, error_text); diff --git a/usr/src/lib/auditd_plugins/auditd.h b/usr/src/lib/auditd_plugins/auditd.h index 6be801b6eb..d7ca96deaa 100644 --- a/usr/src/lib/auditd_plugins/auditd.h +++ b/usr/src/lib/auditd_plugins/auditd.h @@ -22,6 +22,8 @@ * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * + * Copyright 2017 Tintri by DDN, Inc. All rights reserved. + * * This is an unstable interface; changes may be made without * notice. */ @@ -46,7 +48,8 @@ enum auditd_rc { AUDITD_INVALID, /* bad input (WARN invalid) */ AUDITD_COMM_FAIL, /* communications failure */ AUDITD_FATAL, /* other error (WARN failure) */ - AUDITD_FAIL /* other non-fatal error */ + AUDITD_FAIL, /* other non-fatal error */ + AUDITD_DISCARD /* Discarded message */ }; typedef enum auditd_rc auditd_rc_t; diff --git a/usr/src/lib/auditd_plugins/syslog/sysplugin.c b/usr/src/lib/auditd_plugins/syslog/sysplugin.c index 948e60aa7a..2f307176d2 100644 --- a/usr/src/lib/auditd_plugins/syslog/sysplugin.c +++ b/usr/src/lib/auditd_plugins/syslog/sysplugin.c @@ -22,6 +22,8 @@ * Copyright 2010 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * + * Copyright 2017 Tintri by DDN, Inc. All rights reserved. + * * convert binary audit records to syslog messages and * send them off to syslog * @@ -226,7 +228,7 @@ tossit(au_event_t id, int passfail) static size_t fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt, - size_t txtlen) + size_t txtlen) { size_t len; @@ -253,7 +255,7 @@ fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt, static size_t fromright(char *p, size_t avail, char *attrname, size_t attrlen, char *txt, - size_t txtlen) + size_t txtlen) { size_t len; @@ -650,7 +652,7 @@ filter(const char *input, uint64_t sequence, char *output, ctx.out.sf_zonelen = 0; } - return (-1); /* tell caller it was tossed */ + return (AUDITD_DISCARD); } bp = output; remaining = out_len; @@ -823,16 +825,16 @@ auditd_plugin(const char *input, size_t in_len, uint64_t sequence, char **error) DPRINT((dbfp, "syslog: write_count=%llu, " "buffer=%llu, tossed=%llu\n", ++write_count, sequence, toss_count)); - } else if (rc > 0) { /* -1 == discard it */ + } else if (rc != AUDITD_DISCARD) { DPRINT((dbfp, "syslog: parse failed for buffer %llu\n", sequence)); *error = strdup(gettext( "Unable to parse audit record")); } else { - DPRINT((dbfp, "syslog: rc = %d (-1 is discard), " + DPRINT((dbfp, "syslog: rc = %d (%d is discard), " "sequence=%llu, toss_count=%llu\n", - rc, sequence, ++toss_count)); - rc = 0; + rc, AUDITD_DISCARD, sequence, ++toss_count)); + rc = AUDITD_SUCCESS; } free(outbuf); } diff --git a/usr/src/lib/libbsm/common/adt.c b/usr/src/lib/libbsm/common/adt.c index 20741efa75..3e0f4ec2c5 100644 --- a/usr/src/lib/libbsm/common/adt.c +++ b/usr/src/lib/libbsm/common/adt.c @@ -23,6 +23,7 @@ * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2013, Joyent, Inc. All rights reserved. * Copyright 2017 OmniOS Community Edition (OmniOSce) Association. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <bsm/adt.h> @@ -192,7 +193,23 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask) /* c2audit excluded */ mask->am_success = 0; mask->am_failure = 0; - } else if (uid <= MAXUID) { + return (0); + } + + /* + * This function applies the 'attributable' mask, modified by + * any per-user flags, to any user whose UID can be mapped to + * a name via name services. + * Others, such as users with Ephemeral UIDs, or NFS clients + * using AUTH_SYS, get the 'non-attributable mask'. + * This is true even if some _other_ system or service could + * map the ID to a name, or if it could be inferred from + * other records. + * Note that it is possible for records to contain _only_ + * an ephemeral ID, which can't be mapped back to a name + * once it becomes invalid (e.g. server reboot). + */ + if (uid <= MAXUID) { if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { adt_write_syslog("couldn't determine maximum size of " "password buffer", errno); @@ -201,18 +218,24 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask) if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) { return (-1); } - if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) { - errno = EINVAL; /* user doesn't exist */ - free(pwd_buff); - return (-1); - } - if (au_user_mask(pwd.pw_name, mask)) { + /* + * Ephemeral id's and id's that exist in a name service we + * don't have configured (LDAP, NIS) can't be looked up, + * but either way it's not an error. + */ + if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) { + if (au_user_mask(pwd.pw_name, mask)) { + free(pwd_buff); + errno = EFAULT; /* undetermined failure */ + return (-1); + } free(pwd_buff); - errno = EFAULT; /* undetermined failure */ - return (-1); + return (0); } free(pwd_buff); - } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) { + } + + if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) { return (-1); } @@ -1082,9 +1105,9 @@ adt_from_export_format(adt_internal_state_t *internal, struct export_header head; struct export_link link; adr_t context; - int32_t offset; - int32_t length; - int32_t version; + int32_t offset; + int32_t length; + int32_t version; size_t label_len; char *p = (char *)external; diff --git a/usr/src/lib/libc/port/gen/getutx.c b/usr/src/lib/libc/port/gen/getutx.c index 5ccd88e55d..71b8364600 100644 --- a/usr/src/lib/libc/port/gen/getutx.c +++ b/usr/src/lib/libc/port/gen/getutx.c @@ -877,7 +877,6 @@ updwtmpx(const char *filex, struct utmpx *utx) utmpx_api2frec(utx, &futx); (void) write(wfdx, &futx, sizeof (futx)); -done: (void) close(wfdx); } diff --git a/usr/src/lib/libc/port/locale/collate.c b/usr/src/lib/libc/port/locale/collate.c index a8d7bf60d5..cf480c913b 100644 --- a/usr/src/lib/libc/port/locale/collate.c +++ b/usr/src/lib/libc/port/locale/collate.c @@ -380,7 +380,7 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf, wchar_t *tr = NULL; int direc; int pass; - const int32_t *state; + const int32_t *state; size_t want = 0; size_t need = 0; int ndir = lcc->lc_directive_count; @@ -470,14 +470,11 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf, } } -end: - if (tr) - free(tr); + free(tr); return (need); fail: - if (tr) - free(tr); + free(tr); return ((size_t)(-1)); } @@ -531,7 +528,7 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc) wchar_t *tr = NULL; int direc; int pass; - const int32_t *state; + const int32_t *state; size_t want = 0; size_t need = 0; int b; @@ -640,13 +637,10 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc) } } -end: - if (tr) - free(tr); + free(tr); return (need); fail: - if (tr) - free(tr); + free(tr); return ((size_t)(-1)); } diff --git a/usr/src/tools/find_elf/find_elf.c b/usr/src/tools/find_elf/find_elf.c index 7c31ccc685..4ece9ac44a 100644 --- a/usr/src/tools/find_elf/find_elf.c +++ b/usr/src/tools/find_elf/find_elf.c @@ -229,7 +229,18 @@ process_arg(char *arg) err(EXIT_FAILURE, "not a file or directory: %s", arg); } +#ifndef O_DIRECTORY + struct stat tsb; + if (stat(dir, &tsb) == -1) { + err(EXIT_FAILURE, "failed to stat %s", dir); + } + if (!S_ISDIR(tsb.st_mode)) { + errx(EXIT_FAILURE, "not a directory: %s", dir); + } + rootfd = open(dir, O_RDONLY); +#else rootfd = open(dir, O_RDONLY|O_DIRECTORY); +#endif if (rootfd < 0) { err(EXIT_FAILURE, "%s", dir); } diff --git a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h index 404942f438..290044b438 100644 --- a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h +++ b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h @@ -483,7 +483,6 @@ typedef struct vmm_data_req { void *vdr_data; uint32_t *vdr_result_len; } vmm_data_req_t; -typedef struct vmm_data_req vmm_data_req_t; typedef int (*vmm_data_writef_t)(void *, const vmm_data_req_t *); typedef int (*vmm_data_readf_t)(void *, const vmm_data_req_t *); |