summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr/src/cmd/auditd/doorway.c27
-rw-r--r--usr/src/lib/auditd_plugins/auditd.h5
-rw-r--r--usr/src/lib/auditd_plugins/syslog/sysplugin.c16
-rw-r--r--usr/src/lib/libbsm/common/adt.c49
-rw-r--r--usr/src/lib/libc/port/gen/getutx.c1
-rw-r--r--usr/src/lib/libc/port/locale/collate.c18
-rw-r--r--usr/src/tools/find_elf/find_elf.c11
-rw-r--r--usr/src/uts/intel/io/vmm/sys/vmm_kernel.h1
8 files changed, 84 insertions, 44 deletions
diff --git a/usr/src/cmd/auditd/doorway.c b/usr/src/cmd/auditd/doorway.c
index c3fe37afe6..59509c2593 100644
--- a/usr/src/cmd/auditd/doorway.c
+++ b/usr/src/cmd/auditd/doorway.c
@@ -23,6 +23,10 @@
*/
/*
+ * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
+ */
+
+/*
* Threads:
*
* auditd is thread 0 and does signal handling
@@ -151,12 +155,12 @@ warn_or_fatal(int fatal, char *parting_shot)
static void
report_error(int rc, char *error_text, char *plugin_path)
{
- int warn = 0;
char rcbuf[100]; /* short error name string */
char message[FATAL_MESSAGE_LEN];
int bad_count = 0;
char *name;
char empty[] = "..";
+ boolean_t warn = B_FALSE, discard = B_FALSE;
static int no_plug = 0;
static int no_load = 0;
@@ -174,17 +178,17 @@ report_error(int rc, char *error_text, char *plugin_path)
switch (rc) {
case INTERNAL_LOAD_ERROR:
- warn = 1;
+ warn = B_TRUE;
bad_count = ++no_load;
(void) strcpy(rcbuf, "load_error");
break;
case INTERNAL_SYS_ERROR:
- warn = 1;
+ warn = B_TRUE;
bad_count = ++no_thread;
(void) strcpy(rcbuf, "sys_error");
break;
case INTERNAL_CONFIG_ERROR:
- warn = 1;
+ warn = B_TRUE;
bad_count = ++no_plug;
(void) strcpy(rcbuf, "config_error");
name = strdup("--");
@@ -192,17 +196,17 @@ report_error(int rc, char *error_text, char *plugin_path)
case AUDITD_SUCCESS:
break;
case AUDITD_NO_MEMORY: /* no_memory */
- warn = 1;
+ warn = B_TRUE;
bad_count = ++no_memory;
(void) strcpy(rcbuf, "no_memory");
break;
case AUDITD_INVALID: /* invalid */
- warn = 1;
+ warn = B_TRUE;
bad_count = ++invalid;
(void) strcpy(rcbuf, "invalid");
break;
case AUDITD_RETRY:
- warn = 1;
+ warn = B_TRUE;
bad_count = ++retry;
(void) strcpy(rcbuf, "retry");
break;
@@ -210,10 +214,15 @@ report_error(int rc, char *error_text, char *plugin_path)
(void) strcpy(rcbuf, "comm_fail");
break;
case AUDITD_FATAL: /* failure */
- warn = 1;
+ warn = B_TRUE;
bad_count = ++fail;
(void) strcpy(rcbuf, "failure");
break;
+ case AUDITD_DISCARD: /* discarded - shouldn't get here */
+ /* Don't report this one; it's a non-error. */
+ discard = B_TRUE;
+ (void) strcpy(rcbuf, "discarded");
+ break;
default:
(void) strcpy(rcbuf, "error");
break;
@@ -222,7 +231,7 @@ report_error(int rc, char *error_text, char *plugin_path)
bad_count, name, rcbuf, error_text));
if (warn)
__audit_dowarn2("plugin", name, rcbuf, error_text, bad_count);
- else {
+ else if (!discard) {
(void) snprintf(message, FATAL_MESSAGE_LEN,
gettext("audit plugin %s reported error = \"%s\": %s\n"),
name, rcbuf, error_text);
diff --git a/usr/src/lib/auditd_plugins/auditd.h b/usr/src/lib/auditd_plugins/auditd.h
index 6be801b6eb..d7ca96deaa 100644
--- a/usr/src/lib/auditd_plugins/auditd.h
+++ b/usr/src/lib/auditd_plugins/auditd.h
@@ -22,6 +22,8 @@
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
+ * Copyright 2017 Tintri by DDN, Inc. All rights reserved.
+ *
* This is an unstable interface; changes may be made without
* notice.
*/
@@ -46,7 +48,8 @@ enum auditd_rc {
AUDITD_INVALID, /* bad input (WARN invalid) */
AUDITD_COMM_FAIL, /* communications failure */
AUDITD_FATAL, /* other error (WARN failure) */
- AUDITD_FAIL /* other non-fatal error */
+ AUDITD_FAIL, /* other non-fatal error */
+ AUDITD_DISCARD /* Discarded message */
};
typedef enum auditd_rc auditd_rc_t;
diff --git a/usr/src/lib/auditd_plugins/syslog/sysplugin.c b/usr/src/lib/auditd_plugins/syslog/sysplugin.c
index 948e60aa7a..2f307176d2 100644
--- a/usr/src/lib/auditd_plugins/syslog/sysplugin.c
+++ b/usr/src/lib/auditd_plugins/syslog/sysplugin.c
@@ -22,6 +22,8 @@
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
+ * Copyright 2017 Tintri by DDN, Inc. All rights reserved.
+ *
* convert binary audit records to syslog messages and
* send them off to syslog
*
@@ -226,7 +228,7 @@ tossit(au_event_t id, int passfail)
static size_t
fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
- size_t txtlen)
+ size_t txtlen)
{
size_t len;
@@ -253,7 +255,7 @@ fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
static size_t
fromright(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
- size_t txtlen)
+ size_t txtlen)
{
size_t len;
@@ -650,7 +652,7 @@ filter(const char *input, uint64_t sequence, char *output,
ctx.out.sf_zonelen = 0;
}
- return (-1); /* tell caller it was tossed */
+ return (AUDITD_DISCARD);
}
bp = output;
remaining = out_len;
@@ -823,16 +825,16 @@ auditd_plugin(const char *input, size_t in_len, uint64_t sequence, char **error)
DPRINT((dbfp, "syslog: write_count=%llu, "
"buffer=%llu, tossed=%llu\n",
++write_count, sequence, toss_count));
- } else if (rc > 0) { /* -1 == discard it */
+ } else if (rc != AUDITD_DISCARD) {
DPRINT((dbfp, "syslog: parse failed for buffer %llu\n",
sequence));
*error = strdup(gettext(
"Unable to parse audit record"));
} else {
- DPRINT((dbfp, "syslog: rc = %d (-1 is discard), "
+ DPRINT((dbfp, "syslog: rc = %d (%d is discard), "
"sequence=%llu, toss_count=%llu\n",
- rc, sequence, ++toss_count));
- rc = 0;
+ rc, AUDITD_DISCARD, sequence, ++toss_count));
+ rc = AUDITD_SUCCESS;
}
free(outbuf);
}
diff --git a/usr/src/lib/libbsm/common/adt.c b/usr/src/lib/libbsm/common/adt.c
index 20741efa75..3e0f4ec2c5 100644
--- a/usr/src/lib/libbsm/common/adt.c
+++ b/usr/src/lib/libbsm/common/adt.c
@@ -23,6 +23,7 @@
* Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright 2013, Joyent, Inc. All rights reserved.
* Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
+ * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
*/
#include <bsm/adt.h>
@@ -192,7 +193,23 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
/* c2audit excluded */
mask->am_success = 0;
mask->am_failure = 0;
- } else if (uid <= MAXUID) {
+ return (0);
+ }
+
+ /*
+ * This function applies the 'attributable' mask, modified by
+ * any per-user flags, to any user whose UID can be mapped to
+ * a name via name services.
+ * Others, such as users with Ephemeral UIDs, or NFS clients
+ * using AUTH_SYS, get the 'non-attributable mask'.
+ * This is true even if some _other_ system or service could
+ * map the ID to a name, or if it could be inferred from
+ * other records.
+ * Note that it is possible for records to contain _only_
+ * an ephemeral ID, which can't be mapped back to a name
+ * once it becomes invalid (e.g. server reboot).
+ */
+ if (uid <= MAXUID) {
if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
adt_write_syslog("couldn't determine maximum size of "
"password buffer", errno);
@@ -201,18 +218,24 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
return (-1);
}
- if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
- errno = EINVAL; /* user doesn't exist */
- free(pwd_buff);
- return (-1);
- }
- if (au_user_mask(pwd.pw_name, mask)) {
+ /*
+ * Ephemeral id's and id's that exist in a name service we
+ * don't have configured (LDAP, NIS) can't be looked up,
+ * but either way it's not an error.
+ */
+ if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
+ if (au_user_mask(pwd.pw_name, mask)) {
+ free(pwd_buff);
+ errno = EFAULT; /* undetermined failure */
+ return (-1);
+ }
free(pwd_buff);
- errno = EFAULT; /* undetermined failure */
- return (-1);
+ return (0);
}
free(pwd_buff);
- } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
+ }
+
+ if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
return (-1);
}
@@ -1082,9 +1105,9 @@ adt_from_export_format(adt_internal_state_t *internal,
struct export_header head;
struct export_link link;
adr_t context;
- int32_t offset;
- int32_t length;
- int32_t version;
+ int32_t offset;
+ int32_t length;
+ int32_t version;
size_t label_len;
char *p = (char *)external;
diff --git a/usr/src/lib/libc/port/gen/getutx.c b/usr/src/lib/libc/port/gen/getutx.c
index 5ccd88e55d..71b8364600 100644
--- a/usr/src/lib/libc/port/gen/getutx.c
+++ b/usr/src/lib/libc/port/gen/getutx.c
@@ -877,7 +877,6 @@ updwtmpx(const char *filex, struct utmpx *utx)
utmpx_api2frec(utx, &futx);
(void) write(wfdx, &futx, sizeof (futx));
-done:
(void) close(wfdx);
}
diff --git a/usr/src/lib/libc/port/locale/collate.c b/usr/src/lib/libc/port/locale/collate.c
index a8d7bf60d5..cf480c913b 100644
--- a/usr/src/lib/libc/port/locale/collate.c
+++ b/usr/src/lib/libc/port/locale/collate.c
@@ -380,7 +380,7 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf,
wchar_t *tr = NULL;
int direc;
int pass;
- const int32_t *state;
+ const int32_t *state;
size_t want = 0;
size_t need = 0;
int ndir = lcc->lc_directive_count;
@@ -470,14 +470,11 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf,
}
}
-end:
- if (tr)
- free(tr);
+ free(tr);
return (need);
fail:
- if (tr)
- free(tr);
+ free(tr);
return ((size_t)(-1));
}
@@ -531,7 +528,7 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc)
wchar_t *tr = NULL;
int direc;
int pass;
- const int32_t *state;
+ const int32_t *state;
size_t want = 0;
size_t need = 0;
int b;
@@ -640,13 +637,10 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc)
}
}
-end:
- if (tr)
- free(tr);
+ free(tr);
return (need);
fail:
- if (tr)
- free(tr);
+ free(tr);
return ((size_t)(-1));
}
diff --git a/usr/src/tools/find_elf/find_elf.c b/usr/src/tools/find_elf/find_elf.c
index 7c31ccc685..4ece9ac44a 100644
--- a/usr/src/tools/find_elf/find_elf.c
+++ b/usr/src/tools/find_elf/find_elf.c
@@ -229,7 +229,18 @@ process_arg(char *arg)
err(EXIT_FAILURE, "not a file or directory: %s", arg);
}
+#ifndef O_DIRECTORY
+ struct stat tsb;
+ if (stat(dir, &tsb) == -1) {
+ err(EXIT_FAILURE, "failed to stat %s", dir);
+ }
+ if (!S_ISDIR(tsb.st_mode)) {
+ errx(EXIT_FAILURE, "not a directory: %s", dir);
+ }
+ rootfd = open(dir, O_RDONLY);
+#else
rootfd = open(dir, O_RDONLY|O_DIRECTORY);
+#endif
if (rootfd < 0) {
err(EXIT_FAILURE, "%s", dir);
}
diff --git a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
index 404942f438..290044b438 100644
--- a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
+++ b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
@@ -483,7 +483,6 @@ typedef struct vmm_data_req {
void *vdr_data;
uint32_t *vdr_result_len;
} vmm_data_req_t;
-typedef struct vmm_data_req vmm_data_req_t;
typedef int (*vmm_data_writef_t)(void *, const vmm_data_req_t *);
typedef int (*vmm_data_readf_t)(void *, const vmm_data_req_t *);