diff --git a/sudo-1.6.9p4-audit.patch b/sudo-1.6.9p4-audit.patch index 148c2a6..0459b55 100644 --- a/sudo-1.6.9p4-audit.patch +++ b/sudo-1.6.9p4-audit.patch @@ -1,145 +1,86 @@ -diff -up sudo-1.6.9p4/audit_help.c.audit sudo-1.6.9p4/audit_help.c ---- sudo-1.6.9p4/audit_help.c.audit 2007-08-30 20:06:30.000000000 +0400 -+++ sudo-1.6.9p4/audit_help.c 2007-08-30 20:06:30.000000000 +0400 -@@ -0,0 +1,81 @@ -+/* -+ * Audit helper functions used throughout sudo -+ * -+ * Copyright (C) 2007, Red Hat, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ */ -+ -+#include -+ -+#ifdef WITH_AUDIT -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+int audit_fd; -+ -+void audit_help_open (void) -+{ -+ audit_fd = audit_open (); -+ if (audit_fd < 0) { -+ /* You get these only when the kernel doesn't have -+ * audit compiled in. */ -+ if (errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT) -+ return; -+ fprintf (stderr, "Cannot open audit interface - aborting.\n"); -+ exit (1); -+ } -+} -+ -+/* -+ * This function will log a message to the audit system using a predefined -+ * message format. Parameter usage is as follows: -+ * -+ * type - type of message: AUDIT_USER_CMD -+ * command - the command being logged -+ * result - 1 is "success" and 0 is "failed" -+ * -+ */ -+void audit_logger (int type, const char *command, int result) -+{ -+ int err; -+ -+ if (audit_fd < 0) -+ return; -+ else { -+ err = audit_log_user_command (audit_fd, type, command, NULL, result); -+ /* The kernel supports auditing and we had -+ enough privilege to write to the socket. */ -+ if( err <= 0 && !(errno == EPERM && getuid() != 0) ) { -+ perror("audit_log_user_command()"); -+ } -+ } -+} -+ -+#endif /* WITH_AUDIT */ -+ -diff -up sudo-1.6.9p4/Makefile.in.audit sudo-1.6.9p4/Makefile.in ---- sudo-1.6.9p4/Makefile.in.audit 2007-08-15 18:16:57.000000000 +0400 -+++ sudo-1.6.9p4/Makefile.in 2007-08-30 20:06:30.000000000 +0400 -@@ -118,11 +118,13 @@ HDRS = compat.h def_data.h defaults.h in - - AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ - -+AUDIT_OBJS = audit_help.o -+ - PARSEOBJS = sudo.tab.o lex.yy.o alloc.o defaults.o - - SUDOBJS = check.o env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \ - interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o \ -- tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) -+ tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) $(AUDIT_OBJS) - - VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) - -@@ -273,6 +275,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH - sia.o: $(authdir)/sia.c $(AUTHDEP) - $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c - -+audit_help.o: audit_help.c sudo.h -+ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(LIBADUIT) $(srcdir)/audit_help.c -+ - sudo.man.in: $(srcdir)/sudo.pod - @rm -f $(srcdir)/$@ - ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e 1d -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" >> $@ ) -diff -up sudo-1.6.9p4/sudo.h.audit sudo-1.6.9p4/sudo.h ---- sudo-1.6.9p4/sudo.h.audit 2007-08-30 20:06:30.000000000 +0400 -+++ sudo-1.6.9p4/sudo.h 2007-08-30 20:06:30.000000000 +0400 -@@ -23,6 +23,8 @@ - #ifndef _SUDO_SUDO_H - #define _SUDO_SUDO_H - -+#include -+ - #include - #include - #include "compat.h" -@@ -274,4 +276,10 @@ extern int sudo_mode; - extern int errno; +diff -up sudo-1.6.9p4/set_perms.c.audit sudo-1.6.9p4/set_perms.c +--- sudo-1.6.9p4/set_perms.c.audit 2007-07-06 16:16:22.000000000 +0200 ++++ sudo-1.6.9p4/set_perms.c 2008-01-07 19:52:41.000000000 +0100 +@@ -53,6 +53,10 @@ + #ifdef HAVE_LOGIN_CAP_H + # include #endif - -+#ifdef WITH_AUDIT -+extern int audit_fd; -+extern void audit_help_open (void); -+extern void audit_logger (int, const char *, int); ++#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) ++# include ++# include +#endif + + #include "sudo.h" + +@@ -101,22 +105,55 @@ set_perms(perm) + if (setresuid(user_uid, user_uid, user_uid)) + err(1, "setresuid(user_uid, user_uid, user_uid)"); + break; +- + - #endif /* _SUDO_SUDO_H */ ++ case PERM_FULL_RUNAS: ++#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) ++ { /* BEGIN CAP BLOCK */ ++ cap_t new_caps; ++ cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; ++ ++ if (runas_pw->pw_uid != ROOT_UID) { ++ new_caps = cap_init (); ++ if (!new_caps) ++ err(1, "Error initing capabilities, aborting.\n"); ++ ++ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) || ++ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) { ++ err(1, "Error setting capabilities, aborting\n"); ++ } ++ ++ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) ++ err(1, "Error setting KEEPCAPS, aborting\n"); ++ } ++#endif ++ /* headed for exec(), assume euid == ROOT_UID */ ++ runas_setup (); ++ if (setresuid(def_stay_setuid ? ++ user_uid : runas_pw->pw_uid, ++ runas_pw->pw_uid, runas_pw->pw_uid)) ++ err(1, "unable to change to runas uid"); ++ ++#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) ++ if (runas_pw->pw_uid != ROOT_UID) { ++ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) ++ err(1, "Error resetting KEEPCAPS, aborting\n"); ++ ++ if (cap_set_proc(new_caps)) ++ err(1, "Error dropping capabilities, aborting\n"); ++ ++ if (cap_free (new_caps)) ++ err(1, "Error freeing caps\n"); ++ } ++ } /* END CAP BLOCK */ ++#endif ++ break; ++ + case PERM_RUNAS: + (void) setresgid(-1, runas_pw->pw_gid, -1); + if (setresuid(-1, runas_pw->pw_uid, -1)) + err(1, "unable to change to runas uid"); + break; + +- case PERM_FULL_RUNAS: +- /* headed for exec(), assume euid == ROOT_UID */ +- runas_setup(); +- if (setresuid(def_stay_setuid ? +- user_uid : runas_pw->pw_uid, +- runas_pw->pw_uid, runas_pw->pw_uid)) +- err(1, "unable to change to runas uid"); +- break; +- + case PERM_SUDOERS: + /* assume euid == ROOT_UID, ruid == user */ + if (setresgid(-1, SUDOERS_GID, -1)) diff -up sudo-1.6.9p4/sudo.c.audit sudo-1.6.9p4/sudo.c ---- sudo-1.6.9p4/sudo.c.audit 2007-08-30 20:06:30.000000000 +0400 -+++ sudo-1.6.9p4/sudo.c 2007-08-30 20:18:26.000000000 +0400 +--- sudo-1.6.9p4/sudo.c.audit 2008-01-07 19:52:41.000000000 +0100 ++++ sudo-1.6.9p4/sudo.c 2008-01-07 19:52:41.000000000 +0100 @@ -97,6 +97,10 @@ # include #endif @@ -280,8 +221,8 @@ diff -up sudo-1.6.9p4/sudo.c.audit sudo-1.6.9p4/sudo.c exit(127); } else if (ISSET(validated, FLAG_NO_USER) || (validated & FLAG_NO_HOST)) { diff -up sudo-1.6.9p4/configure.in.audit sudo-1.6.9p4/configure.in ---- sudo-1.6.9p4/configure.in.audit 2007-08-30 20:06:30.000000000 +0400 -+++ sudo-1.6.9p4/configure.in 2007-08-30 20:06:30.000000000 +0400 +--- sudo-1.6.9p4/configure.in.audit 2008-01-07 19:52:41.000000000 +0100 ++++ sudo-1.6.9p4/configure.in 2008-01-07 19:52:41.000000000 +0100 @@ -150,6 +150,10 @@ dnl dnl Options for --with dnl @@ -319,83 +260,146 @@ diff -up sudo-1.6.9p4/configure.in.audit sudo-1.6.9p4/configure.in dnl dnl Add in any libpaths or libraries specified via configure dnl -diff -up sudo-1.6.9p4/set_perms.c.audit sudo-1.6.9p4/set_perms.c ---- sudo-1.6.9p4/set_perms.c.audit 2007-07-06 18:16:22.000000000 +0400 -+++ sudo-1.6.9p4/set_perms.c 2007-08-30 20:06:30.000000000 +0400 -@@ -53,6 +53,10 @@ - #ifdef HAVE_LOGIN_CAP_H - # include +diff -up /dev/null sudo-1.6.9p4/audit_help.c +--- /dev/null 2008-01-04 00:33:16.572612675 +0100 ++++ sudo-1.6.9p4/audit_help.c 2008-01-07 19:55:40.000000000 +0100 +@@ -0,0 +1,88 @@ ++/* ++ * Audit helper functions used throughout sudo ++ * ++ * Copyright (C) 2007, Red Hat, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include ++ ++#ifdef WITH_AUDIT ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int audit_fd; ++ ++void audit_help_open (void) ++{ ++ audit_fd = audit_open (); ++ if (audit_fd < 0) { ++ /* You get these only when the kernel doesn't have ++ * audit compiled in. */ ++ if (errno == EINVAL || errno == EPROTONOSUPPORT || ++ errno == EAFNOSUPPORT) ++ return; ++ fprintf (stderr, "Cannot open audit interface - aborting.\n"); ++ exit (1); ++ } ++} ++ ++/* ++ * This function will log a message to the audit system using a predefined ++ * message format. Parameter usage is as follows: ++ * ++ * type - type of message: AUDIT_USER_CMD ++ * command - the command being logged ++ * result - 1 is "success" and 0 is "failed" ++ * ++ */ ++void audit_logger (int type, const char *command, int result) ++{ ++ int err; ++ ++ if (audit_fd < 0) ++ return; ++ else { ++ err = audit_log_user_command (audit_fd, type, command, NULL, result); ++ /* The kernel supports auditing and we had ++ enough privilege to write to the socket. */ ++ if( err <= 0 && !(errno == EPERM && getuid() != 0) ) { ++ perror("audit_log_user_command()"); ++ } ++ } ++} ++ ++ ++#endif /* WITH_AUDIT */ ++ ++ +diff -up sudo-1.6.9p4/Makefile.in.audit sudo-1.6.9p4/Makefile.in +--- sudo-1.6.9p4/Makefile.in.audit 2007-08-15 16:16:57.000000000 +0200 ++++ sudo-1.6.9p4/Makefile.in 2008-01-07 19:52:41.000000000 +0100 +@@ -118,11 +118,13 @@ HDRS = compat.h def_data.h defaults.h in + + AUTH_OBJS = sudo_auth.o @AUTH_OBJS@ + ++AUDIT_OBJS = audit_help.o ++ + PARSEOBJS = sudo.tab.o lex.yy.o alloc.o defaults.o + + SUDOBJS = check.o env.o getspwuid.o gettime.o goodpath.o fileops.o find_path.o \ + interfaces.o logging.o parse.o set_perms.o sudo.o sudo_edit.o \ +- tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) ++ tgetpass.o zero_bytes.o @SUDO_OBJS@ $(AUTH_OBJS) $(PARSEOBJS) $(AUDIT_OBJS) + + VISUDOBJS = visudo.o fileops.o gettime.o goodpath.o find_path.o $(PARSEOBJS) + +@@ -273,6 +275,9 @@ securid5.o: $(authdir)/securid5.c $(AUTH + sia.o: $(authdir)/sia.c $(AUTHDEP) + $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(authdir)/sia.c + ++audit_help.o: audit_help.c sudo.h ++ $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(LIBADUIT) $(srcdir)/audit_help.c ++ + sudo.man.in: $(srcdir)/sudo.pod + @rm -f $(srcdir)/$@ + ( cd $(srcdir); mansectsu=`echo @MANSECTSU@|tr A-Z a-z`; mansectform=`echo @MANSECTFORM@|tr A-Z a-z`; sed -n -e 1d -e '/^=pod/q' -e 's/^/.\\" /p' sudo.pod > $@; pod2man --quotes=none --date="`date '+%B %e, %Y'`" --section=$$mansectsu --release=$(VERSION) --center="MAINTENANCE COMMANDS" sudo.pod | sed -e "s/(5)/($$mansectform)/" -e "s/(8)/($$mansectsu)/" >> $@ ) +diff -up sudo-1.6.9p4/sudo.h.audit sudo-1.6.9p4/sudo.h +--- sudo-1.6.9p4/sudo.h.audit 2008-01-07 19:52:41.000000000 +0100 ++++ sudo-1.6.9p4/sudo.h 2008-01-07 19:52:41.000000000 +0100 +@@ -23,6 +23,8 @@ + #ifndef _SUDO_SUDO_H + #define _SUDO_SUDO_H + ++#include ++ + #include + #include + #include "compat.h" +@@ -274,4 +276,10 @@ extern int sudo_mode; + extern int errno; #endif -+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) -+# include -+# include + ++#ifdef WITH_AUDIT ++extern int audit_fd; ++extern void audit_help_open (void); ++extern void audit_logger (int, const char *, int); +#endif - - #include "sudo.h" - -@@ -101,22 +105,55 @@ set_perms(perm) - if (setresuid(user_uid, user_uid, user_uid)) - err(1, "setresuid(user_uid, user_uid, user_uid)"); - break; -- + -+ case PERM_FULL_RUNAS: -+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) -+ { /* BEGIN CAP BLOCK */ -+ cap_t new_caps; -+ cap_value_t cap_list[] = { CAP_AUDIT_WRITE }; -+ -+ if (runas_pw->pw_uid != ROOT_UID) { -+ new_caps = cap_init (); -+ if (!new_caps) -+ err(1, "Error initing capabilities, aborting.\n"); -+ -+ if(cap_set_flag(new_caps, CAP_PERMITTED, 1, cap_list, CAP_SET) || -+ cap_set_flag(new_caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET)) { -+ err(1, "Error setting capabilities, aborting\n"); -+ } -+ -+ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) -+ err(1, "Error setting KEEPCAPS, aborting\n"); -+ } -+#endif -+ /* headed for exec(), assume euid == ROOT_UID */ -+ runas_setup (); -+ if (setresuid(def_stay_setuid ? -+ user_uid : runas_pw->pw_uid, -+ runas_pw->pw_uid, runas_pw->pw_uid)) -+ err(1, "unable to change to runas uid"); -+ -+#if defined(WITH_AUDIT) && defined(HAVE_LIBCAP) -+ if (runas_pw->pw_uid != ROOT_UID) { -+ if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) < 0) -+ err(1, "Error resetting KEEPCAPS, aborting\n"); -+ -+ if (cap_set_proc(new_caps)) -+ err(1, "Error dropping capabilities, aborting\n"); -+ -+ if (cap_free (new_caps)) -+ err(1, "Error freeing caps\n"); -+ } -+ } /* END CAP BLOCK */ -+#endif -+ break; -+ - case PERM_RUNAS: - (void) setresgid(-1, runas_pw->pw_gid, -1); - if (setresuid(-1, runas_pw->pw_uid, -1)) - err(1, "unable to change to runas uid"); - break; - -- case PERM_FULL_RUNAS: -- /* headed for exec(), assume euid == ROOT_UID */ -- runas_setup(); -- if (setresuid(def_stay_setuid ? -- user_uid : runas_pw->pw_uid, -- runas_pw->pw_uid, runas_pw->pw_uid)) -- err(1, "unable to change to runas uid"); -- break; -- - case PERM_SUDOERS: - /* assume euid == ROOT_UID, ruid == user */ - if (setresgid(-1, SUDOERS_GID, -1)) + #endif /* _SUDO_SUDO_H */