Fix Solaris and BSM audit warnings.

Use BSM audit on Illumos, which lacks Solaris audit.
This commit is contained in:
Todd C. Miller
2020-06-04 14:41:28 -06:00
parent a5a7215936
commit 15d93a1ca7
3 changed files with 16 additions and 12 deletions

View File

@@ -104,7 +104,7 @@ audit_sudo_selected(int sorf)
* Returns 0 on success or -1 on error. * Returns 0 on success or -1 on error.
*/ */
int int
bsm_audit_success(char *exec_args[]) bsm_audit_success(char *const exec_args[])
{ {
auditinfo_addr_t ainfo_addr; auditinfo_addr_t ainfo_addr;
token_t *tok; token_t *tok;
@@ -167,7 +167,7 @@ bsm_audit_success(char *exec_args[])
debug_return_int(-1); debug_return_int(-1);
} }
au_write(aufd, tok); au_write(aufd, tok);
tok = au_to_exec_args(exec_args); tok = au_to_exec_args((char **)exec_args);
if (tok == NULL) { if (tok == NULL) {
sudo_warn("au_to_exec_args"); sudo_warn("au_to_exec_args");
debug_return_int(-1); debug_return_int(-1);
@@ -195,7 +195,7 @@ bsm_audit_success(char *exec_args[])
* Returns 0 on success or -1 on error. * Returns 0 on success or -1 on error.
*/ */
int int
bsm_audit_failure(char *exec_args[], const char *errmsg) bsm_audit_failure(char *const exec_args[], const char *errmsg)
{ {
auditinfo_addr_t ainfo_addr; auditinfo_addr_t ainfo_addr;
token_t *tok; token_t *tok;
@@ -250,13 +250,13 @@ bsm_audit_failure(char *exec_args[], const char *errmsg)
debug_return_int(-1); debug_return_int(-1);
} }
au_write(aufd, tok); au_write(aufd, tok);
tok = au_to_exec_args(exec_args); tok = au_to_exec_args((char **)exec_args);
if (tok == NULL) { if (tok == NULL) {
sudo_warn("au_to_exec_args"); sudo_warn("au_to_exec_args");
debug_return_int(-1); debug_return_int(-1);
} }
au_write(aufd, tok); au_write(aufd, tok);
tok = au_to_text(errmsg); tok = au_to_text((char *)errmsg);
if (tok == NULL) { if (tok == NULL) {
sudo_warn("au_to_text"); sudo_warn("au_to_text");
debug_return_int(-1); debug_return_int(-1);

View File

@@ -44,7 +44,7 @@ static char cwd[PATH_MAX];
static char cmdpath[PATH_MAX]; static char cmdpath[PATH_MAX];
static int static int
adt_sudo_common(char *argv[]) adt_sudo_common(char *const argv[])
{ {
int argc; int argc;
@@ -70,7 +70,7 @@ adt_sudo_common(char *argv[])
user_cmnd); user_cmnd);
} }
} else { } else {
if (strlcpy(cmdpath, (const char *)argv[0], if (strlcpy(cmdpath, argv[0],
sizeof(cmdpath)) >= sizeof(cmdpath)) { sizeof(cmdpath)) >= sizeof(cmdpath)) {
log_warningx(SLOG_NO_STDERR, log_warningx(SLOG_NO_STDERR,
_("truncated audit path argv[0]: %s"), _("truncated audit path argv[0]: %s"),
@@ -83,7 +83,7 @@ adt_sudo_common(char *argv[])
event->adt_sudo.cmdpath = cmdpath; event->adt_sudo.cmdpath = cmdpath;
event->adt_sudo.argc = argc - 1; event->adt_sudo.argc = argc - 1;
event->adt_sudo.argv = &argv[1]; event->adt_sudo.argv = (char **)&argv[1];
event->adt_sudo.envp = env_get(); event->adt_sudo.envp = env_get();
return 0; return 0;
@@ -94,7 +94,7 @@ adt_sudo_common(char *argv[])
* Returns 0 on success or -1 on error. * Returns 0 on success or -1 on error.
*/ */
int int
solaris_audit_success(char *argv[]) solaris_audit_success(char *const argv[])
{ {
int rc = -1; int rc = -1;
@@ -116,7 +116,7 @@ solaris_audit_success(char *argv[])
* Returns 0 on success or -1 on error. * Returns 0 on success or -1 on error.
*/ */
int int
solaris_audit_failure(char *argv[], const char *errmsg) solaris_audit_failure(char *const argv[], const char *errmsg)
{ {
int rc = -1; int rc = -1;
@@ -124,7 +124,7 @@ solaris_audit_failure(char *argv[], const char *errmsg)
return -1; return -1;
} }
event->adt_sudo.errmsg = errmsg; event->adt_sudo.errmsg = (char *)errmsg;
if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) { if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
log_warning(SLOG_NO_STDERR, "adt_put_event(ADT_FAILURE)"); log_warning(SLOG_NO_STDERR, "adt_put_event(ADT_FAILURE)");
} else { } else {

View File

@@ -412,7 +412,11 @@ case "$osversion" in
configure_opts="${configure_opts}${configure_opts+$tab}--with-project" configure_opts="${configure_opts}${configure_opts+$tab}--with-project"
if [ $osrelease -ge 11 ]; then if [ $osrelease -ge 11 ]; then
configure_opts="${configure_opts}${configure_opts+$tab}--with-solaris-audit" if test X"`uname -o 2>/dev/null`" = X"illumos"; then
configure_opts="${configure_opts}${configure_opts+$tab}--with-bsm-audit"
else
configure_opts="${configure_opts}${configure_opts+$tab}--with-solaris-audit"
fi
# Encrypted remote I/O log support. # Encrypted remote I/O log support.
with_openssl=true with_openssl=true
fi fi