Propagate errors in audit code to caller instead of using fatal().
If we fail to audit an otherwise successful command, return an error from the policy. For Linux audit, sudo may be compiled with audit support but auditing may not be setup, so we don't consider that an error.
This commit is contained in:
Todd C. Miller
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2010-2013 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
* Copyright (c) 2010-2014 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@@ -40,12 +40,14 @@
|
||||
#include "sudo_debug.h"
|
||||
#include "linux_audit.h"
|
||||
|
||||
#define AUDIT_NOT_CONFIGURED -2
|
||||
|
||||
/*
|
||||
* Open audit connection if possible.
|
||||
* Returns audit fd on success and -1 on failure.
|
||||
*/
|
||||
int
|
||||
static linux_audit_open(void)
|
||||
static int
|
||||
linux_audit_open(void)
|
||||
{
|
||||
static int au_fd = -1;
|
||||
debug_decl(linux_audit_open, SUDO_DEBUG_AUDIT)
|
||||
@@ -55,8 +57,10 @@ static linux_audit_open(void)
|
||||
au_fd = audit_open();
|
||||
if (au_fd == -1) {
|
||||
/* Kernel may not have audit support. */
|
||||
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT)
|
||||
fatal(U_("unable to open audit system"));
|
||||
if (errno != EINVAL && errno != EPROTONOSUPPORT && errno != EAFNOSUPPORT) {
|
||||
warning(U_("unable to open audit system"));
|
||||
au_fd == AUDIT_NOT_CONFIGURED;
|
||||
}
|
||||
} else {
|
||||
(void)fcntl(au_fd, F_SETFD, FD_CLOEXEC);
|
||||
}
|
||||
@@ -66,13 +70,14 @@ static linux_audit_open(void)
|
||||
int
|
||||
linux_audit_command(char *argv[], int result)
|
||||
{
|
||||
int au_fd, rc;
|
||||
int au_fd, rc = -1;
|
||||
char *command, *cp, **av;
|
||||
size_t size, n;
|
||||
debug_decl(linux_audit_command, SUDO_DEBUG_AUDIT)
|
||||
|
||||
if ((au_fd = linux_audit_open()) == -1)
|
||||
debug_return_int(-1);
|
||||
/* Don't return an error if auditing is not configured. */
|
||||
if ((au_fd = linux_audit_open()) < 0)
|
||||
debug_return_int(au_fd == AUDIT_NOT_CONFIGURED ? 0 : -1);
|
||||
|
||||
/* Convert argv to a flat string. */
|
||||
for (size = 0, av = argv; *av != NULL; av++)
|
||||
@@ -81,8 +86,9 @@ linux_audit_command(char *argv[], int result)
|
||||
for (av = argv; *av != NULL; av++) {
|
||||
n = strlcpy(cp, *av, size - (cp - command));
|
||||
if (n >= size - (cp - command)) {
|
||||
fatalx(U_("internal error, %s overflow"),
|
||||
warningx(U_("internal error, %s overflow"),
|
||||
"linux_audit_command()");
|
||||
goto done;
|
||||
}
|
||||
cp += n;
|
||||
*cp++ = ' ';
|
||||
@@ -90,10 +96,16 @@ linux_audit_command(char *argv[], int result)
|
||||
*--cp = '\0';
|
||||
|
||||
/* Log command, ignoring ECONNREFUSED on error. */
|
||||
rc = audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result);
|
||||
if (rc <= 0 && errno != ECONNREFUSED)
|
||||
warning(U_("unable to send audit message"));
|
||||
if (audit_log_user_command(au_fd, AUDIT_USER_CMD, command, NULL, result) <= 0) {
|
||||
if (errno != ECONNREFUSED) {
|
||||
warning(U_("unable to send audit message"));
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
rc = 0;
|
||||
|
||||
done:
|
||||
efree(command);
|
||||
|
||||
debug_return_int(rc);
|
||||
|
||||
Reference in New Issue
Block a user