2 * Copyright (c) 2014, Oracle and/or its affiliates.
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
19 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
24 #ifdef HAVE_SOLARIS_AUDIT
26 #include <sys/types.h>
33 #include <bsm/adt_event.h>
36 #include "solaris_audit.h"
38 static adt_session_data_t *ah; /* audit session handle */
39 static adt_event_data_t *event; /* event to be generated */
40 static char cwd[PATH_MAX];
41 static char cmdpath[PATH_MAX];
44 adt_sudo_common(int argc, char *argv[])
46 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
47 log_warning(SLOG_NO_STDERR, "adt_start_session");
50 if ((event = adt_alloc_event(ah, ADT_sudo)) == NULL) {
51 log_warning(SLOG_NO_STDERR, "alloc_event");
52 (void) adt_end_session(ah);
55 if ((event->adt_sudo.cwdpath = getcwd(cwd, sizeof(cwd))) == NULL) {
56 log_warning(SLOG_NO_STDERR, _("unable to get current working directory"));
59 /* get the real executable name */
60 if (user_cmnd != NULL) {
61 if (strlcpy(cmdpath, (const char *)user_cmnd,
62 sizeof(cmdpath)) >= sizeof(cmdpath)) {
63 log_warningx(SLOG_NO_STDERR,
64 _("truncated audit path user_cmnd: %s"),
68 if (strlcpy(cmdpath, (const char *)argv[0],
69 sizeof(cmdpath)) >= sizeof(cmdpath)) {
70 log_warningx(SLOG_NO_STDERR,
71 _("truncated audit path argv[0]: %s"),
76 event->adt_sudo.cmdpath = cmdpath;
77 event->adt_sudo.argc = argc - 1;
78 event->adt_sudo.argv = &argv[1];
79 event->adt_sudo.envp = env_get();
86 * Returns 0 on success or -1 on error.
89 solaris_audit_success(int argc, char *argv[])
93 if (adt_sudo_common(argc, argv) != 0) {
96 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
97 log_warning(SLOG_NO_STDERR, "adt_put_event(ADT_SUCCESS)");
101 adt_free_event(event);
102 (void) adt_end_session(ah);
108 * Returns 0 on success or -1 on error.
111 solaris_audit_failure(int argc, char *argv[], char const *const fmt, va_list ap)
115 if (adt_sudo_common(argc, argv) != 0) {
118 if (vasprintf(&event->adt_sudo.errmsg, fmt, ap) == -1) {
119 log_warning(SLOG_NO_STDERR,
120 _("audit_failure message too long"));
122 if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_VALUE_PROGRAM) != 0) {
123 log_warning(SLOG_NO_STDERR, "adt_put_event(ADT_FAILURE)");
127 free(event->adt_sudo.errmsg);
128 adt_free_event(event);
129 (void) adt_end_session(ah);
134 #endif /* HAVE_SOLARIS_AUDIT */