#define HAVE_BSM_AUDIT 1
_ACEOF
- SUDO_LIBS="${SUDO_LIBS} -lbsm"
- SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
+ SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.lo"
;;
no) ;;
*) { { echo "$as_me:$LINENO: error: \"--with-bsm-audit does not take an argument.\"" >&5
AC_ARG_WITH(bsm-audit, [AS_HELP_STRING([--with-bsm-audit], [enable BSM audit support])],
[case $with_bsm_audit in
yes) AC_DEFINE(HAVE_BSM_AUDIT)
- SUDO_LIBS="${SUDO_LIBS} -lbsm"
- SUDO_OBJS="${SUDO_OBJS} bsm_audit.o"
+ SUDOERS_LIBS="${SUDOERS_LIBS} -lbsm"
+ SUDOERS_OBJS="${SUDOERS_OBJS} bsm_audit.o"
;;
no) ;;
*) AC_MSG_ERROR(["--with-bsm-audit does not take an argument."])
AUTH_OBJS = sudo_auth.lo @AUTH_OBJS@
-LIBSUDOERS_OBJS = alias.lo alloc.lo atobool.lo defaults.lo gram.lo list.lo \
- match.lo pwutil.lo timestr.lo toke.lo redblack.lo \
+LIBSUDOERS_OBJS = alias.lo alloc.lo atobool.lo audit.lo defaults.lo gram.lo \
+ list.lo match.lo pwutil.lo timestr.lo toke.lo redblack.lo \
zero_bytes.lo @NONUNIX_GROUPS_IMPL@
SUDOERS_OBJS = $(AUTH_OBJS) boottime.lo check.lo fmt_string.lo \
lbuf.lo: $(top_srcdir)/src/lbuf.c $(SUDODEP)
zero_bytes.lo: $(top_srcdir)/src/zero_bytes.c $(incdir)/compat.h $(top_builddir)/config.h
+# Upper level audit dependencies (XXX - move into sudoers?)
+audit.lo: $(top_srcdir)/src/audit.c $(SUDODEP)
+bsm_audit.lo: $(top_srcdir)/src/bsm_audit.c $(SUDODEP) $(top_srcdir)/src/bsm_audit.h
+
# Auth dependencies
sudo_auth.lo: $(authdir)/sudo_auth.c $(AUTHDEP) $(INSDEP)
afs.lo: $(authdir)/afs.c $(AUTHDEP)
char *p;
sudo_auth *auth;
sigaction_t sa, osa;
-#ifdef HAVE_BSM_AUDIT
- extern char **NewArgv;
-#endif
+ extern char **NewArgv; /* XXX */
/* Enable suspend during password entry. */
sigemptyset(&sa.sa_mask);
/* Make sure we have at least one auth method. */
if (auth_switch[0].name == NULL) {
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "no authentication methods");
-#endif
log_error(0, "%s %s %s",
"There are no authentication methods compiled into sudo!",
"If you want to turn off authentication, use the",
if (status == AUTH_FAILURE)
CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) { /* XXX log */
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
-#endif
return -1; /* assume error msg already printed */
}
if (status == AUTH_FAILURE)
CLR(auth->flags, FLAG_CONFIGURED);
else if (status == AUTH_FATAL) {/* XXX log */
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
-#endif
return -1; /* assume error msg already printed */
}
status = (auth->cleanup)(pw, auth);
if (status == AUTH_FATAL) { /* XXX log */
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
-#endif
return -1; /* assume error msg already printed */
}
def_passwd_tries - counter,
(def_passwd_tries - counter == 1) ? "" : "s");
}
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
-#endif
rval = FALSE;
break;
case AUTH_FATAL:
default:
-#ifdef HAVE_BSM_AUDIT
audit_failure(NewArgv, "authentication failure");
-#endif
rval = -1;
break;
}
static char *runas_group;
static struct sudo_nss_list *snl;
-static int NewArgc;
-static char **NewArgv;
+/* XXX - must be extern for audit bits of sudo_auth.c */
+int NewArgc;
+char **NewArgv;
/* error.c */
extern sigjmp_buf error_jmp;
if (def_requiretty) {
int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
if (fd == -1) {
- //audit_failure(NewArgv, "no tty");
+ audit_failure(NewArgv, "no tty");
warningx("sorry, you must have a tty to run sudo");
goto done;
} else
/* If the user was not allowed to run the command we are done. */
if (!ISSET(validated, VALIDATE_OK)) {
if (ISSET(validated, FLAG_NO_USER | FLAG_NO_HOST)) {
- //audit_failure(NewArgv, "No user or host");
+ audit_failure(NewArgv, "No user or host");
log_denial(validated, 1);
} else {
if (def_path_info) {
/* Just tell the user they are not allowed to run foo. */
log_denial(validated, 1);
}
- //audit_failure(NewArgv, "validation failure");
+ audit_failure(NewArgv, "validation failure");
}
goto done;
}
/* Finally tell the user if the command did not exist. */
if (cmnd_status == NOT_FOUND_DOT) {
- //audit_failure(NewArgv, "command in current directory");
+ audit_failure(NewArgv, "command in current directory");
warningx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
goto done;
} else if (cmnd_status == NOT_FOUND) {
- //audit_failure(NewArgv, "%s: command not found", user_cmnd);
+ audit_failure(NewArgv, "%s: command not found", user_cmnd);
warningx("%s: command not found", user_cmnd);
goto done;
}
}
/* Must audit before uid change. */
- //audit_success(NewArgv); /* XXX */
+ audit_success(NewArgv);
*command_infop = command_info;
runas_pw = sudo_fakepwnam(user, runas_gr ? runas_gr->gr_gid : 0);
} else {
if ((runas_pw = sudo_getpwnam(user)) == NULL) {
- //audit_failure(NewArgv, "unknown user: %s", user);
+ audit_failure(NewArgv, "unknown user: %s", user);
log_error(NO_MAIL|MSG_ONLY, "unknown user: %s", user);
}
}
aix.o: $(srcdir)/aix.c $(top_builddir)/config.h $(incdir)/compat.h
alloc.o: $(srcdir)/alloc.c $(SUDODEP)
atobool.o: $(srcdir)/atobool.c $(SUDODEP)
-audit.o: $(srcdir)/audit.c $(SUDODEP)
-bsm_audit.o: $(srcdir)/bsm_audit.c $(SUDODEP) bsm_audit.h
conversation.o: $(srcdir)/conversation.c $(SUDODEP)
error.o: $(srcdir)/error.c $(incdir)/compat.h $(incdir)/error.h $(top_builddir)/config.h
fileops.o: $(srcdir)/fileops.c $(SUDODEP)
projects / sudo / commitdiff