Audit the accepted (or rejected) username argument to setlogin(2).

(NB: This was likely a mismerge from XNU in audit support, where the text argument to setlogin(2) is captured -- but as a text token, whereas this change uses the dedicated login-name field in struct audit_record.) MFC after: 2 weeks Sponsored by: DARPA, AFRL
svn path=/head/; revision=304544
2024-10-08 09:30:41 +00:00 · 2016-08-20 20:28:08 +00:00 · 2016-08-20 20:28:08 +00:00 · 70a98c110e · 2020-12-20 02:59:44 +00:00
parent e19497672b
commit 70a98c110e
3 changed files with 9 additions and 2 deletions
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@ -2105,6 +2105,7 @@ sys_setlogin(struct thread *td, struct setlogin_args *uap)
 			error = EINVAL;
 		return (error);
 	}
+	AUDIT_ARG_LOGIN(logintmp);
 	PROC_LOCK(p);
 	SESS_LOCK(p->p_session);
 	strcpy(p->p_session->s_login, logintmp);
--- a/sys/security/audit/audit.h
+++ b/sys/security/audit/audit.h
@ -212,6 +212,11 @@ void	 audit_thread_free(struct thread *td);
 		audit_arg_groupset((gidset), (gidset_size));		\
 } while (0)

+#define	AUDIT_ARG_LOGIN(login) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_login((login));				\
+} while (0)
+
 #define	AUDIT_ARG_MODE(mode) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_mode((mode));					\
@ -354,6 +359,7 @@ void	 audit_thread_free(struct thread *td);
 #define	AUDIT_ARG_FFLAGS(fflags)
 #define	AUDIT_ARG_GID(gid)
 #define	AUDIT_ARG_GROUPSET(gidset, gidset_size)
+#define	AUDIT_ARG_LOGIN(login)
 #define	AUDIT_ARG_MODE(mode)
 #define	AUDIT_ARG_OWNER(uid, gid)
 #define	AUDIT_ARG_PID(pid)
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@ -1394,8 +1394,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;

 	case AUE_SETLOGIN:
-		if (ARG_IS_VALID(kar, ARG_TEXT)) {
-			tok = au_to_text(ar->ar_arg_text);
+		if (ARG_IS_VALID(kar, ARG_LOGIN)) {
+			tok = au_to_text(ar->ar_arg_login);
 			kau_write(rec, tok);
 		}
 		break;