diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-09-23 12:30:31 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-09-23 12:30:31 +0000 |
| commit | fae2ccfa41d5a181d178da8b59d06b7c3d775804 (patch) | |
| tree | 78f27e65805d0dc6de2cda4ecdb967ebc9ec36a7 /usr.bin/id | |
| parent | dc343f5cbde16169ebf770753e74016941d32b88 (diff) | |
| download | FreeBSD-src-fae2ccfa41d5a181d178da8b59d06b7c3d775804.zip FreeBSD-src-fae2ccfa41d5a181d178da8b59d06b7c3d775804.tar.gz | |
Add a -a argument to id(1), which causes id(1) to print out process
audit properties, including the audit user id. This can be quite
helpful in debugging audit problems.
Obtained from: TrustedBSD Project
MFC after: 3 days
Diffstat (limited to 'usr.bin/id')
| -rw-r--r-- | usr.bin/id/Makefile | 8 | ||||
| -rw-r--r-- | usr.bin/id/id.1 | 5 | ||||
| -rw-r--r-- | usr.bin/id/id.c | 47 |
3 files changed, 57 insertions, 3 deletions
diff --git a/usr.bin/id/Makefile b/usr.bin/id/Makefile index 7154568..96c162f 100644 --- a/usr.bin/id/Makefile +++ b/usr.bin/id/Makefile @@ -1,10 +1,18 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 # $FreeBSD$ +.include <bsd.own.mk> + PROG= id WARNS?= 6 LINKS= ${BINDIR}/id ${BINDIR}/groups LINKS+= ${BINDIR}/id ${BINDIR}/whoami MAN= id.1 groups.1 whoami.1 +.if ${MK_AUDIT} != "no" +CFLAGS+= -DUSE_BSM_AUDIT +DPADD+= ${LIBBSM} +LDADD+= -lbsm +.endif + .include <bsd.prog.mk> diff --git a/usr.bin/id/id.1 b/usr.bin/id/id.1 index 14b990d..47e2b29 100644 --- a/usr.bin/id/id.1 +++ b/usr.bin/id/id.1 @@ -53,6 +53,8 @@ .Fl P .Op Ar user .Nm +.Fl a +.Nm .Fl g Op Fl nr .Op Ar user .Nm @@ -84,6 +86,9 @@ as white-space separated numbers, in no particular order. Display the MAC label of the current process. .It Fl P Display the id as a password file entry. +.It Fl a +Display the process audit user ID and other process audit properties, which +requires privilege. .It Fl g Display the effective group ID as a number. .It Fl n diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c index a5662cf..1e43252 100644 --- a/usr.bin/id/id.c +++ b/usr.bin/id/id.c @@ -48,6 +48,10 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/mac.h> +#ifdef USE_BSM_AUDIT +#include <bsm/audit.h> +#endif + #include <err.h> #include <errno.h> #include <grp.h> @@ -60,6 +64,7 @@ __FBSDID("$FreeBSD$"); void id_print(struct passwd *, int, int, int); void pline(struct passwd *); void pretty(struct passwd *); +void auditid(void); void group(struct passwd *, int); void maclabel(void); void usage(void); @@ -73,9 +78,11 @@ main(int argc, char *argv[]) struct group *gr; struct passwd *pw; int Gflag, Mflag, Pflag, ch, gflag, id, nflag, pflag, rflag, uflag; + int aflag; const char *myname; Gflag = Mflag = Pflag = gflag = nflag = pflag = rflag = uflag = 0; + aflag = 0; myname = strrchr(argv[0], '/'); myname = (myname != NULL) ? myname + 1 : argv[0]; @@ -89,7 +96,7 @@ main(int argc, char *argv[]) } while ((ch = getopt(argc, argv, - (isgroups || iswhoami) ? "" : "PGMgnpru")) != -1) + (isgroups || iswhoami) ? "" : "PGMagnpru")) != -1) switch(ch) { case 'G': Gflag = 1; @@ -100,6 +107,9 @@ main(int argc, char *argv[]) case 'P': Pflag = 1; break; + case 'a': + aflag = 1; + break; case 'g': gflag = 1; break; @@ -125,7 +135,7 @@ main(int argc, char *argv[]) if (iswhoami && argc > 0) usage(); - switch(Gflag + Pflag + gflag + pflag + uflag) { + switch(Gflag + Mflag + Pflag + aflag + gflag + pflag + uflag) { case 1: break; case 0: @@ -141,6 +151,16 @@ main(int argc, char *argv[]) if (Mflag && pw != NULL) usage(); +#ifdef USE_BSM_AUDIT + if (aflag) { + auditid(); + exit(0); + } +#else + if (aflag) + usage(); +#endif + if (gflag) { id = pw ? pw->pw_gid : rflag ? getgid() : getegid(); if (nflag && (gr = getgrgid(id))) @@ -278,6 +298,22 @@ id_print(struct passwd *pw, int use_ggl, int p_euid, int p_egid) printf("\n"); } +#ifdef USE_BSM_AUDIT +void +auditid(void) +{ + auditinfo_t auditinfo; + + if (getaudit(&auditinfo) < 0) + err(-1, "getauditinfo"); + printf("auid=%d\n", auditinfo.ai_auid); + printf("mask.success=0x%08x\n", auditinfo.ai_mask.am_success); + printf("mask.failure=0x%08x\n", auditinfo.ai_mask.am_failure); + printf("termid.port=0x%08x\n", auditinfo.ai_termid.port); + printf("asid=%d\n", auditinfo.ai_asid); +} +#endif + void group(struct passwd *pw, int nflag) { @@ -382,11 +418,16 @@ usage(void) else if (iswhoami) (void)fprintf(stderr, "usage: whoami\n"); else - (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n", + (void)fprintf(stderr, "%s\n%s\n%s\n%s%s\n%s\n%s\n%s\n", "usage: id [user]", " id -G [-n] [user]", " id -M", " id -P [user]", +#ifdef USE_BSM_AUDIT + " id -a\n", +#else + "", +#endif " id -g [-nr] [user]", " id -p [user]", " id -u [-nr] [user]"); |
