Mercurial Mercurial > upstream > illumos > illumos-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/login/login_audit.c
changeset 11537 8eca52188202
parent 3050 dc042908a62a
equal deleted inserted replaced
11536:4c36e6a8710f 11537:8eca52188202 
    17  * information: Portions Copyright [yyyy] [name of copyright owner]
 
    17  * information: Portions Copyright [yyyy] [name of copyright owner]
 
    18  *
 
    18  *
 
    19  * CDDL HEADER END
 
    19  * CDDL HEADER END
 
    20  */
 
    20  */
 
    21 /*
 
    21 /*
 
    22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 
    22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 
    23  * Use is subject to license terms.
 
    23  * Use is subject to license terms.
 
    24  */
 
    24  */
 
    25 
       
    26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
 
       
    27 
    25 
    28 #include <assert.h>
 
    26 #include <assert.h>
 
    29 #include <priv.h>
 
    27 #include <priv.h>
 
    30 #include <pwd.h>
 
    28 #include <pwd.h>
 
    31 #include <signal.h>
 
    29 #include <signal.h>
 
   130 		    "adt_alloc_event(ADT_logout): %m");
 
   128 		    "adt_alloc_event(ADT_logout): %m");
 
   131 		return;
 
   129 		return;
 
   132 	}
 
   130 	}
 
   133 	if ((priv = priv_allocset())  == NULL) {
 
   131 	if ((priv = priv_allocset())  == NULL) {
 
   134 		syslog(LOG_AUTH | LOG_ALERT,
 
   132 		syslog(LOG_AUTH | LOG_ALERT,
 
   135 		    "login audit_logout: could not alloc privs: %m");
 
   133 		    "login audit_logout: could not alloc basic privs: %m");
 
   136 		adt_free_event(logout);
 
   134 		adt_free_event(logout);
 
   137 		return;
 
   135 		return;
 
   138 	}
 
   136 	}
 
   139 
   137 
   140 	/*
 
   138 	/*
 
   175 		    "login audit_logut: could not chdir /: %m");
 
   173 		    "login audit_logut: could not chdir /: %m");
 
   176 	}
 
   174 	}
 
   177 	/*
 
   175 	/*
 
   178 	 * Reduce privileges to just those needed.
 
   176 	 * Reduce privileges to just those needed.
 
   179 	 */
 
   177 	 */
 
   180 	priv_emptyset(priv);
 
   178 	priv_basicset(priv);
 
       
   179 	(void) priv_delset(priv, PRIV_PROC_EXEC);
 
       
   180 	(void) priv_delset(priv, PRIV_PROC_FORK);
 
       
   181 	(void) priv_delset(priv, PRIV_PROC_INFO);
 
       
   182 	(void) priv_delset(priv, PRIV_PROC_SESSION);
 
       
   183 	(void) priv_delset(priv, PRIV_FILE_LINK_ANY);
 
   181 	if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
 
   184 	if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
 
   182 	    (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
 
   185 	    (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
 
   183 		syslog(LOG_AUTH | LOG_ALERT,
 
   186 		syslog(LOG_AUTH | LOG_ALERT,
 
   184 		    "login audit_logout: could not reduce privs: %m");
 
   187 		    "login audit_logout: could not reduce privs: %m");
 
   185 	}
 
   188 	}
upstream/illumos/illumos-gate