Project

General

Profile

Feature #8363

libbsm C API for AUE_sudo event

Added by Alexander Pyhalov over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2017-06-10
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Fix for #8309 introduces basic AUE_sudo support in libbsm, so that applications can use it.
However libbsm also provides C API for handling different events. Necessary structures and routines are autogenerated from usr/src/lib/libbsm/common/adt.xml.
To enable this API event description should be moved there from usr/src/cmd/auditrecord/audit_record_attr.txt .

The event would look like (look at au_to_exec, au_to_exec_args for method signature) :

<event id="AUE_sudo" header="0" idNo="136" omit="JNI">
        <title>sudo</title>
        <program>/usr/bin/sudo</program>
        <see>sudo(1M)</see>
        <entry id="subject">
            <internal token="subject"/>
            <external opt="none"/>
        </entry>
        <entry id="args">
            <internal token="exec_args"/>
            <external opt="required" type="int32_t, char **"/>
            <comment>command args</comment>
        </entry>
        <entry id="message">
            <internal token="text"/>
            <external opt="optional" type="char *"/>
            <comment>error message (failure only)</comment>
        </entry>
        <entry id="return">
            <internal token="return"/>
            <external opt="none"/>
        </entry>
    </event>

However, currently usr/src/lib/libbsm/adt_token.c doesn't support AUT_EXEC_ARGS tokens, whole support for exec_args is missing from usr/src/lib/libbsm/auditxml and related tools.
So, code generation tools should be updated to support exec_args token to do this properly.

Also available in: Atom PDF