[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

audit user id patch



 Hello!

 Looks like I've found my 'diff' again. :-) Here comes a patch to implement
the audit user id as known under SUN-OS. It can only be changed once from 0
to any other value and never back. You can therefore always find out who the
initially logged in user was, no matter what access right he has gained by
means of setuid/seteuid.

 The patch also contains a basic structure for supplementary groups, say, the
system calls are implemented, but they don't do anything yet. Point is that I
don't know if I'll have enough time to fully implement them, but I just want
to push things forward a bit... :-)

ciao,
teSche
--
Torsten Scherer (TeSche, Schiller...)
Faculty of Technology, University of Bielefeld, Germany, Europe, Earth...
| Use any of "finger itschere@129.70.131.2-15" for adresses and more.	|
| Last updated: Probably yesterday.					|



--- dos.c.orig	Sun May 22 10:54:48 1994
+++ dos.c	Sun May 22 11:22:42 1994
@@ -8,7 +8,7 @@
 
 #include "mint.h"
 
-#define DOS_MAX 0x144
+#define DOS_MAX 0x148
 
 Func dos_tab[DOS_MAX];
 short dos_max = DOS_MAX;
@@ -208,7 +208,6 @@
 	return EACCDN;
 }
 
-
 /* uk: set effective uid/gid but leave the real uid/gid unchanged. */
 long ARGS_ON_STACK
 p_seteuid(id)
@@ -232,6 +231,43 @@
 	return EACCDN;
 }
 
+/*  ts: audit user id functions, these id's never change once set to != 0
+ * and can therefore be used to determine who the initially logged in user was.
+ */
+long ARGS_ON_STACK
+p_getauid(id)
+	int id;
+{
+	return curproc->auid;
+}
+
+long ARGS_ON_STACK
+p_setauid(id)
+	int id;
+{
+	if (curproc->auid)
+		return EACCDN;
+
+	return (curproc->auid = id);
+}
+
+/* ts: basic structure for supplementary groups, not yet fully supported */
+long ARGS_ON_STACK
+p_getgroups(gidsetlen, gidset)
+	int gidsetlen;
+	int gidset[];
+{
+	return 0;
+}
+
+long ARGS_ON_STACK
+p_setgroups(ngroups, gidset)
+	int ngroups;
+	int gidset[];
+{
+	return EACCDN;
+}
+
 /*
  * a way to get/set process-specific user information. the user information
  * longword is set to "arg", unless arg is -1. In any case, the old
@@ -464,7 +500,7 @@
 		case 2:
 			return MAX_OPEN;
 		case 3:
-			return 0;
+			return NGROUPMAX;
 		case 4:
 			return UNLIMITED;
 		default:
@@ -651,4 +687,8 @@
 	dos_tab[0x142] = s_yield;	/* dummy for d_xreaddir */
 	dos_tab[0x143] = p_seteuid;
 	dos_tab[0x144] = p_setegid;
+	dos_tab[0x145] = p_getauid;
+	dos_tab[0x146] = p_setauid;
+	dos_tab[0x147] = p_getgroups;
+	dos_tab[0x148] = p_setgroups;
 }
--- proc.h.orig	Sun May 22 10:58:14 1994
+++ proc.h	Sun May 22 11:20:26 1994
@@ -219,6 +219,11 @@
 	struct	proc *q_next;		/* next process on queue	*/
 	struct 	proc *gl_next;		/* next process in system	*/
 	char	stack[STKSIZE+4];	/* stack for system calls	*/
+
+	short	auid;			/* ts: audit user id */
+#define	NGROUPMAX	8
+	short	ngroups;		/* ts: number of supplementary groups */
+	short	ngroup[NGROUPMAX];	/* ts: supplementary groups */
 } PROC;
 
 
--- proto.h.orig	Sun May 22 10:54:54 1994
+++ proto.h	Sun May 22 11:13:06 1994
@@ -80,6 +80,10 @@
 long ARGS_ON_STACK p_setgid P_((int id));
 long ARGS_ON_STACK p_seteuid P_((int id));
 long ARGS_ON_STACK p_setegid P_((int id));
+long ARGS_ON_STACK p_getauid P_((int id));
+long ARGS_ON_STACK p_setauid P_((int id));
+long ARGS_ON_STACK p_getgroups P_((int gidsetlen, int gidset[]));
+long ARGS_ON_STACK p_setgroups P_((int ngroups, int gidset[]));
 long ARGS_ON_STACK p_usrval P_((long arg));
 long ARGS_ON_STACK p_umask P_((unsigned mode));
 long ARGS_ON_STACK p_domain P_((int arg));