- (dtucker) [openbsd-compat/fake-rfc2553.h] rename ssh_gai_strerror hack
[openssh-git.git] / audit-bsm.c
blobc26b4caed7209833d58ddac4ec30f62d51524490
1 /* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
3 /*
4 * TODO
6 * - deal with overlap between this and sys_auth_allowed_user
7 * sys_auth_record_login and record_failed_login.
8 */
11 * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
12 * Use is subject to license terms.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 /* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
37 #include "includes.h"
38 #if defined(USE_BSM_AUDIT)
40 #include <sys/types.h>
42 #include <errno.h>
43 #include <stdarg.h>
44 #include <unistd.h>
46 #include "ssh.h"
47 #include "log.h"
48 #include "key.h"
49 #include "hostfile.h"
50 #include "auth.h"
51 #include "xmalloc.h"
53 #ifndef AUE_openssh
54 # define AUE_openssh 32800
55 #endif
56 #include <bsm/audit.h>
57 #include <bsm/libbsm.h>
58 #include <bsm/audit_uevents.h>
59 #include <bsm/audit_record.h>
60 #include <locale.h>
62 #if defined(HAVE_GETAUDIT_ADDR)
63 #define AuditInfoStruct auditinfo_addr
64 #define AuditInfoTermID au_tid_addr_t
65 #define GetAuditFunc(a,b) getaudit_addr((a),(b))
66 #define GetAuditFuncText "getaudit_addr"
67 #define SetAuditFunc(a,b) setaudit_addr((a),(b))
68 #define SetAuditFuncText "setaudit_addr"
69 #define AUToSubjectFunc au_to_subject_ex
70 #define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
71 #else
72 #define AuditInfoStruct auditinfo
73 #define AuditInfoTermID au_tid_t
74 #define GetAuditFunc(a,b) getaudit(a)
75 #define GetAuditFuncText "getaudit"
76 #define SetAuditFunc(a,b) setaudit(a)
77 #define SetAuditFuncText "setaudit"
78 #define AUToSubjectFunc au_to_subject
79 #define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
80 #endif
82 extern int cannot_audit(int);
83 extern void aug_init(void);
84 extern dev_t aug_get_port(void);
85 extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
86 extern void aug_save_auid(au_id_t);
87 extern void aug_save_uid(uid_t);
88 extern void aug_save_euid(uid_t);
89 extern void aug_save_gid(gid_t);
90 extern void aug_save_egid(gid_t);
91 extern void aug_save_pid(pid_t);
92 extern void aug_save_asid(au_asid_t);
93 extern void aug_save_tid(dev_t, unsigned int);
94 extern void aug_save_tid_ex(dev_t, u_int32_t *, u_int32_t);
95 extern int aug_save_me(void);
96 extern int aug_save_namask(void);
97 extern void aug_save_event(au_event_t);
98 extern void aug_save_sorf(int);
99 extern void aug_save_text(char *);
100 extern void aug_save_text1(char *);
101 extern void aug_save_text2(char *);
102 extern void aug_save_na(int);
103 extern void aug_save_user(char *);
104 extern void aug_save_path(char *);
105 extern int aug_save_policy(void);
106 extern void aug_save_afunc(int (*)(int));
107 extern int aug_audit(void);
108 extern int aug_na_selected(void);
109 extern int aug_selected(void);
110 extern int aug_daemon_session(void);
112 #ifndef HAVE_GETTEXT
113 # define gettext(a) (a)
114 #endif
116 extern Authctxt *the_authctxt;
117 static AuditInfoTermID ssh_bsm_tid;
119 /* Below is the low-level BSM interface code */
122 * Check if the specified event is selected (enabled) for auditing.
123 * Returns 1 if the event is selected, 0 if not and -1 on failure.
125 static int
126 selected(char *username, uid_t uid, au_event_t event, int sf)
128 int rc, sorf;
129 char naflags[512];
130 struct au_mask mask;
132 mask.am_success = mask.am_failure = 0;
133 if (uid < 0) {
134 /* get flags for non-attributable (to a real user) events */
135 rc = getacna(naflags, sizeof(naflags));
136 if (rc == 0)
137 (void) getauditflagsbin(naflags, &mask);
138 } else
139 rc = au_user_mask(username, &mask);
141 sorf = (sf == 0) ? AU_PRS_SUCCESS : AU_PRS_FAILURE;
142 return(au_preselect(event, &mask, sorf, AU_PRS_REREAD));
145 static void
146 bsm_audit_record(int typ, char *string, au_event_t event_no)
148 int ad, rc, sel;
149 uid_t uid = -1;
150 gid_t gid = -1;
151 pid_t pid = getpid();
152 AuditInfoTermID tid = ssh_bsm_tid;
154 if (the_authctxt != NULL && the_authctxt->valid) {
155 uid = the_authctxt->pw->pw_uid;
156 gid = the_authctxt->pw->pw_gid;
159 rc = (typ == 0) ? 0 : -1;
160 sel = selected(the_authctxt->user, uid, event_no, rc);
161 debug3("BSM audit: typ %d rc %d \"%s\"", typ, rc, string);
162 if (!sel)
163 return; /* audit event does not match mask, do not write */
165 debug3("BSM audit: writing audit new record");
166 ad = au_open();
168 (void) au_write(ad, AUToSubjectFunc(uid, uid, gid, uid, gid,
169 pid, pid, &tid));
170 (void) au_write(ad, au_to_text(string));
171 (void) au_write(ad, AUToReturnFunc(typ, rc));
173 rc = au_close(ad, AU_TO_WRITE, event_no);
174 if (rc < 0)
175 error("BSM audit: %s failed to write \"%s\" record: %s",
176 __func__, string, strerror(errno));
179 static void
180 bsm_audit_session_setup(void)
182 int rc;
183 struct AuditInfoStruct info;
184 au_mask_t mask;
186 if (the_authctxt == NULL) {
187 error("BSM audit: session setup internal error (NULL ctxt)");
188 return;
191 if (the_authctxt->valid)
192 info.ai_auid = the_authctxt->pw->pw_uid;
193 else
194 info.ai_auid = -1;
195 info.ai_asid = getpid();
196 mask.am_success = 0;
197 mask.am_failure = 0;
199 (void) au_user_mask(the_authctxt->user, &mask);
201 info.ai_mask.am_success = mask.am_success;
202 info.ai_mask.am_failure = mask.am_failure;
204 info.ai_termid = ssh_bsm_tid;
206 rc = SetAuditFunc(&info, sizeof(info));
207 if (rc < 0)
208 error("BSM audit: %s: %s failed: %s", __func__,
209 SetAuditFuncText, strerror(errno));
212 static void
213 bsm_audit_bad_login(const char *what)
215 char textbuf[BSM_TEXTBUFSZ];
217 if (the_authctxt->valid) {
218 (void) snprintf(textbuf, sizeof (textbuf),
219 gettext("invalid %s for user %s"),
220 what, the_authctxt->user);
221 bsm_audit_record(4, textbuf, AUE_openssh);
222 } else {
223 (void) snprintf(textbuf, sizeof (textbuf),
224 gettext("invalid user name \"%s\""),
225 the_authctxt->user);
226 bsm_audit_record(3, textbuf, AUE_openssh);
230 /* Below is the sshd audit API code */
232 void
233 audit_connection_from(const char *host, int port)
235 AuditInfoTermID *tid = &ssh_bsm_tid;
236 char buf[1024];
238 if (cannot_audit(0))
239 return;
240 debug3("BSM audit: connection from %.100s port %d", host, port);
242 /* populate our terminal id structure */
243 #if defined(HAVE_GETAUDIT_ADDR)
244 tid->at_port = (dev_t)port;
245 aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type));
246 snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0],
247 tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]);
248 debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf);
249 #else
250 /* this is used on IPv4-only machines */
251 tid->port = (dev_t)port;
252 tid->machine = inet_addr(host);
253 snprintf(buf, sizeof(buf), "%08x", tid->machine);
254 debug3("BSM audit: machine ID %s", buf);
255 #endif
258 void
259 audit_run_command(const char *command)
261 /* not implemented */
264 void
265 audit_session_open(const char *ttyn)
267 /* not implemented */
270 void
271 audit_session_close(const char *ttyn)
273 /* not implemented */
276 void
277 audit_event(ssh_audit_event_t event)
279 char textbuf[BSM_TEXTBUFSZ];
280 static int logged_in = 0;
281 const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";
283 if (cannot_audit(0))
284 return;
286 switch(event) {
287 case SSH_AUTH_SUCCESS:
288 logged_in = 1;
289 bsm_audit_session_setup();
290 snprintf(textbuf, sizeof(textbuf),
291 gettext("successful login %s"), user);
292 bsm_audit_record(0, textbuf, AUE_openssh);
293 break;
295 case SSH_CONNECTION_CLOSE:
297 * We can also get a close event if the user attempted auth
298 * but never succeeded.
300 if (logged_in) {
301 snprintf(textbuf, sizeof(textbuf),
302 gettext("sshd logout %s"), the_authctxt->user);
303 bsm_audit_record(0, textbuf, AUE_logout);
304 } else {
305 debug("%s: connection closed without authentication",
306 __func__);
308 break;
310 case SSH_NOLOGIN:
311 bsm_audit_record(1,
312 gettext("logins disabled by /etc/nologin"), AUE_openssh);
313 break;
315 case SSH_LOGIN_EXCEED_MAXTRIES:
316 snprintf(textbuf, sizeof(textbuf),
317 gettext("too many tries for user %s"), the_authctxt->user);
318 bsm_audit_record(1, textbuf, AUE_openssh);
319 break;
321 case SSH_LOGIN_ROOT_DENIED:
322 bsm_audit_record(2, gettext("not_console"), AUE_openssh);
323 break;
325 case SSH_AUTH_FAIL_PASSWD:
326 bsm_audit_bad_login("password");
327 break;
329 case SSH_AUTH_FAIL_KBDINT:
330 bsm_audit_bad_login("interactive password entry");
331 break;
333 default:
334 debug("%s: unhandled event %d", __func__, event);
337 #endif /* BSM */