usr/src/cmd/login/login_audit.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #include <assert.h>
  27 #include <priv.h>
  28 #include <pwd.h>
  29 #include <signal.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32 #include <syslog.h>
  33 #include <unistd.h>
  34 #include <sys/wait.h>
  35
  36 #include <bsm/adt.h>
  37 #include <bsm/adt_event.h>
  38 #include "login_audit.h"
  39
  40 /*
  41  * Key assumption:  login is single threaded.
  42  */
  43 static void audit_logout(adt_session_data_t *);
  44
  45 /*
  46  * if audit is not enabled, the adt_*() functions simply return without
  47  * doing anything.  In the success case, the credential has already been
  48  * setup with audit data by PAM.
  49  */
  50
  51 /*
  52  * There is no information passed to login.c from rlogin or telnet
  53  * about the terminal id.  They both set the tid before they
  54  * exec login; the value is picked up by adt_start_session() and is
  55  * carefully *not* overwritten by adt_load_hostname().
  56  */
  57
  58 void
  59 audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)
  60 {
  61         adt_session_data_t      *ah;
  62         adt_event_data_t        *event;
  63         int                     rc;
  64
  65         assert(pwd != NULL);
  66
  67         if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
  68                 syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m");
  69                 return;
  70         }
  71         if (adt_set_user(ah, pwd->pw_uid,  pwd->pw_gid,
  72             pwd->pw_uid,  pwd->pw_gid, NULL, ADT_USER)) {
  73                 syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m");
  74                 (void) adt_end_session(ah);
  75                 return;
  76         }
  77         event = adt_alloc_event(ah, event_id);
  78
  79         if (event == NULL)
  80                 return;
  81
  82         switch (event_id) {
  83         case ADT_zlogin:
  84                 event->adt_zlogin.message = optional_text;
  85                 break;
  86         default:
  87                 break;
  88         }
  89         rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
  90
  91         (void) adt_free_event(event);
  92         if (rc) {
  93                 (void) adt_end_session(ah);
  94                 syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m");
  95                 return;
  96         }
  97         /*
  98          * The code above executes whether or not audit is enabled.
  99          * However audit_logout must only execute if audit is
 100          * enabled so we don't fork unnecessarily.
 101          */
 102         if (adt_audit_enabled()) {
 103                 switch (event_id) {
 104                 case ADT_login:
 105                 case ADT_rlogin:
 106                 case ADT_telnet:
 107                 case ADT_zlogin:
 108                         audit_logout(ah);       /* fork to catch logout */
 109                         break;
 110                 }
 111         }
 112         (void) adt_end_session(ah);
 113 }
 114
 115 /*
 116  * errors are ignored since there is no action to take on error
 117  */
 118 static void
 119 audit_logout(adt_session_data_t *ah)
 120 {
 121         adt_event_data_t        *logout;
 122         int                     status;         /* wait status */
 123         pid_t                   pid;
 124         priv_set_t              *priv;          /* waiting process privs */
 125
 126         if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {
 127                 syslog(LOG_AUTH | LOG_ALERT,
 128                     "adt_alloc_event(ADT_logout): %m");
 129                 return;
 130         }
 131         if ((priv = priv_allocset())  == NULL) {
 132                 syslog(LOG_AUTH | LOG_ALERT,
 133                     "login audit_logout: could not alloc basic privs: %m");
 134                 adt_free_event(logout);
 135                 return;
 136         }
 137
 138         /*
 139          * The child returns and continues the login processing.
 140          * The parent's sole job is to wait for child exit, write the
 141          * logout audit record, and replay the child's exit code.
 142          */
 143
 144         if ((pid = fork()) == 0) {
 145                 /* child */
 146
 147                 adt_free_event(logout);
 148                 priv_freeset(priv);
 149                 return;
 150         }
 151         if (pid == -1) {
 152                 /* failure */
 153
 154                 syslog(LOG_AUTH | LOG_ALERT,
 155                     "login audit_logout: could not fork: %m");
 156                 adt_free_event(logout);
 157                 priv_freeset(priv);
 158                 return;
 159         }
 160
 161         /* parent process */
 162
 163         /*
 164          * When this routine is called, the current working
 165          * directory is the user's home directory and there are
 166          * unknown open files. For the waiting process, change the
 167          * current directory to root and close files so that the
 168          * user's home directory and anything else can be unmounted
 169          * if necessary.
 170          */
 171         if (chdir("/") != 0) {
 172                 syslog(LOG_AUTH | LOG_ALERT,
 173                     "login audit_logut: could not chdir /: %m");
 174         }
 175         /*
 176          * Reduce privileges to just those needed.
 177          */
 178         priv_basicset(priv);
 179         (void) priv_delset(priv, PRIV_PROC_EXEC);
 180         (void) priv_delset(priv, PRIV_PROC_FORK);
 181         (void) priv_delset(priv, PRIV_PROC_INFO);
 182         (void) priv_delset(priv, PRIV_PROC_SESSION);
 183         (void) priv_delset(priv, PRIV_FILE_LINK_ANY);
 184         if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
 185             (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
 186                 syslog(LOG_AUTH | LOG_ALERT,
 187                     "login audit_logout: could not reduce privs: %m");
 188         }
 189         closefrom(0);
 190         priv_freeset(priv);
 191         while (pid != waitpid(pid, &status, 0))
 192                 continue;
 193
 194         (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
 195         adt_free_event(logout);
 196         (void) adt_end_session(ah);
 197         exit(WEXITSTATUS(status));
 198 }
 199
 200 /*
 201  * errors are ignored since there is no action to take on error.
 202  *
 203  * If the user id is invalid, pwd is NULL.
 204  */
 205 void
 206 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
 207     const char *hostname, const char *ttyname, char *optional_text)
 208 {
 209         adt_session_data_t      *ah;
 210         adt_event_data_t        *event;
 211         uid_t                   uid;
 212         gid_t                   gid;
 213         adt_termid_t            *p_tid;
 214
 215         if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
 216                 return;
 217
 218         uid = ADT_NO_ATTRIB;
 219         gid = ADT_NO_ATTRIB;
 220         if (pwd != NULL) {
 221                 uid = pwd->pw_uid;
 222                 gid = pwd->pw_gid;
 223         }
 224         /*
 225          * If this is a remote login, in.rlogind or in.telnetd has
 226          * already set the terminal id, in which case
 227          * adt_load_hostname() will use the preset terminal id and
 228          * ignore hostname.  (If no remote host and ttyname is NULL,
 229          * let adt_load_ttyname() figure out what to do.)
 230          */
 231         if (*hostname == '\0')
 232                 (void) adt_load_ttyname(ttyname, &p_tid);
 233         else
 234                 (void) adt_load_hostname(hostname, &p_tid);
 235
 236         if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
 237                 (void) adt_end_session(ah);
 238                 if (p_tid != NULL)
 239                         free(p_tid);
 240                 return;
 241         }
 242         if (p_tid != NULL)
 243                 free(p_tid);
 244
 245         event = adt_alloc_event(ah, event_id);
 246         if (event == NULL) {
 247                 return;
 248         }
 249         switch (event_id) {
 250         case ADT_zlogin:
 251                 event->adt_zlogin.message = optional_text;
 252                 break;
 253         }
 254         (void) adt_put_event(event, ADT_FAILURE, failure_code);
 255
 256         adt_free_event(event);
 257         (void) adt_end_session(ah);
 258 }