usr/src/lib/libbsm/common/audit_kadmind.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  *
  25  */
  26 #include <sys/types.h>
  27 #include <sys/param.h>
  28 #include <stdio.h>
  29 #include <sys/fcntl.h>
  30 #include <bsm/audit.h>
  31 #include <bsm/audit_record.h>
  32 #include <bsm/audit_uevents.h>
  33 #include <bsm/libbsm.h>
  34 #include <stdlib.h>
  35 #include <string.h>
  36 #include <syslog.h>
  37 #include <netinet/in.h>
  38 #include <sys/socket.h>
  39 #include <rpc/rpc.h>
  40 #include <tiuser.h>
  41 #include <unistd.h>
  42 #include <generic.h>
  43 #include <note.h>
  44
  45 #ifdef C2_DEBUG2
  46 #define dprintf(x) { (void) printf x; }
  47 #else
  48 #define dprintf(x)
  49 #endif
  50
  51 /*
  52  * netbuf2pm()
  53  *
  54  * Given an endpt in netbuf form,  return the port and machine.
  55  * kadmind (currently) only works over IPv4, so only handle IPv4 addresses.
  56  */
  57 static void
  58 netbuf2pm(
  59         struct netbuf *addr,
  60         in_port_t *port,
  61         uint32_t *machine)
  62 {
  63         struct sockaddr_in sin4;
  64
  65         if (!addr) {
  66                 syslog(LOG_DEBUG, "netbuf2pm: addr == NULL");
  67                 return;
  68         }
  69
  70         if (!addr->buf) {
  71                 syslog(LOG_DEBUG, "netbuf2pm: addr->buf == NULL");
  72                 return;
  73         }
  74
  75         (void) memcpy(&sin4, addr->buf, sizeof (struct sockaddr_in));
  76         if (sin4.sin_family == AF_INET) {
  77                 if (machine)
  78                         *machine = sin4.sin_addr.s_addr;
  79                 if (port)
  80                         *port = sin4.sin_port;
  81         } else {
  82                 dprintf(("netbuf2pm: unknown caller IP address family %d",
  83                     sin4.sin_family));
  84                 syslog(LOG_DEBUG,
  85                     "netbuf2pm: unknown caller IP address family %d",
  86                     sin4.sin_family);
  87         }
  88 }
  89
  90 #define AUD_NULL_STR(s)         ((s) ? (s) : "(null)")
  91
  92 static void
  93 common_audit(
  94         au_event_t event,       /* audit event */
  95         SVCXPRT *xprt,          /* net transport handle */
  96         in_port_t l_port,       /* local port */
  97         char *op,               /* requested operation */
  98         char *prime_arg,        /* argument for op */
  99         char *clnt_name,        /* client principal name */
 100         int sorf)               /* flag for success or failure */
 101
 102 {
 103         auditinfo_t ai;
 104         in_port_t r_port = 0;
 105         dev_t port;
 106         uint32_t machine = 0;
 107         char text_buf[512];
 108
 109         dprintf(("common_audit() start\n"));
 110
 111         /* if auditing turned off, then don't do anything */
 112         if (cannot_audit(0))
 113                 return;
 114
 115         (void) aug_save_namask();
 116
 117         /*
 118          * set default values. We will overwrite them if appropriate.
 119          */
 120         if (getaudit(&ai)) {
 121                 perror("kadmind");
 122                 return;
 123         }
 124         aug_save_auid(ai.ai_auid);      /* Audit ID */
 125         aug_save_uid(getuid());         /* User ID */
 126         aug_save_euid(geteuid());       /* Effective User ID */
 127         aug_save_gid(getgid());         /* Group ID */
 128         aug_save_egid(getegid());       /* Effective Group ID */
 129         aug_save_pid(getpid());         /* process ID */
 130         aug_save_asid(getpid());        /* session ID */
 131
 132         aug_save_event(event);
 133         aug_save_sorf(sorf);
 134
 135         (void) snprintf(text_buf, sizeof (text_buf), "Op: %s",
 136                 AUD_NULL_STR(op));
 137         aug_save_text(text_buf);
 138         (void) snprintf(text_buf, sizeof (text_buf), "Arg: %s",
 139                 AUD_NULL_STR(prime_arg));
 140         aug_save_text1(text_buf);
 141         (void) snprintf(text_buf, sizeof (text_buf), "Client: %s",
 142                 AUD_NULL_STR(clnt_name));
 143         aug_save_text2(text_buf);
 144
 145         netbuf2pm(svc_getrpccaller(xprt), &r_port, &machine);
 146
 147         dprintf(("common_audit(): l_port=%d, r_port=%d,\n",
 148                 ntohs(l_port), ntohs(r_port)));
 149
 150         port = (r_port<<16 | l_port);
 151
 152         aug_save_tid_ex(port,  &machine, AU_IPv4);
 153
 154         (void) aug_audit();
 155 }
 156
 157 void
 158 audit_kadmind_auth(
 159         SVCXPRT *xprt,
 160         in_port_t l_port,
 161         char *op,
 162         char *prime_arg,
 163         char *clnt_name,
 164         int sorf)
 165 {
 166         common_audit(AUE_kadmind_auth, xprt, l_port, op, prime_arg,
 167             clnt_name, sorf);
 168 }
 169
 170 void
 171 audit_kadmind_unauth(
 172         SVCXPRT *xprt,
 173         in_port_t l_port,
 174         char *op,
 175         char *prime_arg,
 176         char *clnt_name)
 177 {
 178         common_audit(AUE_kadmind_unauth, xprt, l_port, op, prime_arg,
 179             clnt_name, 1);
 180 }