usr/src/cmd/smserverd/myaudit.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26
  27 #include <netdb.h>
  28 #include <netinet/in.h>
  29 #include <pwd.h>
  30 #include <sys/errno.h>
  31 #include <sys/mutex.h>
  32 #include <sys/param.h>
  33 #include <sys/socket.h>
  34 #include <sys/stat.h>
  35 #include <sys/types.h>
  36 #include <string.h>
  37 #include <unistd.h>
  38 #include <stdlib.h>
  39 #include <alloca.h>
  40 #include <sys/smedia.h>
  41 #include "smserver.h"
  42 #include <bsm/audit.h>
  43 #include <bsm/libbsm.h>
  44 #include <bsm/audit_uevents.h>
  45 #include <bsm/audit_record.h>
  46
  47 /* Private Functions */
  48 static int selected(au_event_t, au_mask_t *, int);
  49
  50 static int audit_selected(door_data_t *);
  51 static int audit_na_selected(door_data_t *);
  52 static int audit_save_namask(door_data_t *door_dp);
  53 static int audit_save_policy(door_data_t *door_dp);
  54
  55 /*
  56  * can_audit:
  57  *      Return 1 if audit module is loaded.
  58  *      Return 0 otherwise.
  59  *
  60  */
  61 int
  62 can_audit(void)
  63 {
  64         static int auc = AUC_UNSET;
  65         int cond = 0;
  66
  67         if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) {
  68                 auc = AUC_DISABLED;
  69         } else {
  70                 auc = cond;
  71         }
  72         if (auc == AUC_DISABLED)
  73                 return (0);
  74         else return (1);
  75 }
  76
  77 static int
  78 audit_save_policy(door_data_t *door_dp)
  79 {
  80         uint32_t policy;
  81
  82         if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) {
  83                 return (-1);
  84         }
  85         door_dp->audit_policy = policy;
  86         return (0);
  87 }
  88
  89 /*
  90  * audit_init():
  91  *      Initialize variables.
  92  */
  93 void
  94 audit_init(door_data_t *door_dp)
  95 {
  96         door_dp->audit_auid = (uid_t)-1;
  97         door_dp->audit_uid = (uid_t)-1;
  98         door_dp->audit_euid = (uid_t)-1;
  99         door_dp->audit_gid = (gid_t)-1;
 100         door_dp->audit_egid = (gid_t)-1;
 101         door_dp->audit_pid = -1;
 102         door_dp->audit_tid.at_port = 0;
 103         door_dp->audit_tid.at_type = 0;
 104         door_dp->audit_tid.at_addr[0] = 0;
 105         door_dp->audit_tid.at_addr[1] = 0;
 106         door_dp->audit_tid.at_addr[2] = 0;
 107         door_dp->audit_tid.at_addr[3] = 0;
 108         door_dp->audit_namask.am_success = (int)-1;
 109         door_dp->audit_namask.am_failure = (int)-1;
 110         door_dp->audit_event = 0;
 111         door_dp->audit_sorf = -2;
 112         door_dp->audit_user = NULL;
 113         door_dp->audit_text[0] = '\0';
 114         door_dp->audit_text1[0] = '\0';
 115         door_dp->audit_na = 0;
 116         door_dp->audit_asid = (au_asid_t)(-1);
 117         door_dp->audit_path = NULL;
 118 }
 119
 120 int
 121 audit_save_me(door_data_t       *door_dp)
 122 {
 123         door_cred_t     client_cred;
 124         int             ret_val;
 125         int             i;
 126
 127         ret_val = door_cred(&client_cred);
 128         if (ret_val == -1)
 129                 return (ret_val);
 130         door_dp->audit_ap.ap_pid = client_cred.dc_pid;
 131         ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
 132             sizeof (door_dp->audit_ap));
 133         if (ret_val == -1)
 134                 return (ret_val);
 135
 136         door_dp->audit_auid = door_dp->audit_ap.ap_auid;
 137         door_dp->audit_euid = client_cred.dc_euid;
 138         door_dp->audit_egid = client_cred.dc_egid;
 139         door_dp->audit_uid = client_cred.dc_ruid;
 140         door_dp->audit_gid = client_cred.dc_rgid;
 141         door_dp->audit_pid = client_cred.dc_pid;
 142         door_dp->audit_asid = door_dp->audit_ap.ap_asid;
 143         door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port;
 144         door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
 145         for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
 146                 door_dp->audit_tid.at_addr[i] =
 147                     door_dp->audit_ap.ap_termid.at_addr[i];
 148         (void) audit_save_policy(door_dp);
 149         return (0);
 150 }
 151
 152 /*
 153  * audit_save_namask():
 154  *      Save the namask using the naflags entry in the audit_control file.
 155  *      Return 0 if successful.
 156  *      Return -1, and don't change the namask, if failed.
 157  *      Side Effect: Sets audit_na to -1 if error, 1 if successful.
 158  */
 159 static int
 160 audit_save_namask(door_data_t *door_dp)
 161 {
 162         au_mask_t mask;
 163
 164         door_dp->audit_na = -1;
 165
 166         /*
 167          * get non-attributable system event mask from kernel.
 168          */
 169         if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) {
 170                 return (-1);
 171         }
 172
 173         door_dp->audit_namask.am_success = mask.am_success;
 174         door_dp->audit_namask.am_failure = mask.am_failure;
 175         door_dp->audit_na = 1;
 176         return (0);
 177 }
 178
 179 /*
 180  * audit_audit:
 181  *      Cut and audit record if it is selected.
 182  *      Return 0, if successfully written.
 183  *      Return 0, if not written, and not expected to write.
 184  *      Return -1, if not written because of unexpected error.
 185  */
 186 int
 187 audit_audit(door_data_t *door_dp)
 188 {
 189         int ad;
 190
 191         if (can_audit() == 0) {
 192                 return (0);
 193         }
 194
 195         if (door_dp->audit_na) {
 196                 if (!audit_na_selected(door_dp)) {
 197                         return (0);
 198                 }
 199         } else if (!audit_selected(door_dp)) {
 200                 return (0);
 201         }
 202
 203         if ((ad = au_open()) == -1) {
 204                 return (-1);
 205         }
 206
 207         (void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
 208             door_dp->audit_euid,
 209             door_dp->audit_egid,
 210             door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
 211             door_dp->audit_asid, &door_dp->audit_tid));
 212         if (door_dp->audit_policy & AUDIT_GROUP) {
 213
 214                 int ng;
 215                 int maxgrp = getgroups(0, NULL);
 216                 gid_t *grplst = alloca(maxgrp * sizeof (gid_t));
 217
 218                 if ((ng = getgroups(maxgrp, grplst))) {
 219                         (void) au_write(ad, au_to_newgroups(ng, grplst));
 220                 }
 221         }
 222         if (strlen(door_dp->audit_text) != 0) {
 223                 (void) au_write(ad, au_to_text(door_dp->audit_text));
 224         }
 225         if (strlen(door_dp->audit_text1) != 0) {
 226                 (void) au_write(ad, au_to_text(door_dp->audit_text1));
 227         }
 228         if (door_dp->audit_path != NULL) {
 229                 (void) au_write(ad, au_to_path(door_dp->audit_path));
 230         }
 231 #ifdef _LP64
 232         (void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
 233             (int64_t)door_dp->audit_sorf));
 234 #else
 235         (void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
 236             (int32_t)door_dp->audit_sorf));
 237 #endif
 238         if (au_close(ad, 1, door_dp->audit_event) < 0) {
 239                 (void) au_close(ad, 0, 0);
 240                 return (-1);
 241         }
 242
 243         return (0);
 244 }
 245
 246 static int
 247 audit_na_selected(door_data_t *door_dp)
 248 {
 249         if (door_dp->audit_na == -1) {
 250                 return (-1);
 251         }
 252
 253         return (selected(door_dp->audit_event,
 254             &door_dp->audit_namask, door_dp->audit_sorf));
 255 }
 256
 257 static int
 258 audit_selected(door_data_t *door_dp)
 259 {
 260
 261         if (door_dp->audit_uid > MAXUID) {
 262                 (void) audit_save_namask(door_dp);
 263                 return (audit_na_selected(door_dp));
 264         }
 265
 266         return (selected(door_dp->audit_event,
 267             &door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
 268 }
 269
 270 static int
 271 selected(au_event_t e, au_mask_t *m, int sorf)
 272 {
 273         int prs_sorf;
 274
 275         if (sorf == 0) {
 276                 prs_sorf = AU_PRS_SUCCESS;
 277         } else if (sorf == -1) {
 278                 prs_sorf = AU_PRS_FAILURE;
 279         } else {
 280                 prs_sorf = AU_PRS_BOTH;
 281         }
 282
 283         return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
 284 }