usr/src/lib/libbsm/common/audit_ftpd.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24
  25 #include <sys/types.h>
  26 #include <sys/param.h>
  27 #include <stdio.h>
  28 #include <sys/fcntl.h>
  29 #include <stdlib.h>
  30 #include <string.h>
  31 #include <syslog.h>
  32 #include <unistd.h>
  33
  34 #include <sys/socket.h>
  35 #include <sys/sockio.h>
  36 #include <netinet/in.h>
  37
  38 #include <bsm/audit.h>
  39 #include <bsm/audit_record.h>
  40 #include <bsm/audit_uevents.h>
  41 #include <bsm/libbsm.h>
  42 #include <bsm/audit_private.h>
  43
  44 #include <locale.h>
  45 #include <pwd.h>
  46 #include <generic.h>
  47
  48 #define BAD_PASSWD      (1)
  49 #define UNKNOWN_USER    (2)
  50 #define EXCLUDED_USER   (3)
  51 #define NO_ANONYMOUS    (4)
  52 #define MISC_FAILURE    (5)
  53
  54 static char             luser[LOGNAME_MAX + 1];
  55
  56 static void generate_record(char *, int, char *);
  57 static int selected(uid_t, char *, au_event_t, int);
  58
  59 void
  60 audit_ftpd_bad_pw(char *uname)
  61 {
  62         if (cannot_audit(0)) {
  63                 return;
  64         }
  65         (void) strncpy(luser, uname, LOGNAME_MAX);
  66         generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, "bad password"));
  67 }
  68
  69
  70 void
  71 audit_ftpd_unknown(char *uname)
  72 {
  73         if (cannot_audit(0)) {
  74                 return;
  75         }
  76         (void) strncpy(luser, uname, LOGNAME_MAX);
  77         generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, "unknown user"));
  78 }
  79
  80
  81 void
  82 audit_ftpd_excluded(char *uname)
  83 {
  84         if (cannot_audit(0)) {
  85                 return;
  86         }
  87         (void) strncpy(luser, uname, LOGNAME_MAX);
  88         generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
  89             "excluded user"));
  90 }
  91
  92
  93 void
  94 audit_ftpd_no_anon(void)
  95 {
  96         if (cannot_audit(0)) {
  97                 return;
  98         }
  99         generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, "no anonymous"));
 100 }
 101
 102 void
 103 audit_ftpd_failure(char *uname)
 104 {
 105         if (cannot_audit(0)) {
 106                 return;
 107         }
 108         generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, "misc failure"));
 109 }
 110
 111 void
 112 audit_ftpd_success(char *uname)
 113 {
 114         if (cannot_audit(0)) {
 115                 return;
 116         }
 117         (void) strncpy(luser, uname, LOGNAME_MAX);
 118         generate_record(luser, 0, "");
 119 }
 120
 121
 122
 123 static void
 124 generate_record(
 125                 char    *locuser,       /* username of local user */
 126                 int     err,            /* error status */
 127                                         /* (=0 success, >0 error code) */
 128                 char    *msg)           /* error message */
 129 {
 130         int     rd;             /* audit record descriptor */
 131         char    buf[256];       /* temporary buffer */
 132         uid_t   uid;
 133         gid_t   gid;
 134         uid_t   ruid;           /* real uid */
 135         gid_t   rgid;           /* real gid */
 136         pid_t   pid;
 137         struct passwd *pwd;
 138         uid_t   ceuid;          /* current effective uid */
 139         struct auditinfo_addr info;
 140
 141         if (cannot_audit(0)) {
 142                 return;
 143         }
 144
 145         pwd = getpwnam(locuser);
 146         if (pwd == NULL) {
 147                 uid = (uid_t)-1;
 148                 gid = (gid_t)-1;
 149         } else {
 150                 uid = pwd->pw_uid;
 151                 gid = pwd->pw_gid;
 152         }
 153
 154         ceuid = geteuid();      /* save current euid */
 155         (void) seteuid(0);      /* change to root so you can audit */
 156
 157         /* determine if we're preselected */
 158         if (!selected(uid, locuser, AUE_ftpd, err)) {
 159                 (void) seteuid(ceuid);
 160                 return;
 161         }
 162
 163         ruid = getuid();        /* get real uid */
 164         rgid = getgid();        /* get real gid */
 165
 166         pid = getpid();
 167
 168         /* see if terminal id already set */
 169         if (getaudit_addr(&info, sizeof (info)) < 0) {
 170                 perror("getaudit");
 171         }
 172
 173         rd = au_open();
 174
 175         /* add subject token */
 176         (void) au_write(rd, au_to_subject_ex(uid, uid, gid,
 177             ruid, rgid, pid, pid, &info.ai_termid));
 178
 179         /* add return token */
 180         errno = 0;
 181         if (err) {
 182                 /* add reason for failure */
 183                 if (err == UNKNOWN_USER)
 184                         (void) snprintf(buf, sizeof (buf),
 185                             "%s %s", msg, locuser);
 186                 else
 187                         (void) snprintf(buf, sizeof (buf), "%s", msg);
 188                 (void) au_write(rd, au_to_text(buf));
 189 #ifdef _LP64
 190                 (void) au_write(rd, au_to_return64(-1, (int64_t)err));
 191 #else
 192                 (void) au_write(rd, au_to_return32(-1, (int32_t)err));
 193 #endif
 194         } else {
 195 #ifdef _LP64
 196                 (void) au_write(rd, au_to_return64(0, (int64_t)0));
 197 #else
 198                 (void) au_write(rd, au_to_return32(0, (int32_t)0));
 199 #endif
 200         }
 201
 202         /* write audit record */
 203         if (au_close(rd, 1, AUE_ftpd) < 0) {
 204                 (void) au_close(rd, 0, 0);
 205         }
 206         (void) seteuid(ceuid);
 207 }
 208
 209
 210 static int
 211 selected(
 212         uid_t           uid,
 213         char            *locuser,
 214         au_event_t      event,
 215         int     err)
 216 {
 217         int             sorf;
 218         struct au_mask  mask;
 219
 220         mask.am_success = mask.am_failure = 0;
 221         if (uid > MAXEPHUID) {
 222                 /* get non-attrib flags */
 223                 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
 224         } else {
 225                 (void) au_user_mask(locuser, &mask);
 226         }
 227
 228         if (err == 0) {
 229                 sorf = AU_PRS_SUCCESS;
 230         } else if (err >= 1) {
 231                 sorf = AU_PRS_FAILURE;
 232         } else {
 233                 sorf = AU_PRS_BOTH;
 234         }
 235
 236         return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
 237 }
 238
 239
 240 void
 241 audit_ftpd_logout(void)
 242 {
 243         int     rd;             /* audit record descriptor */
 244         uid_t   euid;
 245         gid_t   egid;
 246         uid_t   uid;
 247         gid_t   gid;
 248         pid_t   pid;
 249         struct auditinfo_addr info;
 250
 251         if (cannot_audit(0)) {
 252                 return;
 253         }
 254
 255         (void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
 256
 257         /* see if terminal id already set */
 258         if (getaudit_addr(&info, sizeof (info)) < 0) {
 259                 perror("getaudit");
 260         }
 261
 262         /* determine if we're preselected */
 263         if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
 264             AU_PRS_USECACHE) == 0) {
 265                 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
 266                     NULL);
 267                 return;
 268         }
 269
 270         euid = geteuid();
 271         egid = getegid();
 272         uid = getuid();
 273         gid = getgid();
 274         pid = getpid();
 275
 276         rd = au_open();
 277
 278         /* add subject token */
 279         (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
 280             egid, uid, gid, pid, pid, &info.ai_termid));
 281
 282         /* add return token */
 283         errno = 0;
 284 #ifdef _LP64
 285         (void) au_write(rd, au_to_return64(0, (int64_t)0));
 286 #else
 287         (void) au_write(rd, au_to_return32(0, (int32_t)0));
 288 #endif
 289
 290         /* write audit record */
 291         if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
 292                 (void) au_close(rd, 0, 0);
 293         }
 294         (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
 295 }