4  * - deal with overlap between this and sys_auth_allowed_user
9  * Copyright 1988-2002 Sun Microsystems, Inc.  All rights reserved.
124 /* Below is the low-level BSM interface code */
128  * different mechanism in audit_connection_from() for IPv4-only machines.
145 		return -1;  in aug_get_machine()
148 	switch (ai->ai_family) {  in aug_get_machine()
150 		in4 = (struct sockaddr_in *)ai->ai_addr;  in aug_get_machine()
152 		memcpy(addr, &in4->sin_addr, sizeof(struct in_addr));  in aug_get_machine()
156 		in6 = (struct sockaddr_in6 *)ai->ai_addr;  in aug_get_machine()
158 		memcpy(addr, &in6->sin6_addr, sizeof(struct in6_addr));  in aug_get_machine()
163 		    host, ai->ai_family);  in aug_get_machine()
164 		ret = -1;  in aug_get_machine()
175   non-existent config file. This function re-implements getacna() to
187 	 * The man page for getacna on Solaris 10 states we should return -2  in getacna()
194 		return -2;  in getacna()
197 	if (ret == -1)   in getacna()
198 		return -2;  in getacna()
202 		return -2;  in getacna()
207 	if (ret == -1)   in getacna()
208 		return -2;  in getacna()
212 		return -2;  in getacna()
215 	if (ret == -1)   in getacna()
216 		return -2;  in getacna()
219 	if (ret == -1)   in getacna()
220 		return -2;  in getacna()
231  * Check if the specified event is selected (enabled) for auditing.
232  * Returns 1 if the event is selected, 0 if not and -1 on failure.
235 selected(char *username, uid_t uid, au_event_t event, int sf)  in selected()  function
243 		/* get flags for non-attributable (to a real user) events */  in selected()
258 	uid_t		uid = -1;  in bsm_audit_record()
259 	gid_t		gid = -1;  in bsm_audit_record()
263 	if (the_authctxt != NULL && the_authctxt->valid) {  in bsm_audit_record()
264 		uid = the_authctxt->pw->pw_uid;  in bsm_audit_record()
265 		gid = the_authctxt->pw->pw_gid;  in bsm_audit_record()
268 	rc = (typ == 0) ? 0 : -1;  in bsm_audit_record()
269 	sel = selected(the_authctxt->user, uid, event_no, rc);  in bsm_audit_record()
309 	if (the_authctxt->valid)  in bsm_audit_session_setup()
310 		info.ai_auid = the_authctxt->pw->pw_uid;  in bsm_audit_session_setup()
312 		info.ai_auid = -1;  in bsm_audit_session_setup()
317 	(void) au_user_mask(the_authctxt->user, &mask);  in bsm_audit_session_setup()
335 	if (the_authctxt->valid) {  in bsm_audit_bad_login()
337 			gettext("invalid %s for user %s"),  in bsm_audit_bad_login()
338 			    what, the_authctxt->user);  in bsm_audit_bad_login()
342 			gettext("invalid user name \"%s\""),  in bsm_audit_bad_login()
343 			    the_authctxt->user);  in bsm_audit_bad_login()
362 	tid->at_port = (dev_t)port;  in audit_connection_from()
363 	aug_get_machine((char *)host, &(tid->at_addr[0]), &(tid->at_type));  in audit_connection_from()
364 	snprintf(buf, sizeof(buf), "%08x %08x %08x %08x", tid->at_addr[0],  in audit_connection_from()
365 	    tid->at_addr[1], tid->at_addr[2], tid->at_addr[3]);  in audit_connection_from()
366 	debug3("BSM audit: iptype %d machine ID %s", (int)tid->at_type, buf);  in audit_connection_from()
368 	/* this is used on IPv4-only machines */  in audit_connection_from()
369 	tid->port = (dev_t)port;  in audit_connection_from()
370 	tid->machine = inet_addr(host);  in audit_connection_from()
371 	snprintf(buf, sizeof(buf), "%08x", tid->machine);  in audit_connection_from()
399 	const char *user = the_authctxt ? the_authctxt->user : "(unknown user)";  in audit_event()  local
409 		    gettext("successful login %s"), user);  in audit_event()
415 		 * We can also get a close event if the user attempted auth  in audit_event()
420 			    gettext("sshd logout %s"), the_authctxt->user);  in audit_event()
435 		    gettext("too many tries for user %s"), the_authctxt->user);  in audit_event()