/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. */ #include #include #include #include #include #include #include #include #include /* adt_write_syslog */ /* ARGSUSED */ static int audit_flags(const char *name, kva_t *kva, void *ctxt, void *pres) { char *val; if ((val = kva_match(kva, USERATTR_AUDIT_FLAGS_KW)) != NULL) { if ((*(char **)ctxt = strdup(val)) == NULL) { adt_write_syslog("au_user_mask strdup failed", errno); } return (1); } return (0); } /* * Build user's audit preselection mask. * * per-user audit flags are optional and may be missing. * If global zone auditing is set, a local zone cannot reduce the default * flags. * * success flags = (system default success flags + per-user always success) - * per-user never success flags * failure flags = (system default failure flags + per-user always failure) - * per-user never failure flags */ int au_user_mask(char *user, au_mask_t *mask) { char *last = NULL; char deflt[360]; /* matches stuff in getac*.c */ char *user_flags = NULL; if (mask == NULL) { return (-1); } /* * Get the default audit flags. */ setac(); if (getacflg(deflt, sizeof (deflt)) != 0) { endac(); return (-1); } endac(); (void) getauditflagsbin(deflt, mask); /* * Get per-user audit flags. */ (void) _enum_attrs(user, audit_flags, &user_flags, NULL); if (user_flags != NULL) { au_user_ent_t per_user; (void) getauditflagsbin(_strtok_escape(user_flags, KV_AUDIT_DELIMIT, &last), &(per_user.au_always)); (void) getauditflagsbin(_strtok_escape(NULL, KV_AUDIT_DELIMIT, &last), &(per_user.au_never)); /* merge default and per-user */ mask->as_success |= per_user.au_always.as_success; mask->as_failure |= per_user.au_always.as_failure; mask->as_success &= ~(per_user.au_never.as_success); mask->as_failure &= ~(per_user.au_never.as_failure); free(user_flags); } return (0); }