xref: /titanic_44/usr/src/lib/libbsm/common/adt.c (revision 4aed303fe6fe4f743ab401f6fafa1c161060c57b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
24  */
25 
26 #include <bsm/adt.h>
27 #include <bsm/adt_event.h>
28 #include <assert.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/libbsm.h>
32 #include <door.h>
33 #include <errno.h>
34 #include <generic.h>
35 #include <md5.h>
36 #include <sys/mkdev.h>
37 #include <netdb.h>
38 #include <nss_dbdefs.h>
39 #include <pwd.h>
40 #include <sys/stat.h>
41 #include <time.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <synch.h>
45 #include <sys/systeminfo.h>
46 #include <syslog.h>
47 #include <thread.h>
48 #include <unistd.h>
49 #include <adt_xlate.h>
50 #include <adt_ucred.h>
51 #include <arpa/inet.h>
52 #include <net/if.h>
53 #include <libinetutil.h>
54 
55 static int adt_selected(struct adt_event_state *, au_event_t, int);
56 static int adt_init(adt_internal_state_t *, int);
57 static int adt_import(adt_internal_state_t *, const adt_export_data_t *);
58 static m_label_t *adt_ucred_label(ucred_t *);
59 static void adt_setto_unaudited(adt_internal_state_t *);
60 static int adt_get_local_address(int, struct ifaddrlist *);
61 
62 #ifdef C2_DEBUG
63 #define	DPRINTF(x) { (void) printf x; }
64 #define	DFLUSH (void) fflush(stdout);
65 #else
66 #define	DPRINTF(x)
67 #define	DFLUSH
68 #endif
69 
70 /*
71  * Local audit states are a bit mask
72  *
73  * The global audit states are
74  *
75  * AUC_UNSET             0      - on/off hasn't been decided
76  * AUC_ENABLED           1      - loaded and enabled
77  *
78  * The local Zone states are
79  *
80  * AUC_AUDITING         0x1     - audit daemon is active
81  * AUC_NOAUDIT          0x2     - audit daemon is not active
82  * AUC_INIT_AUDIT       0x4     - audit is ready but auditd has not run
83  * AUC_NOSPACE          0x8     - audit enabled, no space for audit records
84  *
85  * The only values returned by auditon(A_GETCOND) are:
86  * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE
87  *
88  * The pseudo audit state used when the c2audit module is excluded is
89  *
90  * AUC_DISABLED		0x100	- c2audit module is excluded
91  */
92 
93 static int auditstate = AUC_DISABLED;	/* default state */
94 
95 /*
96  * adt_write_syslog
97  *
98  * errors that are not the user's fault (bugs or whatever in
99  * the underlying audit code are noted in syslog.)
100  *
101  * Avoid calling adt_write_syslog for things that can happen
102  * at high volume.
103  *
104  * syslog's open (openlog) and close (closelog) are interesting;
105  * openlog *may* create a file descriptor and is optional.  closelog
106  * *will* close any open file descriptors and is also optional.
107  *
108  * Since syslog may also be used by the calling application, the
109  * choice is to avoid openlog, which sets some otherwise useful
110  * parameters, and to embed "Solaris_audit" in the log message.
111  */
112 
113 void
adt_write_syslog(const char * message,int err)114 adt_write_syslog(const char *message, int err)
115 {
116 	int	save_errno = errno;
117 	int	mask_priority;
118 
119 	DPRINTF(("syslog called: %s\n", message));
120 
121 	mask_priority = setlogmask(LOG_MASK(LOG_ALERT));
122 	errno = err;
123 	syslog(LOG_ALERT, "Solaris_audit %s: %m", message);
124 	(void) setlogmask(mask_priority);
125 	errno = save_errno;
126 }
127 
128 /*
129  * return true if c2audit is not excluded.
130  *
131  *	For purpose of this API, anything but AUC_DISABLED
132  *	is enabled; however one never actually sees
133  *	AUC_DISABLED since auditon returns ENOTSUP in that case.  Any
134  *	auditon error is considered the same as ENOTSUP for our
135  *	purpose.  auditstate is not changed by auditon if an error
136  *	is returned.
137  */
138 
139 /*
140  * XXX	this should probably be eliminated and adt_audit_state() replace it.
141  *	All the legitimate uses	are to not fork a waiting process for
142  *	process exit processing, as in su, login, dtlogin.  Other bogus
143  *	users are zoneadmd and init.
144  *	All but dtlogin are in ON, so we can do this without cross gate
145  *	synchronization.
146  *
147  *	No longer used in adt.c.
148  */
149 
150 boolean_t
adt_audit_enabled(void)151 adt_audit_enabled(void)
152 {
153 
154 	(void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
155 
156 	return (auditstate != AUC_DISABLED);
157 }
158 
159 /*
160  *	See adt_audit_enabled() for state discussions.
161  *	The state parameter is a hedge until all the uses become clear.
162  *	Likely if adt_audit_enabled is brought internal to this file,
163  *	it could be modified to take one or more parameters to describe the
164  *	state.
165  */
166 
167 boolean_t
adt_audit_state(int states)168 adt_audit_state(int states)
169 {
170 
171 	(void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
172 
173 	return ((auditstate & states) ? B_TRUE : B_FALSE);
174 }
175 
176 /*
177  * Get user_specific/non-attributable audit mask. This may be called even when
178  * auditing is off.
179  */
180 
181 static int
adt_get_mask_from_user(uid_t uid,au_mask_t * mask)182 adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
183 {
184 	struct passwd	pwd;
185 	long		buff_sz;
186 	char		*pwd_buff;
187 
188 
189 	if (auditstate & AUC_DISABLED) {
190 		/* c2audit excluded */
191 		mask->am_success = 0;
192 		mask->am_failure = 0;
193 	} else if (uid <= MAXUID) {
194 		if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
195 			adt_write_syslog("couldn't determine maximum size of "
196 			    "password buffer", errno);
197 			return (-1);
198 		}
199 		if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
200 			return (-1);
201 		}
202 		if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
203 			errno = EINVAL;	/* user doesn't exist */
204 			free(pwd_buff);
205 			return (-1);
206 		}
207 		if (au_user_mask(pwd.pw_name, mask)) {
208 			free(pwd_buff);
209 			errno = EFAULT; /* undetermined failure */
210 			return (-1);
211 		}
212 		free(pwd_buff);
213 	} else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
214 			return (-1);
215 	}
216 
217 	return (0);
218 }
219 
220 /*
221  * adt_get_unique_id -- generate a hopefully unique 32 bit value
222  *
223  * there will be a follow up to replace this with the use of /dev/random
224  *
225  * An MD5 hash is taken on a buffer of
226  *     hostname . audit id . unix time . pid . count
227  *
228  * "count = noise++;" is subject to a race condition but I don't
229  * see a need to put a lock around it.
230  */
231 
232 au_asid_t
adt_get_unique_id(au_id_t uid)233 adt_get_unique_id(au_id_t uid)
234 {
235 	char		hostname[MAXHOSTNAMELEN];
236 	union {
237 		au_id_t		v[4];
238 		unsigned char	obuff[128/8];
239 	} output;
240 	MD5_CTX	context;
241 
242 	static int	noise = 0;
243 
244 	int		count = noise++;
245 	time_t		timebits = time(NULL);
246 	pid_t		pidbits = getpid();
247 	au_asid_t	retval = 0;
248 
249 	if (gethostname(hostname, MAXHOSTNAMELEN)) {
250 		adt_write_syslog("gethostname call failed", errno);
251 		(void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN);
252 	}
253 
254 	while (retval == 0) {  /* 0 is the only invalid result */
255 		MD5Init(&context);
256 
257 		MD5Update(&context, (unsigned char *)hostname,
258 		    (unsigned int) strlen((const char *)hostname));
259 
260 		MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t));
261 
262 		MD5Update(&context,
263 		    (unsigned char *) &timebits, sizeof (time_t));
264 
265 		MD5Update(&context, (unsigned char *) &pidbits,
266 		    sizeof (pid_t));
267 
268 		MD5Update(&context, (unsigned char *) &(count), sizeof (int));
269 		MD5Final(output.obuff, &context);
270 
271 		retval = output.v[count % 4];
272 	}
273 	return (retval);
274 }
275 
276 /*
277  * the following "port" function deals with the following issues:
278  *
279  * 1    the kernel and ucred deal with a dev_t as a 64 bit value made
280  *      up from a 32 bit major and 32 bit minor.
281  * 2    User space deals with a dev_t as either the above 64 bit value
282  *      or a 32 bit value made from a 14 bit major and an 18 bit minor.
283  * 3    The various audit interfaces (except ucred) pass the 32 or
284  *      64 bit version depending the architecture of the userspace
285  *      application.  If you get a port value from ucred and pass it
286  *      to the kernel via auditon(), it must be squeezed into a 32
287  *      bit value because the kernel knows the userspace app's bit
288  *      size.
289  *
290  * The internal state structure for adt (adt_internal_state_t) uses
291  * dev_t, so adt converts data from ucred to fit.  The import/export
292  * functions, however, can't know if they are importing/exporting
293  * from 64 or 32 bit applications, so they always send 64 bits and
294  * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as
295  * appropriate.
296  */
297 
298 /*
299  * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are
300  * both 64 bits).  If lib is 32 bits, squeeze the two-int port into
301  * a 32 bit dev_t.  A port fits in the "minor" part of au_port_t,
302  * so it isn't broken up into pieces.  (When it goes to the kernel
303  * and back, however, it will have been split into major/minor
304  * pieces.)
305  */
306 
307 static void
adt_cpy_tid(au_tid_addr_t * dest,const au_tid64_addr_t * src)308 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
309 {
310 #ifdef _LP64
311 	(void) memcpy(dest, src, sizeof (au_tid_addr_t));
312 #else	/* _LP64 */
313 	dest->at_type = src->at_type;
314 
315 	dest->at_port  = src->at_port.at_minor & MAXMIN32;
316 	dest->at_port |= (src->at_port.at_major & MAXMAJ32) <<
317 	    NBITSMINOR32;
318 
319 	(void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t));
320 #endif	/* _LP64 */
321 }
322 
323 /*
324  * adt_start_session -- create interface handle, create context
325  *
326  * The imported_state input is normally NULL, if not, it represents
327  * a continued session; its values obviate the need for a subsequent
328  * call to adt_set_user().
329  *
330  * The flag is used to decide how to set the initial state of the session.
331  * If 0, the session is "no audit" until a call to adt_set_user; if
332  * ADT_USE_PROC_DATA, the session is built from the process audit
333  * characteristics obtained from the kernel.  If imported_state is
334  * not NULL, the resulting audit mask is an OR of the current process
335  * audit mask and that passed in.
336  *
337  * The basic model is that the caller can use the pointer returned
338  * by adt_start_session whether or not auditing is enabled or an
339  * error was returned.  The functions that take the session handle
340  * as input generally return without doing anything if auditing is
341  * disabled.
342  */
343 
344 int
adt_start_session(adt_session_data_t ** new_session,const adt_export_data_t * imported_state,adt_session_flags_t flags)345 adt_start_session(adt_session_data_t **new_session,
346     const adt_export_data_t *imported_state, adt_session_flags_t flags)
347 {
348 	adt_internal_state_t	*state;
349 	adt_session_flags_t	flgmask = ADT_FLAGS_ALL;
350 
351 	/* test and set auditstate */
352 	if (adt_audit_state(AUC_DISABLED)) {
353 		/* c2audit excluded */
354 		*new_session = NULL;
355 		return (0);
356 	}
357 
358 	if ((flags & ~flgmask) != 0) {
359 		errno = EINVAL;
360 		goto return_err;
361 	}
362 
363 	if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) {
364 		goto return_err;
365 	}
366 
367 	if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) {
368 		goto return_err_free;    /* errno from adt_init() */
369 	}
370 
371 	/*
372 	 * The imported state overwrites the initial state if the
373 	 * imported state represents a valid audit trail
374 	 */
375 
376 	if (imported_state != NULL) {
377 		if (adt_import(state, imported_state) != 0) {
378 			goto return_err_free;
379 		}
380 	} else if (flags & ADT_USE_PROC_DATA) {
381 		state->as_session_model = ADT_PROCESS_MODEL;
382 	}
383 	state->as_flags = flags;
384 	DPRINTF(("(%lld) Starting session id = %08X\n",
385 	    (long long) getpid(), state->as_info.ai_asid));
386 
387 	*new_session = (adt_session_data_t *)state;
388 	return (0);
389 
390 return_err_free:
391 	free(state);
392 return_err:
393 	*new_session = NULL;
394 	adt_write_syslog("audit session create failed", errno);
395 	return (-1);
396 }
397 
398 /*
399  * adt_load_table()
400  *
401  * loads the event translation table into the audit session.
402  */
403 
404 void
adt_load_table(const adt_session_data_t * session_data,adt_translation_t ** xlate,void (* preload)(au_event_t,adt_event_data_t *))405 adt_load_table(const adt_session_data_t *session_data,
406     adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *))
407 {
408 	adt_internal_state_t	*state = (adt_internal_state_t *)session_data;
409 
410 	if (state != NULL) {
411 		assert(state->as_check == ADT_VALID);
412 		state->as_xlate = xlate;
413 		state->as_preload = preload;
414 	}
415 }
416 
417 /*
418  * adt_get_asid() and adt_set_asid()
419  *
420  * if you use this interface, you are responsible to insure that the
421  * rest of the session data is populated correctly before calling
422  * adt_proccess_attr()
423  *
424  * neither of these are intended for general use and will likely
425  * remain private interfaces for a long time.  Forever is a long
426  * time.  In the case of adt_set_asid(), you should have a very,
427  * very good reason for setting your own session id.  The process
428  * audit characteristics are not changed by put, use adt_set_proc().
429  *
430  * These are "volatile" (more changable than "evolving") and will
431  * probably change in the S10 period.
432  */
433 
434 void
adt_get_asid(const adt_session_data_t * session_data,au_asid_t * asid)435 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
436 {
437 
438 	if (session_data == NULL) {
439 		*asid = 0;
440 	} else {
441 		assert(((adt_internal_state_t *)session_data)->as_check ==
442 		    ADT_VALID);
443 
444 		*asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid;
445 	}
446 }
447 
448 void
adt_set_asid(const adt_session_data_t * session_data,const au_asid_t session_id)449 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
450 {
451 
452 	if (session_data != NULL) {
453 		assert(((adt_internal_state_t *)session_data)->as_check ==
454 		    ADT_VALID);
455 
456 		((adt_internal_state_t *)session_data)->as_have_user_data |=
457 		    ADT_HAVE_ASID;
458 		((adt_internal_state_t *)session_data)->as_info.ai_asid =
459 		    session_id;
460 	}
461 }
462 
463 /*
464  * adt_get_auid() and adt_set_auid()
465  *
466  * neither of these are intended for general use and will likely
467  * remain private interfaces for a long time.  Forever is a long
468  * time.  In the case of adt_set_auid(), you should have a very,
469  * very good reason for setting your own audit id.  The process
470  * audit characteristics are not changed by put, use adt_set_proc().
471  */
472 
473 void
adt_get_auid(const adt_session_data_t * session_data,au_id_t * auid)474 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
475 {
476 
477 	if (session_data == NULL) {
478 		*auid = AU_NOAUDITID;
479 	} else {
480 		assert(((adt_internal_state_t *)session_data)->as_check ==
481 		    ADT_VALID);
482 
483 		*auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid;
484 	}
485 }
486 
487 void
adt_set_auid(const adt_session_data_t * session_data,const au_id_t audit_id)488 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
489 {
490 
491 	if (session_data != NULL) {
492 		assert(((adt_internal_state_t *)session_data)->as_check ==
493 		    ADT_VALID);
494 
495 		((adt_internal_state_t *)session_data)->as_have_user_data |=
496 		    ADT_HAVE_AUID;
497 		((adt_internal_state_t *)session_data)->as_info.ai_auid =
498 		    audit_id;
499 	}
500 }
501 
502 /*
503  * adt_get_termid(), adt_set_termid()
504  *
505  * if you use this interface, you are responsible to insure that the
506  * rest of the session data is populated correctly before calling
507  * adt_proccess_attr()
508  *
509  * The process  audit characteristics are not changed by put, use
510  * adt_set_proc().
511  */
512 
513 void
adt_get_termid(const adt_session_data_t * session_data,au_tid_addr_t * termid)514 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
515 {
516 
517 	if (session_data == NULL) {
518 		(void) memset(termid, 0, sizeof (au_tid_addr_t));
519 		termid->at_type = AU_IPv4;
520 	} else {
521 		assert(((adt_internal_state_t *)session_data)->as_check ==
522 		    ADT_VALID);
523 
524 		*termid =
525 		    ((adt_internal_state_t *)session_data)->as_info.ai_termid;
526 	}
527 }
528 
529 void
adt_set_termid(const adt_session_data_t * session_data,const au_tid_addr_t * termid)530 adt_set_termid(const adt_session_data_t *session_data,
531     const au_tid_addr_t *termid)
532 {
533 
534 	if (session_data != NULL) {
535 		assert(((adt_internal_state_t *)session_data)->as_check ==
536 		    ADT_VALID);
537 
538 		((adt_internal_state_t *)session_data)->as_info.ai_termid =
539 		    *termid;
540 
541 		((adt_internal_state_t *)session_data)->as_have_user_data |=
542 		    ADT_HAVE_TID;
543 	}
544 }
545 
546 /*
547  * adt_get_mask(), adt_set_mask()
548  *
549  * if you use this interface, you are responsible to insure that the
550  * rest of the session data is populated correctly before calling
551  * adt_proccess_attr()
552  *
553  * The process  audit characteristics are not changed by put, use
554  * adt_set_proc().
555  */
556 
557 void
adt_get_mask(const adt_session_data_t * session_data,au_mask_t * mask)558 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
559 {
560 
561 	if (session_data == NULL) {
562 		mask->am_success = 0;
563 		mask->am_failure = 0;
564 	} else {
565 		assert(((adt_internal_state_t *)session_data)->as_check ==
566 		    ADT_VALID);
567 
568 		*mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask;
569 	}
570 }
571 
572 void
adt_set_mask(const adt_session_data_t * session_data,const au_mask_t * mask)573 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
574 {
575 
576 	if (session_data != NULL) {
577 		assert(((adt_internal_state_t *)session_data)->as_check ==
578 		    ADT_VALID);
579 
580 		((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask;
581 
582 		((adt_internal_state_t *)session_data)->as_have_user_data |=
583 		    ADT_HAVE_MASK;
584 	}
585 }
586 
587 /*
588  * helpers for adt_load_termid
589  */
590 
591 static void
adt_do_ipv6_address(struct sockaddr_in6 * peer,struct sockaddr_in6 * sock,au_tid_addr_t * termid)592 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
593     au_tid_addr_t *termid)
594 {
595 
596 	termid->at_port = ((peer->sin6_port<<16) | (sock->sin6_port));
597 	termid->at_type = AU_IPv6;
598 	(void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t));
599 }
600 
601 static void
adt_do_ipv4_address(struct sockaddr_in * peer,struct sockaddr_in * sock,au_tid_addr_t * termid)602 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock,
603     au_tid_addr_t *termid)
604 {
605 
606 	termid->at_port = ((peer->sin_port<<16) | (sock->sin_port));
607 
608 	termid->at_type = AU_IPv4;
609 	termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr;
610 	(void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t));
611 }
612 
613 /*
614  * adt_load_termid:  convenience function; inputs file handle and
615  * outputs an au_tid_addr struct.
616  *
617  * This code was stolen from audit_settid.c; it differs from audit_settid()
618  * in that it does not write the terminal id to the process.
619  */
620 
621 int
adt_load_termid(int fd,adt_termid_t ** termid)622 adt_load_termid(int fd, adt_termid_t **termid)
623 {
624 	au_tid_addr_t		*p_term;
625 	struct sockaddr_in6	peer;
626 	struct sockaddr_in6	sock;
627 	int			peerlen = sizeof (peer);
628 	int			socklen = sizeof (sock);
629 
630 	/* get peer name if its a socket, else assume local terminal */
631 
632 	if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
633 	    < 0) {
634 		if (errno == ENOTSOCK) {
635 			return (adt_load_hostname(NULL, termid));
636 		}
637 		goto return_err;
638 	}
639 
640 	if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
641 		goto return_err;
642 	}
643 
644 	/* get sock name */
645 	if (getsockname(fd, (struct sockaddr *)&sock,
646 	    (socklen_t *)&socklen) < 0) {
647 		goto return_err_free;
648 	}
649 
650 	if (peer.sin6_family == AF_INET6) {
651 		adt_do_ipv6_address(&peer, &sock, p_term);
652 	} else {
653 		adt_do_ipv4_address((struct sockaddr_in *)&peer,
654 		    (struct sockaddr_in *)&sock, p_term);
655 	}
656 	*termid = (adt_termid_t *)p_term;
657 
658 	return (0);
659 
660 return_err_free:
661 	free(p_term);
662 return_err:
663 	*termid = NULL;
664 	return (-1);
665 }
666 
667 static boolean_t
adt_have_termid(au_tid_addr_t * dest)668 adt_have_termid(au_tid_addr_t *dest)
669 {
670 	struct auditinfo_addr	audit_data;
671 
672 	if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) {
673 		adt_write_syslog("getaudit failed", errno);
674 		return (B_FALSE);
675 	}
676 
677 	if ((audit_data.ai_termid.at_type == 0) ||
678 	    (audit_data.ai_termid.at_addr[0] |
679 	    audit_data.ai_termid.at_addr[1]  |
680 	    audit_data.ai_termid.at_addr[2]  |
681 	    audit_data.ai_termid.at_addr[3]) == 0)
682 		return (B_FALSE);
683 
684 	(void) memcpy(dest, &(audit_data.ai_termid),
685 	    sizeof (au_tid_addr_t));
686 
687 	return (B_TRUE);
688 }
689 
690 /*
691  * adt_get_hostIP - construct a terminal id from a hostname
692  *
693  *	Returns	 0 = success
694  *		-1 = failure and errno = ENETDOWN with the address
695  *		     defaulted to IPv4 loopback.
696  */
697 
698 static int
adt_get_hostIP(const char * hostname,au_tid_addr_t * p_term)699 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
700 {
701 	struct addrinfo	*ai = NULL;
702 	int	tries = 3;
703 	char	msg[512];
704 	int	eai_err;
705 
706 	while ((tries-- > 0) &&
707 	    ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) {
708 		/*
709 		 * getaddrinfo returns its own set of errors.
710 		 * Log them here, so any subsequent syslogs will
711 		 * have a context.  adt_get_hostIP callers can only
712 		 * return errno, so subsequent syslogs may be lacking
713 		 * that getaddrinfo failed.
714 		 */
715 		(void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) "
716 		    "failed[%s]", hostname, gai_strerror(eai_err));
717 		adt_write_syslog(msg, 0);
718 
719 		if (eai_err != EAI_AGAIN) {
720 
721 			break;
722 		}
723 		/* see if resolution becomes available */
724 		(void) sleep(1);
725 	}
726 	if (ai != NULL) {
727 		if (ai->ai_family == AF_INET) {
728 			p_term->at_type = AU_IPv4;
729 			(void) memcpy(p_term->at_addr,
730 			    /* LINTED */
731 			    &((struct sockaddr_in *)ai->ai_addr)->sin_addr,
732 			    AU_IPv4);
733 		} else {
734 			p_term->at_type = AU_IPv6;
735 			(void) memcpy(p_term->at_addr,
736 			    /* LINTED */
737 			    &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
738 			    AU_IPv6);
739 		}
740 		freeaddrinfo(ai);
741 		return (0);
742 	} else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) {
743 		auditinfo_addr_t  audit_info;
744 
745 		/*
746 		 * auditd is running so there should be a
747 		 * kernel audit context
748 		 */
749 		if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
750 		    sizeof (audit_info)) < 0) {
751 			adt_write_syslog("unable to get kernel audit context",
752 			    errno);
753 			goto try_interface;
754 		}
755 		adt_write_syslog("setting Audit IP address to kernel", 0);
756 		*p_term = audit_info.ai_termid;
757 		return (0);
758 	}
759 try_interface:
760 	{
761 		struct ifaddrlist al;
762 		int	family;
763 		char	ntop[INET6_ADDRSTRLEN];
764 
765 		/*
766 		 * getaddrinfo has failed to map the hostname
767 		 * to an IP address, try to get an IP address
768 		 * from a local interface.  If none up, default
769 		 * to loopback.
770 		 */
771 		family = AF_INET6;
772 		if (adt_get_local_address(family, &al) != 0) {
773 			family = AF_INET;
774 
775 			if (adt_get_local_address(family, &al) != 0) {
776 				adt_write_syslog("adt_get_local_address "
777 				    "failed, no Audit IP address available, "
778 				    "faking loopback and error",
779 				    errno);
780 				IN_SET_LOOPBACK_ADDR(
781 				    (struct sockaddr_in *)&(al.addr.addr));
782 				(void) memcpy(p_term->at_addr, &al.addr.addr,
783 				    AU_IPv4);
784 				p_term->at_type = AU_IPv4;
785 				return (-1);
786 			}
787 		}
788 		if (family == AF_INET) {
789 			p_term->at_type = AU_IPv4;
790 			(void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4);
791 		} else {
792 			p_term->at_type = AU_IPv6;
793 			(void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6);
794 		}
795 
796 		(void) snprintf(msg, sizeof (msg), "mapping %s to %s",
797 		    hostname, inet_ntop(family, &(al.addr), ntop,
798 		    sizeof (ntop)));
799 		adt_write_syslog(msg, 0);
800 		return (0);
801 	}
802 }
803 
804 /*
805  * adt_load_hostname() is called when the caller does not have a file
806  * handle that gives access to the socket info or any other way to
807  * pass in both port and ip address.  The hostname input is ignored if
808  * the terminal id has already been set; instead it returns the
809  * existing terminal id.
810  *
811  * If c2audit is excluded, success is returned.
812  * If the hostname lookup fails, the loopback address is assumed,
813  * errno is set to ENETDOWN, this allows the caller to interpret
814  * whether failure is fatal, and if not to have a address for the
815  * hostname.
816  * Otherwise the caller would need to be aware of the audit state.
817  *
818  * Other errors are ignored if not auditing.
819  */
820 
821 int
adt_load_hostname(const char * hostname,adt_termid_t ** termid)822 adt_load_hostname(const char *hostname, adt_termid_t **termid)
823 {
824 	char		localhost[MAXHOSTNAMELEN + 1];
825 	au_tid_addr_t	*p_term;
826 
827 	if (adt_audit_state(AUC_DISABLED)) {
828 		/* c2audit excluded */
829 		*termid = NULL;
830 		return (0);
831 	}
832 
833 	if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
834 		goto return_err;
835 	}
836 
837 	if (adt_have_termid(p_term)) {
838 		*termid = (adt_termid_t *)p_term;
839 		return (0);
840 	}
841 	p_term->at_port = 0;
842 
843 	if (hostname == NULL || *hostname == '\0') {
844 		(void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN);
845 		hostname = localhost;
846 	}
847 	if (adt_get_hostIP(hostname, p_term) == 0) {
848 		*termid = (adt_termid_t *)p_term;
849 		return (0);
850 	} else {
851 		*termid = (adt_termid_t *)p_term;
852 		return (-1);
853 	}
854 
855 return_err:
856 	*termid = NULL;
857 	if (auditstate & AUC_NOAUDIT) {
858 		return (0);
859 	}
860 
861 	return (-1);
862 }
863 
864 /*
865  * adt_load_ttyname() is called when the caller does not have a file
866  * handle that gives access to the local terminal or any other way
867  * of determining the device id.  The ttyname input is ignored if
868  * the terminal id has already been set; instead it returns the
869  * existing terminal id.
870  *
871  * If c2audit is excluded, success is returned.
872  * The local hostname is used for the local IP address.
873  * If that hostname lookup fails, the loopback address is assumed,
874  * errno is set to ENETDOWN, this allows the caller to interpret
875  * whether failure is fatal, and if not to have a address for the
876  * hostname.
877  * Otherwise the caller would need to be aware of the audit state.
878  *
879  * Other errors are ignored if not auditing.
880  */
881 
882 int
adt_load_ttyname(const char * ttyname,adt_termid_t ** termid)883 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
884 {
885 	char		localhost[MAXHOSTNAMELEN + 1];
886 	au_tid_addr_t	*p_term;
887 	struct stat	stat_buf;
888 
889 	if (adt_audit_state(AUC_DISABLED)) {
890 		/* c2audit excluded */
891 		*termid = NULL;
892 		return (0);
893 	}
894 
895 	if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
896 		goto return_err;
897 	}
898 
899 	if (adt_have_termid(p_term)) {
900 		*termid = (adt_termid_t *)p_term;
901 		return (0);
902 	}
903 
904 	p_term->at_port = 0;
905 
906 	if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) {
907 		goto return_err_free; /* errno from sysinfo */
908 	}
909 
910 	if (ttyname != NULL && *ttyname != '\0') {
911 		if (stat(ttyname, &stat_buf) < 0) {
912 			goto return_err_free;
913 		}
914 
915 		p_term->at_port = stat_buf.st_rdev;
916 	}
917 
918 	if (adt_get_hostIP(localhost, p_term) == 0) {
919 		*termid = (adt_termid_t *)p_term;
920 		return (0);
921 	} else {
922 		*termid = (adt_termid_t *)p_term;
923 		return (-1);
924 	}
925 
926 return_err_free:
927 	free(p_term);
928 
929 return_err:
930 	*termid = NULL;
931 	if (auditstate & AUC_NOAUDIT) {
932 		return (0);
933 	}
934 
935 	return (-1);
936 }
937 
938 /*
939  * adt_get_session_id returns a stringified representation of
940  * the audit session id.  See also adt_get_asid() for how to
941  * get the unexpurgated version.  No guarantees as to how long
942  * the returned string will be or its general form; hex for now.
943  *
944  * An empty string is returned if auditing is off; length = 1
945  * and the pointer is valid.
946  *
947  * returns strlen + 1 if buffer is valid; else 0 and errno.
948  */
949 
950 size_t
adt_get_session_id(const adt_session_data_t * session_data,char ** buff)951 adt_get_session_id(const adt_session_data_t *session_data, char **buff)
952 {
953 	au_asid_t	session_id;
954 	size_t		length;
955 	/*
956 	 * output is 0x followed by
957 	 * two characters per byte
958 	 * plus terminator,
959 	 * except leading 0's are suppressed, so a few bytes may
960 	 * be unused.
961 	 */
962 	length = 2 + (2 * sizeof (session_id)) + 1;
963 	*buff = malloc(length);
964 
965 	if (*buff == NULL) {
966 		return (0);
967 	}
968 	if (session_data == NULL) { /* NULL is not an error */
969 		**buff = '\0';
970 		return (1);
971 	}
972 	adt_get_asid(session_data, &session_id);
973 
974 	length = snprintf(*buff, length, "0x%X", (int)session_id);
975 
976 	/* length < 1 is a bug: the session data type may have changed */
977 	assert(length > 0);
978 
979 	return (length);
980 }
981 
982 /*
983  * adt_end_session -- close handle, clear context
984  *
985  * if as_check is invalid, no harm, no foul, EXCEPT that this could
986  * be an attempt to free data already free'd, so output to syslog
987  * to help explain why the process cored dumped.
988  */
989 
990 int
adt_end_session(adt_session_data_t * session_data)991 adt_end_session(adt_session_data_t *session_data)
992 {
993 	adt_internal_state_t	*state;
994 
995 	if (session_data != NULL) {
996 		state = (adt_internal_state_t *)session_data;
997 		if (state->as_check != ADT_VALID) {
998 			adt_write_syslog("freeing invalid data", EINVAL);
999 		} else {
1000 			state->as_check = 0;
1001 			m_label_free(state->as_label);
1002 			free(session_data);
1003 		}
1004 	}
1005 	/* no errors yet defined */
1006 	return (0);
1007 }
1008 
1009 /*
1010  * adt_dup_session -- copy the session data
1011  */
1012 
1013 int
adt_dup_session(const adt_session_data_t * source,adt_session_data_t ** dest)1014 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest)
1015 {
1016 	adt_internal_state_t	*source_state;
1017 	adt_internal_state_t	*dest_state = NULL;
1018 	int			rc = 0;
1019 
1020 	if (source != NULL) {
1021 		source_state = (adt_internal_state_t *)source;
1022 		assert(source_state->as_check == ADT_VALID);
1023 
1024 		dest_state = malloc(sizeof (adt_internal_state_t));
1025 		if (dest_state == NULL) {
1026 			rc = -1;
1027 			goto return_rc;
1028 		}
1029 		(void) memcpy(dest_state, source,
1030 		    sizeof (struct adt_internal_state));
1031 
1032 		if (source_state->as_label != NULL) {
1033 			dest_state->as_label = NULL;
1034 			if ((rc = m_label_dup(&dest_state->as_label,
1035 			    source_state->as_label)) != 0) {
1036 				free(dest_state);
1037 				dest_state = NULL;
1038 			}
1039 		}
1040 	}
1041 return_rc:
1042 	*dest = (adt_session_data_t *)dest_state;
1043 	return (rc);
1044 }
1045 
1046 /*
1047  * from_export_format()
1048  * read from a network order buffer into struct adt_session_data
1049  */
1050 
1051 static size_t
adt_from_export_format(adt_internal_state_t * internal,const adt_export_data_t * external)1052 adt_from_export_format(adt_internal_state_t *internal,
1053     const adt_export_data_t *external)
1054 {
1055 	struct export_header	head;
1056 	struct export_link	link;
1057 	adr_t			context;
1058 	int32_t 		offset;
1059 	int32_t 		length;
1060 	int32_t 		version;
1061 	size_t			label_len;
1062 	char			*p = (char *)external;
1063 
1064 	adrm_start(&context, (char *)external);
1065 	adrm_int32(&context, (int *)&head, 4);
1066 
1067 	if ((internal->as_check = head.ax_check) != ADT_VALID) {
1068 		errno = EINVAL;
1069 		return (0);
1070 	}
1071 	offset = head.ax_link.ax_offset;
1072 	version = head.ax_link.ax_version;
1073 	length = head.ax_buffer_length;
1074 
1075 	/*
1076 	 * Skip newer versions.
1077 	 */
1078 	while (version > PROTOCOL_VERSION_2) {
1079 		if (offset < 1) {
1080 			return (0);	/* failed to match version */
1081 		}
1082 		p += offset;		/* point to next version # */
1083 
1084 		if (p > (char *)external + length) {
1085 			return (0);
1086 		}
1087 		adrm_start(&context, p);
1088 		adrm_int32(&context, (int *)&link, 2);
1089 		offset = link.ax_offset;
1090 		version = link.ax_version;
1091 		assert(version != 0);
1092 	}
1093 	/*
1094 	 * Adjust buffer pointer to the first data item (euid).
1095 	 */
1096 	if (p == (char *)external) {
1097 		adrm_start(&context, (char *)(p + sizeof (head)));
1098 	} else {
1099 		adrm_start(&context, (char *)(p + sizeof (link)));
1100 	}
1101 	/*
1102 	 * if down rev version, neither pid nor label are included
1103 	 * in v1 ax_size_of_tsol_data intentionally ignored
1104 	 */
1105 	if (version == PROTOCOL_VERSION_1) {
1106 		adrm_int32(&context, (int *)&(internal->as_euid), 1);
1107 		adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1108 		adrm_int32(&context, (int *)&(internal->as_egid), 1);
1109 		adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1110 		adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1111 		adrm_int32(&context,
1112 		    (int *)&(internal->as_info.ai_mask.am_success), 2);
1113 		adrm_int32(&context,
1114 		    (int *)&(internal->as_info.ai_termid.at_port), 1);
1115 		adrm_int32(&context,
1116 		    (int *)&(internal->as_info.ai_termid.at_type), 1);
1117 		adrm_int32(&context,
1118 		    (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1119 		adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1120 		adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1121 		internal->as_pid = (pid_t)-1;
1122 		internal->as_label = NULL;
1123 	} else if (version == PROTOCOL_VERSION_2) {
1124 		adrm_int32(&context, (int *)&(internal->as_euid), 1);
1125 		adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1126 		adrm_int32(&context, (int *)&(internal->as_egid), 1);
1127 		adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1128 		adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1129 		adrm_int32(&context,
1130 		    (int *)&(internal->as_info.ai_mask.am_success), 2);
1131 		adrm_int32(&context,
1132 		    (int *)&(internal->as_info.ai_termid.at_port), 1);
1133 		adrm_int32(&context,
1134 		    (int *)&(internal->as_info.ai_termid.at_type), 1);
1135 		adrm_int32(&context,
1136 		    (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1137 		adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1138 		adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1139 		adrm_int32(&context, (int *)&(internal->as_pid), 1);
1140 		adrm_int32(&context, (int *)&label_len, 1);
1141 		if (label_len > 0) {
1142 			/* read in and deal with different sized labels. */
1143 			size32_t my_label_len = blabel_size();
1144 
1145 			if ((internal->as_label =
1146 			    m_label_alloc(MAC_LABEL)) == NULL) {
1147 				return (0);
1148 			}
1149 			if (label_len > my_label_len) {
1150 				errno = EINVAL;
1151 				m_label_free(internal->as_label);
1152 				return (0);
1153 			}
1154 			(void) memset(internal->as_label, 0, my_label_len);
1155 			adrm_int32(&context, (int *)(internal->as_label),
1156 			    label_len / sizeof (int32_t));
1157 		} else {
1158 			internal->as_label = NULL;
1159 		}
1160 	}
1161 
1162 	return (length);
1163 }
1164 
1165 /*
1166  * adt_to_export_format
1167  * read from struct adt_session_data into a network order buffer.
1168  *
1169  * (network order 'cause this data may be shared with a remote host.)
1170  */
1171 
1172 static size_t
adt_to_export_format(adt_export_data_t * external,adt_internal_state_t * internal)1173 adt_to_export_format(adt_export_data_t *external,
1174     adt_internal_state_t *internal)
1175 {
1176 	struct export_header	head;
1177 	struct export_link	tail;
1178 	adr_t			context;
1179 	size32_t		label_len = 0;
1180 
1181 	adrm_start(&context, (char *)external);
1182 
1183 	if (internal->as_label != NULL) {
1184 		label_len = blabel_size();
1185 	}
1186 
1187 	head.ax_check = ADT_VALID;
1188 	head.ax_buffer_length = sizeof (struct adt_export_data) + label_len;
1189 
1190 	/* version 2 first */
1191 
1192 	head.ax_link.ax_version = PROTOCOL_VERSION_2;
1193 	head.ax_link.ax_offset = sizeof (struct export_header) +
1194 	    sizeof (struct adt_export_v2) + label_len;
1195 
1196 	adrm_putint32(&context, (int *)&head, 4);
1197 
1198 	adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1199 	adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1200 	adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1201 	adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1202 	adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1203 	adrm_putint32(&context,
1204 	    (int *)&(internal->as_info.ai_mask.am_success), 2);
1205 	adrm_putint32(&context,
1206 	    (int *)&(internal->as_info.ai_termid.at_port), 1);
1207 	adrm_putint32(&context,
1208 	    (int *)&(internal->as_info.ai_termid.at_type), 1);
1209 	adrm_putint32(&context,
1210 	    (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1211 	adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1212 	adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1213 	adrm_putint32(&context, (int *)&(internal->as_pid), 1);
1214 	adrm_putint32(&context, (int *)&label_len, 1);
1215 	if (internal->as_label != NULL) {
1216 		/* serialize the label */
1217 		adrm_putint32(&context, (int *)(internal->as_label),
1218 		    (label_len / sizeof (int32_t)));
1219 	}
1220 
1221 	/* now version 1 */
1222 
1223 	tail.ax_version = PROTOCOL_VERSION_1;
1224 	tail.ax_offset = 0;
1225 
1226 	adrm_putint32(&context, (int *)&tail, 2);
1227 
1228 	adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1229 	adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1230 	adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1231 	adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1232 	adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1233 	adrm_putint32(&context,
1234 	    (int *)&(internal->as_info.ai_mask.am_success), 2);
1235 	adrm_putint32(&context,
1236 	    (int *)&(internal->as_info.ai_termid.at_port), 1);
1237 	adrm_putint32(&context,
1238 	    (int *)&(internal->as_info.ai_termid.at_type), 1);
1239 	adrm_putint32(&context,
1240 	    (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1241 	adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1242 	adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1243 	/* ignored in v1 */
1244 	adrm_putint32(&context, (int *)&label_len, 1);
1245 
1246 	/* finally terminator */
1247 
1248 	tail.ax_version = 0; /* invalid version number */
1249 	tail.ax_offset = 0;
1250 
1251 	adrm_putint32(&context, (int *)&tail, 2);
1252 
1253 	return (head.ax_buffer_length);
1254 }
1255 
1256 /*
1257  * adt_ucred_label() -- if label is available, duplicate it.
1258  */
1259 
1260 static m_label_t *
adt_ucred_label(ucred_t * uc)1261 adt_ucred_label(ucred_t *uc)
1262 {
1263 	m_label_t	*ul = NULL;
1264 
1265 	if (ucred_getlabel(uc) != NULL) {
1266 		(void) m_label_dup(&ul, ucred_getlabel(uc));
1267 	}
1268 
1269 	return (ul);
1270 }
1271 
1272 /*
1273  * adt_import() -- convert from network order to machine-specific order
1274  */
1275 
1276 static int
adt_import(adt_internal_state_t * internal,const adt_export_data_t * external)1277 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
1278 {
1279 	au_mask_t mask;
1280 
1281 	/* save local audit state */
1282 	int	local_audit_state = internal->as_audit_state;
1283 
1284 	if (adt_from_export_format(internal, external) < 1)
1285 		return (-1); /* errno from adt_from_export_format */
1286 
1287 	/*
1288 	 * If audit isn't enabled on the remote, they were unable
1289 	 * to generate the audit mask, so generate it based on
1290 	 * local configuration.  If the user id has changed, the
1291 	 * resulting mask may miss some subtleties that occurred
1292 	 * on the remote system.
1293 	 *
1294 	 * If the remote failed to generate a terminal id, it is not
1295 	 * recoverable.
1296 	 */
1297 
1298 	if (!(internal->as_audit_state & AUC_DISABLED)) {
1299 		if (adt_get_mask_from_user(internal->as_info.ai_auid,
1300 		    &(internal->as_info.ai_mask)))
1301 			return (-1);
1302 		if (internal->as_info.ai_auid != internal->as_ruid) {
1303 			if (adt_get_mask_from_user(internal->as_info.ai_auid,
1304 			    &mask))
1305 				return (-1);
1306 			internal->as_info.ai_mask.am_success |=
1307 			    mask.am_success;
1308 			internal->as_info.ai_mask.am_failure |=
1309 			    mask.am_failure;
1310 		}
1311 	}
1312 	internal->as_audit_state = local_audit_state;
1313 
1314 	DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(),
1315 	    internal->as_info.ai_asid,
1316 	    internal->as_info.ai_asid));
1317 
1318 	internal->as_have_user_data = ADT_HAVE_ALL;
1319 
1320 	return (0);
1321 }
1322 
1323 /*
1324  * adt_export_session_data()
1325  * copies a adt_session_data struct into a network order buffer
1326  *
1327  * In a misconfigured network, the local host may have auditing
1328  * off while the destination may have auditing on, so if there
1329  * is sufficient memory, a buffer will be returned even in the
1330  * audit off case.
1331  */
1332 
1333 size_t
adt_export_session_data(const adt_session_data_t * internal,adt_export_data_t ** external)1334 adt_export_session_data(const adt_session_data_t *internal,
1335     adt_export_data_t **external)
1336 {
1337 	size32_t		length = 0;
1338 
1339 	if ((internal != NULL) &&
1340 	    ((adt_internal_state_t *)internal)->as_label != NULL) {
1341 		length = blabel_size();
1342 	}
1343 
1344 	*external = malloc(sizeof (adt_export_data_t) + length);
1345 
1346 	if (*external == NULL)
1347 		return (0);
1348 
1349 	if (internal == NULL) {
1350 		adt_internal_state_t	*dummy;
1351 
1352 		dummy = malloc(sizeof (adt_internal_state_t));
1353 		if (dummy == NULL)
1354 			goto return_length_free;
1355 
1356 		if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */
1357 			free(dummy);
1358 			goto return_length_free;
1359 		}
1360 		length = adt_to_export_format(*external, dummy);
1361 		free(dummy);
1362 	} else {
1363 		length = adt_to_export_format(*external,
1364 		    (adt_internal_state_t *)internal);
1365 	}
1366 	return (length);
1367 
1368 return_length_free:
1369 	free(*external);
1370 	*external = NULL;
1371 	return (0);
1372 }
1373 
1374 static void
adt_setto_unaudited(adt_internal_state_t * state)1375 adt_setto_unaudited(adt_internal_state_t *state)
1376 {
1377 	if (state->as_audit_state & AUC_DISABLED) {
1378 		state->as_ruid = AU_NOAUDITID;
1379 		state->as_euid = AU_NOAUDITID;
1380 		state->as_rgid = AU_NOAUDITID;
1381 		state->as_egid = AU_NOAUDITID;
1382 		state->as_pid = (pid_t)-1;
1383 		state->as_label = NULL;
1384 	} else {
1385 		state->as_info.ai_asid = 0;
1386 		state->as_info.ai_auid = AU_NOAUDITID;
1387 
1388 		(void) memset((void *)&(state->as_info.ai_termid), 0,
1389 		    sizeof (au_tid_addr_t));
1390 		state->as_info.ai_termid.at_type = AU_IPv4;
1391 
1392 		(void) memset((void *)&(state->as_info.ai_mask), 0,
1393 		    sizeof (au_mask_t));
1394 		state->as_have_user_data = 0;
1395 	}
1396 }
1397 
1398 /*
1399  * adt_init -- set session context by copying the audit characteristics
1400  * from the proc and picking up current uid/tid information.
1401  *
1402  * By default, an audit session is based on the process; the default
1403  * is overriden by adt_set_user()
1404  */
1405 
1406 static int
adt_init(adt_internal_state_t * state,int use_proc_data)1407 adt_init(adt_internal_state_t *state, int use_proc_data)
1408 {
1409 	/* ensure auditstate is set */
1410 
1411 	(void) adt_audit_state(0);
1412 	state->as_audit_state = auditstate;
1413 
1414 	if (use_proc_data) {
1415 		state->as_ruid = getuid();
1416 		state->as_euid = geteuid();
1417 		state->as_rgid = getgid();
1418 		state->as_egid = getegid();
1419 		state->as_pid = getpid();
1420 
1421 		if (!(state->as_audit_state & AUC_DISABLED)) {
1422 			const au_tid64_addr_t	*tid;
1423 			const au_mask_t		*mask;
1424 			ucred_t			*ucred = ucred_get(P_MYID);
1425 
1426 			/*
1427 			 * Even if the ucred is NULL, the underlying
1428 			 * credential may have a valid terminal id; if the
1429 			 * terminal id is set, then that's good enough.  An
1430 			 * example of where this matters is failed login,
1431 			 * where rlogin/telnet sets the terminal id before
1432 			 * calling login; login does not load the credential
1433 			 * since auth failed.
1434 			 */
1435 			if (ucred == NULL) {
1436 				if (!adt_have_termid(
1437 				    &(state->as_info.ai_termid)))
1438 					return (-1);
1439 			} else {
1440 				mask = ucred_getamask(ucred);
1441 				if (mask != NULL) {
1442 					state->as_info.ai_mask = *mask;
1443 				} else {
1444 					ucred_free(ucred);
1445 					return (-1);
1446 				}
1447 				tid = ucred_getatid(ucred);
1448 				if (tid != NULL) {
1449 					adt_cpy_tid(&(state->as_info.ai_termid),
1450 					    tid);
1451 				} else {
1452 					ucred_free(ucred);
1453 					return (-1);
1454 				}
1455 				state->as_info.ai_asid = ucred_getasid(ucred);
1456 				state->as_info.ai_auid = ucred_getauid(ucred);
1457 				state->as_label = adt_ucred_label(ucred);
1458 				ucred_free(ucred);
1459 			}
1460 			state->as_have_user_data = ADT_HAVE_ALL;
1461 		}
1462 	} else {
1463 		adt_setto_unaudited(state);
1464 	}
1465 	state->as_session_model = ADT_SESSION_MODEL;	/* default */
1466 
1467 	if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) &&
1468 	    auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy),
1469 	    sizeof (state->as_kernel_audit_policy))) {
1470 		return (-1);  /* errno set by auditon */
1471 	}
1472 	state->as_check = ADT_VALID;
1473 	adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0],
1474 	    &adt_preload);
1475 	return (0);
1476 }
1477 
1478 /*
1479  * adt_set_proc
1480  *
1481  * Copy the current session state to the process.  If this function
1482  * is called, the model becomes a process model rather than a
1483  * session model.
1484  *
1485  * In the current implementation, the value state->as_have_user_data
1486  * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}.  These are all set
1487  * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in.
1488  *
1489  */
1490 
1491 int
adt_set_proc(const adt_session_data_t * session_data)1492 adt_set_proc(const adt_session_data_t *session_data)
1493 {
1494 	adt_internal_state_t	*state;
1495 
1496 	if (session_data == NULL) {
1497 		return (0);
1498 	}
1499 
1500 	state = (adt_internal_state_t *)session_data;
1501 
1502 	assert(state->as_check == ADT_VALID);
1503 
1504 	if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) !=
1505 	    (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) {
1506 		errno = EINVAL;
1507 		goto return_err;
1508 	}
1509 
1510 	if (setaudit_addr((auditinfo_addr_t *)&(state->as_info),
1511 	    sizeof (auditinfo_addr_t)) < 0) {
1512 		goto return_err;	/* errno set by setaudit_addr() */
1513 	}
1514 
1515 	state->as_session_model = ADT_PROCESS_MODEL;
1516 
1517 	return (0);
1518 
1519 return_err:
1520 	adt_write_syslog("failed to set process audit characteristics", errno);
1521 	return (-1);
1522 }
1523 
1524 static int
adt_newuser(adt_internal_state_t * state,uid_t ruid,au_tid_addr_t * termid)1525 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
1526 {
1527 	au_tid_addr_t	no_tid = {0, AU_IPv4, 0, 0, 0, 0};
1528 	au_mask_t	no_mask = {0, 0};
1529 
1530 	if (ruid == ADT_NO_AUDIT) {
1531 		state->as_info.ai_auid = AU_NOAUDITID;
1532 		state->as_info.ai_asid = 0;
1533 		state->as_info.ai_termid = no_tid;
1534 		state->as_info.ai_mask = no_mask;
1535 		return (0);
1536 	}
1537 	state->as_info.ai_auid = ruid;
1538 	state->as_info.ai_asid = adt_get_unique_id(ruid);
1539 	if (termid != NULL)
1540 		state->as_info.ai_termid = *termid;
1541 
1542 	if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask)))
1543 		return (-1);
1544 
1545 	/* Assume intending to audit as this process */
1546 
1547 	if (state->as_pid == (pid_t)-1)
1548 		state->as_pid = getpid();
1549 
1550 	if (is_system_labeled() && state->as_label == NULL) {
1551 		ucred_t	*ucred = ucred_get(P_MYID);
1552 
1553 		state->as_label = adt_ucred_label(ucred);
1554 		ucred_free(ucred);
1555 	}
1556 
1557 	return (0);
1558 }
1559 
1560 static int
adt_changeuser(adt_internal_state_t * state,uid_t ruid)1561 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
1562 {
1563 	au_mask_t		mask;
1564 
1565 	if (!(state->as_have_user_data & ADT_HAVE_AUID))
1566 		state->as_info.ai_auid = ruid;
1567 	if (!(state->as_have_user_data & ADT_HAVE_ASID))
1568 		state->as_info.ai_asid = adt_get_unique_id(ruid);
1569 
1570 	if (ruid <= MAXEPHUID) {
1571 		if (adt_get_mask_from_user(ruid, &mask))
1572 			return (-1);
1573 
1574 		state->as_info.ai_mask.am_success |= mask.am_success;
1575 		state->as_info.ai_mask.am_failure |= mask.am_failure;
1576 	}
1577 	DPRINTF(("changed mask to %08X/%08X for ruid=%d\n",
1578 	    state->as_info.ai_mask.am_success,
1579 	    state->as_info.ai_mask.am_failure,
1580 	    ruid));
1581 	return (0);
1582 }
1583 
1584 /*
1585  * adt_set_user -- see also adt_set_from_ucred()
1586  *
1587  * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
1588  * "unattributed."  If ruid, change the model to session.
1589  *
1590  * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
1591  * only valid with ADT_UPDATE.
1592  *
1593  * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
1594  * isn't a good reason to call adt_set_user() with it unless you don't
1595  * have a good value yet and intend to replace it later; auid will be
1596  * AU_NOAUDITID.
1597  *
1598  * adt_set_user should be called even if auditing is not enabled
1599  * so that adt_export_session_data() will have useful stuff to
1600  * work with.
1601  *
1602  * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
1603  * and ADT_HAVE_ALL.
1604  */
1605 
1606 int
adt_set_user(const adt_session_data_t * session_data,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,const adt_termid_t * termid,enum adt_user_context user_context)1607 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
1608     uid_t ruid, gid_t rgid, const adt_termid_t *termid,
1609     enum adt_user_context user_context)
1610 {
1611 	adt_internal_state_t	*state;
1612 	int			rc;
1613 
1614 	if (session_data == NULL) /* no session exists to audit */
1615 		return (0);
1616 
1617 	state = (adt_internal_state_t *)session_data;
1618 	assert(state->as_check == ADT_VALID);
1619 
1620 	switch (user_context) {
1621 	case ADT_NEW:
1622 		if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE ||
1623 		    rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) {
1624 			errno = EINVAL;
1625 			return (-1);
1626 		}
1627 		if ((rc = adt_newuser(state, ruid,
1628 		    (au_tid_addr_t *)termid)) != 0)
1629 			return (rc);
1630 
1631 		state->as_have_user_data = ADT_HAVE_ALL;
1632 		break;
1633 	case ADT_UPDATE:
1634 		if (state->as_have_user_data != ADT_HAVE_ALL) {
1635 			errno = EINVAL;
1636 			return (-1);
1637 		}
1638 
1639 		if (ruid != ADT_NO_CHANGE)
1640 			if ((rc = adt_changeuser(state, ruid)) != 0)
1641 				return (rc);
1642 		break;
1643 	case ADT_USER:
1644 		if (state->as_have_user_data != ADT_HAVE_ALL) {
1645 			errno = EINVAL;
1646 			return (-1);
1647 		}
1648 		break;
1649 	case ADT_SETTID:
1650 		assert(termid != NULL);
1651 		state->as_info.ai_termid = *((au_tid_addr_t *)termid);
1652 		/* avoid fooling pam_setcred()... */
1653 		state->as_info.ai_auid = AU_NOAUDITID;
1654 		state->as_info.ai_asid = 0;
1655 		state->as_info.ai_mask.am_failure = 0;
1656 		state->as_info.ai_mask.am_success = 0;
1657 		state->as_have_user_data = ADT_HAVE_TID |
1658 		    ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
1659 		return (0);
1660 	default:
1661 		errno = EINVAL;
1662 		return (-1);
1663 	}
1664 
1665 	if (ruid == ADT_NO_AUDIT) {
1666 		state->as_ruid = AU_NOAUDITID;
1667 		state->as_euid = AU_NOAUDITID;
1668 		state->as_rgid = AU_NOAUDITID;
1669 		state->as_egid = AU_NOAUDITID;
1670 	} else {
1671 		if (ruid != ADT_NO_CHANGE)
1672 			state->as_ruid = ruid;
1673 		if (euid != ADT_NO_CHANGE)
1674 			state->as_euid = euid;
1675 		if (rgid != ADT_NO_CHANGE)
1676 			state->as_rgid = rgid;
1677 		if (egid != ADT_NO_CHANGE)
1678 			state->as_egid = egid;
1679 	}
1680 
1681 	if (ruid == ADT_NO_ATTRIB) {
1682 		state->as_session_model = ADT_SESSION_MODEL;
1683 	}
1684 
1685 	return (0);
1686 }
1687 
1688 /*
1689  * adt_set_from_ucred()
1690  *
1691  * an alternate to adt_set_user that fills the same role but uses
1692  * a pointer to a ucred rather than a list of id's.  If the ucred
1693  * pointer is NULL, use the credential from the this process.
1694  *
1695  * A key difference is that for ADT_NEW, adt_set_from_ucred() does
1696  * not overwrite the asid and auid unless auid has not been set.
1697  * ADT_NEW differs from ADT_UPDATE in that it does not OR together
1698  * the incoming audit mask with the one that already exists.
1699  *
1700  * adt_set_from_ucred should be called even if auditing is not enabled
1701  * so that adt_export_session_data() will have useful stuff to
1702  * work with.
1703  */
1704 
1705 int
adt_set_from_ucred(const adt_session_data_t * session_data,const ucred_t * uc,enum adt_user_context user_context)1706 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
1707     enum adt_user_context user_context)
1708 {
1709 	adt_internal_state_t	*state;
1710 	int			rc = -1;
1711 	const au_tid64_addr_t		*tid64;
1712 	au_tid_addr_t		termid, *tid;
1713 	ucred_t	*ucred = (ucred_t *)uc;
1714 	boolean_t	local_uc = B_FALSE;
1715 
1716 	if (session_data == NULL) /* no session exists to audit */
1717 		return (0);
1718 
1719 	state = (adt_internal_state_t *)session_data;
1720 	assert(state->as_check == ADT_VALID);
1721 
1722 	if (ucred == NULL) {
1723 		ucred = ucred_get(P_MYID);
1724 
1725 		if (ucred == NULL)
1726 			goto return_rc;
1727 		local_uc = B_TRUE;
1728 	}
1729 
1730 	switch (user_context) {
1731 	case ADT_NEW:
1732 		tid64 = ucred_getatid(ucred);
1733 		if (tid64 != NULL) {
1734 			adt_cpy_tid(&termid, tid64);
1735 			tid = &termid;
1736 		} else {
1737 			tid = NULL;
1738 		}
1739 		if (ucred_getauid(ucred) == AU_NOAUDITID) {
1740 			adt_setto_unaudited(state);
1741 			state->as_have_user_data = ADT_HAVE_ALL;
1742 			rc = 0;
1743 			goto return_rc;
1744 		} else {
1745 			state->as_info.ai_auid = ucred_getauid(ucred);
1746 			state->as_info.ai_asid = ucred_getasid(ucred);
1747 			state->as_info.ai_mask = *ucred_getamask(ucred);
1748 			state->as_info.ai_termid = *tid;
1749 		}
1750 		state->as_have_user_data = ADT_HAVE_ALL;
1751 		break;
1752 	case ADT_UPDATE:
1753 		if (state->as_have_user_data != ADT_HAVE_ALL) {
1754 			errno = EINVAL;
1755 			goto return_rc;
1756 		}
1757 
1758 		if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0)
1759 			goto return_rc;
1760 		break;
1761 	case ADT_USER:
1762 		if (state->as_have_user_data != ADT_HAVE_ALL) {
1763 			errno = EINVAL;
1764 			goto return_rc;
1765 		}
1766 		break;
1767 	default:
1768 		errno = EINVAL;
1769 		goto return_rc;
1770 	}
1771 	rc = 0;
1772 
1773 	state->as_ruid = ucred_getruid(ucred);
1774 	state->as_euid = ucred_geteuid(ucred);
1775 	state->as_rgid = ucred_getrgid(ucred);
1776 	state->as_egid = ucred_getegid(ucred);
1777 	state->as_pid = ucred_getpid(ucred);
1778 	state->as_label = adt_ucred_label(ucred);
1779 
1780 return_rc:
1781 	if (local_uc) {
1782 		ucred_free(ucred);
1783 	}
1784 	return (rc);
1785 }
1786 
1787 /*
1788  * adt_alloc_event() returns a pointer to allocated memory
1789  *
1790  */
1791 
1792 adt_event_data_t
adt_alloc_event(const adt_session_data_t * session_data,au_event_t event_id)1793 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id)
1794 {
1795 	struct adt_event_state	*event_state;
1796 	adt_internal_state_t	*session_state;
1797 	adt_event_data_t	*return_event = NULL;
1798 	/*
1799 	 * need to return a valid event pointer even if audit is
1800 	 * off, else the caller will end up either (1) keeping its
1801 	 * own flags for on/off or (2) writing to a NULL pointer.
1802 	 * If auditing is on, the session data must be valid; otherwise
1803 	 * we don't care.
1804 	 */
1805 	if (session_data != NULL) {
1806 		session_state = (adt_internal_state_t *)session_data;
1807 		assert(session_state->as_check == ADT_VALID);
1808 	}
1809 	event_state = calloc(1, sizeof (struct adt_event_state));
1810 	if (event_state == NULL)
1811 		goto return_ptr;
1812 
1813 	event_state->ae_check = ADT_VALID;
1814 
1815 	event_state->ae_event_id = event_id;
1816 	event_state->ae_session = (struct adt_internal_state *)session_data;
1817 
1818 	return_event = (adt_event_data_t *)&(event_state->ae_event_data);
1819 
1820 	/*
1821 	 * preload data so the adt_au_*() functions can detect un-supplied
1822 	 * values (0 and NULL are free via calloc()).
1823 	 */
1824 	if (session_data != NULL) {
1825 		session_state->as_preload(event_id, return_event);
1826 	}
1827 
1828 return_ptr:
1829 	return (return_event);
1830 }
1831 
1832 /*
1833  * adt_getXlateTable -- look up translation table address for event id
1834  */
1835 
1836 static adt_translation_t *
adt_getXlateTable(adt_translation_t ** xlate,au_event_t event_id)1837 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id)
1838 {
1839 	/* xlate_table is global in adt_xlate.c */
1840 	adt_translation_t	**p_xlate = xlate;
1841 	adt_translation_t	*p_event;
1842 
1843 	while (*p_xlate != NULL) {
1844 		p_event = *p_xlate;
1845 		if (event_id == p_event->tx_external_event)
1846 			return (p_event);
1847 		p_xlate++;
1848 	}
1849 	return (NULL);
1850 }
1851 
1852 /*
1853  * adt_calcOffsets
1854  *
1855  * the call to this function is surrounded by a mutex.
1856  *
1857  * i walks down the table picking up next_token.  j walks again to
1858  * calculate the offset to the input data.  k points to the next
1859  * token's row.  Finally, l, is used to sum the values in the
1860  * datadef array.
1861  *
1862  * What's going on?  The entry array is in the order of the input
1863  * fields but the processing of array entries is in the order of
1864  * the output (see next_token).  Calculating the offset to the
1865  * "next" input can't be done in the outer loop (i) since i doesn't
1866  * point to the current entry and it can't be done with the k index
1867  * because it doesn't represent the order of input fields.
1868  *
1869  * While the resulting algorithm is n**2, it is only done once per
1870  * event type.
1871  */
1872 
1873 /*
1874  * adt_calcOffsets is only called once per event type, but it uses
1875  * the address alignment of memory allocated for that event as if it
1876  * were the same for all subsequently allocated memory.  This is
1877  * guaranteed by calloc/malloc.  Arrays take special handling since
1878  * what matters for figuring out the correct alignment is the size
1879  * of the array element.
1880  */
1881 
1882 static void
adt_calcOffsets(struct entry * p_entry,int tablesize,void * p_data)1883 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data)
1884 {
1885 	int		i, j;
1886 	size_t		this_size, prev_size;
1887 	void		*struct_start = p_data;
1888 
1889 	for (i = 0; i < tablesize; i++) {
1890 		if (p_entry[i].en_type_def == NULL) {
1891 			p_entry[i].en_offset = 0;
1892 			continue;
1893 		}
1894 		prev_size = 0;
1895 		p_entry[i].en_offset = (char *)p_data - (char *)struct_start;
1896 
1897 		for (j = 0; j < p_entry[i].en_count_types; j++) {
1898 			if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG)
1899 				this_size = sizeof (enum adt_generic);
1900 			else
1901 				this_size =
1902 				    p_entry[i].en_type_def[j].dd_input_size;
1903 
1904 			/* adj for first entry */
1905 			if (prev_size == 0)
1906 				prev_size = this_size;
1907 
1908 			if (p_entry[i].en_type_def[j].dd_datatype ==
1909 			    ADT_UINT32ARRAY) {
1910 				p_data = (char *)adt_adjust_address(p_data,
1911 				    prev_size, sizeof (uint32_t)) +
1912 				    this_size - sizeof (uint32_t);
1913 
1914 				prev_size = sizeof (uint32_t);
1915 			} else {
1916 				p_data = adt_adjust_address(p_data, prev_size,
1917 				    this_size);
1918 				prev_size = this_size;
1919 			}
1920 		}
1921 	}
1922 }
1923 
1924 /*
1925  * adt_generate_event
1926  * generate event record from external struct.  The order is based on
1927  * the output tokens, allowing for the possibility that the input data
1928  * is in a different order.
1929  *
1930  */
1931 
1932 static int
adt_generate_event(const adt_event_data_t * p_extdata,struct adt_event_state * p_event,adt_translation_t * p_xlate)1933 adt_generate_event(const adt_event_data_t *p_extdata,
1934     struct adt_event_state *p_event,
1935     adt_translation_t *p_xlate)
1936 {
1937 	struct entry		*p_entry;
1938 	static mutex_t	lock = DEFAULTMUTEX;
1939 
1940 	p_entry = p_xlate->tx_first_entry;
1941 	assert(p_entry != NULL);
1942 
1943 	p_event->ae_internal_id = p_xlate->tx_internal_event;
1944 	adt_token_open(p_event);
1945 
1946 	/*
1947 	 * offsets are not pre-calculated; the initial offsets are all
1948 	 * 0; valid offsets are >= 0.  Offsets for no-input tokens such
1949 	 * as subject are set to -1 by adt_calcOffset()
1950 	 */
1951 	if (p_xlate->tx_offsetsCalculated == 0) {
1952 		(void) mutex_lock(&lock);
1953 		p_xlate->tx_offsetsCalculated = 1;
1954 
1955 		adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries,
1956 		    (void *)p_extdata);
1957 		(void) mutex_unlock(&lock);
1958 	}
1959 	while (p_entry != NULL) {
1960 		adt_generate_token(p_entry, (char *)p_extdata, p_event);
1961 
1962 		p_entry = p_entry->en_next_token;
1963 	}
1964 	return (adt_token_close(p_event));
1965 }
1966 
1967 /*
1968  * adt_put_event -- main event generation function.
1969  * The input "event" is the address of the struct containing
1970  * event-specific data.
1971  *
1972  * However if auditing is off or the session handle
1973  * is NULL, no attempt to write a record is made.
1974  */
1975 
1976 int
adt_put_event(const adt_event_data_t * event,int status,int return_val)1977 adt_put_event(const adt_event_data_t *event, int status, int return_val)
1978 {
1979 	struct adt_event_state	*event_state;
1980 	adt_translation_t	*xlate;
1981 
1982 	if (event == NULL) {
1983 		errno = EINVAL;
1984 		return (-1);
1985 	}
1986 	event_state = (struct adt_event_state *)event;
1987 
1988 	/* if this is a broken session or not auditing, exit */
1989 	if ((event_state->ae_session == NULL) ||
1990 	    !(event_state->ae_session->as_audit_state &
1991 	    (AUC_AUDITING | AUC_NOSPACE))) {
1992 		return (0);
1993 	}
1994 
1995 	assert(event_state->ae_check == ADT_VALID);
1996 
1997 	event_state->ae_rc = status;
1998 	event_state->ae_type = return_val;
1999 
2000 	/* look up the event */
2001 
2002 	xlate = adt_getXlateTable(event_state->ae_session->as_xlate,
2003 	    event_state->ae_event_id);
2004 
2005 	if (xlate == NULL) {
2006 		errno = EINVAL;
2007 		return (-1);
2008 	}
2009 	DPRINTF(("got event %d\n", xlate->tx_internal_event));
2010 
2011 	if (adt_selected(event_state, xlate->tx_internal_event, status)) {
2012 		return (adt_generate_event(event, event_state, xlate));
2013 	}
2014 
2015 	return (0);
2016 }
2017 
2018 /*
2019  * adt_free_event -- invalidate and free
2020  */
2021 
2022 void
adt_free_event(adt_event_data_t * event)2023 adt_free_event(adt_event_data_t *event)
2024 {
2025 	struct adt_event_state	*event_state;
2026 
2027 	if (event == NULL)
2028 		return;
2029 
2030 	event_state = (struct adt_event_state *)event;
2031 
2032 	assert(event_state->ae_check == ADT_VALID);
2033 
2034 	event_state->ae_check = 0;
2035 
2036 	free(event_state);
2037 }
2038 
2039 /*
2040  * adt_is_selected -- helper to adt_selected(), below.
2041  *
2042  * "sorf" is "success or fail" status; au_preselect compares
2043  * that with success, fail, or both.
2044  */
2045 
2046 static int
adt_is_selected(au_event_t e,au_mask_t * m,int sorf)2047 adt_is_selected(au_event_t e, au_mask_t *m, int sorf)
2048 {
2049 	int prs_sorf;
2050 
2051 	if (sorf == 0)
2052 		prs_sorf = AU_PRS_SUCCESS;
2053 	else
2054 		prs_sorf = AU_PRS_FAILURE;
2055 
2056 	return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
2057 }
2058 
2059 /*
2060  * selected -- see if this event is preselected.
2061  *
2062  * if errors are encountered trying to check a preselection mask
2063  * or look up a user name, the event is selected.  Otherwise, the
2064  * preselection mask is used for the job.
2065  */
2066 
2067 static int
adt_selected(struct adt_event_state * event,au_event_t actual_id,int status)2068 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status)
2069 {
2070 	adt_internal_state_t *sp;
2071 	au_mask_t	namask;
2072 
2073 	sp = event->ae_session;
2074 
2075 	if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) {
2076 		adt_write_syslog("No user data available", EINVAL);
2077 		return (1);	/* default is "selected" */
2078 	}
2079 
2080 	/* non-attributable? */
2081 	if ((sp->as_info.ai_auid == AU_NOAUDITID) ||
2082 	    (sp->as_info.ai_auid == ADT_NO_AUDIT)) {
2083 		if (auditon(A_GETKMASK, (caddr_t)&namask,
2084 		    sizeof (namask)) != 0) {
2085 			adt_write_syslog("auditon failure", errno);
2086 			return (1);
2087 		}
2088 		return (adt_is_selected(actual_id, &namask, status));
2089 	} else {
2090 		return (adt_is_selected(actual_id, &(sp->as_info.ai_mask),
2091 		    status));
2092 	}
2093 }
2094 
2095 /*
2096  * Can't map the host name to an IP address in
2097  * adt_get_hostIP.  Get something off an interface
2098  * to act as the hosts IP address for auditing.
2099  */
2100 
2101 static int
adt_get_local_address(int family,struct ifaddrlist * al)2102 adt_get_local_address(int family, struct ifaddrlist *al)
2103 {
2104 	struct ifaddrlist	*ifal;
2105 	char	errbuf[ERRBUFSIZE] = "empty list";
2106 	char	msg[ERRBUFSIZE + 512];
2107 	int	ifal_count;
2108 	int	i;
2109 
2110 	if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) {
2111 		int serrno = errno;
2112 
2113 		(void) snprintf(msg, sizeof (msg), "adt_get_local_address "
2114 		    "couldn't get %d addrlist %s", family, errbuf);
2115 		adt_write_syslog(msg, serrno);
2116 		errno = serrno;
2117 		return (-1);
2118 	}
2119 
2120 	for (i = 0; i < ifal_count; i++) {
2121 		/*
2122 		 * loopback always defined,
2123 		 * even if there is no real address
2124 		 */
2125 		if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) {
2126 			break;
2127 		}
2128 	}
2129 	if (i >= ifal_count) {
2130 		free(ifal);
2131 		/*
2132 		 * Callers of adt_get_hostIP() can only return
2133 		 * errno to their callers and eventually the application.
2134 		 * Picked one that seemed least worse for saying no
2135 		 * usable address for Audit terminal ID.
2136 		 */
2137 		errno = ENETDOWN;
2138 		return (-1);
2139 	}
2140 
2141 	*al = ifal[i];
2142 	free(ifal);
2143 	return (0);
2144 }
2145