1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 */
26 #include <sys/types.h>
27 #include <sys/param.h>
28 #include <stdio.h>
29 #include <sys/fcntl.h>
30 #include <bsm/audit.h>
31 #include <bsm/audit_record.h>
32 #include <bsm/audit_uevents.h>
33 #include <bsm/libbsm.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <syslog.h>
37 #include <netinet/in.h>
38 #include <sys/socket.h>
39 #include <rpc/rpc.h>
40 #include <tiuser.h>
41 #include <unistd.h>
42 #include <generic.h>
43 #include <note.h>
44
45 #ifdef C2_DEBUG2
46 #define dprintf(x) { (void) printf x; }
47 #else
48 #define dprintf(x)
49 #endif
50
51 /*
52 * netbuf2pm()
53 *
54 * Given an endpt in netbuf form, return the port and machine.
55 * kadmind (currently) only works over IPv4, so only handle IPv4 addresses.
56 */
57 static void
netbuf2pm(struct netbuf * addr,in_port_t * port,uint32_t * machine)58 netbuf2pm(
59 struct netbuf *addr,
60 in_port_t *port,
61 uint32_t *machine)
62 {
63 struct sockaddr_in sin4;
64
65 if (!addr) {
66 syslog(LOG_DEBUG, "netbuf2pm: addr == NULL");
67 return;
68 }
69
70 if (!addr->buf) {
71 syslog(LOG_DEBUG, "netbuf2pm: addr->buf == NULL");
72 return;
73 }
74
75 (void) memcpy(&sin4, addr->buf, sizeof (struct sockaddr_in));
76 if (sin4.sin_family == AF_INET) {
77 if (machine)
78 *machine = sin4.sin_addr.s_addr;
79 if (port)
80 *port = sin4.sin_port;
81 } else {
82 dprintf(("netbuf2pm: unknown caller IP address family %d",
83 sin4.sin_family));
84 syslog(LOG_DEBUG,
85 "netbuf2pm: unknown caller IP address family %d",
86 sin4.sin_family);
87 }
88 }
89
90 #define AUD_NULL_STR(s) ((s) ? (s) : "(null)")
91
92 static void
common_audit(au_event_t event,SVCXPRT * xprt,in_port_t l_port,char * op,char * prime_arg,char * clnt_name,int sorf)93 common_audit(
94 au_event_t event, /* audit event */
95 SVCXPRT *xprt, /* net transport handle */
96 in_port_t l_port, /* local port */
97 char *op, /* requested operation */
98 char *prime_arg, /* argument for op */
99 char *clnt_name, /* client principal name */
100 int sorf) /* flag for success or failure */
101
102 {
103 auditinfo_t ai;
104 in_port_t r_port = 0;
105 dev_t port;
106 uint32_t machine = 0;
107 char text_buf[512];
108
109 dprintf(("common_audit() start\n"));
110
111 /* if auditing turned off, then don't do anything */
112 if (cannot_audit(0))
113 return;
114
115 (void) aug_save_namask();
116
117 /*
118 * set default values. We will overwrite them if appropriate.
119 */
120 if (getaudit(&ai)) {
121 perror("kadmind");
122 return;
123 }
124 aug_save_auid(ai.ai_auid); /* Audit ID */
125 aug_save_uid(getuid()); /* User ID */
126 aug_save_euid(geteuid()); /* Effective User ID */
127 aug_save_gid(getgid()); /* Group ID */
128 aug_save_egid(getegid()); /* Effective Group ID */
129 aug_save_pid(getpid()); /* process ID */
130 aug_save_asid(getpid()); /* session ID */
131
132 aug_save_event(event);
133 aug_save_sorf(sorf);
134
135 (void) snprintf(text_buf, sizeof (text_buf), "Op: %s",
136 AUD_NULL_STR(op));
137 aug_save_text(text_buf);
138 (void) snprintf(text_buf, sizeof (text_buf), "Arg: %s",
139 AUD_NULL_STR(prime_arg));
140 aug_save_text1(text_buf);
141 (void) snprintf(text_buf, sizeof (text_buf), "Client: %s",
142 AUD_NULL_STR(clnt_name));
143 aug_save_text2(text_buf);
144
145 netbuf2pm(svc_getrpccaller(xprt), &r_port, &machine);
146
147 dprintf(("common_audit(): l_port=%d, r_port=%d,\n",
148 ntohs(l_port), ntohs(r_port)));
149
150 port = (r_port<<16 | l_port);
151
152 aug_save_tid_ex(port, &machine, AU_IPv4);
153
154 (void) aug_audit();
155 }
156
157 void
audit_kadmind_auth(SVCXPRT * xprt,in_port_t l_port,char * op,char * prime_arg,char * clnt_name,int sorf)158 audit_kadmind_auth(
159 SVCXPRT *xprt,
160 in_port_t l_port,
161 char *op,
162 char *prime_arg,
163 char *clnt_name,
164 int sorf)
165 {
166 common_audit(AUE_kadmind_auth, xprt, l_port, op, prime_arg,
167 clnt_name, sorf);
168 }
169
170 void
audit_kadmind_unauth(SVCXPRT * xprt,in_port_t l_port,char * op,char * prime_arg,char * clnt_name)171 audit_kadmind_unauth(
172 SVCXPRT *xprt,
173 in_port_t l_port,
174 char *op,
175 char *prime_arg,
176 char *clnt_name)
177 {
178 common_audit(AUE_kadmind_unauth, xprt, l_port, op, prime_arg,
179 clnt_name, 1);
180 }
181