1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 */
26
27 #include <sys/types.h>
28 #include <stdio.h>
29 #include <sys/fcntl.h>
30 #include <bsm/audit.h>
31 #include <bsm/audit_record.h>
32 #include <bsm/audit_uevents.h>
33 #include <bsm/libbsm.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <syslog.h>
37 #include <netinet/in.h>
38 #include <unistd.h>
39 #include <generic.h>
40
41 #ifdef C2_DEBUG2
42 #define dprintf(x) { (void) printf x; }
43 #else
44 #define dprintf(x)
45 #endif
46
47 #define AUD_NULL_STR(s) ((s) ? (s) : "(null)")
48
49 void
audit_krb5kdc_setup()50 audit_krb5kdc_setup()
51 {
52 dprintf(("audit_krb5kdc_setup()\n"));
53
54 }
55
56 static void
common_audit(au_event_t event,struct in_addr * r_addr,in_port_t r_port,in_port_t l_port,char * cname,char * sname,int sorf)57 common_audit(
58 au_event_t event, /* audit event */
59 struct in_addr *r_addr, /* remote ipv4 addr */
60 in_port_t r_port, /* remote port */
61 in_port_t l_port, /* local port */
62 char *cname, /* client principal name */
63 char *sname, /* requested service name */
64 int sorf) /* flag for success or failure */
65 {
66 auditinfo_t ai;
67 dev_t port = 0;
68 uint32_t machine;
69 char text_buf[512];
70
71 dprintf(("common_audit() start\n"));
72
73 /* if auditing turned off, then don't do anything */
74 if (cannot_audit(0))
75 return;
76
77 (void) aug_save_namask();
78
79 if (getaudit(&ai)) {
80 perror("krb5kdc");
81 return;
82 }
83 aug_save_auid(ai.ai_auid); /* Audit ID */
84 aug_save_uid(getuid()); /* User ID */
85 aug_save_euid(geteuid()); /* Effective User ID */
86 aug_save_gid(getgid()); /* Group ID */
87 aug_save_egid(getegid()); /* Effective Group ID */
88 aug_save_pid(getpid()); /* process ID */
89 aug_save_asid(getpid()); /* session ID */
90
91 aug_save_event(event);
92 aug_save_sorf(sorf);
93
94 (void) snprintf(text_buf, sizeof (text_buf), "Client: %s",
95 AUD_NULL_STR(cname));
96 aug_save_text1(text_buf);
97 (void) snprintf(text_buf, sizeof (text_buf), "Service: %s",
98 AUD_NULL_STR(sname));
99 aug_save_text2(text_buf);
100
101 dprintf(("audit_krb5kdc: r_port=%d, l_port=%d\n", r_port, l_port));
102 port = (htons(r_port)<<16 | htons(l_port));
103
104 machine = r_addr ? (uint32_t)r_addr->s_addr : 0;
105
106 aug_save_tid_ex(port, &machine, AU_IPv4);
107
108 (void) aug_audit();
109 }
110
111 void
audit_krb5kdc_as_req(struct in_addr * r_addr,in_port_t r_port,in_port_t l_port,char * cname,char * sname,int sorf)112 audit_krb5kdc_as_req(
113 struct in_addr *r_addr, /* remote ipv4 addr */
114 in_port_t r_port, /* remote port */
115 in_port_t l_port, /* local port */
116 char *cname, /* client principal name */
117 char *sname, /* requested service name */
118 int sorf) /* flag for success or failure */
119 {
120 common_audit(AUE_krb5kdc_as_req, r_addr, r_port, l_port, cname,
121 sname, sorf);
122 }
123
124 void
audit_krb5kdc_tgs_req(struct in_addr * r_addr,in_port_t r_port,in_port_t l_port,char * cname,char * sname,int sorf)125 audit_krb5kdc_tgs_req(
126 struct in_addr *r_addr, /* remote ipv4 addr */
127 in_port_t r_port, /* remote port */
128 in_port_t l_port, /* local port */
129 char *cname, /* client principal name */
130 char *sname, /* requested service name */
131 int sorf) /* flag for success or failure */
132 {
133 common_audit(AUE_krb5kdc_tgs_req, r_addr, r_port, l_port, cname,
134 sname, sorf);
135 }
136
137 void
audit_krb5kdc_tgs_req_2ndtktmm(struct in_addr * r_addr,in_port_t r_port,in_port_t l_port,char * cname,char * sname)138 audit_krb5kdc_tgs_req_2ndtktmm(
139 struct in_addr *r_addr, /* remote ipv4 addr */
140 in_port_t r_port, /* remote port */
141 in_port_t l_port, /* local port */
142 char *cname, /* client principal name */
143 char *sname) /* requested service name */
144 {
145 common_audit(AUE_krb5kdc_tgs_req_2ndtktmm, r_addr, r_port, l_port,
146 cname, sname, 1);
147 }
148
149 void
audit_krb5kdc_tgs_req_alt_tgt(struct in_addr * r_addr,in_port_t r_port,in_port_t l_port,char * cname,char * sname,int sorf)150 audit_krb5kdc_tgs_req_alt_tgt(
151 struct in_addr *r_addr, /* remote ipv4 addr */
152 in_port_t r_port, /* remote port */
153 in_port_t l_port, /* local port */
154 char *cname, /* client principal name */
155 char *sname, /* requested service name */
156 int sorf) /* flag for success or failure */
157 {
158 common_audit(AUE_krb5kdc_tgs_req_alt_tgt, r_addr, r_port, l_port,
159 cname, sname, sorf);
160 }
161