1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 #include <sys/types.h>
26 #include <sys/param.h>
27 #include <stdio.h>
28 #include <sys/fcntl.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/audit_uevents.h>
32 #include <bsm/libbsm.h>
33 #include <bsm/audit_private.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <syslog.h>
37 #include <netinet/in.h>
38 #include <tsol/label.h>
39 #include <locale.h>
40 #include <unistd.h>
41 #include <generic.h>
42
43 static au_event_t rshd_event; /* audit event number */
44 static uint32_t rshd_addr[4]; /* peer address */
45
46 static void generate_record(char *, char *, char *, int, char *);
47 static void setup_session(char *);
48 static int selected(uid_t, char *, au_event_t, int);
49
50 int
audit_rshd_setup()51 audit_rshd_setup()
52 {
53 rshd_event = AUE_rshd;
54 return (0);
55 }
56
57 /* ARGSUSED */
58 int
audit_rshd_fail(msg,hostname,remuser,locuser,cmdbuf)59 audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf)
60 char *msg; /* message containing failure information */
61 char *hostname; /* hostname of machine requesting service */
62 char *remuser; /* username at machine requesting service */
63 char *locuser; /* username of local machine */
64 char *cmdbuf; /* command line to be executed locally */
65 {
66 if (cannot_audit(0)) {
67 return (0);
68 }
69 generate_record(remuser, locuser, cmdbuf, -1, msg);
70 return (0);
71 }
72
73 /* ARGSUSED */
74 int
audit_rshd_success(hostname,remuser,locuser,cmdbuf)75 audit_rshd_success(hostname, remuser, locuser, cmdbuf)
76 char *hostname; /* hostname of machine requesting service */
77 char *remuser; /* username at machine requesting service */
78 char *locuser; /* username at local machine */
79 char *cmdbuf; /* command line to be executed locally */
80 {
81 if (cannot_audit(0)) {
82 return (0);
83 }
84 generate_record(remuser, locuser, cmdbuf, 0, "");
85 setup_session(locuser);
86 return (0);
87 }
88
89
90 #include <pwd.h>
91
92 static void
generate_record(char * remuser,char * locuser,char * cmdbuf,int sf_flag,char * msg)93 generate_record(char *remuser, /* username at machine requesting service */
94 char *locuser, /* username of local machine */
95 char *cmdbuf, /* command line to be executed locally */
96 int sf_flag, /* success (0) or failure (-1) flag */
97 char *msg) /* message containing failure information */
98 {
99 int rd; /* audit record descriptor */
100 char buf[256]; /* temporary buffer */
101 char *tbuf; /* temporary buffer */
102 int tlen;
103 const char *gtxt;
104 uid_t uid;
105 gid_t gid;
106 pid_t pid;
107 struct passwd *pwd;
108 struct auditinfo_addr info;
109
110 if (cannot_audit(0)) {
111 return;
112 }
113
114 pwd = getpwnam(locuser);
115 if (pwd == NULL) {
116 uid = (uid_t)-1;
117 gid = (gid_t)-1;
118 } else {
119 uid = pwd->pw_uid;
120 gid = pwd->pw_gid;
121 }
122
123 if (!selected(uid, locuser, rshd_event, sf_flag))
124 return;
125
126 pid = getpid();
127
128 /* see if terminal id already set */
129 if (getaudit_addr(&info, sizeof (info)) < 0) {
130 perror("getaudit");
131 }
132 rd = au_open();
133
134 (void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
135 &info.ai_termid));
136 if (is_system_labeled())
137 (void) au_write(rd, au_to_mylabel());
138
139 gtxt = dgettext(bsm_dom, "cmd %s");
140 tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
141 if ((tbuf = malloc(tlen)) == NULL) {
142 (void) au_close(rd, 0, 0);
143 return;
144 }
145 (void) snprintf(tbuf, tlen, gtxt, cmdbuf);
146 (void) au_write(rd, au_to_text(tbuf));
147 (void) free(tbuf);
148
149 if (strcmp(remuser, locuser) != 0) {
150 (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
151 "remote user %s"), remuser);
152 (void) au_write(rd, au_to_text(buf));
153 }
154
155 if (sf_flag == -1) {
156 (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
157 "local user %s"), locuser);
158 (void) au_write(rd, au_to_text(buf));
159 (void) au_write(rd, au_to_text(msg));
160 }
161
162 #ifdef _LP64
163 (void) au_write(rd, au_to_return64(sf_flag, (int64_t)0));
164 #else
165 (void) au_write(rd, au_to_return32(sf_flag, (int32_t)0));
166 #endif
167
168 if (au_close(rd, 1, rshd_event) < 0) {
169 (void) au_close(rd, 0, 0);
170 }
171 }
172
173 static int
selected(uid_t uid,char * locuser,au_event_t event,int sf)174 selected(uid_t uid, char *locuser, au_event_t event, int sf)
175 {
176 int sorf;
177 struct au_mask mask;
178
179 mask.am_success = mask.am_failure = 0;
180 if (uid > MAXEPHUID) {
181 /* get non-attrib flags */
182 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
183 } else {
184 (void) au_user_mask(locuser, &mask);
185 }
186
187 if (sf == 0) {
188 sorf = AU_PRS_SUCCESS;
189 } else if (sf == -1) {
190 sorf = AU_PRS_FAILURE;
191 } else {
192 sorf = AU_PRS_BOTH;
193 }
194
195 return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
196 }
197
198 static void
setup_session(char * locuser)199 setup_session(char *locuser)
200 {
201 int rc;
202 struct auditinfo_addr info;
203 au_mask_t mask;
204 uid_t uid;
205 struct passwd *pwd;
206
207 pwd = getpwnam(locuser);
208 if (pwd == NULL)
209 uid = (uid_t)-1;
210 else
211 uid = pwd->pw_uid;
212
213 /* see if terminal id already set */
214 if (getaudit_addr(&info, sizeof (info)) < 0) {
215 perror("getaudit");
216 }
217
218 info.ai_auid = uid;
219 info.ai_asid = getpid();
220
221 mask.am_success = 0;
222 mask.am_failure = 0;
223 (void) au_user_mask(locuser, &mask);
224
225 info.ai_mask.am_success = mask.am_success;
226 info.ai_mask.am_failure = mask.am_failure;
227
228 rshd_addr[0] = info.ai_termid.at_addr[0];
229 rshd_addr[1] = info.ai_termid.at_addr[1];
230 rshd_addr[2] = info.ai_termid.at_addr[2];
231 rshd_addr[3] = info.ai_termid.at_addr[3];
232
233 rc = setaudit_addr(&info, sizeof (info));
234 if (rc < 0) {
235 perror("setaudit");
236 }
237 }
238