xref: /illumos-gate/usr/src/lib/libbsm/common/audit_allocate.c (revision baf3abb99faf2cc8376a1f8ab38dfa1730c2ca13)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <sys/types.h>
27 #include <tsol/label.h>
28 #include <bsm/audit.h>
29 #include <bsm/libbsm.h>
30 #include <bsm/audit_private.h>
31 #include <unistd.h>
32 #include <string.h>
33 #include <bsm/audit_uevents.h>
34 #include <generic.h>
35 #include <stdlib.h>
36 #include <alloca.h>
37 
38 static int s_audit;	/* successful audit event */
39 static int f_audit;	/* failure audit event */
40 
41 static int ad;		/* audit descriptor */
42 
43 void
audit_allocate_argv(flg,argc,argv)44 audit_allocate_argv(flg, argc, argv)
45 	int   flg;
46 	int   argc;
47 	char *argv[];
48 {
49 	int i;
50 
51 	if (cannot_audit(0)) {
52 		return;
53 	}
54 
55 	switch (flg) {
56 	case 0:
57 		s_audit = AUE_allocate_succ;
58 		f_audit = AUE_allocate_fail;
59 		break;
60 	case 1:
61 		s_audit = AUE_deallocate_succ;
62 		f_audit = AUE_deallocate_fail;
63 		break;
64 	case 2:
65 		s_audit = AUE_listdevice_succ;
66 		f_audit = AUE_listdevice_fail;
67 		break;
68 	}
69 
70 	ad = au_open();
71 
72 	for (i = 0; i < argc; i++)
73 		(void) au_write(ad, au_to_text(argv[i]));
74 }
75 
76 void
audit_allocate_device(path)77 audit_allocate_device(path)
78 	char *path;
79 {
80 	if (cannot_audit(0)) {
81 		return;
82 	}
83 	(void) au_write(ad, au_to_path(path));
84 }
85 
86 int
audit_allocate_record(status)87 audit_allocate_record(status)
88 	char	status;		/* success failure of operation */
89 {
90 	auditinfo_addr_t mask;		/* audit ID */
91 	au_event_t	event;		/* audit event number */
92 	uint32_t	policy;		/* audit policy */
93 	int		ng;		/* number of groups in process */
94 
95 #ifdef DEBUG
96 	(void) printf("audit_allocate_record(%d)\n", status);
97 #endif
98 
99 	if (cannot_audit(0)) {
100 		return (0);
101 	}
102 
103 	if (getaudit_addr(&mask, sizeof (mask)) < 0) {
104 		if (!status)
105 			return (1);
106 		return (0);
107 	}
108 
109 	if (auditon(A_GETPOLICY, (caddr_t)&policy, 0) < 0) {
110 		if (!status)
111 			return (1);
112 		return (0);
113 	}
114 
115 
116 		/* determine if we're preselected */
117 	if (status)
118 		event = f_audit;
119 	else
120 		event = s_audit;
121 
122 	if (au_preselect(event, &mask.ai_mask, AU_PRS_BOTH, AU_PRS_REREAD) == 0)
123 		return (0);
124 
125 	(void) au_write(ad, au_to_me());	/* add subject token */
126 	if (is_system_labeled())
127 		(void) au_write(ad, au_to_mylabel());
128 
129 	if (policy & AUDIT_GROUP) {	/* add optional group token */
130 		gid_t	*grplst;
131 		int	maxgrp = getgroups(0, NULL);
132 
133 		grplst = alloca(maxgrp * sizeof (gid_t));
134 
135 		if ((ng = getgroups(maxgrp, grplst)) < 0) {
136 			(void) au_close(ad, 0, 0);
137 			if (!status)
138 				return (1);
139 			return (0);
140 		}
141 		(void) au_write(ad, au_to_newgroups(ng, grplst));
142 	}
143 
144 	if (status)
145 		(void) au_write(ad, au_to_exit(status, -1));
146 	else
147 		(void) au_write(ad, au_to_exit(0, 0));
148 
149 		/* write audit record */
150 	if (au_close(ad, 1, event) < 0) {
151 		(void) au_close(ad, 0, 0);
152 		if (!status)
153 			return (1);
154 	}
155 
156 	return (0);
157 }
158 
159 void
audit_allocate_list(list)160 audit_allocate_list(list)
161 	char *list;
162 {
163 	char *buf;
164 	char *file;
165 	char *last;
166 
167 	if (cannot_audit(0)) {
168 		return;
169 	}
170 
171 	if ((buf = strdup(list)) == NULL)
172 		return;
173 
174 	for (file = strtok_r(buf, " ", &last); file;
175 	    file = strtok_r(NULL, " ", &last))
176 		(void) au_write(ad, au_to_path(file));
177 
178 	free(buf);
179 }
180