xref: /freebsd/crypto/krb5/src/plugins/audit/test/au_test.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* plugins/audit/au_test.c - Test Audit plugin implementation */
3 /*
4  * Copyright (C) 2013 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright
15  *   notice, this list of conditions and the following disclaimer in
16  *   the documentation and/or other materials provided with the
17  *   distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30  * OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 /*
33  * This test is to verify the JSON-based KDC audit functionality.
34  * It utilized MIT Kerberos <kdc_j_encode.h> routines for JSON processing.
35  */
36 
37 #include <k5-int.h>
38 #include <krb5/audit_plugin.h>
39 #include <kdc_j_encode.h>
40 #include "k5-thread.h"
41 
42 struct krb5_audit_moddata_st {
43     int au_fd;
44 };
45 
46 krb5_error_code
47 audit_test_initvt(krb5_context context, int maj_ver, int min_ver,
48                   krb5_plugin_vtable vtable);
49 
50 static FILE *au_fd;
51 static k5_mutex_t lock = K5_MUTEX_PARTIAL_INITIALIZER;
52 
53 /* Open connection to the audit system. Returns 0 on success. */
54 static krb5_error_code
open_au(krb5_audit_moddata * auctx)55 open_au(krb5_audit_moddata *auctx)
56 {
57     au_fd = fopen("au.log", "a+");
58     if (au_fd == NULL)
59         return KRB5_PLUGIN_NO_HANDLE; /* audit module is unavailable */
60     k5_mutex_init(&lock);
61     return 0;
62 }
63 
64 /* Close connection to the audit system. Returns 0. */
65 static krb5_error_code
close_au(krb5_audit_moddata auctx)66 close_au(krb5_audit_moddata auctx)
67 {
68     fclose(au_fd);
69     k5_mutex_destroy(&lock);
70     return 0;
71 }
72 
73 /* Log KDC-start event. Returns 0 on success. */
74 static krb5_error_code
j_kdc_start(krb5_audit_moddata auctx,krb5_boolean ev_success)75 j_kdc_start(krb5_audit_moddata auctx, krb5_boolean ev_success)
76 {
77     krb5_error_code ret = 0;
78     char *jout = NULL;
79 
80     ret = kau_j_kdc_start(ev_success, &jout);
81     if (ret)
82         return ret;
83     k5_mutex_lock(&lock);
84     fprintf(au_fd,"%s\n", jout);
85     fflush(au_fd);
86     k5_mutex_unlock(&lock);
87     free(jout);
88     return ret;
89 }
90 
91 /* Log KDC-stop event. Returns 0 on success. */
92 static krb5_error_code
j_kdc_stop(krb5_audit_moddata auctx,krb5_boolean ev_success)93 j_kdc_stop(krb5_audit_moddata auctx, krb5_boolean ev_success)
94 {
95     krb5_error_code ret = 0;
96     char *jout = NULL;
97 
98     ret = kau_j_kdc_stop(ev_success, &jout);
99     if (ret)
100         return ret;
101     k5_mutex_lock(&lock);
102     fprintf(au_fd,"%s\n", jout);
103     fflush(au_fd);
104     k5_mutex_unlock(&lock);
105     free(jout);
106     return ret;
107 }
108 
109 /* Log AS_REQ event. Returns 0 on success. */
110 static krb5_error_code
j_as_req(krb5_audit_moddata auctx,krb5_boolean ev_success,krb5_audit_state * state)111 j_as_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
112          krb5_audit_state *state)
113 {
114     krb5_error_code ret = 0;
115     char *jout = NULL;
116 
117     ret = kau_j_as_req(ev_success, state, &jout);
118     if (ret)
119         return ret;
120     k5_mutex_lock(&lock);
121     fprintf(au_fd,"%s\n", jout);
122     fflush(au_fd);
123     k5_mutex_unlock(&lock);
124     free(jout);
125     return ret;
126 }
127 
128 /* Log TGS_REQ event. Returns 0 on success. */
129 static krb5_error_code
j_tgs_req(krb5_audit_moddata auctx,krb5_boolean ev_success,krb5_audit_state * state)130 j_tgs_req(krb5_audit_moddata auctx, krb5_boolean ev_success,
131           krb5_audit_state *state)
132 {
133     krb5_error_code ret = 0;
134     char *jout = NULL;
135 
136     ret = kau_j_tgs_req(ev_success, state, &jout);
137     if (ret)
138         return ret;
139     k5_mutex_lock(&lock);
140     fprintf(au_fd,"%s\n", jout);
141     fflush(au_fd);
142     k5_mutex_unlock(&lock);
143     free(jout);
144     return ret;
145 }
146 
147 /* Log S4U2SELF event. Returns 0 on success. */
148 static krb5_error_code
j_tgs_s4u2self(krb5_audit_moddata auctx,krb5_boolean ev_success,krb5_audit_state * state)149 j_tgs_s4u2self(krb5_audit_moddata auctx, krb5_boolean ev_success,
150                krb5_audit_state *state)
151 {
152     krb5_error_code ret = 0;
153     char *jout = NULL;
154 
155     ret = kau_j_tgs_s4u2self(ev_success, state, &jout);
156     if (ret)
157         return ret;
158     k5_mutex_lock(&lock);
159     fprintf(au_fd,"%s\n", jout);
160     fflush(au_fd);
161     k5_mutex_unlock(&lock);
162     free(jout);
163     return ret;
164 }
165 
166 /* Log S4U2PROXY event. Returns 0 on success. */
167 static krb5_error_code
j_tgs_s4u2proxy(krb5_audit_moddata auctx,krb5_boolean ev_success,krb5_audit_state * state)168 j_tgs_s4u2proxy(krb5_audit_moddata auctx, krb5_boolean ev_success,
169                 krb5_audit_state *state)
170 {
171     krb5_error_code ret = 0;
172     char *jout = NULL;
173 
174     ret = kau_j_tgs_s4u2proxy(ev_success, state, &jout);
175     if (ret)
176         return ret;
177     k5_mutex_lock(&lock);
178     fprintf(au_fd,"%s\n", jout);
179     fflush(au_fd);
180     k5_mutex_unlock(&lock);
181     free(jout);
182     return ret;
183 }
184 
185 /* Log user-to-user event. Returns 0 on success. */
186 static krb5_error_code
j_tgs_u2u(krb5_audit_moddata auctx,krb5_boolean ev_success,krb5_audit_state * state)187 j_tgs_u2u(krb5_audit_moddata auctx, krb5_boolean ev_success,
188           krb5_audit_state *state)
189 {
190     krb5_error_code ret = 0;
191     char *jout = NULL;
192 
193     ret = kau_j_tgs_u2u(ev_success, state, &jout);
194     if (ret)
195         return ret;
196     k5_mutex_lock(&lock);
197     fprintf(au_fd,"%s\n", jout);
198     fflush(au_fd);
199     k5_mutex_unlock(&lock);
200     free(jout);
201     return ret;
202 }
203 
204 krb5_error_code
audit_test_initvt(krb5_context context,int maj_ver,int min_ver,krb5_plugin_vtable vtable)205 audit_test_initvt(krb5_context context, int maj_ver, int min_ver,
206                   krb5_plugin_vtable vtable)
207 {
208     krb5_audit_vtable vt;
209 
210     if (maj_ver != 1)
211         return KRB5_PLUGIN_VER_NOTSUPP;
212 
213     vt = (krb5_audit_vtable)vtable;
214     vt->name = "test";
215 
216     vt->open = open_au;
217     vt->close = close_au;
218     vt->kdc_start = j_kdc_start;
219     vt->kdc_stop = j_kdc_stop;
220     vt->as_req = j_as_req;
221     vt->tgs_req = j_tgs_req;
222     vt->tgs_s4u2self = j_tgs_s4u2self;
223     vt->tgs_s4u2proxy = j_tgs_s4u2proxy;
224     vt->tgs_u2u = j_tgs_u2u;
225 
226     return 0;
227 }
228