xref: /illumos-gate/usr/src/cmd/login/login_audit.c (revision 3d393ee6c37fa10ac512ed6d36109ad616dc7c1a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <assert.h>
29 #include <priv.h>
30 #include <pwd.h>
31 #include <signal.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <syslog.h>
35 #include <unistd.h>
36 #include <sys/wait.h>
37 
38 #include <bsm/adt.h>
39 #include <bsm/adt_event.h>
40 #include "login_audit.h"
41 
42 /*
43  * Key assumption:  login is single threaded.
44  */
45 static void audit_logout(adt_session_data_t *);
46 
47 /*
48  * if audit is not enabled, the adt_*() functions simply return without
49  * doing anything.  In the success case, the credential has already been
50  * setup with audit data by PAM.
51  */
52 
53 /*
54  * There is no information passed to login.c from rlogin or telnet
55  * about the terminal id.  They both set the tid before they
56  * exec login; the value is picked up by adt_start_session() and is
57  * carefully *not* overwritten by adt_load_hostname().
58  */
59 
60 void
61 audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)
62 {
63 	adt_session_data_t	*ah;
64 	adt_event_data_t	*event;
65 	int			rc;
66 
67 	assert(pwd != NULL);
68 
69 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
70 		syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m");
71 		return;
72 	}
73 	if (adt_set_user(ah, pwd->pw_uid,  pwd->pw_gid,
74 	    pwd->pw_uid,  pwd->pw_gid, NULL, ADT_USER)) {
75 		syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m");
76 		(void) adt_end_session(ah);
77 		return;
78 	}
79 	event = adt_alloc_event(ah, event_id);
80 
81 	if (event == NULL)
82 		return;
83 
84 	switch (event_id) {
85 	case ADT_zlogin:
86 		event->adt_zlogin.message = optional_text;
87 		break;
88 	default:
89 		break;
90 	}
91 	rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
92 
93 	(void) adt_free_event(event);
94 	if (rc) {
95 		(void) adt_end_session(ah);
96 		syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m");
97 		return;
98 	}
99 	/*
100 	 * The code above executes whether or not audit is enabled.
101 	 * However audit_logout must only execute if audit is
102 	 * enabled so we don't fork unnecessarily.
103 	 */
104 	if (adt_audit_enabled()) {
105 		switch (event_id) {
106 		case ADT_login:
107 		case ADT_rlogin:
108 		case ADT_telnet:
109 		case ADT_zlogin:
110 			audit_logout(ah);	/* fork to catch logout */
111 			break;
112 		}
113 	}
114 	(void) adt_end_session(ah);
115 }
116 
117 /*
118  * errors are ignored since there is no action to take on error
119  */
120 static void
121 audit_logout(adt_session_data_t *ah)
122 {
123 	adt_event_data_t	*logout;
124 	int			status;		/* wait status */
125 	pid_t			pid;
126 	priv_set_t		*priv;		/* waiting process privs */
127 
128 	if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {
129 		syslog(LOG_AUTH | LOG_ALERT,
130 		    "adt_alloc_event(ADT_logout): %m");
131 		return;
132 	}
133 	if ((priv = priv_allocset())  == NULL) {
134 		syslog(LOG_AUTH | LOG_ALERT,
135 		    "login audit_logout: could not alloc privs: %m");
136 		adt_free_event(logout);
137 		return;
138 	}
139 
140 	/*
141 	 * The child returns and continues the login processing.
142 	 * The parent's sole job is to wait for child exit, write the
143 	 * logout audit record, and replay the child's exit code.
144 	 */
145 
146 	if ((pid = fork()) == 0) {
147 		/* child */
148 
149 		adt_free_event(logout);
150 		priv_freeset(priv);
151 		return;
152 	}
153 	if (pid == -1) {
154 		/* failure */
155 
156 		syslog(LOG_AUTH | LOG_ALERT,
157 		    "login audit_logout: could not fork: %m");
158 		adt_free_event(logout);
159 		priv_freeset(priv);
160 		return;
161 	}
162 
163 	/* parent process */
164 
165 	/*
166 	 * When this routine is called, the current working
167 	 * directory is the user's home directory and there are
168 	 * unknown open files. For the waiting process, change the
169 	 * current directory to root and close files so that the
170 	 * user's home directory and anything else can be unmounted
171 	 * if necessary.
172 	 */
173 	if (chdir("/") != 0) {
174 		syslog(LOG_AUTH | LOG_ALERT,
175 		    "login audit_logut: could not chdir /: %m");
176 	}
177 	/*
178 	 * Reduce privileges to just those needed.
179 	 */
180 	priv_emptyset(priv);
181 	if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
182 	    (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
183 		syslog(LOG_AUTH | LOG_ALERT,
184 		    "login audit_logout: could not reduce privs: %m");
185 	}
186 	closefrom(0);
187 	priv_freeset(priv);
188 	while (pid != waitpid(pid, &status, 0))
189 		continue;
190 
191 	(void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
192 	adt_free_event(logout);
193 	(void) adt_end_session(ah);
194 	exit(WEXITSTATUS(status));
195 }
196 
197 /*
198  * errors are ignored since there is no action to take on error.
199  *
200  * If the user id is invalid, pwd is NULL.
201  */
202 void
203 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
204     const char *hostname, const char *ttyname, char *optional_text)
205 {
206 	adt_session_data_t	*ah;
207 	adt_event_data_t	*event;
208 	uid_t			uid;
209 	gid_t			gid;
210 	adt_termid_t		*p_tid;
211 
212 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
213 		return;
214 
215 	uid = ADT_NO_ATTRIB;
216 	gid = ADT_NO_ATTRIB;
217 	if (pwd != NULL) {
218 		uid = pwd->pw_uid;
219 		gid = pwd->pw_gid;
220 	}
221 	/*
222 	 * If this is a remote login, in.rlogind or in.telnetd has
223 	 * already set the terminal id, in which case
224 	 * adt_load_hostname() will use the preset terminal id and
225 	 * ignore hostname.  (If no remote host and ttyname is NULL,
226 	 * let adt_load_ttyname() figure out what to do.)
227 	 */
228 	if (*hostname == '\0')
229 		(void) adt_load_ttyname(ttyname, &p_tid);
230 	else
231 		(void) adt_load_hostname(hostname, &p_tid);
232 
233 	if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
234 		(void) adt_end_session(ah);
235 		if (p_tid != NULL)
236 			free(p_tid);
237 		return;
238 	}
239 	if (p_tid != NULL)
240 		free(p_tid);
241 
242 	event = adt_alloc_event(ah, event_id);
243 	if (event == NULL) {
244 		return;
245 	}
246 	switch (event_id) {
247 	case ADT_zlogin:
248 		event->adt_zlogin.message = optional_text;
249 		break;
250 	}
251 	(void) adt_put_event(event, ADT_FAILURE, failure_code);
252 
253 	adt_free_event(event);
254 	(void) adt_end_session(ah);
255 }
256