xref: /illumos-gate/usr/src/cmd/login/login_audit.c (revision 598f4ceed9327d2d6c2325dd67cae3aa06f7fea6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <assert.h>
27 #include <priv.h>
28 #include <pwd.h>
29 #include <signal.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <syslog.h>
33 #include <unistd.h>
34 #include <sys/wait.h>
35 
36 #include <bsm/adt.h>
37 #include <bsm/adt_event.h>
38 #include "login_audit.h"
39 
40 /*
41  * Key assumption:  login is single threaded.
42  */
43 static void audit_logout(adt_session_data_t *);
44 
45 /*
46  * if audit is not enabled, the adt_*() functions simply return without
47  * doing anything.  In the success case, the credential has already been
48  * setup with audit data by PAM.
49  */
50 
51 /*
52  * There is no information passed to login.c from rlogin or telnet
53  * about the terminal id.  They both set the tid before they
54  * exec login; the value is picked up by adt_start_session() and is
55  * carefully *not* overwritten by adt_load_hostname().
56  */
57 
58 void
59 audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)
60 {
61 	adt_session_data_t	*ah;
62 	adt_event_data_t	*event;
63 	int			rc;
64 
65 	assert(pwd != NULL);
66 
67 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
68 		syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m");
69 		return;
70 	}
71 	if (adt_set_user(ah, pwd->pw_uid,  pwd->pw_gid,
72 	    pwd->pw_uid,  pwd->pw_gid, NULL, ADT_USER)) {
73 		syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m");
74 		(void) adt_end_session(ah);
75 		return;
76 	}
77 	event = adt_alloc_event(ah, event_id);
78 
79 	if (event == NULL)
80 		return;
81 
82 	switch (event_id) {
83 	case ADT_zlogin:
84 		event->adt_zlogin.message = optional_text;
85 		break;
86 	default:
87 		break;
88 	}
89 	rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
90 
91 	(void) adt_free_event(event);
92 	if (rc) {
93 		(void) adt_end_session(ah);
94 		syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m");
95 		return;
96 	}
97 	/*
98 	 * The code above executes whether or not audit is enabled.
99 	 * However audit_logout must only execute if audit is
100 	 * enabled so we don't fork unnecessarily.
101 	 */
102 	if (adt_audit_enabled()) {
103 		switch (event_id) {
104 		case ADT_login:
105 		case ADT_rlogin:
106 		case ADT_telnet:
107 		case ADT_zlogin:
108 			audit_logout(ah);	/* fork to catch logout */
109 			break;
110 		}
111 	}
112 	(void) adt_end_session(ah);
113 }
114 
115 /*
116  * errors are ignored since there is no action to take on error
117  */
118 static void
119 audit_logout(adt_session_data_t *ah)
120 {
121 	adt_event_data_t	*logout;
122 	int			status;		/* wait status */
123 	pid_t			pid;
124 	priv_set_t		*priv;		/* waiting process privs */
125 
126 	if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {
127 		syslog(LOG_AUTH | LOG_ALERT,
128 		    "adt_alloc_event(ADT_logout): %m");
129 		return;
130 	}
131 	if ((priv = priv_allocset())  == NULL) {
132 		syslog(LOG_AUTH | LOG_ALERT,
133 		    "login audit_logout: could not alloc basic privs: %m");
134 		adt_free_event(logout);
135 		return;
136 	}
137 
138 	/*
139 	 * The child returns and continues the login processing.
140 	 * The parent's sole job is to wait for child exit, write the
141 	 * logout audit record, and replay the child's exit code.
142 	 */
143 
144 	if ((pid = fork()) == 0) {
145 		/* child */
146 
147 		adt_free_event(logout);
148 		priv_freeset(priv);
149 		return;
150 	}
151 	if (pid == -1) {
152 		/* failure */
153 
154 		syslog(LOG_AUTH | LOG_ALERT,
155 		    "login audit_logout: could not fork: %m");
156 		adt_free_event(logout);
157 		priv_freeset(priv);
158 		return;
159 	}
160 
161 	/* parent process */
162 
163 	/*
164 	 * When this routine is called, the current working
165 	 * directory is the user's home directory and there are
166 	 * unknown open files. For the waiting process, change the
167 	 * current directory to root and close files so that the
168 	 * user's home directory and anything else can be unmounted
169 	 * if necessary.
170 	 */
171 	if (chdir("/") != 0) {
172 		syslog(LOG_AUTH | LOG_ALERT,
173 		    "login audit_logut: could not chdir /: %m");
174 	}
175 	/*
176 	 * Reduce privileges to just those needed.
177 	 */
178 	priv_basicset(priv);
179 	(void) priv_delset(priv, PRIV_PROC_EXEC);
180 	(void) priv_delset(priv, PRIV_PROC_FORK);
181 	(void) priv_delset(priv, PRIV_PROC_INFO);
182 	(void) priv_delset(priv, PRIV_PROC_SESSION);
183 	(void) priv_delset(priv, PRIV_FILE_LINK_ANY);
184 	if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
185 	    (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
186 		syslog(LOG_AUTH | LOG_ALERT,
187 		    "login audit_logout: could not reduce privs: %m");
188 	}
189 	closefrom(0);
190 	priv_freeset(priv);
191 	while (pid != waitpid(pid, &status, 0))
192 		continue;
193 
194 	(void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
195 	adt_free_event(logout);
196 	(void) adt_end_session(ah);
197 	exit(WEXITSTATUS(status));
198 }
199 
200 /*
201  * errors are ignored since there is no action to take on error.
202  *
203  * If the user id is invalid, pwd is NULL.
204  */
205 void
206 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
207     const char *hostname, const char *ttyname, char *optional_text)
208 {
209 	adt_session_data_t	*ah;
210 	adt_event_data_t	*event;
211 	uid_t			uid;
212 	gid_t			gid;
213 	adt_termid_t		*p_tid;
214 
215 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
216 		return;
217 
218 	uid = ADT_NO_ATTRIB;
219 	gid = ADT_NO_ATTRIB;
220 	if (pwd != NULL) {
221 		uid = pwd->pw_uid;
222 		gid = pwd->pw_gid;
223 	}
224 	/*
225 	 * If this is a remote login, in.rlogind or in.telnetd has
226 	 * already set the terminal id, in which case
227 	 * adt_load_hostname() will use the preset terminal id and
228 	 * ignore hostname.  (If no remote host and ttyname is NULL,
229 	 * let adt_load_ttyname() figure out what to do.)
230 	 */
231 	if (*hostname == '\0')
232 		(void) adt_load_ttyname(ttyname, &p_tid);
233 	else
234 		(void) adt_load_hostname(hostname, &p_tid);
235 
236 	if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
237 		(void) adt_end_session(ah);
238 		if (p_tid != NULL)
239 			free(p_tid);
240 		return;
241 	}
242 	if (p_tid != NULL)
243 		free(p_tid);
244 
245 	event = adt_alloc_event(ah, event_id);
246 	if (event == NULL) {
247 		return;
248 	}
249 	switch (event_id) {
250 	case ADT_zlogin:
251 		event->adt_zlogin.message = optional_text;
252 		break;
253 	}
254 	(void) adt_put_event(event, ADT_FAILURE, failure_code);
255 
256 	adt_free_event(event);
257 	(void) adt_end_session(ah);
258 }
259