1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #include <netdb.h> 28 #include <netinet/in.h> 29 #include <pwd.h> 30 #include <sys/errno.h> 31 #include <sys/mutex.h> 32 #include <sys/param.h> 33 #include <sys/socket.h> 34 #include <sys/stat.h> 35 #include <sys/types.h> 36 #include <string.h> 37 #include <unistd.h> 38 #include <stdlib.h> 39 #include <alloca.h> 40 #include <sys/smedia.h> 41 #include <tsol/label.h> 42 #include "smserver.h" 43 #include <bsm/audit.h> 44 #include <bsm/libbsm.h> 45 #include <bsm/audit_uevents.h> 46 #include <bsm/audit_record.h> 47 48 /* Private Functions */ 49 static int selected(au_event_t, au_mask_t *, int); 50 51 static int audit_selected(door_data_t *); 52 static int audit_na_selected(door_data_t *); 53 static int audit_save_namask(door_data_t *door_dp); 54 static int audit_save_policy(door_data_t *door_dp); 55 56 /* 57 * can_audit: 58 * Return 1 if audit module is loaded. 59 * Return 0 otherwise. 60 * 61 */ 62 int 63 can_audit(void) 64 { 65 static int auc = AUC_UNSET; 66 int cond = 0; 67 68 if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) { 69 auc = AUC_DISABLED; 70 } else { 71 auc = cond; 72 } 73 if (auc == AUC_DISABLED) 74 return (0); 75 else return (1); 76 } 77 78 static int 79 audit_save_policy(door_data_t *door_dp) 80 { 81 uint32_t policy; 82 83 if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) { 84 return (-1); 85 } 86 door_dp->audit_policy = policy; 87 return (0); 88 } 89 90 /* 91 * audit_init(): 92 * Initialize variables. 93 */ 94 void 95 audit_init(door_data_t *door_dp) 96 { 97 door_dp->audit_auid = (uid_t)-1; 98 door_dp->audit_uid = (uid_t)-1; 99 door_dp->audit_euid = (uid_t)-1; 100 door_dp->audit_gid = (gid_t)-1; 101 door_dp->audit_egid = (gid_t)-1; 102 door_dp->audit_pid = -1; 103 door_dp->audit_tid.at_port = 0; 104 door_dp->audit_tid.at_type = 0; 105 door_dp->audit_tid.at_addr[0] = 0; 106 door_dp->audit_tid.at_addr[1] = 0; 107 door_dp->audit_tid.at_addr[2] = 0; 108 door_dp->audit_tid.at_addr[3] = 0; 109 door_dp->audit_namask.am_success = (int)-1; 110 door_dp->audit_namask.am_failure = (int)-1; 111 door_dp->audit_event = 0; 112 door_dp->audit_sorf = -2; 113 door_dp->audit_user = NULL; 114 door_dp->audit_text[0] = '\0'; 115 door_dp->audit_text1[0] = '\0'; 116 door_dp->audit_na = 0; 117 door_dp->audit_asid = (au_asid_t)(-1); 118 door_dp->audit_path = NULL; 119 } 120 121 int 122 audit_save_me(door_data_t *door_dp) 123 { 124 door_cred_t client_cred; 125 int ret_val; 126 int i; 127 128 ret_val = door_cred(&client_cred); 129 if (ret_val == -1) 130 return (ret_val); 131 door_dp->audit_ap.ap_pid = client_cred.dc_pid; 132 ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap, 133 sizeof (door_dp->audit_ap)); 134 if (ret_val == -1) 135 return (ret_val); 136 137 door_dp->audit_auid = door_dp->audit_ap.ap_auid; 138 door_dp->audit_euid = client_cred.dc_euid; 139 door_dp->audit_egid = client_cred.dc_egid; 140 door_dp->audit_uid = client_cred.dc_ruid; 141 door_dp->audit_gid = client_cred.dc_rgid; 142 door_dp->audit_pid = client_cred.dc_pid; 143 door_dp->audit_asid = door_dp->audit_ap.ap_asid; 144 door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port; 145 door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type; 146 for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++) 147 door_dp->audit_tid.at_addr[i] = 148 door_dp->audit_ap.ap_termid.at_addr[i]; 149 (void) audit_save_policy(door_dp); 150 return (0); 151 } 152 153 /* 154 * audit_save_namask(): 155 * Save the namask using the naflags entry in the audit_control file. 156 * Return 0 if successful. 157 * Return -1, and don't change the namask, if failed. 158 * Side Effect: Sets audit_na to -1 if error, 1 if successful. 159 */ 160 static int 161 audit_save_namask(door_data_t *door_dp) 162 { 163 au_mask_t mask; 164 165 door_dp->audit_na = -1; 166 167 /* 168 * get non-attributable system event mask from kernel. 169 */ 170 if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) { 171 return (-1); 172 } 173 174 door_dp->audit_namask.am_success = mask.am_success; 175 door_dp->audit_namask.am_failure = mask.am_failure; 176 door_dp->audit_na = 1; 177 return (0); 178 } 179 180 /* 181 * audit_audit: 182 * Cut and audit record if it is selected. 183 * Return 0, if successfully written. 184 * Return 0, if not written, and not expected to write. 185 * Return -1, if not written because of unexpected error. 186 */ 187 int 188 audit_audit(door_data_t *door_dp) 189 { 190 int ad; 191 192 if (can_audit() == 0) { 193 return (0); 194 } 195 196 if (door_dp->audit_na) { 197 if (!audit_na_selected(door_dp)) { 198 return (0); 199 } 200 } else if (!audit_selected(door_dp)) { 201 return (0); 202 } 203 204 if ((ad = au_open()) == -1) { 205 return (-1); 206 } 207 208 (void) au_write(ad, au_to_subject_ex(door_dp->audit_auid, 209 door_dp->audit_euid, 210 door_dp->audit_egid, 211 door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid, 212 door_dp->audit_asid, &door_dp->audit_tid)); 213 if (is_system_labeled()) 214 (void) au_write(ad, au_to_mylabel()); 215 if (door_dp->audit_policy & AUDIT_GROUP) { 216 217 int ng; 218 int maxgrp = getgroups(0, NULL); 219 gid_t *grplst = alloca(maxgrp * sizeof (gid_t)); 220 221 if ((ng = getgroups(maxgrp, grplst))) { 222 (void) au_write(ad, au_to_newgroups(ng, grplst)); 223 } 224 } 225 if (strlen(door_dp->audit_text) != 0) { 226 (void) au_write(ad, au_to_text(door_dp->audit_text)); 227 } 228 if (strlen(door_dp->audit_text1) != 0) { 229 (void) au_write(ad, au_to_text(door_dp->audit_text1)); 230 } 231 if (door_dp->audit_path != NULL) { 232 (void) au_write(ad, au_to_path(door_dp->audit_path)); 233 } 234 #ifdef _LP64 235 (void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1, 236 (int64_t)door_dp->audit_sorf)); 237 #else 238 (void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1, 239 (int32_t)door_dp->audit_sorf)); 240 #endif 241 if (au_close(ad, 1, door_dp->audit_event) < 0) { 242 (void) au_close(ad, 0, 0); 243 return (-1); 244 } 245 246 return (0); 247 } 248 249 static int 250 audit_na_selected(door_data_t *door_dp) 251 { 252 if (door_dp->audit_na == -1) { 253 return (-1); 254 } 255 256 return (selected(door_dp->audit_event, 257 &door_dp->audit_namask, door_dp->audit_sorf)); 258 } 259 260 static int 261 audit_selected(door_data_t *door_dp) 262 { 263 264 if (door_dp->audit_uid > MAXUID) { 265 (void) audit_save_namask(door_dp); 266 return (audit_na_selected(door_dp)); 267 } 268 269 return (selected(door_dp->audit_event, 270 &door_dp->audit_ap.ap_mask, door_dp->audit_sorf)); 271 } 272 273 static int 274 selected(au_event_t e, au_mask_t *m, int sorf) 275 { 276 int prs_sorf; 277 278 if (sorf == 0) { 279 prs_sorf = AU_PRS_SUCCESS; 280 } else if (sorf == -1) { 281 prs_sorf = AU_PRS_FAILURE; 282 } else { 283 prs_sorf = AU_PRS_BOTH; 284 } 285 286 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD)); 287 } 288