1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 #include <bsm/adt.h>
29 #include <bsm/adt_event.h>
30 #include <assert.h>
31 #include <bsm/audit.h>
32 #include <bsm/audit_record.h>
33 #include <bsm/libbsm.h>
34 #include <door.h>
35 #include <errno.h>
36 #include <generic.h>
37 #include <md5.h>
38 #include <sys/mkdev.h>
39 #include <netdb.h>
40 #include <nss_dbdefs.h>
41 #include <pwd.h>
42 #include <sys/stat.h>
43 #include <time.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <synch.h>
47 #include <sys/systeminfo.h>
48 #include <syslog.h>
49 #include <thread.h>
50 #include <unistd.h>
51 #include <adt_xlate.h>
52 #include <adt_ucred.h>
53 #include <arpa/inet.h>
54 #include <net/if.h>
55 #include <libinetutil.h>
56
57 static int adt_selected(struct adt_event_state *, au_event_t, int);
58 static int adt_init(adt_internal_state_t *, int);
59 static int adt_import(adt_internal_state_t *, const adt_export_data_t *);
60 static m_label_t *adt_ucred_label(ucred_t *);
61 static void adt_setto_unaudited(adt_internal_state_t *);
62 static int adt_get_local_address(int, struct ifaddrlist *);
63
64 #ifdef C2_DEBUG
65 #define DPRINTF(x) { (void) printf x; }
66 #define DFLUSH (void) fflush(stdout);
67 #else
68 #define DPRINTF(x)
69 #define DFLUSH
70 #endif
71
72 /*
73 * Local audit states are a bit mask
74 *
75 * The global audit states are
76 *
77 * AUC_UNSET 0 - on/off hasn't been decided
78 * AUC_ENABLED 1 - loaded and enabled
79 *
80 * The local Zone states are
81 *
82 * AUC_AUDITING 0x1 - audit daemon is active
83 * AUC_NOAUDIT 0x2 - audit daemon is not active
84 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run
85 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records
86 *
87 * The only values returned by auditon(A_GETCOND) are:
88 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE
89 *
90 * The pseudo audit state used when the c2audit module is excluded is
91 *
92 * AUC_DISABLED 0x100 - c2audit module is excluded
93 */
94
95 static int auditstate = AUC_DISABLED; /* default state */
96
97 /*
98 * adt_write_syslog
99 *
100 * errors that are not the user's fault (bugs or whatever in
101 * the underlying audit code are noted in syslog.)
102 *
103 * Avoid calling adt_write_syslog for things that can happen
104 * at high volume.
105 *
106 * syslog's open (openlog) and close (closelog) are interesting;
107 * openlog *may* create a file descriptor and is optional. closelog
108 * *will* close any open file descriptors and is also optional.
109 *
110 * Since syslog may also be used by the calling application, the
111 * choice is to avoid openlog, which sets some otherwise useful
112 * parameters, and to embed "Solaris_audit" in the log message.
113 */
114
115 void
adt_write_syslog(const char * message,int err)116 adt_write_syslog(const char *message, int err)
117 {
118 int save_errno = errno;
119 int mask_priority;
120
121 DPRINTF(("syslog called: %s\n", message));
122
123 mask_priority = setlogmask(LOG_MASK(LOG_ALERT));
124 errno = err;
125 syslog(LOG_ALERT, "Solaris_audit %s: %m", message);
126 (void) setlogmask(mask_priority);
127 errno = save_errno;
128 }
129
130 /*
131 * return true if c2audit is not excluded.
132 *
133 * For purpose of this API, anything but AUC_DISABLED
134 * is enabled; however one never actually sees
135 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any
136 * auditon error is considered the same as ENOTSUP for our
137 * purpose. auditstate is not changed by auditon if an error
138 * is returned.
139 */
140
141 /*
142 * XXX this should probably be eliminated and adt_audit_state() replace it.
143 * All the legitimate uses are to not fork a waiting process for
144 * process exit processing, as in su, login, dtlogin. Other bogus
145 * users are zoneadmd and init.
146 * All but dtlogin are in ON, so we can do this without cross gate
147 * synchronization.
148 *
149 * No longer used in adt.c.
150 */
151
152 boolean_t
adt_audit_enabled(void)153 adt_audit_enabled(void)
154 {
155
156 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
157
158 return (auditstate != AUC_DISABLED);
159 }
160
161 /*
162 * See adt_audit_enabled() for state discussions.
163 * The state parameter is a hedge until all the uses become clear.
164 * Likely if adt_audit_enabled is brought internal to this file,
165 * it could be modified to take one or more parameters to describe the
166 * state.
167 */
168
169 boolean_t
adt_audit_state(int states)170 adt_audit_state(int states)
171 {
172
173 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
174
175 return ((auditstate & states) ? B_TRUE : B_FALSE);
176 }
177
178 /*
179 * Get user_specific/non-attributable audit mask. This may be called even when
180 * auditing is off.
181 */
182
183 static int
adt_get_mask_from_user(uid_t uid,au_mask_t * mask)184 adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
185 {
186 struct passwd pwd;
187 long buff_sz;
188 char *pwd_buff;
189
190
191 if (auditstate & AUC_DISABLED) {
192 /* c2audit excluded */
193 mask->am_success = 0;
194 mask->am_failure = 0;
195 return (0);
196 }
197
198 /*
199 * This function applies the 'attributable' mask, modified by
200 * any per-user flags, to any user whose UID can be mapped to
201 * a name via name services.
202 * Others, such as users with Ephemeral UIDs, or NFS clients
203 * using AUTH_SYS, get the 'non-attributable mask'.
204 * This is true even if some _other_ system or service could
205 * map the ID to a name, or if it could be inferred from
206 * other records.
207 * Note that it is possible for records to contain _only_
208 * an ephemeral ID, which can't be mapped back to a name
209 * once it becomes invalid (e.g. server reboot).
210 */
211 if (uid <= MAXUID) {
212 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
213 adt_write_syslog("couldn't determine maximum size of "
214 "password buffer", errno);
215 return (-1);
216 }
217 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
218 return (-1);
219 }
220 /*
221 * Ephemeral id's and id's that exist in a name service we
222 * don't have configured (LDAP, NIS) can't be looked up,
223 * but either way it's not an error.
224 */
225 if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
226 if (au_user_mask(pwd.pw_name, mask)) {
227 free(pwd_buff);
228 errno = EFAULT; /* undetermined failure */
229 return (-1);
230 }
231 free(pwd_buff);
232 return (0);
233 }
234 free(pwd_buff);
235 }
236
237 if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
238 return (-1);
239 }
240
241 return (0);
242 }
243
244 /*
245 * adt_get_unique_id -- generate a hopefully unique 32 bit value
246 *
247 * there will be a follow up to replace this with the use of /dev/random
248 *
249 * An MD5 hash is taken on a buffer of
250 * hostname . audit id . unix time . pid . count
251 *
252 * "count = noise++;" is subject to a race condition but I don't
253 * see a need to put a lock around it.
254 */
255
256 au_asid_t
adt_get_unique_id(au_id_t uid)257 adt_get_unique_id(au_id_t uid)
258 {
259 char hostname[MAXHOSTNAMELEN];
260 union {
261 au_id_t v[4];
262 unsigned char obuff[128/8];
263 } output;
264 MD5_CTX context;
265
266 static int noise = 0;
267
268 int count = noise++;
269 time_t timebits = time(NULL);
270 pid_t pidbits = getpid();
271 au_asid_t retval = 0;
272
273 if (gethostname(hostname, MAXHOSTNAMELEN)) {
274 adt_write_syslog("gethostname call failed", errno);
275 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN);
276 }
277
278 while (retval == 0) { /* 0 is the only invalid result */
279 MD5Init(&context);
280
281 MD5Update(&context, (unsigned char *)hostname,
282 (unsigned int) strlen((const char *)hostname));
283
284 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t));
285
286 MD5Update(&context,
287 (unsigned char *) &timebits, sizeof (time_t));
288
289 MD5Update(&context, (unsigned char *) &pidbits,
290 sizeof (pid_t));
291
292 MD5Update(&context, (unsigned char *) &(count), sizeof (int));
293 MD5Final(output.obuff, &context);
294
295 retval = output.v[count % 4];
296 }
297 return (retval);
298 }
299
300 /*
301 * the following "port" function deals with the following issues:
302 *
303 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made
304 * up from a 32 bit major and 32 bit minor.
305 * 2 User space deals with a dev_t as either the above 64 bit value
306 * or a 32 bit value made from a 14 bit major and an 18 bit minor.
307 * 3 The various audit interfaces (except ucred) pass the 32 or
308 * 64 bit version depending the architecture of the userspace
309 * application. If you get a port value from ucred and pass it
310 * to the kernel via auditon(), it must be squeezed into a 32
311 * bit value because the kernel knows the userspace app's bit
312 * size.
313 *
314 * The internal state structure for adt (adt_internal_state_t) uses
315 * dev_t, so adt converts data from ucred to fit. The import/export
316 * functions, however, can't know if they are importing/exporting
317 * from 64 or 32 bit applications, so they always send 64 bits and
318 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as
319 * appropriate.
320 */
321
322 /*
323 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are
324 * both 64 bits). If lib is 32 bits, squeeze the two-int port into
325 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t,
326 * so it isn't broken up into pieces. (When it goes to the kernel
327 * and back, however, it will have been split into major/minor
328 * pieces.)
329 */
330
331 static void
adt_cpy_tid(au_tid_addr_t * dest,const au_tid64_addr_t * src)332 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
333 {
334 #ifdef _LP64
335 (void) memcpy(dest, src, sizeof (au_tid_addr_t));
336 #else /* _LP64 */
337 dest->at_type = src->at_type;
338
339 dest->at_port = src->at_port.at_minor & MAXMIN32;
340 dest->at_port |= (src->at_port.at_major & MAXMAJ32) <<
341 NBITSMINOR32;
342
343 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t));
344 #endif /* _LP64 */
345 }
346
347 /*
348 * adt_start_session -- create interface handle, create context
349 *
350 * The imported_state input is normally NULL, if not, it represents
351 * a continued session; its values obviate the need for a subsequent
352 * call to adt_set_user().
353 *
354 * The flag is used to decide how to set the initial state of the session.
355 * If 0, the session is "no audit" until a call to adt_set_user; if
356 * ADT_USE_PROC_DATA, the session is built from the process audit
357 * characteristics obtained from the kernel. If imported_state is
358 * not NULL, the resulting audit mask is an OR of the current process
359 * audit mask and that passed in.
360 *
361 * The basic model is that the caller can use the pointer returned
362 * by adt_start_session whether or not auditing is enabled or an
363 * error was returned. The functions that take the session handle
364 * as input generally return without doing anything if auditing is
365 * disabled.
366 */
367
368 int
adt_start_session(adt_session_data_t ** new_session,const adt_export_data_t * imported_state,adt_session_flags_t flags)369 adt_start_session(adt_session_data_t **new_session,
370 const adt_export_data_t *imported_state, adt_session_flags_t flags)
371 {
372 adt_internal_state_t *state;
373 adt_session_flags_t flgmask = ADT_FLAGS_ALL;
374
375 /* test and set auditstate */
376 if (adt_audit_state(AUC_DISABLED)) {
377 /* c2audit excluded */
378 *new_session = NULL;
379 return (0);
380 }
381
382 if ((flags & ~flgmask) != 0) {
383 errno = EINVAL;
384 goto return_err;
385 }
386
387 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) {
388 goto return_err;
389 }
390
391 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) {
392 goto return_err_free; /* errno from adt_init() */
393 }
394
395 /*
396 * The imported state overwrites the initial state if the
397 * imported state represents a valid audit trail
398 */
399
400 if (imported_state != NULL) {
401 if (adt_import(state, imported_state) != 0) {
402 goto return_err_free;
403 }
404 } else if (flags & ADT_USE_PROC_DATA) {
405 state->as_session_model = ADT_PROCESS_MODEL;
406 }
407 state->as_flags = flags;
408 DPRINTF(("(%lld) Starting session id = %08X\n",
409 (long long) getpid(), state->as_info.ai_asid));
410
411 *new_session = (adt_session_data_t *)state;
412 return (0);
413
414 return_err_free:
415 free(state);
416 return_err:
417 *new_session = NULL;
418 adt_write_syslog("audit session create failed", errno);
419 return (-1);
420 }
421
422 /*
423 * adt_load_table()
424 *
425 * loads the event translation table into the audit session.
426 */
427
428 void
adt_load_table(const adt_session_data_t * session_data,adt_translation_t ** xlate,void (* preload)(au_event_t,adt_event_data_t *))429 adt_load_table(const adt_session_data_t *session_data,
430 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *))
431 {
432 adt_internal_state_t *state = (adt_internal_state_t *)session_data;
433
434 if (state != NULL) {
435 assert(state->as_check == ADT_VALID);
436 state->as_xlate = xlate;
437 state->as_preload = preload;
438 }
439 }
440
441 /*
442 * adt_get_asid() and adt_set_asid()
443 *
444 * if you use this interface, you are responsible to insure that the
445 * rest of the session data is populated correctly before calling
446 * adt_proccess_attr()
447 *
448 * neither of these are intended for general use and will likely
449 * remain private interfaces for a long time. Forever is a long
450 * time. In the case of adt_set_asid(), you should have a very,
451 * very good reason for setting your own session id. The process
452 * audit characteristics are not changed by put, use adt_set_proc().
453 *
454 * These are "volatile" (more changable than "evolving") and will
455 * probably change in the S10 period.
456 */
457
458 void
adt_get_asid(const adt_session_data_t * session_data,au_asid_t * asid)459 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
460 {
461
462 if (session_data == NULL) {
463 *asid = 0;
464 } else {
465 assert(((adt_internal_state_t *)session_data)->as_check ==
466 ADT_VALID);
467
468 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid;
469 }
470 }
471
472 void
adt_set_asid(const adt_session_data_t * session_data,const au_asid_t session_id)473 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
474 {
475
476 if (session_data != NULL) {
477 assert(((adt_internal_state_t *)session_data)->as_check ==
478 ADT_VALID);
479
480 ((adt_internal_state_t *)session_data)->as_have_user_data |=
481 ADT_HAVE_ASID;
482 ((adt_internal_state_t *)session_data)->as_info.ai_asid =
483 session_id;
484 }
485 }
486
487 /*
488 * adt_get_auid() and adt_set_auid()
489 *
490 * neither of these are intended for general use and will likely
491 * remain private interfaces for a long time. Forever is a long
492 * time. In the case of adt_set_auid(), you should have a very,
493 * very good reason for setting your own audit id. The process
494 * audit characteristics are not changed by put, use adt_set_proc().
495 */
496
497 void
adt_get_auid(const adt_session_data_t * session_data,au_id_t * auid)498 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
499 {
500
501 if (session_data == NULL) {
502 *auid = AU_NOAUDITID;
503 } else {
504 assert(((adt_internal_state_t *)session_data)->as_check ==
505 ADT_VALID);
506
507 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid;
508 }
509 }
510
511 void
adt_set_auid(const adt_session_data_t * session_data,const au_id_t audit_id)512 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
513 {
514
515 if (session_data != NULL) {
516 assert(((adt_internal_state_t *)session_data)->as_check ==
517 ADT_VALID);
518
519 ((adt_internal_state_t *)session_data)->as_have_user_data |=
520 ADT_HAVE_AUID;
521 ((adt_internal_state_t *)session_data)->as_info.ai_auid =
522 audit_id;
523 }
524 }
525
526 /*
527 * adt_get_termid(), adt_set_termid()
528 *
529 * if you use this interface, you are responsible to insure that the
530 * rest of the session data is populated correctly before calling
531 * adt_proccess_attr()
532 *
533 * The process audit characteristics are not changed by put, use
534 * adt_set_proc().
535 */
536
537 void
adt_get_termid(const adt_session_data_t * session_data,au_tid_addr_t * termid)538 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
539 {
540
541 if (session_data == NULL) {
542 (void) memset(termid, 0, sizeof (au_tid_addr_t));
543 termid->at_type = AU_IPv4;
544 } else {
545 assert(((adt_internal_state_t *)session_data)->as_check ==
546 ADT_VALID);
547
548 *termid =
549 ((adt_internal_state_t *)session_data)->as_info.ai_termid;
550 }
551 }
552
553 void
adt_set_termid(const adt_session_data_t * session_data,const au_tid_addr_t * termid)554 adt_set_termid(const adt_session_data_t *session_data,
555 const au_tid_addr_t *termid)
556 {
557
558 if (session_data != NULL) {
559 assert(((adt_internal_state_t *)session_data)->as_check ==
560 ADT_VALID);
561
562 ((adt_internal_state_t *)session_data)->as_info.ai_termid =
563 *termid;
564
565 ((adt_internal_state_t *)session_data)->as_have_user_data |=
566 ADT_HAVE_TID;
567 }
568 }
569
570 /*
571 * adt_get_mask(), adt_set_mask()
572 *
573 * if you use this interface, you are responsible to insure that the
574 * rest of the session data is populated correctly before calling
575 * adt_proccess_attr()
576 *
577 * The process audit characteristics are not changed by put, use
578 * adt_set_proc().
579 */
580
581 void
adt_get_mask(const adt_session_data_t * session_data,au_mask_t * mask)582 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
583 {
584
585 if (session_data == NULL) {
586 mask->am_success = 0;
587 mask->am_failure = 0;
588 } else {
589 assert(((adt_internal_state_t *)session_data)->as_check ==
590 ADT_VALID);
591
592 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask;
593 }
594 }
595
596 void
adt_set_mask(const adt_session_data_t * session_data,const au_mask_t * mask)597 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
598 {
599
600 if (session_data != NULL) {
601 assert(((adt_internal_state_t *)session_data)->as_check ==
602 ADT_VALID);
603
604 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask;
605
606 ((adt_internal_state_t *)session_data)->as_have_user_data |=
607 ADT_HAVE_MASK;
608 }
609 }
610
611 /*
612 * helpers for adt_load_termid
613 */
614
615 static dev_t
adt_ports_to_at_port(in_port_t remote,in_port_t local)616 adt_ports_to_at_port(in_port_t remote, in_port_t local)
617 {
618 dev_t port;
619
620 #ifdef _LP64
621 dev_t tmp;
622
623 /*
624 * In 64-bit, at_port is a 64-bit value encoding major/minor
625 * device numbers as 32-bits each. However when a 32-bit application
626 * subsequently requests the audit address via getaudit_addr(), this
627 * value must be capable of being compressed down to a 14-bit major and
628 * 18-bit minor number or the call will fail.
629 *
630 * In order to construct a 32-bit compatible value, the top 14-bits of
631 * the remote port are used for the major number and the remaining
632 * 2-bits + local port are used for the minor.
633 */
634
635 tmp = ((remote<<16) | (local));
636 port = (tmp & MAXMIN32);
637 port |= (((tmp >> NBITSMINOR32) & MAXMAJ32) << NBITSMINOR64);
638 #else
639 port = ((remote<<16) | (local));
640 #endif
641
642 return (port);
643 }
644
645 static void
adt_do_ipv6_address(struct sockaddr_in6 * peer,struct sockaddr_in6 * sock,au_tid_addr_t * termid)646 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
647 au_tid_addr_t *termid)
648 {
649 termid->at_port =
650 adt_ports_to_at_port(peer->sin6_port, sock->sin6_port);
651 termid->at_type = AU_IPv6;
652 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t));
653 }
654
655 static void
adt_do_ipv4_address(struct sockaddr_in * peer,struct sockaddr_in * sock,au_tid_addr_t * termid)656 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock,
657 au_tid_addr_t *termid)
658 {
659 termid->at_port = adt_ports_to_at_port(peer->sin_port, sock->sin_port);
660 termid->at_type = AU_IPv4;
661 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr;
662 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t));
663 }
664
665 /*
666 * adt_load_termid: convenience function; inputs file handle and
667 * outputs an au_tid_addr struct.
668 *
669 * This code was stolen from audit_settid.c; it differs from audit_settid()
670 * in that it does not write the terminal id to the process.
671 */
672
673 int
adt_load_termid(int fd,adt_termid_t ** termid)674 adt_load_termid(int fd, adt_termid_t **termid)
675 {
676 au_tid_addr_t *p_term;
677 struct sockaddr_in6 peer;
678 struct sockaddr_in6 sock;
679 int peerlen = sizeof (peer);
680 int socklen = sizeof (sock);
681
682 /* get peer name if its a socket, else assume local terminal */
683
684 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
685 < 0) {
686 if (errno == ENOTSOCK) {
687 return (adt_load_hostname(NULL, termid));
688 }
689 goto return_err;
690 }
691
692 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
693 goto return_err;
694 }
695
696 /* get sock name */
697 if (getsockname(fd, (struct sockaddr *)&sock,
698 (socklen_t *)&socklen) < 0) {
699 goto return_err_free;
700 }
701
702 if (peer.sin6_family == AF_INET6) {
703 adt_do_ipv6_address(&peer, &sock, p_term);
704 } else {
705 adt_do_ipv4_address((struct sockaddr_in *)&peer,
706 (struct sockaddr_in *)&sock, p_term);
707 }
708 *termid = (adt_termid_t *)p_term;
709
710 return (0);
711
712 return_err_free:
713 free(p_term);
714 return_err:
715 *termid = NULL;
716 return (-1);
717 }
718
719 static boolean_t
adt_have_termid(au_tid_addr_t * dest)720 adt_have_termid(au_tid_addr_t *dest)
721 {
722 struct auditinfo_addr audit_data;
723
724 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) {
725 adt_write_syslog("getaudit failed", errno);
726 return (B_FALSE);
727 }
728
729 if ((audit_data.ai_termid.at_type == 0) ||
730 (audit_data.ai_termid.at_addr[0] |
731 audit_data.ai_termid.at_addr[1] |
732 audit_data.ai_termid.at_addr[2] |
733 audit_data.ai_termid.at_addr[3]) == 0)
734 return (B_FALSE);
735
736 (void) memcpy(dest, &(audit_data.ai_termid),
737 sizeof (au_tid_addr_t));
738
739 return (B_TRUE);
740 }
741
742 /*
743 * adt_get_hostIP - construct a terminal id from a hostname
744 *
745 * Returns 0 = success
746 * -1 = failure and errno = ENETDOWN with the address
747 * defaulted to IPv4 loopback.
748 */
749
750 static int
adt_get_hostIP(const char * hostname,au_tid_addr_t * p_term)751 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
752 {
753 struct addrinfo *ai = NULL;
754 int tries = 3;
755 int eai_err;
756
757 while ((tries-- > 0) &&
758 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) {
759 DPRINTF(("getaddrinfo(%s) failed[%s]", hostname,
760 gai_strerror(eai_err)));
761
762 if (eai_err != EAI_AGAIN) {
763 break;
764 }
765 /* see if resolution becomes available */
766 (void) sleep(1);
767 }
768 if (ai != NULL) {
769 if (ai->ai_family == AF_INET) {
770 p_term->at_type = AU_IPv4;
771 (void) memcpy(p_term->at_addr,
772 /* LINTED */
773 &((struct sockaddr_in *)ai->ai_addr)->sin_addr,
774 AU_IPv4);
775 } else {
776 p_term->at_type = AU_IPv6;
777 (void) memcpy(p_term->at_addr,
778 /* LINTED */
779 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
780 AU_IPv6);
781 }
782 freeaddrinfo(ai);
783 return (0);
784 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) {
785 auditinfo_addr_t audit_info;
786
787 /*
788 * auditd is running so there should be a
789 * kernel audit context
790 */
791 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
792 sizeof (audit_info)) < 0) {
793 adt_write_syslog("unable to get kernel audit context",
794 errno);
795 goto try_interface;
796 }
797 DPRINTF(("setting Audit IP address to kernel"));
798 *p_term = audit_info.ai_termid;
799 return (0);
800 }
801 try_interface:
802 {
803 struct ifaddrlist al;
804 int family;
805 #ifdef C2_DEBUG
806 char ntop[INET6_ADDRSTRLEN];
807 #endif
808
809 /*
810 * getaddrinfo has failed to map the hostname
811 * to an IP address, try to get an IP address
812 * from a local interface. If none up, default
813 * to loopback.
814 */
815 family = AF_INET6;
816 if (adt_get_local_address(family, &al) != 0) {
817 family = AF_INET;
818
819 if (adt_get_local_address(family, &al) != 0) {
820 adt_write_syslog("adt_get_local_address "
821 "failed, no Audit IP address available, "
822 "faking loopback and error",
823 errno);
824 IN_SET_LOOPBACK_ADDR(
825 (struct sockaddr_in *)&(al.addr.addr));
826 (void) memcpy(p_term->at_addr, &al.addr.addr,
827 AU_IPv4);
828 p_term->at_type = AU_IPv4;
829 return (-1);
830 }
831 }
832 if (family == AF_INET) {
833 p_term->at_type = AU_IPv4;
834 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4);
835 } else {
836 p_term->at_type = AU_IPv6;
837 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6);
838 }
839
840 DPRINTF(("mapping %s to %s", hostname,
841 inet_ntop(family, &(al.addr), ntop, sizeof (ntop))));
842 return (0);
843 }
844 }
845
846 /*
847 * adt_load_hostname() is called when the caller does not have a file
848 * handle that gives access to the socket info or any other way to
849 * pass in both port and ip address. The hostname input is ignored if
850 * the terminal id has already been set; instead it returns the
851 * existing terminal id.
852 *
853 * If c2audit is excluded, success is returned.
854 * If the hostname lookup fails, the loopback address is assumed,
855 * errno is set to ENETDOWN, this allows the caller to interpret
856 * whether failure is fatal, and if not to have a address for the
857 * hostname.
858 * Otherwise the caller would need to be aware of the audit state.
859 *
860 * Other errors are ignored if not auditing.
861 */
862
863 int
adt_load_hostname(const char * hostname,adt_termid_t ** termid)864 adt_load_hostname(const char *hostname, adt_termid_t **termid)
865 {
866 char localhost[MAXHOSTNAMELEN + 1];
867 au_tid_addr_t *p_term;
868
869 if (adt_audit_state(AUC_DISABLED)) {
870 /* c2audit excluded */
871 *termid = NULL;
872 return (0);
873 }
874
875 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
876 goto return_err;
877 }
878
879 if (adt_have_termid(p_term)) {
880 *termid = (adt_termid_t *)p_term;
881 return (0);
882 }
883 p_term->at_port = 0;
884
885 if (hostname == NULL || *hostname == '\0') {
886 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN);
887 hostname = localhost;
888 }
889 if (adt_get_hostIP(hostname, p_term) == 0) {
890 *termid = (adt_termid_t *)p_term;
891 return (0);
892 } else {
893 *termid = (adt_termid_t *)p_term;
894 return (-1);
895 }
896
897 return_err:
898 *termid = NULL;
899 if (auditstate & AUC_NOAUDIT) {
900 return (0);
901 }
902
903 return (-1);
904 }
905
906 /*
907 * adt_load_ttyname() is called when the caller does not have a file
908 * handle that gives access to the local terminal or any other way
909 * of determining the device id. The ttyname input is ignored if
910 * the terminal id has already been set; instead it returns the
911 * existing terminal id.
912 *
913 * If c2audit is excluded, success is returned.
914 * The local hostname is used for the local IP address.
915 * If that hostname lookup fails, the loopback address is assumed,
916 * errno is set to ENETDOWN, this allows the caller to interpret
917 * whether failure is fatal, and if not to have a address for the
918 * hostname.
919 * Otherwise the caller would need to be aware of the audit state.
920 *
921 * Other errors are ignored if not auditing.
922 */
923
924 int
adt_load_ttyname(const char * ttyname,adt_termid_t ** termid)925 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
926 {
927 char localhost[MAXHOSTNAMELEN + 1];
928 au_tid_addr_t *p_term;
929 struct stat stat_buf;
930
931 if (adt_audit_state(AUC_DISABLED)) {
932 /* c2audit excluded */
933 *termid = NULL;
934 return (0);
935 }
936
937 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
938 goto return_err;
939 }
940
941 if (adt_have_termid(p_term)) {
942 *termid = (adt_termid_t *)p_term;
943 return (0);
944 }
945
946 p_term->at_port = 0;
947
948 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) {
949 goto return_err_free; /* errno from sysinfo */
950 }
951
952 if (ttyname != NULL && *ttyname != '\0') {
953 if (stat(ttyname, &stat_buf) < 0) {
954 goto return_err_free;
955 }
956
957 p_term->at_port = stat_buf.st_rdev;
958 }
959
960 if (adt_get_hostIP(localhost, p_term) == 0) {
961 *termid = (adt_termid_t *)p_term;
962 return (0);
963 } else {
964 *termid = (adt_termid_t *)p_term;
965 return (-1);
966 }
967
968 return_err_free:
969 free(p_term);
970
971 return_err:
972 *termid = NULL;
973 if (auditstate & AUC_NOAUDIT) {
974 return (0);
975 }
976
977 return (-1);
978 }
979
980 /*
981 * adt_get_session_id returns a stringified representation of
982 * the audit session id. See also adt_get_asid() for how to
983 * get the unexpurgated version. No guarantees as to how long
984 * the returned string will be or its general form; hex for now.
985 *
986 * An empty string is returned if auditing is off; length = 1
987 * and the pointer is valid.
988 *
989 * returns strlen + 1 if buffer is valid; else 0 and errno.
990 */
991
992 size_t
adt_get_session_id(const adt_session_data_t * session_data,char ** buff)993 adt_get_session_id(const adt_session_data_t *session_data, char **buff)
994 {
995 au_asid_t session_id;
996 size_t length;
997 /*
998 * output is 0x followed by
999 * two characters per byte
1000 * plus terminator,
1001 * except leading 0's are suppressed, so a few bytes may
1002 * be unused.
1003 */
1004 length = 2 + (2 * sizeof (session_id)) + 1;
1005 *buff = malloc(length);
1006
1007 if (*buff == NULL) {
1008 return (0);
1009 }
1010 if (session_data == NULL) { /* NULL is not an error */
1011 **buff = '\0';
1012 return (1);
1013 }
1014 adt_get_asid(session_data, &session_id);
1015
1016 length = snprintf(*buff, length, "0x%X", (int)session_id);
1017
1018 /* length < 1 is a bug: the session data type may have changed */
1019 assert(length > 0);
1020
1021 return (length);
1022 }
1023
1024 /*
1025 * adt_end_session -- close handle, clear context
1026 *
1027 * if as_check is invalid, no harm, no foul, EXCEPT that this could
1028 * be an attempt to free data already free'd, so output to syslog
1029 * to help explain why the process cored dumped.
1030 */
1031
1032 int
adt_end_session(adt_session_data_t * session_data)1033 adt_end_session(adt_session_data_t *session_data)
1034 {
1035 adt_internal_state_t *state;
1036
1037 if (session_data != NULL) {
1038 state = (adt_internal_state_t *)session_data;
1039 if (state->as_check != ADT_VALID) {
1040 adt_write_syslog("freeing invalid data", EINVAL);
1041 } else {
1042 state->as_check = 0;
1043 m_label_free(state->as_label);
1044 free(session_data);
1045 }
1046 }
1047 /* no errors yet defined */
1048 return (0);
1049 }
1050
1051 /*
1052 * adt_dup_session -- copy the session data
1053 */
1054
1055 int
adt_dup_session(const adt_session_data_t * source,adt_session_data_t ** dest)1056 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest)
1057 {
1058 adt_internal_state_t *source_state;
1059 adt_internal_state_t *dest_state = NULL;
1060 int rc = 0;
1061
1062 if (source != NULL) {
1063 source_state = (adt_internal_state_t *)source;
1064 assert(source_state->as_check == ADT_VALID);
1065
1066 dest_state = malloc(sizeof (adt_internal_state_t));
1067 if (dest_state == NULL) {
1068 rc = -1;
1069 goto return_rc;
1070 }
1071 (void) memcpy(dest_state, source,
1072 sizeof (struct adt_internal_state));
1073
1074 if (source_state->as_label != NULL) {
1075 dest_state->as_label = NULL;
1076 if ((rc = m_label_dup(&dest_state->as_label,
1077 source_state->as_label)) != 0) {
1078 free(dest_state);
1079 dest_state = NULL;
1080 }
1081 }
1082 }
1083 return_rc:
1084 *dest = (adt_session_data_t *)dest_state;
1085 return (rc);
1086 }
1087
1088 /*
1089 * from_export_format()
1090 * read from a network order buffer into struct adt_session_data
1091 */
1092
1093 static size_t
adt_from_export_format(adt_internal_state_t * internal,const adt_export_data_t * external)1094 adt_from_export_format(adt_internal_state_t *internal,
1095 const adt_export_data_t *external)
1096 {
1097 struct export_header head;
1098 struct export_link link;
1099 adr_t context;
1100 int32_t offset;
1101 int32_t length;
1102 int32_t version;
1103 size_t label_len;
1104 char *p = (char *)external;
1105
1106 adrm_start(&context, (char *)external);
1107 adrm_int32(&context, (int *)&head, 4);
1108
1109 if ((internal->as_check = head.ax_check) != ADT_VALID) {
1110 errno = EINVAL;
1111 return (0);
1112 }
1113 offset = head.ax_link.ax_offset;
1114 version = head.ax_link.ax_version;
1115 length = head.ax_buffer_length;
1116
1117 /*
1118 * Skip newer versions.
1119 */
1120 while (version > PROTOCOL_VERSION_2) {
1121 if (offset < 1) {
1122 return (0); /* failed to match version */
1123 }
1124 p += offset; /* point to next version # */
1125
1126 if (p > (char *)external + length) {
1127 return (0);
1128 }
1129 adrm_start(&context, p);
1130 adrm_int32(&context, (int *)&link, 2);
1131 offset = link.ax_offset;
1132 version = link.ax_version;
1133 assert(version != 0);
1134 }
1135 /*
1136 * Adjust buffer pointer to the first data item (euid).
1137 */
1138 if (p == (char *)external) {
1139 adrm_start(&context, (char *)(p + sizeof (head)));
1140 } else {
1141 adrm_start(&context, (char *)(p + sizeof (link)));
1142 }
1143 /*
1144 * if down rev version, neither pid nor label are included
1145 * in v1 ax_size_of_tsol_data intentionally ignored
1146 */
1147 if (version == PROTOCOL_VERSION_1) {
1148 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1149 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1150 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1151 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1152 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1153 adrm_int32(&context,
1154 (int *)&(internal->as_info.ai_mask.am_success), 2);
1155 adrm_int32(&context,
1156 (int *)&(internal->as_info.ai_termid.at_port), 1);
1157 adrm_int32(&context,
1158 (int *)&(internal->as_info.ai_termid.at_type), 1);
1159 adrm_int32(&context,
1160 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1161 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1162 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1163 internal->as_pid = (pid_t)-1;
1164 internal->as_label = NULL;
1165 } else if (version == PROTOCOL_VERSION_2) {
1166 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1167 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1168 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1169 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1170 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1171 adrm_int32(&context,
1172 (int *)&(internal->as_info.ai_mask.am_success), 2);
1173 adrm_int32(&context,
1174 (int *)&(internal->as_info.ai_termid.at_port), 1);
1175 adrm_int32(&context,
1176 (int *)&(internal->as_info.ai_termid.at_type), 1);
1177 adrm_int32(&context,
1178 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1179 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1180 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1181 adrm_int32(&context, (int *)&(internal->as_pid), 1);
1182 adrm_int32(&context, (int *)&label_len, 1);
1183 if (label_len > 0) {
1184 /* read in and deal with different sized labels. */
1185 size32_t my_label_len = blabel_size();
1186
1187 if ((internal->as_label =
1188 m_label_alloc(MAC_LABEL)) == NULL) {
1189 return (0);
1190 }
1191 if (label_len > my_label_len) {
1192 errno = EINVAL;
1193 m_label_free(internal->as_label);
1194 return (0);
1195 }
1196 (void) memset(internal->as_label, 0, my_label_len);
1197 adrm_int32(&context, (int *)(internal->as_label),
1198 label_len / sizeof (int32_t));
1199 } else {
1200 internal->as_label = NULL;
1201 }
1202 }
1203
1204 return (length);
1205 }
1206
1207 /*
1208 * adt_to_export_format
1209 * read from struct adt_session_data into a network order buffer.
1210 *
1211 * (network order 'cause this data may be shared with a remote host.)
1212 */
1213
1214 static size_t
adt_to_export_format(adt_export_data_t * external,adt_internal_state_t * internal)1215 adt_to_export_format(adt_export_data_t *external,
1216 adt_internal_state_t *internal)
1217 {
1218 struct export_header head;
1219 struct export_link tail;
1220 adr_t context;
1221 size32_t label_len = 0;
1222
1223 adrm_start(&context, (char *)external);
1224
1225 if (internal->as_label != NULL) {
1226 label_len = blabel_size();
1227 }
1228
1229 head.ax_check = ADT_VALID;
1230 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len;
1231
1232 /* version 2 first */
1233
1234 head.ax_link.ax_version = PROTOCOL_VERSION_2;
1235 head.ax_link.ax_offset = sizeof (struct export_header) +
1236 sizeof (struct adt_export_v2) + label_len;
1237
1238 adrm_putint32(&context, (int *)&head, 4);
1239
1240 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1241 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1242 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1243 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1244 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1245 adrm_putint32(&context,
1246 (int *)&(internal->as_info.ai_mask.am_success), 2);
1247 adrm_putint32(&context,
1248 (int *)&(internal->as_info.ai_termid.at_port), 1);
1249 adrm_putint32(&context,
1250 (int *)&(internal->as_info.ai_termid.at_type), 1);
1251 adrm_putint32(&context,
1252 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1253 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1254 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1255 adrm_putint32(&context, (int *)&(internal->as_pid), 1);
1256 adrm_putint32(&context, (int *)&label_len, 1);
1257 if (internal->as_label != NULL) {
1258 /* serialize the label */
1259 adrm_putint32(&context, (int *)(internal->as_label),
1260 (label_len / sizeof (int32_t)));
1261 }
1262
1263 /* now version 1 */
1264
1265 tail.ax_version = PROTOCOL_VERSION_1;
1266 tail.ax_offset = 0;
1267
1268 adrm_putint32(&context, (int *)&tail, 2);
1269
1270 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1271 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1272 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1273 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1274 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1275 adrm_putint32(&context,
1276 (int *)&(internal->as_info.ai_mask.am_success), 2);
1277 adrm_putint32(&context,
1278 (int *)&(internal->as_info.ai_termid.at_port), 1);
1279 adrm_putint32(&context,
1280 (int *)&(internal->as_info.ai_termid.at_type), 1);
1281 adrm_putint32(&context,
1282 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1283 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1284 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1285 /* ignored in v1 */
1286 adrm_putint32(&context, (int *)&label_len, 1);
1287
1288 /* finally terminator */
1289
1290 tail.ax_version = 0; /* invalid version number */
1291 tail.ax_offset = 0;
1292
1293 adrm_putint32(&context, (int *)&tail, 2);
1294
1295 return (head.ax_buffer_length);
1296 }
1297
1298 /*
1299 * adt_ucred_label() -- if label is available, duplicate it.
1300 */
1301
1302 static m_label_t *
adt_ucred_label(ucred_t * uc)1303 adt_ucred_label(ucred_t *uc)
1304 {
1305 m_label_t *ul = NULL;
1306
1307 if (ucred_getlabel(uc) != NULL) {
1308 (void) m_label_dup(&ul, ucred_getlabel(uc));
1309 }
1310
1311 return (ul);
1312 }
1313
1314 /*
1315 * adt_import() -- convert from network order to machine-specific order
1316 */
1317
1318 static int
adt_import(adt_internal_state_t * internal,const adt_export_data_t * external)1319 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
1320 {
1321 au_mask_t mask;
1322
1323 /* save local audit state */
1324 int local_audit_state = internal->as_audit_state;
1325
1326 if (adt_from_export_format(internal, external) < 1)
1327 return (-1); /* errno from adt_from_export_format */
1328
1329 /*
1330 * If audit isn't enabled on the remote, they were unable
1331 * to generate the audit mask, so generate it based on
1332 * local configuration. If the user id has changed, the
1333 * resulting mask may miss some subtleties that occurred
1334 * on the remote system.
1335 *
1336 * If the remote failed to generate a terminal id, it is not
1337 * recoverable.
1338 */
1339
1340 if (!(internal->as_audit_state & AUC_DISABLED)) {
1341 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1342 &(internal->as_info.ai_mask)))
1343 return (-1);
1344 if (internal->as_info.ai_auid != internal->as_ruid) {
1345 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1346 &mask))
1347 return (-1);
1348 internal->as_info.ai_mask.am_success |=
1349 mask.am_success;
1350 internal->as_info.ai_mask.am_failure |=
1351 mask.am_failure;
1352 }
1353 }
1354 internal->as_audit_state = local_audit_state;
1355
1356 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(),
1357 internal->as_info.ai_asid,
1358 internal->as_info.ai_asid));
1359
1360 internal->as_have_user_data = ADT_HAVE_ALL;
1361
1362 return (0);
1363 }
1364
1365 /*
1366 * adt_export_session_data()
1367 * copies a adt_session_data struct into a network order buffer
1368 *
1369 * In a misconfigured network, the local host may have auditing
1370 * off while the destination may have auditing on, so if there
1371 * is sufficient memory, a buffer will be returned even in the
1372 * audit off case.
1373 */
1374
1375 size_t
adt_export_session_data(const adt_session_data_t * internal,adt_export_data_t ** external)1376 adt_export_session_data(const adt_session_data_t *internal,
1377 adt_export_data_t **external)
1378 {
1379 size32_t length = 0;
1380
1381 if ((internal != NULL) &&
1382 ((adt_internal_state_t *)internal)->as_label != NULL) {
1383 length = blabel_size();
1384 }
1385
1386 *external = malloc(sizeof (adt_export_data_t) + length);
1387
1388 if (*external == NULL)
1389 return (0);
1390
1391 if (internal == NULL) {
1392 adt_internal_state_t *dummy;
1393
1394 dummy = malloc(sizeof (adt_internal_state_t));
1395 if (dummy == NULL)
1396 goto return_length_free;
1397
1398 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */
1399 free(dummy);
1400 goto return_length_free;
1401 }
1402 length = adt_to_export_format(*external, dummy);
1403 free(dummy);
1404 } else {
1405 length = adt_to_export_format(*external,
1406 (adt_internal_state_t *)internal);
1407 }
1408 return (length);
1409
1410 return_length_free:
1411 free(*external);
1412 *external = NULL;
1413 return (0);
1414 }
1415
1416 static void
adt_setto_unaudited(adt_internal_state_t * state)1417 adt_setto_unaudited(adt_internal_state_t *state)
1418 {
1419 if (state->as_audit_state & AUC_DISABLED) {
1420 state->as_ruid = AU_NOAUDITID;
1421 state->as_euid = AU_NOAUDITID;
1422 state->as_rgid = AU_NOAUDITID;
1423 state->as_egid = AU_NOAUDITID;
1424 state->as_pid = (pid_t)-1;
1425 state->as_label = NULL;
1426 } else {
1427 state->as_info.ai_asid = 0;
1428 state->as_info.ai_auid = AU_NOAUDITID;
1429
1430 (void) memset((void *)&(state->as_info.ai_termid), 0,
1431 sizeof (au_tid_addr_t));
1432 state->as_info.ai_termid.at_type = AU_IPv4;
1433
1434 (void) memset((void *)&(state->as_info.ai_mask), 0,
1435 sizeof (au_mask_t));
1436 state->as_have_user_data = 0;
1437 }
1438 }
1439
1440 /*
1441 * adt_init -- set session context by copying the audit characteristics
1442 * from the proc and picking up current uid/tid information.
1443 *
1444 * By default, an audit session is based on the process; the default
1445 * is overriden by adt_set_user()
1446 */
1447
1448 static int
adt_init(adt_internal_state_t * state,int use_proc_data)1449 adt_init(adt_internal_state_t *state, int use_proc_data)
1450 {
1451 /* ensure auditstate is set */
1452
1453 (void) adt_audit_state(0);
1454 state->as_audit_state = auditstate;
1455
1456 if (use_proc_data) {
1457 state->as_ruid = getuid();
1458 state->as_euid = geteuid();
1459 state->as_rgid = getgid();
1460 state->as_egid = getegid();
1461 state->as_pid = getpid();
1462
1463 if (!(state->as_audit_state & AUC_DISABLED)) {
1464 const au_tid64_addr_t *tid;
1465 const au_mask_t *mask;
1466 ucred_t *ucred = ucred_get(P_MYID);
1467
1468 /*
1469 * Even if the ucred is NULL, the underlying
1470 * credential may have a valid terminal id; if the
1471 * terminal id is set, then that's good enough. An
1472 * example of where this matters is failed login,
1473 * where rlogin/telnet sets the terminal id before
1474 * calling login; login does not load the credential
1475 * since auth failed.
1476 */
1477 if (ucred == NULL) {
1478 if (!adt_have_termid(
1479 &(state->as_info.ai_termid)))
1480 return (-1);
1481 } else {
1482 mask = ucred_getamask(ucred);
1483 if (mask != NULL) {
1484 state->as_info.ai_mask = *mask;
1485 } else {
1486 ucred_free(ucred);
1487 return (-1);
1488 }
1489 tid = ucred_getatid(ucred);
1490 if (tid != NULL) {
1491 adt_cpy_tid(&(state->as_info.ai_termid),
1492 tid);
1493 } else {
1494 ucred_free(ucred);
1495 return (-1);
1496 }
1497 state->as_info.ai_asid = ucred_getasid(ucred);
1498 state->as_info.ai_auid = ucred_getauid(ucred);
1499 state->as_label = adt_ucred_label(ucred);
1500 ucred_free(ucred);
1501 }
1502 state->as_have_user_data = ADT_HAVE_ALL;
1503 }
1504 } else {
1505 adt_setto_unaudited(state);
1506 }
1507 state->as_session_model = ADT_SESSION_MODEL; /* default */
1508
1509 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) &&
1510 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy),
1511 sizeof (state->as_kernel_audit_policy))) {
1512 return (-1); /* errno set by auditon */
1513 }
1514 state->as_check = ADT_VALID;
1515 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0],
1516 &adt_preload);
1517 return (0);
1518 }
1519
1520 /*
1521 * adt_set_proc
1522 *
1523 * Copy the current session state to the process. If this function
1524 * is called, the model becomes a process model rather than a
1525 * session model.
1526 *
1527 * In the current implementation, the value state->as_have_user_data
1528 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set
1529 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in.
1530 *
1531 */
1532
1533 int
adt_set_proc(const adt_session_data_t * session_data)1534 adt_set_proc(const adt_session_data_t *session_data)
1535 {
1536 adt_internal_state_t *state;
1537
1538 if (session_data == NULL) {
1539 return (0);
1540 }
1541
1542 state = (adt_internal_state_t *)session_data;
1543
1544 assert(state->as_check == ADT_VALID);
1545
1546 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) !=
1547 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) {
1548 errno = EINVAL;
1549 goto return_err;
1550 }
1551
1552 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info),
1553 sizeof (auditinfo_addr_t)) < 0) {
1554 goto return_err; /* errno set by setaudit_addr() */
1555 }
1556
1557 state->as_session_model = ADT_PROCESS_MODEL;
1558
1559 return (0);
1560
1561 return_err:
1562 adt_write_syslog("failed to set process audit characteristics", errno);
1563 return (-1);
1564 }
1565
1566 static int
adt_newuser(adt_internal_state_t * state,uid_t ruid,au_tid_addr_t * termid)1567 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
1568 {
1569 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0};
1570 au_mask_t no_mask = {0, 0};
1571
1572 if (ruid == ADT_NO_AUDIT) {
1573 state->as_info.ai_auid = AU_NOAUDITID;
1574 state->as_info.ai_asid = 0;
1575 state->as_info.ai_termid = no_tid;
1576 state->as_info.ai_mask = no_mask;
1577 return (0);
1578 }
1579 state->as_info.ai_auid = ruid;
1580 state->as_info.ai_asid = adt_get_unique_id(ruid);
1581 if (termid != NULL)
1582 state->as_info.ai_termid = *termid;
1583
1584 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask)))
1585 return (-1);
1586
1587 /* Assume intending to audit as this process */
1588
1589 if (state->as_pid == (pid_t)-1)
1590 state->as_pid = getpid();
1591
1592 if (is_system_labeled() && state->as_label == NULL) {
1593 ucred_t *ucred = ucred_get(P_MYID);
1594
1595 state->as_label = adt_ucred_label(ucred);
1596 ucred_free(ucred);
1597 }
1598
1599 return (0);
1600 }
1601
1602 static int
adt_changeuser(adt_internal_state_t * state,uid_t ruid)1603 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
1604 {
1605 au_mask_t mask;
1606
1607 if (!(state->as_have_user_data & ADT_HAVE_AUID))
1608 state->as_info.ai_auid = ruid;
1609 if (!(state->as_have_user_data & ADT_HAVE_ASID))
1610 state->as_info.ai_asid = adt_get_unique_id(ruid);
1611
1612 if (ruid <= MAXEPHUID) {
1613 if (adt_get_mask_from_user(ruid, &mask))
1614 return (-1);
1615
1616 state->as_info.ai_mask.am_success |= mask.am_success;
1617 state->as_info.ai_mask.am_failure |= mask.am_failure;
1618 }
1619 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n",
1620 state->as_info.ai_mask.am_success,
1621 state->as_info.ai_mask.am_failure,
1622 ruid));
1623 return (0);
1624 }
1625
1626 /*
1627 * adt_set_user -- see also adt_set_from_ucred()
1628 *
1629 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
1630 * "unattributed." If ruid, change the model to session.
1631 *
1632 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
1633 * only valid with ADT_UPDATE.
1634 *
1635 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
1636 * isn't a good reason to call adt_set_user() with it unless you don't
1637 * have a good value yet and intend to replace it later; auid will be
1638 * AU_NOAUDITID.
1639 *
1640 * adt_set_user should be called even if auditing is not enabled
1641 * so that adt_export_session_data() will have useful stuff to
1642 * work with.
1643 *
1644 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
1645 * and ADT_HAVE_ALL.
1646 */
1647
1648 int
adt_set_user(const adt_session_data_t * session_data,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,const adt_termid_t * termid,enum adt_user_context user_context)1649 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
1650 uid_t ruid, gid_t rgid, const adt_termid_t *termid,
1651 enum adt_user_context user_context)
1652 {
1653 adt_internal_state_t *state;
1654 int rc;
1655
1656 if (session_data == NULL) /* no session exists to audit */
1657 return (0);
1658
1659 state = (adt_internal_state_t *)session_data;
1660 assert(state->as_check == ADT_VALID);
1661
1662 switch (user_context) {
1663 case ADT_NEW:
1664 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE ||
1665 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) {
1666 errno = EINVAL;
1667 return (-1);
1668 }
1669 if ((rc = adt_newuser(state, ruid,
1670 (au_tid_addr_t *)termid)) != 0)
1671 return (rc);
1672
1673 state->as_have_user_data = ADT_HAVE_ALL;
1674 break;
1675 case ADT_UPDATE:
1676 if (state->as_have_user_data != ADT_HAVE_ALL) {
1677 errno = EINVAL;
1678 return (-1);
1679 }
1680
1681 if (ruid != ADT_NO_CHANGE)
1682 if ((rc = adt_changeuser(state, ruid)) != 0)
1683 return (rc);
1684 break;
1685 case ADT_USER:
1686 if (state->as_have_user_data != ADT_HAVE_ALL) {
1687 errno = EINVAL;
1688 return (-1);
1689 }
1690 break;
1691 case ADT_SETTID:
1692 assert(termid != NULL);
1693 state->as_info.ai_termid = *((au_tid_addr_t *)termid);
1694 /* avoid fooling pam_setcred()... */
1695 state->as_info.ai_auid = AU_NOAUDITID;
1696 state->as_info.ai_asid = 0;
1697 state->as_info.ai_mask.am_failure = 0;
1698 state->as_info.ai_mask.am_success = 0;
1699 state->as_have_user_data = ADT_HAVE_TID |
1700 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
1701 return (0);
1702 default:
1703 errno = EINVAL;
1704 return (-1);
1705 }
1706
1707 if (ruid == ADT_NO_AUDIT) {
1708 state->as_ruid = AU_NOAUDITID;
1709 state->as_euid = AU_NOAUDITID;
1710 state->as_rgid = AU_NOAUDITID;
1711 state->as_egid = AU_NOAUDITID;
1712 } else {
1713 if (ruid != ADT_NO_CHANGE)
1714 state->as_ruid = ruid;
1715 if (euid != ADT_NO_CHANGE)
1716 state->as_euid = euid;
1717 if (rgid != ADT_NO_CHANGE)
1718 state->as_rgid = rgid;
1719 if (egid != ADT_NO_CHANGE)
1720 state->as_egid = egid;
1721 }
1722
1723 if (ruid == ADT_NO_ATTRIB) {
1724 state->as_session_model = ADT_SESSION_MODEL;
1725 }
1726
1727 return (0);
1728 }
1729
1730 /*
1731 * adt_set_from_ucred()
1732 *
1733 * an alternate to adt_set_user that fills the same role but uses
1734 * a pointer to a ucred rather than a list of id's. If the ucred
1735 * pointer is NULL, use the credential from the this process.
1736 *
1737 * A key difference is that for ADT_NEW, adt_set_from_ucred() does
1738 * not overwrite the asid and auid unless auid has not been set.
1739 * ADT_NEW differs from ADT_UPDATE in that it does not OR together
1740 * the incoming audit mask with the one that already exists.
1741 *
1742 * adt_set_from_ucred should be called even if auditing is not enabled
1743 * so that adt_export_session_data() will have useful stuff to
1744 * work with.
1745 */
1746
1747 int
adt_set_from_ucred(const adt_session_data_t * session_data,const ucred_t * uc,enum adt_user_context user_context)1748 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
1749 enum adt_user_context user_context)
1750 {
1751 adt_internal_state_t *state;
1752 int rc = -1;
1753 const au_tid64_addr_t *tid64;
1754 au_tid_addr_t termid, *tid;
1755 ucred_t *ucred = (ucred_t *)uc;
1756 boolean_t local_uc = B_FALSE;
1757
1758 if (session_data == NULL) /* no session exists to audit */
1759 return (0);
1760
1761 state = (adt_internal_state_t *)session_data;
1762 assert(state->as_check == ADT_VALID);
1763
1764 if (ucred == NULL) {
1765 ucred = ucred_get(P_MYID);
1766
1767 if (ucred == NULL)
1768 goto return_rc;
1769 local_uc = B_TRUE;
1770 }
1771
1772 switch (user_context) {
1773 case ADT_NEW:
1774 tid64 = ucred_getatid(ucred);
1775 if (tid64 != NULL) {
1776 adt_cpy_tid(&termid, tid64);
1777 tid = &termid;
1778 } else {
1779 tid = NULL;
1780 }
1781 if (ucred_getauid(ucred) == AU_NOAUDITID) {
1782 adt_setto_unaudited(state);
1783 state->as_have_user_data = ADT_HAVE_ALL;
1784 rc = 0;
1785 goto return_rc;
1786 } else {
1787 state->as_info.ai_auid = ucred_getauid(ucred);
1788 state->as_info.ai_asid = ucred_getasid(ucred);
1789 state->as_info.ai_mask = *ucred_getamask(ucred);
1790 state->as_info.ai_termid = *tid;
1791 }
1792 state->as_have_user_data = ADT_HAVE_ALL;
1793 break;
1794 case ADT_UPDATE:
1795 if (state->as_have_user_data != ADT_HAVE_ALL) {
1796 errno = EINVAL;
1797 goto return_rc;
1798 }
1799
1800 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0)
1801 goto return_rc;
1802 break;
1803 case ADT_USER:
1804 if (state->as_have_user_data != ADT_HAVE_ALL) {
1805 errno = EINVAL;
1806 goto return_rc;
1807 }
1808 break;
1809 default:
1810 errno = EINVAL;
1811 goto return_rc;
1812 }
1813 rc = 0;
1814
1815 state->as_ruid = ucred_getruid(ucred);
1816 state->as_euid = ucred_geteuid(ucred);
1817 state->as_rgid = ucred_getrgid(ucred);
1818 state->as_egid = ucred_getegid(ucred);
1819 state->as_pid = ucred_getpid(ucred);
1820 state->as_label = adt_ucred_label(ucred);
1821
1822 return_rc:
1823 if (local_uc) {
1824 ucred_free(ucred);
1825 }
1826 return (rc);
1827 }
1828
1829 /*
1830 * adt_alloc_event() returns a pointer to allocated memory
1831 *
1832 */
1833
1834 adt_event_data_t
adt_alloc_event(const adt_session_data_t * session_data,au_event_t event_id)1835 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id)
1836 {
1837 struct adt_event_state *event_state;
1838 adt_internal_state_t *session_state;
1839 adt_event_data_t *return_event = NULL;
1840 /*
1841 * need to return a valid event pointer even if audit is
1842 * off, else the caller will end up either (1) keeping its
1843 * own flags for on/off or (2) writing to a NULL pointer.
1844 * If auditing is on, the session data must be valid; otherwise
1845 * we don't care.
1846 */
1847 if (session_data != NULL) {
1848 session_state = (adt_internal_state_t *)session_data;
1849 assert(session_state->as_check == ADT_VALID);
1850 }
1851 event_state = calloc(1, sizeof (struct adt_event_state));
1852 if (event_state == NULL)
1853 goto return_ptr;
1854
1855 event_state->ae_check = ADT_VALID;
1856
1857 event_state->ae_event_id = event_id;
1858 event_state->ae_session = (struct adt_internal_state *)session_data;
1859
1860 return_event = (adt_event_data_t *)&(event_state->ae_event_data);
1861
1862 /*
1863 * preload data so the adt_au_*() functions can detect un-supplied
1864 * values (0 and NULL are free via calloc()).
1865 */
1866 if (session_data != NULL) {
1867 session_state->as_preload(event_id, return_event);
1868 }
1869
1870 return_ptr:
1871 return (return_event);
1872 }
1873
1874 /*
1875 * adt_getXlateTable -- look up translation table address for event id
1876 */
1877
1878 static adt_translation_t *
adt_getXlateTable(adt_translation_t ** xlate,au_event_t event_id)1879 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id)
1880 {
1881 /* xlate_table is global in adt_xlate.c */
1882 adt_translation_t **p_xlate = xlate;
1883 adt_translation_t *p_event;
1884
1885 while (*p_xlate != NULL) {
1886 p_event = *p_xlate;
1887 if (event_id == p_event->tx_external_event)
1888 return (p_event);
1889 p_xlate++;
1890 }
1891 return (NULL);
1892 }
1893
1894 /*
1895 * adt_calcOffsets
1896 *
1897 * the call to this function is surrounded by a mutex.
1898 *
1899 * i walks down the table picking up next_token. j walks again to
1900 * calculate the offset to the input data. k points to the next
1901 * token's row. Finally, l, is used to sum the values in the
1902 * datadef array.
1903 *
1904 * What's going on? The entry array is in the order of the input
1905 * fields but the processing of array entries is in the order of
1906 * the output (see next_token). Calculating the offset to the
1907 * "next" input can't be done in the outer loop (i) since i doesn't
1908 * point to the current entry and it can't be done with the k index
1909 * because it doesn't represent the order of input fields.
1910 *
1911 * While the resulting algorithm is n**2, it is only done once per
1912 * event type.
1913 */
1914
1915 /*
1916 * adt_calcOffsets is only called once per event type, but it uses
1917 * the address alignment of memory allocated for that event as if it
1918 * were the same for all subsequently allocated memory. This is
1919 * guaranteed by calloc/malloc. Arrays take special handling since
1920 * what matters for figuring out the correct alignment is the size
1921 * of the array element.
1922 */
1923
1924 static void
adt_calcOffsets(struct entry * p_entry,int tablesize,void * p_data)1925 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data)
1926 {
1927 int i, j;
1928 size_t this_size, prev_size;
1929 void *struct_start = p_data;
1930
1931 for (i = 0; i < tablesize; i++) {
1932 if (p_entry[i].en_type_def == NULL) {
1933 p_entry[i].en_offset = 0;
1934 continue;
1935 }
1936 prev_size = 0;
1937 p_entry[i].en_offset = (char *)p_data - (char *)struct_start;
1938
1939 for (j = 0; j < p_entry[i].en_count_types; j++) {
1940 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG)
1941 this_size = sizeof (enum adt_generic);
1942 else
1943 this_size =
1944 p_entry[i].en_type_def[j].dd_input_size;
1945
1946 /* adj for first entry */
1947 if (prev_size == 0)
1948 prev_size = this_size;
1949
1950 if (p_entry[i].en_type_def[j].dd_datatype ==
1951 ADT_UINT32ARRAY) {
1952 p_data = (char *)adt_adjust_address(p_data,
1953 prev_size, sizeof (uint32_t)) +
1954 this_size - sizeof (uint32_t);
1955
1956 prev_size = sizeof (uint32_t);
1957 } else {
1958 p_data = adt_adjust_address(p_data, prev_size,
1959 this_size);
1960 prev_size = this_size;
1961 }
1962 }
1963 }
1964 }
1965
1966 /*
1967 * adt_generate_event
1968 * generate event record from external struct. The order is based on
1969 * the output tokens, allowing for the possibility that the input data
1970 * is in a different order.
1971 *
1972 */
1973
1974 static int
adt_generate_event(const adt_event_data_t * p_extdata,struct adt_event_state * p_event,adt_translation_t * p_xlate)1975 adt_generate_event(const adt_event_data_t *p_extdata,
1976 struct adt_event_state *p_event,
1977 adt_translation_t *p_xlate)
1978 {
1979 struct entry *p_entry;
1980 static mutex_t lock = DEFAULTMUTEX;
1981
1982 p_entry = p_xlate->tx_first_entry;
1983 assert(p_entry != NULL);
1984
1985 p_event->ae_internal_id = p_xlate->tx_internal_event;
1986 adt_token_open(p_event);
1987
1988 /*
1989 * offsets are not pre-calculated; the initial offsets are all
1990 * 0; valid offsets are >= 0. Offsets for no-input tokens such
1991 * as subject are set to -1 by adt_calcOffset()
1992 */
1993 if (p_xlate->tx_offsetsCalculated == 0) {
1994 (void) mutex_lock(&lock);
1995 p_xlate->tx_offsetsCalculated = 1;
1996
1997 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries,
1998 (void *)p_extdata);
1999 (void) mutex_unlock(&lock);
2000 }
2001 while (p_entry != NULL) {
2002 adt_generate_token(p_entry, (char *)p_extdata, p_event);
2003
2004 p_entry = p_entry->en_next_token;
2005 }
2006 return (adt_token_close(p_event));
2007 }
2008
2009 /*
2010 * adt_put_event -- main event generation function.
2011 * The input "event" is the address of the struct containing
2012 * event-specific data.
2013 *
2014 * However if auditing is off or the session handle
2015 * is NULL, no attempt to write a record is made.
2016 */
2017
2018 int
adt_put_event(const adt_event_data_t * event,int status,int return_val)2019 adt_put_event(const adt_event_data_t *event, int status, int return_val)
2020 {
2021 struct adt_event_state *event_state;
2022 adt_translation_t *xlate;
2023
2024 if (event == NULL) {
2025 errno = EINVAL;
2026 return (-1);
2027 }
2028 event_state = (struct adt_event_state *)event;
2029
2030 /* if this is a broken session or not auditing, exit */
2031 if ((event_state->ae_session == NULL) ||
2032 !(event_state->ae_session->as_audit_state &
2033 (AUC_AUDITING | AUC_NOSPACE))) {
2034 return (0);
2035 }
2036
2037 assert(event_state->ae_check == ADT_VALID);
2038
2039 event_state->ae_rc = status;
2040 event_state->ae_type = return_val;
2041
2042 /* look up the event */
2043
2044 xlate = adt_getXlateTable(event_state->ae_session->as_xlate,
2045 event_state->ae_event_id);
2046
2047 if (xlate == NULL) {
2048 errno = EINVAL;
2049 return (-1);
2050 }
2051 DPRINTF(("got event %d\n", xlate->tx_internal_event));
2052
2053 if (adt_selected(event_state, xlate->tx_internal_event, status)) {
2054 return (adt_generate_event(event, event_state, xlate));
2055 }
2056
2057 return (0);
2058 }
2059
2060 /*
2061 * adt_free_event -- invalidate and free
2062 */
2063
2064 void
adt_free_event(adt_event_data_t * event)2065 adt_free_event(adt_event_data_t *event)
2066 {
2067 struct adt_event_state *event_state;
2068
2069 if (event == NULL)
2070 return;
2071
2072 event_state = (struct adt_event_state *)event;
2073
2074 assert(event_state->ae_check == ADT_VALID);
2075
2076 event_state->ae_check = 0;
2077
2078 free(event_state);
2079 }
2080
2081 /*
2082 * adt_is_selected -- helper to adt_selected(), below.
2083 *
2084 * "sorf" is "success or fail" status; au_preselect compares
2085 * that with success, fail, or both.
2086 */
2087
2088 static int
adt_is_selected(au_event_t e,au_mask_t * m,int sorf)2089 adt_is_selected(au_event_t e, au_mask_t *m, int sorf)
2090 {
2091 int prs_sorf;
2092
2093 if (sorf == 0)
2094 prs_sorf = AU_PRS_SUCCESS;
2095 else
2096 prs_sorf = AU_PRS_FAILURE;
2097
2098 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
2099 }
2100
2101 /*
2102 * selected -- see if this event is preselected.
2103 *
2104 * if errors are encountered trying to check a preselection mask
2105 * or look up a user name, the event is selected. Otherwise, the
2106 * preselection mask is used for the job.
2107 */
2108
2109 static int
adt_selected(struct adt_event_state * event,au_event_t actual_id,int status)2110 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status)
2111 {
2112 adt_internal_state_t *sp;
2113 au_mask_t namask;
2114
2115 sp = event->ae_session;
2116
2117 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) {
2118 adt_write_syslog("No user data available", EINVAL);
2119 return (1); /* default is "selected" */
2120 }
2121
2122 /* non-attributable? */
2123 if ((sp->as_info.ai_auid == AU_NOAUDITID) ||
2124 (sp->as_info.ai_auid == ADT_NO_AUDIT)) {
2125 if (auditon(A_GETKMASK, (caddr_t)&namask,
2126 sizeof (namask)) != 0) {
2127 adt_write_syslog("auditon failure", errno);
2128 return (1);
2129 }
2130 return (adt_is_selected(actual_id, &namask, status));
2131 } else {
2132 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask),
2133 status));
2134 }
2135 }
2136
2137 /*
2138 * Can't map the host name to an IP address in
2139 * adt_get_hostIP. Get something off an interface
2140 * to act as the hosts IP address for auditing.
2141 */
2142
2143 static int
adt_get_local_address(int family,struct ifaddrlist * al)2144 adt_get_local_address(int family, struct ifaddrlist *al)
2145 {
2146 struct ifaddrlist *ifal;
2147 char errbuf[ERRBUFSIZE] = "empty list";
2148 char msg[ERRBUFSIZE + 512];
2149 int ifal_count;
2150 int i;
2151
2152 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) {
2153 int serrno = errno;
2154
2155 (void) snprintf(msg, sizeof (msg), "adt_get_local_address "
2156 "couldn't get %d addrlist %s", family, errbuf);
2157 adt_write_syslog(msg, serrno);
2158 errno = serrno;
2159 return (-1);
2160 }
2161
2162 for (i = 0; i < ifal_count; i++) {
2163 /*
2164 * loopback always defined,
2165 * even if there is no real address
2166 */
2167 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) {
2168 break;
2169 }
2170 }
2171 if (i >= ifal_count) {
2172 free(ifal);
2173 /*
2174 * Callers of adt_get_hostIP() can only return
2175 * errno to their callers and eventually the application.
2176 * Picked one that seemed least worse for saying no
2177 * usable address for Audit terminal ID.
2178 */
2179 errno = ENETDOWN;
2180 return (-1);
2181 }
2182
2183 *al = ifal[i];
2184 free(ifal);
2185 return (0);
2186 }
2187