1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2017 OmniOS Community Edition (OmniOSce) Association. 25 * Copyright 2014 Nexenta Systems, Inc. All rights reserved. 26 */ 27 28 #include <bsm/adt.h> 29 #include <bsm/adt_event.h> 30 #include <assert.h> 31 #include <bsm/audit.h> 32 #include <bsm/audit_record.h> 33 #include <bsm/libbsm.h> 34 #include <door.h> 35 #include <errno.h> 36 #include <generic.h> 37 #include <md5.h> 38 #include <sys/mkdev.h> 39 #include <netdb.h> 40 #include <nss_dbdefs.h> 41 #include <pwd.h> 42 #include <sys/stat.h> 43 #include <time.h> 44 #include <stdlib.h> 45 #include <string.h> 46 #include <synch.h> 47 #include <sys/systeminfo.h> 48 #include <syslog.h> 49 #include <thread.h> 50 #include <unistd.h> 51 #include <adt_xlate.h> 52 #include <adt_ucred.h> 53 #include <arpa/inet.h> 54 #include <net/if.h> 55 #include <libinetutil.h> 56 57 static int adt_selected(struct adt_event_state *, au_event_t, int); 58 static int adt_init(adt_internal_state_t *, int); 59 static int adt_import(adt_internal_state_t *, const adt_export_data_t *); 60 static m_label_t *adt_ucred_label(ucred_t *); 61 static void adt_setto_unaudited(adt_internal_state_t *); 62 static int adt_get_local_address(int, struct ifaddrlist *); 63 64 #ifdef C2_DEBUG 65 #define DPRINTF(x) { (void) printf x; } 66 #define DFLUSH (void) fflush(stdout); 67 #else 68 #define DPRINTF(x) 69 #define DFLUSH 70 #endif 71 72 /* 73 * Local audit states are a bit mask 74 * 75 * The global audit states are 76 * 77 * AUC_UNSET 0 - on/off hasn't been decided 78 * AUC_ENABLED 1 - loaded and enabled 79 * 80 * The local Zone states are 81 * 82 * AUC_AUDITING 0x1 - audit daemon is active 83 * AUC_NOAUDIT 0x2 - audit daemon is not active 84 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run 85 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records 86 * 87 * The only values returned by auditon(A_GETCOND) are: 88 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE 89 * 90 * The pseudo audit state used when the c2audit module is excluded is 91 * 92 * AUC_DISABLED 0x100 - c2audit module is excluded 93 */ 94 95 static int auditstate = AUC_DISABLED; /* default state */ 96 97 /* 98 * adt_write_syslog 99 * 100 * errors that are not the user's fault (bugs or whatever in 101 * the underlying audit code are noted in syslog.) 102 * 103 * Avoid calling adt_write_syslog for things that can happen 104 * at high volume. 105 * 106 * syslog's open (openlog) and close (closelog) are interesting; 107 * openlog *may* create a file descriptor and is optional. closelog 108 * *will* close any open file descriptors and is also optional. 109 * 110 * Since syslog may also be used by the calling application, the 111 * choice is to avoid openlog, which sets some otherwise useful 112 * parameters, and to embed "Solaris_audit" in the log message. 113 */ 114 115 void 116 adt_write_syslog(const char *message, int err) 117 { 118 int save_errno = errno; 119 int mask_priority; 120 121 DPRINTF(("syslog called: %s\n", message)); 122 123 mask_priority = setlogmask(LOG_MASK(LOG_ALERT)); 124 errno = err; 125 syslog(LOG_ALERT, "Solaris_audit %s: %m", message); 126 (void) setlogmask(mask_priority); 127 errno = save_errno; 128 } 129 130 /* 131 * return true if c2audit is not excluded. 132 * 133 * For purpose of this API, anything but AUC_DISABLED 134 * is enabled; however one never actually sees 135 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any 136 * auditon error is considered the same as ENOTSUP for our 137 * purpose. auditstate is not changed by auditon if an error 138 * is returned. 139 */ 140 141 /* 142 * XXX this should probably be eliminated and adt_audit_state() replace it. 143 * All the legitimate uses are to not fork a waiting process for 144 * process exit processing, as in su, login, dtlogin. Other bogus 145 * users are zoneadmd and init. 146 * All but dtlogin are in ON, so we can do this without cross gate 147 * synchronization. 148 * 149 * No longer used in adt.c. 150 */ 151 152 boolean_t 153 adt_audit_enabled(void) 154 { 155 156 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate)); 157 158 return (auditstate != AUC_DISABLED); 159 } 160 161 /* 162 * See adt_audit_enabled() for state discussions. 163 * The state parameter is a hedge until all the uses become clear. 164 * Likely if adt_audit_enabled is brought internal to this file, 165 * it could be modified to take one or more parameters to describe the 166 * state. 167 */ 168 169 boolean_t 170 adt_audit_state(int states) 171 { 172 173 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate)); 174 175 return ((auditstate & states) ? B_TRUE : B_FALSE); 176 } 177 178 /* 179 * Get user_specific/non-attributable audit mask. This may be called even when 180 * auditing is off. 181 */ 182 183 static int 184 adt_get_mask_from_user(uid_t uid, au_mask_t *mask) 185 { 186 struct passwd pwd; 187 long buff_sz; 188 char *pwd_buff; 189 190 191 if (auditstate & AUC_DISABLED) { 192 /* c2audit excluded */ 193 mask->am_success = 0; 194 mask->am_failure = 0; 195 return (0); 196 } 197 198 /* 199 * This function applies the 'attributable' mask, modified by 200 * any per-user flags, to any user whose UID can be mapped to 201 * a name via name services. 202 * Others, such as users with Ephemeral UIDs, or NFS clients 203 * using AUTH_SYS, get the 'non-attributable mask'. 204 * This is true even if some _other_ system or service could 205 * map the ID to a name, or if it could be inferred from 206 * other records. 207 * Note that it is possible for records to contain _only_ 208 * an ephemeral ID, which can't be mapped back to a name 209 * once it becomes invalid (e.g. server reboot). 210 */ 211 if (uid <= MAXUID) { 212 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { 213 adt_write_syslog("couldn't determine maximum size of " 214 "password buffer", errno); 215 return (-1); 216 } 217 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) { 218 return (-1); 219 } 220 /* 221 * Ephemeral id's and id's that exist in a name service we 222 * don't have configured (LDAP, NIS) can't be looked up, 223 * but either way it's not an error. 224 */ 225 if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) { 226 if (au_user_mask(pwd.pw_name, mask)) { 227 free(pwd_buff); 228 errno = EFAULT; /* undetermined failure */ 229 return (-1); 230 } 231 free(pwd_buff); 232 return (0); 233 } 234 free(pwd_buff); 235 } 236 237 if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) { 238 return (-1); 239 } 240 241 return (0); 242 } 243 244 /* 245 * adt_get_unique_id -- generate a hopefully unique 32 bit value 246 * 247 * there will be a follow up to replace this with the use of /dev/random 248 * 249 * An MD5 hash is taken on a buffer of 250 * hostname . audit id . unix time . pid . count 251 * 252 * "count = noise++;" is subject to a race condition but I don't 253 * see a need to put a lock around it. 254 */ 255 256 au_asid_t 257 adt_get_unique_id(au_id_t uid) 258 { 259 char hostname[MAXHOSTNAMELEN]; 260 union { 261 au_id_t v[4]; 262 unsigned char obuff[128/8]; 263 } output; 264 MD5_CTX context; 265 266 static int noise = 0; 267 268 int count = noise++; 269 time_t timebits = time(NULL); 270 pid_t pidbits = getpid(); 271 au_asid_t retval = 0; 272 273 if (gethostname(hostname, MAXHOSTNAMELEN)) { 274 adt_write_syslog("gethostname call failed", errno); 275 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN); 276 } 277 278 while (retval == 0) { /* 0 is the only invalid result */ 279 MD5Init(&context); 280 281 MD5Update(&context, (unsigned char *)hostname, 282 (unsigned int) strlen((const char *)hostname)); 283 284 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t)); 285 286 MD5Update(&context, 287 (unsigned char *) &timebits, sizeof (time_t)); 288 289 MD5Update(&context, (unsigned char *) &pidbits, 290 sizeof (pid_t)); 291 292 MD5Update(&context, (unsigned char *) &(count), sizeof (int)); 293 MD5Final(output.obuff, &context); 294 295 retval = output.v[count % 4]; 296 } 297 return (retval); 298 } 299 300 /* 301 * the following "port" function deals with the following issues: 302 * 303 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made 304 * up from a 32 bit major and 32 bit minor. 305 * 2 User space deals with a dev_t as either the above 64 bit value 306 * or a 32 bit value made from a 14 bit major and an 18 bit minor. 307 * 3 The various audit interfaces (except ucred) pass the 32 or 308 * 64 bit version depending the architecture of the userspace 309 * application. If you get a port value from ucred and pass it 310 * to the kernel via auditon(), it must be squeezed into a 32 311 * bit value because the kernel knows the userspace app's bit 312 * size. 313 * 314 * The internal state structure for adt (adt_internal_state_t) uses 315 * dev_t, so adt converts data from ucred to fit. The import/export 316 * functions, however, can't know if they are importing/exporting 317 * from 64 or 32 bit applications, so they always send 64 bits and 318 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as 319 * appropriate. 320 */ 321 322 /* 323 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are 324 * both 64 bits). If lib is 32 bits, squeeze the two-int port into 325 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t, 326 * so it isn't broken up into pieces. (When it goes to the kernel 327 * and back, however, it will have been split into major/minor 328 * pieces.) 329 */ 330 331 static void 332 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src) 333 { 334 #ifdef _LP64 335 (void) memcpy(dest, src, sizeof (au_tid_addr_t)); 336 #else /* _LP64 */ 337 dest->at_type = src->at_type; 338 339 dest->at_port = src->at_port.at_minor & MAXMIN32; 340 dest->at_port |= (src->at_port.at_major & MAXMAJ32) << 341 NBITSMINOR32; 342 343 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t)); 344 #endif /* _LP64 */ 345 } 346 347 /* 348 * adt_start_session -- create interface handle, create context 349 * 350 * The imported_state input is normally NULL, if not, it represents 351 * a continued session; its values obviate the need for a subsequent 352 * call to adt_set_user(). 353 * 354 * The flag is used to decide how to set the initial state of the session. 355 * If 0, the session is "no audit" until a call to adt_set_user; if 356 * ADT_USE_PROC_DATA, the session is built from the process audit 357 * characteristics obtained from the kernel. If imported_state is 358 * not NULL, the resulting audit mask is an OR of the current process 359 * audit mask and that passed in. 360 * 361 * The basic model is that the caller can use the pointer returned 362 * by adt_start_session whether or not auditing is enabled or an 363 * error was returned. The functions that take the session handle 364 * as input generally return without doing anything if auditing is 365 * disabled. 366 */ 367 368 int 369 adt_start_session(adt_session_data_t **new_session, 370 const adt_export_data_t *imported_state, adt_session_flags_t flags) 371 { 372 adt_internal_state_t *state; 373 adt_session_flags_t flgmask = ADT_FLAGS_ALL; 374 375 /* test and set auditstate */ 376 if (adt_audit_state(AUC_DISABLED)) { 377 /* c2audit excluded */ 378 *new_session = NULL; 379 return (0); 380 } 381 382 if ((flags & ~flgmask) != 0) { 383 errno = EINVAL; 384 goto return_err; 385 } 386 387 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) { 388 goto return_err; 389 } 390 391 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) { 392 goto return_err_free; /* errno from adt_init() */ 393 } 394 395 /* 396 * The imported state overwrites the initial state if the 397 * imported state represents a valid audit trail 398 */ 399 400 if (imported_state != NULL) { 401 if (adt_import(state, imported_state) != 0) { 402 goto return_err_free; 403 } 404 } else if (flags & ADT_USE_PROC_DATA) { 405 state->as_session_model = ADT_PROCESS_MODEL; 406 } 407 state->as_flags = flags; 408 DPRINTF(("(%lld) Starting session id = %08X\n", 409 (long long) getpid(), state->as_info.ai_asid)); 410 411 *new_session = (adt_session_data_t *)state; 412 return (0); 413 414 return_err_free: 415 free(state); 416 return_err: 417 *new_session = NULL; 418 adt_write_syslog("audit session create failed", errno); 419 return (-1); 420 } 421 422 /* 423 * adt_load_table() 424 * 425 * loads the event translation table into the audit session. 426 */ 427 428 void 429 adt_load_table(const adt_session_data_t *session_data, 430 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *)) 431 { 432 adt_internal_state_t *state = (adt_internal_state_t *)session_data; 433 434 if (state != NULL) { 435 assert(state->as_check == ADT_VALID); 436 state->as_xlate = xlate; 437 state->as_preload = preload; 438 } 439 } 440 441 /* 442 * adt_get_asid() and adt_set_asid() 443 * 444 * if you use this interface, you are responsible to insure that the 445 * rest of the session data is populated correctly before calling 446 * adt_proccess_attr() 447 * 448 * neither of these are intended for general use and will likely 449 * remain private interfaces for a long time. Forever is a long 450 * time. In the case of adt_set_asid(), you should have a very, 451 * very good reason for setting your own session id. The process 452 * audit characteristics are not changed by put, use adt_set_proc(). 453 * 454 * These are "volatile" (more changable than "evolving") and will 455 * probably change in the S10 period. 456 */ 457 458 void 459 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid) 460 { 461 462 if (session_data == NULL) { 463 *asid = 0; 464 } else { 465 assert(((adt_internal_state_t *)session_data)->as_check == 466 ADT_VALID); 467 468 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid; 469 } 470 } 471 472 void 473 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id) 474 { 475 476 if (session_data != NULL) { 477 assert(((adt_internal_state_t *)session_data)->as_check == 478 ADT_VALID); 479 480 ((adt_internal_state_t *)session_data)->as_have_user_data |= 481 ADT_HAVE_ASID; 482 ((adt_internal_state_t *)session_data)->as_info.ai_asid = 483 session_id; 484 } 485 } 486 487 /* 488 * adt_get_auid() and adt_set_auid() 489 * 490 * neither of these are intended for general use and will likely 491 * remain private interfaces for a long time. Forever is a long 492 * time. In the case of adt_set_auid(), you should have a very, 493 * very good reason for setting your own audit id. The process 494 * audit characteristics are not changed by put, use adt_set_proc(). 495 */ 496 497 void 498 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid) 499 { 500 501 if (session_data == NULL) { 502 *auid = AU_NOAUDITID; 503 } else { 504 assert(((adt_internal_state_t *)session_data)->as_check == 505 ADT_VALID); 506 507 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid; 508 } 509 } 510 511 void 512 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id) 513 { 514 515 if (session_data != NULL) { 516 assert(((adt_internal_state_t *)session_data)->as_check == 517 ADT_VALID); 518 519 ((adt_internal_state_t *)session_data)->as_have_user_data |= 520 ADT_HAVE_AUID; 521 ((adt_internal_state_t *)session_data)->as_info.ai_auid = 522 audit_id; 523 } 524 } 525 526 /* 527 * adt_get_termid(), adt_set_termid() 528 * 529 * if you use this interface, you are responsible to insure that the 530 * rest of the session data is populated correctly before calling 531 * adt_proccess_attr() 532 * 533 * The process audit characteristics are not changed by put, use 534 * adt_set_proc(). 535 */ 536 537 void 538 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid) 539 { 540 541 if (session_data == NULL) { 542 (void) memset(termid, 0, sizeof (au_tid_addr_t)); 543 termid->at_type = AU_IPv4; 544 } else { 545 assert(((adt_internal_state_t *)session_data)->as_check == 546 ADT_VALID); 547 548 *termid = 549 ((adt_internal_state_t *)session_data)->as_info.ai_termid; 550 } 551 } 552 553 void 554 adt_set_termid(const adt_session_data_t *session_data, 555 const au_tid_addr_t *termid) 556 { 557 558 if (session_data != NULL) { 559 assert(((adt_internal_state_t *)session_data)->as_check == 560 ADT_VALID); 561 562 ((adt_internal_state_t *)session_data)->as_info.ai_termid = 563 *termid; 564 565 ((adt_internal_state_t *)session_data)->as_have_user_data |= 566 ADT_HAVE_TID; 567 } 568 } 569 570 /* 571 * adt_get_mask(), adt_set_mask() 572 * 573 * if you use this interface, you are responsible to insure that the 574 * rest of the session data is populated correctly before calling 575 * adt_proccess_attr() 576 * 577 * The process audit characteristics are not changed by put, use 578 * adt_set_proc(). 579 */ 580 581 void 582 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask) 583 { 584 585 if (session_data == NULL) { 586 mask->am_success = 0; 587 mask->am_failure = 0; 588 } else { 589 assert(((adt_internal_state_t *)session_data)->as_check == 590 ADT_VALID); 591 592 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask; 593 } 594 } 595 596 void 597 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask) 598 { 599 600 if (session_data != NULL) { 601 assert(((adt_internal_state_t *)session_data)->as_check == 602 ADT_VALID); 603 604 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask; 605 606 ((adt_internal_state_t *)session_data)->as_have_user_data |= 607 ADT_HAVE_MASK; 608 } 609 } 610 611 /* 612 * helpers for adt_load_termid 613 */ 614 615 static dev_t 616 adt_ports_to_at_port(in_port_t remote, in_port_t local) 617 { 618 dev_t port; 619 620 #ifdef _LP64 621 dev_t tmp; 622 623 /* 624 * In 64-bit, at_port is a 64-bit value encoding major/minor 625 * device numbers as 32-bits each. However when a 32-bit application 626 * subsequently requests the audit address via getaudit_addr(), this 627 * value must be capable of being compressed down to a 14-bit major and 628 * 18-bit minor number or the call will fail. 629 * 630 * In order to construct a 32-bit compatible value, the top 14-bits of 631 * the remote port are used for the major number and the remaining 632 * 2-bits + local port are used for the minor. 633 */ 634 635 tmp = ((remote<<16) | (local)); 636 port = (tmp & MAXMIN32); 637 port |= (((tmp >> NBITSMINOR32) & MAXMAJ32) << NBITSMINOR64); 638 #else 639 port = ((remote<<16) | (local)); 640 #endif 641 642 return (port); 643 } 644 645 static void 646 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock, 647 au_tid_addr_t *termid) 648 { 649 termid->at_port = 650 adt_ports_to_at_port(peer->sin6_port, sock->sin6_port); 651 termid->at_type = AU_IPv6; 652 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t)); 653 } 654 655 static void 656 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock, 657 au_tid_addr_t *termid) 658 { 659 termid->at_port = adt_ports_to_at_port(peer->sin_port, sock->sin_port); 660 termid->at_type = AU_IPv4; 661 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr; 662 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t)); 663 } 664 665 /* 666 * adt_load_termid: convenience function; inputs file handle and 667 * outputs an au_tid_addr struct. 668 * 669 * This code was stolen from audit_settid.c; it differs from audit_settid() 670 * in that it does not write the terminal id to the process. 671 */ 672 673 int 674 adt_load_termid(int fd, adt_termid_t **termid) 675 { 676 au_tid_addr_t *p_term; 677 struct sockaddr_in6 peer; 678 struct sockaddr_in6 sock; 679 int peerlen = sizeof (peer); 680 int socklen = sizeof (sock); 681 682 /* get peer name if its a socket, else assume local terminal */ 683 684 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen) 685 < 0) { 686 if (errno == ENOTSOCK) { 687 return (adt_load_hostname(NULL, termid)); 688 } 689 goto return_err; 690 } 691 692 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 693 goto return_err; 694 } 695 696 /* get sock name */ 697 if (getsockname(fd, (struct sockaddr *)&sock, 698 (socklen_t *)&socklen) < 0) { 699 goto return_err_free; 700 } 701 702 if (peer.sin6_family == AF_INET6) { 703 adt_do_ipv6_address(&peer, &sock, p_term); 704 } else { 705 adt_do_ipv4_address((struct sockaddr_in *)&peer, 706 (struct sockaddr_in *)&sock, p_term); 707 } 708 *termid = (adt_termid_t *)p_term; 709 710 return (0); 711 712 return_err_free: 713 free(p_term); 714 return_err: 715 *termid = NULL; 716 return (-1); 717 } 718 719 static boolean_t 720 adt_have_termid(au_tid_addr_t *dest) 721 { 722 struct auditinfo_addr audit_data; 723 724 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) { 725 adt_write_syslog("getaudit failed", errno); 726 return (B_FALSE); 727 } 728 729 if ((audit_data.ai_termid.at_type == 0) || 730 (audit_data.ai_termid.at_addr[0] | 731 audit_data.ai_termid.at_addr[1] | 732 audit_data.ai_termid.at_addr[2] | 733 audit_data.ai_termid.at_addr[3]) == 0) 734 return (B_FALSE); 735 736 (void) memcpy(dest, &(audit_data.ai_termid), 737 sizeof (au_tid_addr_t)); 738 739 return (B_TRUE); 740 } 741 742 /* 743 * adt_get_hostIP - construct a terminal id from a hostname 744 * 745 * Returns 0 = success 746 * -1 = failure and errno = ENETDOWN with the address 747 * defaulted to IPv4 loopback. 748 */ 749 750 static int 751 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term) 752 { 753 struct addrinfo *ai = NULL; 754 int tries = 3; 755 char msg[512]; 756 int eai_err; 757 758 while ((tries-- > 0) && 759 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) { 760 /* 761 * getaddrinfo returns its own set of errors. 762 * Log them here, so any subsequent syslogs will 763 * have a context. adt_get_hostIP callers can only 764 * return errno, so subsequent syslogs may be lacking 765 * that getaddrinfo failed. 766 */ 767 (void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) " 768 "failed[%s]", hostname, gai_strerror(eai_err)); 769 adt_write_syslog(msg, 0); 770 771 if (eai_err != EAI_AGAIN) { 772 773 break; 774 } 775 /* see if resolution becomes available */ 776 (void) sleep(1); 777 } 778 if (ai != NULL) { 779 if (ai->ai_family == AF_INET) { 780 p_term->at_type = AU_IPv4; 781 (void) memcpy(p_term->at_addr, 782 /* LINTED */ 783 &((struct sockaddr_in *)ai->ai_addr)->sin_addr, 784 AU_IPv4); 785 } else { 786 p_term->at_type = AU_IPv6; 787 (void) memcpy(p_term->at_addr, 788 /* LINTED */ 789 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 790 AU_IPv6); 791 } 792 freeaddrinfo(ai); 793 return (0); 794 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) { 795 auditinfo_addr_t audit_info; 796 797 /* 798 * auditd is running so there should be a 799 * kernel audit context 800 */ 801 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 802 sizeof (audit_info)) < 0) { 803 adt_write_syslog("unable to get kernel audit context", 804 errno); 805 goto try_interface; 806 } 807 adt_write_syslog("setting Audit IP address to kernel", 0); 808 *p_term = audit_info.ai_termid; 809 return (0); 810 } 811 try_interface: 812 { 813 struct ifaddrlist al; 814 int family; 815 char ntop[INET6_ADDRSTRLEN]; 816 817 /* 818 * getaddrinfo has failed to map the hostname 819 * to an IP address, try to get an IP address 820 * from a local interface. If none up, default 821 * to loopback. 822 */ 823 family = AF_INET6; 824 if (adt_get_local_address(family, &al) != 0) { 825 family = AF_INET; 826 827 if (adt_get_local_address(family, &al) != 0) { 828 adt_write_syslog("adt_get_local_address " 829 "failed, no Audit IP address available, " 830 "faking loopback and error", 831 errno); 832 IN_SET_LOOPBACK_ADDR( 833 (struct sockaddr_in *)&(al.addr.addr)); 834 (void) memcpy(p_term->at_addr, &al.addr.addr, 835 AU_IPv4); 836 p_term->at_type = AU_IPv4; 837 return (-1); 838 } 839 } 840 if (family == AF_INET) { 841 p_term->at_type = AU_IPv4; 842 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4); 843 } else { 844 p_term->at_type = AU_IPv6; 845 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6); 846 } 847 848 (void) snprintf(msg, sizeof (msg), "mapping %s to %s", 849 hostname, inet_ntop(family, &(al.addr), ntop, 850 sizeof (ntop))); 851 adt_write_syslog(msg, 0); 852 return (0); 853 } 854 } 855 856 /* 857 * adt_load_hostname() is called when the caller does not have a file 858 * handle that gives access to the socket info or any other way to 859 * pass in both port and ip address. The hostname input is ignored if 860 * the terminal id has already been set; instead it returns the 861 * existing terminal id. 862 * 863 * If c2audit is excluded, success is returned. 864 * If the hostname lookup fails, the loopback address is assumed, 865 * errno is set to ENETDOWN, this allows the caller to interpret 866 * whether failure is fatal, and if not to have a address for the 867 * hostname. 868 * Otherwise the caller would need to be aware of the audit state. 869 * 870 * Other errors are ignored if not auditing. 871 */ 872 873 int 874 adt_load_hostname(const char *hostname, adt_termid_t **termid) 875 { 876 char localhost[MAXHOSTNAMELEN + 1]; 877 au_tid_addr_t *p_term; 878 879 if (adt_audit_state(AUC_DISABLED)) { 880 /* c2audit excluded */ 881 *termid = NULL; 882 return (0); 883 } 884 885 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 886 goto return_err; 887 } 888 889 if (adt_have_termid(p_term)) { 890 *termid = (adt_termid_t *)p_term; 891 return (0); 892 } 893 p_term->at_port = 0; 894 895 if (hostname == NULL || *hostname == '\0') { 896 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN); 897 hostname = localhost; 898 } 899 if (adt_get_hostIP(hostname, p_term) == 0) { 900 *termid = (adt_termid_t *)p_term; 901 return (0); 902 } else { 903 *termid = (adt_termid_t *)p_term; 904 return (-1); 905 } 906 907 return_err: 908 *termid = NULL; 909 if (auditstate & AUC_NOAUDIT) { 910 return (0); 911 } 912 913 return (-1); 914 } 915 916 /* 917 * adt_load_ttyname() is called when the caller does not have a file 918 * handle that gives access to the local terminal or any other way 919 * of determining the device id. The ttyname input is ignored if 920 * the terminal id has already been set; instead it returns the 921 * existing terminal id. 922 * 923 * If c2audit is excluded, success is returned. 924 * The local hostname is used for the local IP address. 925 * If that hostname lookup fails, the loopback address is assumed, 926 * errno is set to ENETDOWN, this allows the caller to interpret 927 * whether failure is fatal, and if not to have a address for the 928 * hostname. 929 * Otherwise the caller would need to be aware of the audit state. 930 * 931 * Other errors are ignored if not auditing. 932 */ 933 934 int 935 adt_load_ttyname(const char *ttyname, adt_termid_t **termid) 936 { 937 char localhost[MAXHOSTNAMELEN + 1]; 938 au_tid_addr_t *p_term; 939 struct stat stat_buf; 940 941 if (adt_audit_state(AUC_DISABLED)) { 942 /* c2audit excluded */ 943 *termid = NULL; 944 return (0); 945 } 946 947 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 948 goto return_err; 949 } 950 951 if (adt_have_termid(p_term)) { 952 *termid = (adt_termid_t *)p_term; 953 return (0); 954 } 955 956 p_term->at_port = 0; 957 958 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) { 959 goto return_err_free; /* errno from sysinfo */ 960 } 961 962 if (ttyname != NULL && *ttyname != '\0') { 963 if (stat(ttyname, &stat_buf) < 0) { 964 goto return_err_free; 965 } 966 967 p_term->at_port = stat_buf.st_rdev; 968 } 969 970 if (adt_get_hostIP(localhost, p_term) == 0) { 971 *termid = (adt_termid_t *)p_term; 972 return (0); 973 } else { 974 *termid = (adt_termid_t *)p_term; 975 return (-1); 976 } 977 978 return_err_free: 979 free(p_term); 980 981 return_err: 982 *termid = NULL; 983 if (auditstate & AUC_NOAUDIT) { 984 return (0); 985 } 986 987 return (-1); 988 } 989 990 /* 991 * adt_get_session_id returns a stringified representation of 992 * the audit session id. See also adt_get_asid() for how to 993 * get the unexpurgated version. No guarantees as to how long 994 * the returned string will be or its general form; hex for now. 995 * 996 * An empty string is returned if auditing is off; length = 1 997 * and the pointer is valid. 998 * 999 * returns strlen + 1 if buffer is valid; else 0 and errno. 1000 */ 1001 1002 size_t 1003 adt_get_session_id(const adt_session_data_t *session_data, char **buff) 1004 { 1005 au_asid_t session_id; 1006 size_t length; 1007 /* 1008 * output is 0x followed by 1009 * two characters per byte 1010 * plus terminator, 1011 * except leading 0's are suppressed, so a few bytes may 1012 * be unused. 1013 */ 1014 length = 2 + (2 * sizeof (session_id)) + 1; 1015 *buff = malloc(length); 1016 1017 if (*buff == NULL) { 1018 return (0); 1019 } 1020 if (session_data == NULL) { /* NULL is not an error */ 1021 **buff = '\0'; 1022 return (1); 1023 } 1024 adt_get_asid(session_data, &session_id); 1025 1026 length = snprintf(*buff, length, "0x%X", (int)session_id); 1027 1028 /* length < 1 is a bug: the session data type may have changed */ 1029 assert(length > 0); 1030 1031 return (length); 1032 } 1033 1034 /* 1035 * adt_end_session -- close handle, clear context 1036 * 1037 * if as_check is invalid, no harm, no foul, EXCEPT that this could 1038 * be an attempt to free data already free'd, so output to syslog 1039 * to help explain why the process cored dumped. 1040 */ 1041 1042 int 1043 adt_end_session(adt_session_data_t *session_data) 1044 { 1045 adt_internal_state_t *state; 1046 1047 if (session_data != NULL) { 1048 state = (adt_internal_state_t *)session_data; 1049 if (state->as_check != ADT_VALID) { 1050 adt_write_syslog("freeing invalid data", EINVAL); 1051 } else { 1052 state->as_check = 0; 1053 m_label_free(state->as_label); 1054 free(session_data); 1055 } 1056 } 1057 /* no errors yet defined */ 1058 return (0); 1059 } 1060 1061 /* 1062 * adt_dup_session -- copy the session data 1063 */ 1064 1065 int 1066 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest) 1067 { 1068 adt_internal_state_t *source_state; 1069 adt_internal_state_t *dest_state = NULL; 1070 int rc = 0; 1071 1072 if (source != NULL) { 1073 source_state = (adt_internal_state_t *)source; 1074 assert(source_state->as_check == ADT_VALID); 1075 1076 dest_state = malloc(sizeof (adt_internal_state_t)); 1077 if (dest_state == NULL) { 1078 rc = -1; 1079 goto return_rc; 1080 } 1081 (void) memcpy(dest_state, source, 1082 sizeof (struct adt_internal_state)); 1083 1084 if (source_state->as_label != NULL) { 1085 dest_state->as_label = NULL; 1086 if ((rc = m_label_dup(&dest_state->as_label, 1087 source_state->as_label)) != 0) { 1088 free(dest_state); 1089 dest_state = NULL; 1090 } 1091 } 1092 } 1093 return_rc: 1094 *dest = (adt_session_data_t *)dest_state; 1095 return (rc); 1096 } 1097 1098 /* 1099 * from_export_format() 1100 * read from a network order buffer into struct adt_session_data 1101 */ 1102 1103 static size_t 1104 adt_from_export_format(adt_internal_state_t *internal, 1105 const adt_export_data_t *external) 1106 { 1107 struct export_header head; 1108 struct export_link link; 1109 adr_t context; 1110 int32_t offset; 1111 int32_t length; 1112 int32_t version; 1113 size_t label_len; 1114 char *p = (char *)external; 1115 1116 adrm_start(&context, (char *)external); 1117 adrm_int32(&context, (int *)&head, 4); 1118 1119 if ((internal->as_check = head.ax_check) != ADT_VALID) { 1120 errno = EINVAL; 1121 return (0); 1122 } 1123 offset = head.ax_link.ax_offset; 1124 version = head.ax_link.ax_version; 1125 length = head.ax_buffer_length; 1126 1127 /* 1128 * Skip newer versions. 1129 */ 1130 while (version > PROTOCOL_VERSION_2) { 1131 if (offset < 1) { 1132 return (0); /* failed to match version */ 1133 } 1134 p += offset; /* point to next version # */ 1135 1136 if (p > (char *)external + length) { 1137 return (0); 1138 } 1139 adrm_start(&context, p); 1140 adrm_int32(&context, (int *)&link, 2); 1141 offset = link.ax_offset; 1142 version = link.ax_version; 1143 assert(version != 0); 1144 } 1145 /* 1146 * Adjust buffer pointer to the first data item (euid). 1147 */ 1148 if (p == (char *)external) { 1149 adrm_start(&context, (char *)(p + sizeof (head))); 1150 } else { 1151 adrm_start(&context, (char *)(p + sizeof (link))); 1152 } 1153 /* 1154 * if down rev version, neither pid nor label are included 1155 * in v1 ax_size_of_tsol_data intentionally ignored 1156 */ 1157 if (version == PROTOCOL_VERSION_1) { 1158 adrm_int32(&context, (int *)&(internal->as_euid), 1); 1159 adrm_int32(&context, (int *)&(internal->as_ruid), 1); 1160 adrm_int32(&context, (int *)&(internal->as_egid), 1); 1161 adrm_int32(&context, (int *)&(internal->as_rgid), 1); 1162 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1); 1163 adrm_int32(&context, 1164 (int *)&(internal->as_info.ai_mask.am_success), 2); 1165 adrm_int32(&context, 1166 (int *)&(internal->as_info.ai_termid.at_port), 1); 1167 adrm_int32(&context, 1168 (int *)&(internal->as_info.ai_termid.at_type), 1); 1169 adrm_int32(&context, 1170 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1171 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1); 1172 adrm_int32(&context, (int *)&(internal->as_audit_state), 1); 1173 internal->as_pid = (pid_t)-1; 1174 internal->as_label = NULL; 1175 } else if (version == PROTOCOL_VERSION_2) { 1176 adrm_int32(&context, (int *)&(internal->as_euid), 1); 1177 adrm_int32(&context, (int *)&(internal->as_ruid), 1); 1178 adrm_int32(&context, (int *)&(internal->as_egid), 1); 1179 adrm_int32(&context, (int *)&(internal->as_rgid), 1); 1180 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1); 1181 adrm_int32(&context, 1182 (int *)&(internal->as_info.ai_mask.am_success), 2); 1183 adrm_int32(&context, 1184 (int *)&(internal->as_info.ai_termid.at_port), 1); 1185 adrm_int32(&context, 1186 (int *)&(internal->as_info.ai_termid.at_type), 1); 1187 adrm_int32(&context, 1188 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1189 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1); 1190 adrm_int32(&context, (int *)&(internal->as_audit_state), 1); 1191 adrm_int32(&context, (int *)&(internal->as_pid), 1); 1192 adrm_int32(&context, (int *)&label_len, 1); 1193 if (label_len > 0) { 1194 /* read in and deal with different sized labels. */ 1195 size32_t my_label_len = blabel_size(); 1196 1197 if ((internal->as_label = 1198 m_label_alloc(MAC_LABEL)) == NULL) { 1199 return (0); 1200 } 1201 if (label_len > my_label_len) { 1202 errno = EINVAL; 1203 m_label_free(internal->as_label); 1204 return (0); 1205 } 1206 (void) memset(internal->as_label, 0, my_label_len); 1207 adrm_int32(&context, (int *)(internal->as_label), 1208 label_len / sizeof (int32_t)); 1209 } else { 1210 internal->as_label = NULL; 1211 } 1212 } 1213 1214 return (length); 1215 } 1216 1217 /* 1218 * adt_to_export_format 1219 * read from struct adt_session_data into a network order buffer. 1220 * 1221 * (network order 'cause this data may be shared with a remote host.) 1222 */ 1223 1224 static size_t 1225 adt_to_export_format(adt_export_data_t *external, 1226 adt_internal_state_t *internal) 1227 { 1228 struct export_header head; 1229 struct export_link tail; 1230 adr_t context; 1231 size32_t label_len = 0; 1232 1233 adrm_start(&context, (char *)external); 1234 1235 if (internal->as_label != NULL) { 1236 label_len = blabel_size(); 1237 } 1238 1239 head.ax_check = ADT_VALID; 1240 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len; 1241 1242 /* version 2 first */ 1243 1244 head.ax_link.ax_version = PROTOCOL_VERSION_2; 1245 head.ax_link.ax_offset = sizeof (struct export_header) + 1246 sizeof (struct adt_export_v2) + label_len; 1247 1248 adrm_putint32(&context, (int *)&head, 4); 1249 1250 adrm_putint32(&context, (int *)&(internal->as_euid), 1); 1251 adrm_putint32(&context, (int *)&(internal->as_ruid), 1); 1252 adrm_putint32(&context, (int *)&(internal->as_egid), 1); 1253 adrm_putint32(&context, (int *)&(internal->as_rgid), 1); 1254 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1); 1255 adrm_putint32(&context, 1256 (int *)&(internal->as_info.ai_mask.am_success), 2); 1257 adrm_putint32(&context, 1258 (int *)&(internal->as_info.ai_termid.at_port), 1); 1259 adrm_putint32(&context, 1260 (int *)&(internal->as_info.ai_termid.at_type), 1); 1261 adrm_putint32(&context, 1262 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1263 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1); 1264 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1); 1265 adrm_putint32(&context, (int *)&(internal->as_pid), 1); 1266 adrm_putint32(&context, (int *)&label_len, 1); 1267 if (internal->as_label != NULL) { 1268 /* serialize the label */ 1269 adrm_putint32(&context, (int *)(internal->as_label), 1270 (label_len / sizeof (int32_t))); 1271 } 1272 1273 /* now version 1 */ 1274 1275 tail.ax_version = PROTOCOL_VERSION_1; 1276 tail.ax_offset = 0; 1277 1278 adrm_putint32(&context, (int *)&tail, 2); 1279 1280 adrm_putint32(&context, (int *)&(internal->as_euid), 1); 1281 adrm_putint32(&context, (int *)&(internal->as_ruid), 1); 1282 adrm_putint32(&context, (int *)&(internal->as_egid), 1); 1283 adrm_putint32(&context, (int *)&(internal->as_rgid), 1); 1284 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1); 1285 adrm_putint32(&context, 1286 (int *)&(internal->as_info.ai_mask.am_success), 2); 1287 adrm_putint32(&context, 1288 (int *)&(internal->as_info.ai_termid.at_port), 1); 1289 adrm_putint32(&context, 1290 (int *)&(internal->as_info.ai_termid.at_type), 1); 1291 adrm_putint32(&context, 1292 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1293 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1); 1294 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1); 1295 /* ignored in v1 */ 1296 adrm_putint32(&context, (int *)&label_len, 1); 1297 1298 /* finally terminator */ 1299 1300 tail.ax_version = 0; /* invalid version number */ 1301 tail.ax_offset = 0; 1302 1303 adrm_putint32(&context, (int *)&tail, 2); 1304 1305 return (head.ax_buffer_length); 1306 } 1307 1308 /* 1309 * adt_ucred_label() -- if label is available, duplicate it. 1310 */ 1311 1312 static m_label_t * 1313 adt_ucred_label(ucred_t *uc) 1314 { 1315 m_label_t *ul = NULL; 1316 1317 if (ucred_getlabel(uc) != NULL) { 1318 (void) m_label_dup(&ul, ucred_getlabel(uc)); 1319 } 1320 1321 return (ul); 1322 } 1323 1324 /* 1325 * adt_import() -- convert from network order to machine-specific order 1326 */ 1327 1328 static int 1329 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external) 1330 { 1331 au_mask_t mask; 1332 1333 /* save local audit state */ 1334 int local_audit_state = internal->as_audit_state; 1335 1336 if (adt_from_export_format(internal, external) < 1) 1337 return (-1); /* errno from adt_from_export_format */ 1338 1339 /* 1340 * If audit isn't enabled on the remote, they were unable 1341 * to generate the audit mask, so generate it based on 1342 * local configuration. If the user id has changed, the 1343 * resulting mask may miss some subtleties that occurred 1344 * on the remote system. 1345 * 1346 * If the remote failed to generate a terminal id, it is not 1347 * recoverable. 1348 */ 1349 1350 if (!(internal->as_audit_state & AUC_DISABLED)) { 1351 if (adt_get_mask_from_user(internal->as_info.ai_auid, 1352 &(internal->as_info.ai_mask))) 1353 return (-1); 1354 if (internal->as_info.ai_auid != internal->as_ruid) { 1355 if (adt_get_mask_from_user(internal->as_info.ai_auid, 1356 &mask)) 1357 return (-1); 1358 internal->as_info.ai_mask.am_success |= 1359 mask.am_success; 1360 internal->as_info.ai_mask.am_failure |= 1361 mask.am_failure; 1362 } 1363 } 1364 internal->as_audit_state = local_audit_state; 1365 1366 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(), 1367 internal->as_info.ai_asid, 1368 internal->as_info.ai_asid)); 1369 1370 internal->as_have_user_data = ADT_HAVE_ALL; 1371 1372 return (0); 1373 } 1374 1375 /* 1376 * adt_export_session_data() 1377 * copies a adt_session_data struct into a network order buffer 1378 * 1379 * In a misconfigured network, the local host may have auditing 1380 * off while the destination may have auditing on, so if there 1381 * is sufficient memory, a buffer will be returned even in the 1382 * audit off case. 1383 */ 1384 1385 size_t 1386 adt_export_session_data(const adt_session_data_t *internal, 1387 adt_export_data_t **external) 1388 { 1389 size32_t length = 0; 1390 1391 if ((internal != NULL) && 1392 ((adt_internal_state_t *)internal)->as_label != NULL) { 1393 length = blabel_size(); 1394 } 1395 1396 *external = malloc(sizeof (adt_export_data_t) + length); 1397 1398 if (*external == NULL) 1399 return (0); 1400 1401 if (internal == NULL) { 1402 adt_internal_state_t *dummy; 1403 1404 dummy = malloc(sizeof (adt_internal_state_t)); 1405 if (dummy == NULL) 1406 goto return_length_free; 1407 1408 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */ 1409 free(dummy); 1410 goto return_length_free; 1411 } 1412 length = adt_to_export_format(*external, dummy); 1413 free(dummy); 1414 } else { 1415 length = adt_to_export_format(*external, 1416 (adt_internal_state_t *)internal); 1417 } 1418 return (length); 1419 1420 return_length_free: 1421 free(*external); 1422 *external = NULL; 1423 return (0); 1424 } 1425 1426 static void 1427 adt_setto_unaudited(adt_internal_state_t *state) 1428 { 1429 if (state->as_audit_state & AUC_DISABLED) { 1430 state->as_ruid = AU_NOAUDITID; 1431 state->as_euid = AU_NOAUDITID; 1432 state->as_rgid = AU_NOAUDITID; 1433 state->as_egid = AU_NOAUDITID; 1434 state->as_pid = (pid_t)-1; 1435 state->as_label = NULL; 1436 } else { 1437 state->as_info.ai_asid = 0; 1438 state->as_info.ai_auid = AU_NOAUDITID; 1439 1440 (void) memset((void *)&(state->as_info.ai_termid), 0, 1441 sizeof (au_tid_addr_t)); 1442 state->as_info.ai_termid.at_type = AU_IPv4; 1443 1444 (void) memset((void *)&(state->as_info.ai_mask), 0, 1445 sizeof (au_mask_t)); 1446 state->as_have_user_data = 0; 1447 } 1448 } 1449 1450 /* 1451 * adt_init -- set session context by copying the audit characteristics 1452 * from the proc and picking up current uid/tid information. 1453 * 1454 * By default, an audit session is based on the process; the default 1455 * is overriden by adt_set_user() 1456 */ 1457 1458 static int 1459 adt_init(adt_internal_state_t *state, int use_proc_data) 1460 { 1461 /* ensure auditstate is set */ 1462 1463 (void) adt_audit_state(0); 1464 state->as_audit_state = auditstate; 1465 1466 if (use_proc_data) { 1467 state->as_ruid = getuid(); 1468 state->as_euid = geteuid(); 1469 state->as_rgid = getgid(); 1470 state->as_egid = getegid(); 1471 state->as_pid = getpid(); 1472 1473 if (!(state->as_audit_state & AUC_DISABLED)) { 1474 const au_tid64_addr_t *tid; 1475 const au_mask_t *mask; 1476 ucred_t *ucred = ucred_get(P_MYID); 1477 1478 /* 1479 * Even if the ucred is NULL, the underlying 1480 * credential may have a valid terminal id; if the 1481 * terminal id is set, then that's good enough. An 1482 * example of where this matters is failed login, 1483 * where rlogin/telnet sets the terminal id before 1484 * calling login; login does not load the credential 1485 * since auth failed. 1486 */ 1487 if (ucred == NULL) { 1488 if (!adt_have_termid( 1489 &(state->as_info.ai_termid))) 1490 return (-1); 1491 } else { 1492 mask = ucred_getamask(ucred); 1493 if (mask != NULL) { 1494 state->as_info.ai_mask = *mask; 1495 } else { 1496 ucred_free(ucred); 1497 return (-1); 1498 } 1499 tid = ucred_getatid(ucred); 1500 if (tid != NULL) { 1501 adt_cpy_tid(&(state->as_info.ai_termid), 1502 tid); 1503 } else { 1504 ucred_free(ucred); 1505 return (-1); 1506 } 1507 state->as_info.ai_asid = ucred_getasid(ucred); 1508 state->as_info.ai_auid = ucred_getauid(ucred); 1509 state->as_label = adt_ucred_label(ucred); 1510 ucred_free(ucred); 1511 } 1512 state->as_have_user_data = ADT_HAVE_ALL; 1513 } 1514 } else { 1515 adt_setto_unaudited(state); 1516 } 1517 state->as_session_model = ADT_SESSION_MODEL; /* default */ 1518 1519 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) && 1520 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy), 1521 sizeof (state->as_kernel_audit_policy))) { 1522 return (-1); /* errno set by auditon */ 1523 } 1524 state->as_check = ADT_VALID; 1525 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0], 1526 &adt_preload); 1527 return (0); 1528 } 1529 1530 /* 1531 * adt_set_proc 1532 * 1533 * Copy the current session state to the process. If this function 1534 * is called, the model becomes a process model rather than a 1535 * session model. 1536 * 1537 * In the current implementation, the value state->as_have_user_data 1538 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set 1539 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in. 1540 * 1541 */ 1542 1543 int 1544 adt_set_proc(const adt_session_data_t *session_data) 1545 { 1546 adt_internal_state_t *state; 1547 1548 if (session_data == NULL) { 1549 return (0); 1550 } 1551 1552 state = (adt_internal_state_t *)session_data; 1553 1554 assert(state->as_check == ADT_VALID); 1555 1556 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) != 1557 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) { 1558 errno = EINVAL; 1559 goto return_err; 1560 } 1561 1562 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info), 1563 sizeof (auditinfo_addr_t)) < 0) { 1564 goto return_err; /* errno set by setaudit_addr() */ 1565 } 1566 1567 state->as_session_model = ADT_PROCESS_MODEL; 1568 1569 return (0); 1570 1571 return_err: 1572 adt_write_syslog("failed to set process audit characteristics", errno); 1573 return (-1); 1574 } 1575 1576 static int 1577 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid) 1578 { 1579 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0}; 1580 au_mask_t no_mask = {0, 0}; 1581 1582 if (ruid == ADT_NO_AUDIT) { 1583 state->as_info.ai_auid = AU_NOAUDITID; 1584 state->as_info.ai_asid = 0; 1585 state->as_info.ai_termid = no_tid; 1586 state->as_info.ai_mask = no_mask; 1587 return (0); 1588 } 1589 state->as_info.ai_auid = ruid; 1590 state->as_info.ai_asid = adt_get_unique_id(ruid); 1591 if (termid != NULL) 1592 state->as_info.ai_termid = *termid; 1593 1594 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask))) 1595 return (-1); 1596 1597 /* Assume intending to audit as this process */ 1598 1599 if (state->as_pid == (pid_t)-1) 1600 state->as_pid = getpid(); 1601 1602 if (is_system_labeled() && state->as_label == NULL) { 1603 ucred_t *ucred = ucred_get(P_MYID); 1604 1605 state->as_label = adt_ucred_label(ucred); 1606 ucred_free(ucred); 1607 } 1608 1609 return (0); 1610 } 1611 1612 static int 1613 adt_changeuser(adt_internal_state_t *state, uid_t ruid) 1614 { 1615 au_mask_t mask; 1616 1617 if (!(state->as_have_user_data & ADT_HAVE_AUID)) 1618 state->as_info.ai_auid = ruid; 1619 if (!(state->as_have_user_data & ADT_HAVE_ASID)) 1620 state->as_info.ai_asid = adt_get_unique_id(ruid); 1621 1622 if (ruid <= MAXEPHUID) { 1623 if (adt_get_mask_from_user(ruid, &mask)) 1624 return (-1); 1625 1626 state->as_info.ai_mask.am_success |= mask.am_success; 1627 state->as_info.ai_mask.am_failure |= mask.am_failure; 1628 } 1629 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n", 1630 state->as_info.ai_mask.am_success, 1631 state->as_info.ai_mask.am_failure, 1632 ruid)); 1633 return (0); 1634 } 1635 1636 /* 1637 * adt_set_user -- see also adt_set_from_ucred() 1638 * 1639 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or 1640 * "unattributed." If ruid, change the model to session. 1641 * 1642 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value" 1643 * only valid with ADT_UPDATE. 1644 * 1645 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there 1646 * isn't a good reason to call adt_set_user() with it unless you don't 1647 * have a good value yet and intend to replace it later; auid will be 1648 * AU_NOAUDITID. 1649 * 1650 * adt_set_user should be called even if auditing is not enabled 1651 * so that adt_export_session_data() will have useful stuff to 1652 * work with. 1653 * 1654 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID 1655 * and ADT_HAVE_ALL. 1656 */ 1657 1658 int 1659 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid, 1660 uid_t ruid, gid_t rgid, const adt_termid_t *termid, 1661 enum adt_user_context user_context) 1662 { 1663 adt_internal_state_t *state; 1664 int rc; 1665 1666 if (session_data == NULL) /* no session exists to audit */ 1667 return (0); 1668 1669 state = (adt_internal_state_t *)session_data; 1670 assert(state->as_check == ADT_VALID); 1671 1672 switch (user_context) { 1673 case ADT_NEW: 1674 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE || 1675 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) { 1676 errno = EINVAL; 1677 return (-1); 1678 } 1679 if ((rc = adt_newuser(state, ruid, 1680 (au_tid_addr_t *)termid)) != 0) 1681 return (rc); 1682 1683 state->as_have_user_data = ADT_HAVE_ALL; 1684 break; 1685 case ADT_UPDATE: 1686 if (state->as_have_user_data != ADT_HAVE_ALL) { 1687 errno = EINVAL; 1688 return (-1); 1689 } 1690 1691 if (ruid != ADT_NO_CHANGE) 1692 if ((rc = adt_changeuser(state, ruid)) != 0) 1693 return (rc); 1694 break; 1695 case ADT_USER: 1696 if (state->as_have_user_data != ADT_HAVE_ALL) { 1697 errno = EINVAL; 1698 return (-1); 1699 } 1700 break; 1701 case ADT_SETTID: 1702 assert(termid != NULL); 1703 state->as_info.ai_termid = *((au_tid_addr_t *)termid); 1704 /* avoid fooling pam_setcred()... */ 1705 state->as_info.ai_auid = AU_NOAUDITID; 1706 state->as_info.ai_asid = 0; 1707 state->as_info.ai_mask.am_failure = 0; 1708 state->as_info.ai_mask.am_success = 0; 1709 state->as_have_user_data = ADT_HAVE_TID | 1710 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK; 1711 return (0); 1712 default: 1713 errno = EINVAL; 1714 return (-1); 1715 } 1716 1717 if (ruid == ADT_NO_AUDIT) { 1718 state->as_ruid = AU_NOAUDITID; 1719 state->as_euid = AU_NOAUDITID; 1720 state->as_rgid = AU_NOAUDITID; 1721 state->as_egid = AU_NOAUDITID; 1722 } else { 1723 if (ruid != ADT_NO_CHANGE) 1724 state->as_ruid = ruid; 1725 if (euid != ADT_NO_CHANGE) 1726 state->as_euid = euid; 1727 if (rgid != ADT_NO_CHANGE) 1728 state->as_rgid = rgid; 1729 if (egid != ADT_NO_CHANGE) 1730 state->as_egid = egid; 1731 } 1732 1733 if (ruid == ADT_NO_ATTRIB) { 1734 state->as_session_model = ADT_SESSION_MODEL; 1735 } 1736 1737 return (0); 1738 } 1739 1740 /* 1741 * adt_set_from_ucred() 1742 * 1743 * an alternate to adt_set_user that fills the same role but uses 1744 * a pointer to a ucred rather than a list of id's. If the ucred 1745 * pointer is NULL, use the credential from the this process. 1746 * 1747 * A key difference is that for ADT_NEW, adt_set_from_ucred() does 1748 * not overwrite the asid and auid unless auid has not been set. 1749 * ADT_NEW differs from ADT_UPDATE in that it does not OR together 1750 * the incoming audit mask with the one that already exists. 1751 * 1752 * adt_set_from_ucred should be called even if auditing is not enabled 1753 * so that adt_export_session_data() will have useful stuff to 1754 * work with. 1755 */ 1756 1757 int 1758 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc, 1759 enum adt_user_context user_context) 1760 { 1761 adt_internal_state_t *state; 1762 int rc = -1; 1763 const au_tid64_addr_t *tid64; 1764 au_tid_addr_t termid, *tid; 1765 ucred_t *ucred = (ucred_t *)uc; 1766 boolean_t local_uc = B_FALSE; 1767 1768 if (session_data == NULL) /* no session exists to audit */ 1769 return (0); 1770 1771 state = (adt_internal_state_t *)session_data; 1772 assert(state->as_check == ADT_VALID); 1773 1774 if (ucred == NULL) { 1775 ucred = ucred_get(P_MYID); 1776 1777 if (ucred == NULL) 1778 goto return_rc; 1779 local_uc = B_TRUE; 1780 } 1781 1782 switch (user_context) { 1783 case ADT_NEW: 1784 tid64 = ucred_getatid(ucred); 1785 if (tid64 != NULL) { 1786 adt_cpy_tid(&termid, tid64); 1787 tid = &termid; 1788 } else { 1789 tid = NULL; 1790 } 1791 if (ucred_getauid(ucred) == AU_NOAUDITID) { 1792 adt_setto_unaudited(state); 1793 state->as_have_user_data = ADT_HAVE_ALL; 1794 rc = 0; 1795 goto return_rc; 1796 } else { 1797 state->as_info.ai_auid = ucred_getauid(ucred); 1798 state->as_info.ai_asid = ucred_getasid(ucred); 1799 state->as_info.ai_mask = *ucred_getamask(ucred); 1800 state->as_info.ai_termid = *tid; 1801 } 1802 state->as_have_user_data = ADT_HAVE_ALL; 1803 break; 1804 case ADT_UPDATE: 1805 if (state->as_have_user_data != ADT_HAVE_ALL) { 1806 errno = EINVAL; 1807 goto return_rc; 1808 } 1809 1810 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0) 1811 goto return_rc; 1812 break; 1813 case ADT_USER: 1814 if (state->as_have_user_data != ADT_HAVE_ALL) { 1815 errno = EINVAL; 1816 goto return_rc; 1817 } 1818 break; 1819 default: 1820 errno = EINVAL; 1821 goto return_rc; 1822 } 1823 rc = 0; 1824 1825 state->as_ruid = ucred_getruid(ucred); 1826 state->as_euid = ucred_geteuid(ucred); 1827 state->as_rgid = ucred_getrgid(ucred); 1828 state->as_egid = ucred_getegid(ucred); 1829 state->as_pid = ucred_getpid(ucred); 1830 state->as_label = adt_ucred_label(ucred); 1831 1832 return_rc: 1833 if (local_uc) { 1834 ucred_free(ucred); 1835 } 1836 return (rc); 1837 } 1838 1839 /* 1840 * adt_alloc_event() returns a pointer to allocated memory 1841 * 1842 */ 1843 1844 adt_event_data_t 1845 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id) 1846 { 1847 struct adt_event_state *event_state; 1848 adt_internal_state_t *session_state; 1849 adt_event_data_t *return_event = NULL; 1850 /* 1851 * need to return a valid event pointer even if audit is 1852 * off, else the caller will end up either (1) keeping its 1853 * own flags for on/off or (2) writing to a NULL pointer. 1854 * If auditing is on, the session data must be valid; otherwise 1855 * we don't care. 1856 */ 1857 if (session_data != NULL) { 1858 session_state = (adt_internal_state_t *)session_data; 1859 assert(session_state->as_check == ADT_VALID); 1860 } 1861 event_state = calloc(1, sizeof (struct adt_event_state)); 1862 if (event_state == NULL) 1863 goto return_ptr; 1864 1865 event_state->ae_check = ADT_VALID; 1866 1867 event_state->ae_event_id = event_id; 1868 event_state->ae_session = (struct adt_internal_state *)session_data; 1869 1870 return_event = (adt_event_data_t *)&(event_state->ae_event_data); 1871 1872 /* 1873 * preload data so the adt_au_*() functions can detect un-supplied 1874 * values (0 and NULL are free via calloc()). 1875 */ 1876 if (session_data != NULL) { 1877 session_state->as_preload(event_id, return_event); 1878 } 1879 1880 return_ptr: 1881 return (return_event); 1882 } 1883 1884 /* 1885 * adt_getXlateTable -- look up translation table address for event id 1886 */ 1887 1888 static adt_translation_t * 1889 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id) 1890 { 1891 /* xlate_table is global in adt_xlate.c */ 1892 adt_translation_t **p_xlate = xlate; 1893 adt_translation_t *p_event; 1894 1895 while (*p_xlate != NULL) { 1896 p_event = *p_xlate; 1897 if (event_id == p_event->tx_external_event) 1898 return (p_event); 1899 p_xlate++; 1900 } 1901 return (NULL); 1902 } 1903 1904 /* 1905 * adt_calcOffsets 1906 * 1907 * the call to this function is surrounded by a mutex. 1908 * 1909 * i walks down the table picking up next_token. j walks again to 1910 * calculate the offset to the input data. k points to the next 1911 * token's row. Finally, l, is used to sum the values in the 1912 * datadef array. 1913 * 1914 * What's going on? The entry array is in the order of the input 1915 * fields but the processing of array entries is in the order of 1916 * the output (see next_token). Calculating the offset to the 1917 * "next" input can't be done in the outer loop (i) since i doesn't 1918 * point to the current entry and it can't be done with the k index 1919 * because it doesn't represent the order of input fields. 1920 * 1921 * While the resulting algorithm is n**2, it is only done once per 1922 * event type. 1923 */ 1924 1925 /* 1926 * adt_calcOffsets is only called once per event type, but it uses 1927 * the address alignment of memory allocated for that event as if it 1928 * were the same for all subsequently allocated memory. This is 1929 * guaranteed by calloc/malloc. Arrays take special handling since 1930 * what matters for figuring out the correct alignment is the size 1931 * of the array element. 1932 */ 1933 1934 static void 1935 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data) 1936 { 1937 int i, j; 1938 size_t this_size, prev_size; 1939 void *struct_start = p_data; 1940 1941 for (i = 0; i < tablesize; i++) { 1942 if (p_entry[i].en_type_def == NULL) { 1943 p_entry[i].en_offset = 0; 1944 continue; 1945 } 1946 prev_size = 0; 1947 p_entry[i].en_offset = (char *)p_data - (char *)struct_start; 1948 1949 for (j = 0; j < p_entry[i].en_count_types; j++) { 1950 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG) 1951 this_size = sizeof (enum adt_generic); 1952 else 1953 this_size = 1954 p_entry[i].en_type_def[j].dd_input_size; 1955 1956 /* adj for first entry */ 1957 if (prev_size == 0) 1958 prev_size = this_size; 1959 1960 if (p_entry[i].en_type_def[j].dd_datatype == 1961 ADT_UINT32ARRAY) { 1962 p_data = (char *)adt_adjust_address(p_data, 1963 prev_size, sizeof (uint32_t)) + 1964 this_size - sizeof (uint32_t); 1965 1966 prev_size = sizeof (uint32_t); 1967 } else { 1968 p_data = adt_adjust_address(p_data, prev_size, 1969 this_size); 1970 prev_size = this_size; 1971 } 1972 } 1973 } 1974 } 1975 1976 /* 1977 * adt_generate_event 1978 * generate event record from external struct. The order is based on 1979 * the output tokens, allowing for the possibility that the input data 1980 * is in a different order. 1981 * 1982 */ 1983 1984 static int 1985 adt_generate_event(const adt_event_data_t *p_extdata, 1986 struct adt_event_state *p_event, 1987 adt_translation_t *p_xlate) 1988 { 1989 struct entry *p_entry; 1990 static mutex_t lock = DEFAULTMUTEX; 1991 1992 p_entry = p_xlate->tx_first_entry; 1993 assert(p_entry != NULL); 1994 1995 p_event->ae_internal_id = p_xlate->tx_internal_event; 1996 adt_token_open(p_event); 1997 1998 /* 1999 * offsets are not pre-calculated; the initial offsets are all 2000 * 0; valid offsets are >= 0. Offsets for no-input tokens such 2001 * as subject are set to -1 by adt_calcOffset() 2002 */ 2003 if (p_xlate->tx_offsetsCalculated == 0) { 2004 (void) mutex_lock(&lock); 2005 p_xlate->tx_offsetsCalculated = 1; 2006 2007 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries, 2008 (void *)p_extdata); 2009 (void) mutex_unlock(&lock); 2010 } 2011 while (p_entry != NULL) { 2012 adt_generate_token(p_entry, (char *)p_extdata, p_event); 2013 2014 p_entry = p_entry->en_next_token; 2015 } 2016 return (adt_token_close(p_event)); 2017 } 2018 2019 /* 2020 * adt_put_event -- main event generation function. 2021 * The input "event" is the address of the struct containing 2022 * event-specific data. 2023 * 2024 * However if auditing is off or the session handle 2025 * is NULL, no attempt to write a record is made. 2026 */ 2027 2028 int 2029 adt_put_event(const adt_event_data_t *event, int status, int return_val) 2030 { 2031 struct adt_event_state *event_state; 2032 adt_translation_t *xlate; 2033 2034 if (event == NULL) { 2035 errno = EINVAL; 2036 return (-1); 2037 } 2038 event_state = (struct adt_event_state *)event; 2039 2040 /* if this is a broken session or not auditing, exit */ 2041 if ((event_state->ae_session == NULL) || 2042 !(event_state->ae_session->as_audit_state & 2043 (AUC_AUDITING | AUC_NOSPACE))) { 2044 return (0); 2045 } 2046 2047 assert(event_state->ae_check == ADT_VALID); 2048 2049 event_state->ae_rc = status; 2050 event_state->ae_type = return_val; 2051 2052 /* look up the event */ 2053 2054 xlate = adt_getXlateTable(event_state->ae_session->as_xlate, 2055 event_state->ae_event_id); 2056 2057 if (xlate == NULL) { 2058 errno = EINVAL; 2059 return (-1); 2060 } 2061 DPRINTF(("got event %d\n", xlate->tx_internal_event)); 2062 2063 if (adt_selected(event_state, xlate->tx_internal_event, status)) { 2064 return (adt_generate_event(event, event_state, xlate)); 2065 } 2066 2067 return (0); 2068 } 2069 2070 /* 2071 * adt_free_event -- invalidate and free 2072 */ 2073 2074 void 2075 adt_free_event(adt_event_data_t *event) 2076 { 2077 struct adt_event_state *event_state; 2078 2079 if (event == NULL) 2080 return; 2081 2082 event_state = (struct adt_event_state *)event; 2083 2084 assert(event_state->ae_check == ADT_VALID); 2085 2086 event_state->ae_check = 0; 2087 2088 free(event_state); 2089 } 2090 2091 /* 2092 * adt_is_selected -- helper to adt_selected(), below. 2093 * 2094 * "sorf" is "success or fail" status; au_preselect compares 2095 * that with success, fail, or both. 2096 */ 2097 2098 static int 2099 adt_is_selected(au_event_t e, au_mask_t *m, int sorf) 2100 { 2101 int prs_sorf; 2102 2103 if (sorf == 0) 2104 prs_sorf = AU_PRS_SUCCESS; 2105 else 2106 prs_sorf = AU_PRS_FAILURE; 2107 2108 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD)); 2109 } 2110 2111 /* 2112 * selected -- see if this event is preselected. 2113 * 2114 * if errors are encountered trying to check a preselection mask 2115 * or look up a user name, the event is selected. Otherwise, the 2116 * preselection mask is used for the job. 2117 */ 2118 2119 static int 2120 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status) 2121 { 2122 adt_internal_state_t *sp; 2123 au_mask_t namask; 2124 2125 sp = event->ae_session; 2126 2127 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) { 2128 adt_write_syslog("No user data available", EINVAL); 2129 return (1); /* default is "selected" */ 2130 } 2131 2132 /* non-attributable? */ 2133 if ((sp->as_info.ai_auid == AU_NOAUDITID) || 2134 (sp->as_info.ai_auid == ADT_NO_AUDIT)) { 2135 if (auditon(A_GETKMASK, (caddr_t)&namask, 2136 sizeof (namask)) != 0) { 2137 adt_write_syslog("auditon failure", errno); 2138 return (1); 2139 } 2140 return (adt_is_selected(actual_id, &namask, status)); 2141 } else { 2142 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask), 2143 status)); 2144 } 2145 } 2146 2147 /* 2148 * Can't map the host name to an IP address in 2149 * adt_get_hostIP. Get something off an interface 2150 * to act as the hosts IP address for auditing. 2151 */ 2152 2153 static int 2154 adt_get_local_address(int family, struct ifaddrlist *al) 2155 { 2156 struct ifaddrlist *ifal; 2157 char errbuf[ERRBUFSIZE] = "empty list"; 2158 char msg[ERRBUFSIZE + 512]; 2159 int ifal_count; 2160 int i; 2161 2162 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) { 2163 int serrno = errno; 2164 2165 (void) snprintf(msg, sizeof (msg), "adt_get_local_address " 2166 "couldn't get %d addrlist %s", family, errbuf); 2167 adt_write_syslog(msg, serrno); 2168 errno = serrno; 2169 return (-1); 2170 } 2171 2172 for (i = 0; i < ifal_count; i++) { 2173 /* 2174 * loopback always defined, 2175 * even if there is no real address 2176 */ 2177 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) { 2178 break; 2179 } 2180 } 2181 if (i >= ifal_count) { 2182 free(ifal); 2183 /* 2184 * Callers of adt_get_hostIP() can only return 2185 * errno to their callers and eventually the application. 2186 * Picked one that seemed least worse for saying no 2187 * usable address for Audit terminal ID. 2188 */ 2189 errno = ENETDOWN; 2190 return (-1); 2191 } 2192 2193 *al = ifal[i]; 2194 free(ifal); 2195 return (0); 2196 } 2197