1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2017 OmniOS Community Edition (OmniOSce) Association. 25 */ 26 27 #include <bsm/adt.h> 28 #include <bsm/adt_event.h> 29 #include <assert.h> 30 #include <bsm/audit.h> 31 #include <bsm/audit_record.h> 32 #include <bsm/libbsm.h> 33 #include <door.h> 34 #include <errno.h> 35 #include <generic.h> 36 #include <md5.h> 37 #include <sys/mkdev.h> 38 #include <netdb.h> 39 #include <nss_dbdefs.h> 40 #include <pwd.h> 41 #include <sys/stat.h> 42 #include <time.h> 43 #include <stdlib.h> 44 #include <string.h> 45 #include <synch.h> 46 #include <sys/systeminfo.h> 47 #include <syslog.h> 48 #include <thread.h> 49 #include <unistd.h> 50 #include <adt_xlate.h> 51 #include <adt_ucred.h> 52 #include <arpa/inet.h> 53 #include <net/if.h> 54 #include <libinetutil.h> 55 56 static int adt_selected(struct adt_event_state *, au_event_t, int); 57 static int adt_init(adt_internal_state_t *, int); 58 static int adt_import(adt_internal_state_t *, const adt_export_data_t *); 59 static m_label_t *adt_ucred_label(ucred_t *); 60 static void adt_setto_unaudited(adt_internal_state_t *); 61 static int adt_get_local_address(int, struct ifaddrlist *); 62 63 #ifdef C2_DEBUG 64 #define DPRINTF(x) { (void) printf x; } 65 #define DFLUSH (void) fflush(stdout); 66 #else 67 #define DPRINTF(x) 68 #define DFLUSH 69 #endif 70 71 /* 72 * Local audit states are a bit mask 73 * 74 * The global audit states are 75 * 76 * AUC_UNSET 0 - on/off hasn't been decided 77 * AUC_ENABLED 1 - loaded and enabled 78 * 79 * The local Zone states are 80 * 81 * AUC_AUDITING 0x1 - audit daemon is active 82 * AUC_NOAUDIT 0x2 - audit daemon is not active 83 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run 84 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records 85 * 86 * The only values returned by auditon(A_GETCOND) are: 87 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE 88 * 89 * The pseudo audit state used when the c2audit module is excluded is 90 * 91 * AUC_DISABLED 0x100 - c2audit module is excluded 92 */ 93 94 static int auditstate = AUC_DISABLED; /* default state */ 95 96 /* 97 * adt_write_syslog 98 * 99 * errors that are not the user's fault (bugs or whatever in 100 * the underlying audit code are noted in syslog.) 101 * 102 * Avoid calling adt_write_syslog for things that can happen 103 * at high volume. 104 * 105 * syslog's open (openlog) and close (closelog) are interesting; 106 * openlog *may* create a file descriptor and is optional. closelog 107 * *will* close any open file descriptors and is also optional. 108 * 109 * Since syslog may also be used by the calling application, the 110 * choice is to avoid openlog, which sets some otherwise useful 111 * parameters, and to embed "Solaris_audit" in the log message. 112 */ 113 114 void 115 adt_write_syslog(const char *message, int err) 116 { 117 int save_errno = errno; 118 int mask_priority; 119 120 DPRINTF(("syslog called: %s\n", message)); 121 122 mask_priority = setlogmask(LOG_MASK(LOG_ALERT)); 123 errno = err; 124 syslog(LOG_ALERT, "Solaris_audit %s: %m", message); 125 (void) setlogmask(mask_priority); 126 errno = save_errno; 127 } 128 129 /* 130 * return true if c2audit is not excluded. 131 * 132 * For purpose of this API, anything but AUC_DISABLED 133 * is enabled; however one never actually sees 134 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any 135 * auditon error is considered the same as ENOTSUP for our 136 * purpose. auditstate is not changed by auditon if an error 137 * is returned. 138 */ 139 140 /* 141 * XXX this should probably be eliminated and adt_audit_state() replace it. 142 * All the legitimate uses are to not fork a waiting process for 143 * process exit processing, as in su, login, dtlogin. Other bogus 144 * users are zoneadmd and init. 145 * All but dtlogin are in ON, so we can do this without cross gate 146 * synchronization. 147 * 148 * No longer used in adt.c. 149 */ 150 151 boolean_t 152 adt_audit_enabled(void) 153 { 154 155 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate)); 156 157 return (auditstate != AUC_DISABLED); 158 } 159 160 /* 161 * See adt_audit_enabled() for state discussions. 162 * The state parameter is a hedge until all the uses become clear. 163 * Likely if adt_audit_enabled is brought internal to this file, 164 * it could be modified to take one or more parameters to describe the 165 * state. 166 */ 167 168 boolean_t 169 adt_audit_state(int states) 170 { 171 172 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate)); 173 174 return ((auditstate & states) ? B_TRUE : B_FALSE); 175 } 176 177 /* 178 * Get user_specific/non-attributable audit mask. This may be called even when 179 * auditing is off. 180 */ 181 182 static int 183 adt_get_mask_from_user(uid_t uid, au_mask_t *mask) 184 { 185 struct passwd pwd; 186 long buff_sz; 187 char *pwd_buff; 188 189 190 if (auditstate & AUC_DISABLED) { 191 /* c2audit excluded */ 192 mask->am_success = 0; 193 mask->am_failure = 0; 194 } else if (uid <= MAXUID) { 195 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) { 196 adt_write_syslog("couldn't determine maximum size of " 197 "password buffer", errno); 198 return (-1); 199 } 200 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) { 201 return (-1); 202 } 203 if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) { 204 errno = EINVAL; /* user doesn't exist */ 205 free(pwd_buff); 206 return (-1); 207 } 208 if (au_user_mask(pwd.pw_name, mask)) { 209 free(pwd_buff); 210 errno = EFAULT; /* undetermined failure */ 211 return (-1); 212 } 213 free(pwd_buff); 214 } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) { 215 return (-1); 216 } 217 218 return (0); 219 } 220 221 /* 222 * adt_get_unique_id -- generate a hopefully unique 32 bit value 223 * 224 * there will be a follow up to replace this with the use of /dev/random 225 * 226 * An MD5 hash is taken on a buffer of 227 * hostname . audit id . unix time . pid . count 228 * 229 * "count = noise++;" is subject to a race condition but I don't 230 * see a need to put a lock around it. 231 */ 232 233 au_asid_t 234 adt_get_unique_id(au_id_t uid) 235 { 236 char hostname[MAXHOSTNAMELEN]; 237 union { 238 au_id_t v[4]; 239 unsigned char obuff[128/8]; 240 } output; 241 MD5_CTX context; 242 243 static int noise = 0; 244 245 int count = noise++; 246 time_t timebits = time(NULL); 247 pid_t pidbits = getpid(); 248 au_asid_t retval = 0; 249 250 if (gethostname(hostname, MAXHOSTNAMELEN)) { 251 adt_write_syslog("gethostname call failed", errno); 252 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN); 253 } 254 255 while (retval == 0) { /* 0 is the only invalid result */ 256 MD5Init(&context); 257 258 MD5Update(&context, (unsigned char *)hostname, 259 (unsigned int) strlen((const char *)hostname)); 260 261 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t)); 262 263 MD5Update(&context, 264 (unsigned char *) &timebits, sizeof (time_t)); 265 266 MD5Update(&context, (unsigned char *) &pidbits, 267 sizeof (pid_t)); 268 269 MD5Update(&context, (unsigned char *) &(count), sizeof (int)); 270 MD5Final(output.obuff, &context); 271 272 retval = output.v[count % 4]; 273 } 274 return (retval); 275 } 276 277 /* 278 * the following "port" function deals with the following issues: 279 * 280 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made 281 * up from a 32 bit major and 32 bit minor. 282 * 2 User space deals with a dev_t as either the above 64 bit value 283 * or a 32 bit value made from a 14 bit major and an 18 bit minor. 284 * 3 The various audit interfaces (except ucred) pass the 32 or 285 * 64 bit version depending the architecture of the userspace 286 * application. If you get a port value from ucred and pass it 287 * to the kernel via auditon(), it must be squeezed into a 32 288 * bit value because the kernel knows the userspace app's bit 289 * size. 290 * 291 * The internal state structure for adt (adt_internal_state_t) uses 292 * dev_t, so adt converts data from ucred to fit. The import/export 293 * functions, however, can't know if they are importing/exporting 294 * from 64 or 32 bit applications, so they always send 64 bits and 295 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as 296 * appropriate. 297 */ 298 299 /* 300 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are 301 * both 64 bits). If lib is 32 bits, squeeze the two-int port into 302 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t, 303 * so it isn't broken up into pieces. (When it goes to the kernel 304 * and back, however, it will have been split into major/minor 305 * pieces.) 306 */ 307 308 static void 309 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src) 310 { 311 #ifdef _LP64 312 (void) memcpy(dest, src, sizeof (au_tid_addr_t)); 313 #else /* _LP64 */ 314 dest->at_type = src->at_type; 315 316 dest->at_port = src->at_port.at_minor & MAXMIN32; 317 dest->at_port |= (src->at_port.at_major & MAXMAJ32) << 318 NBITSMINOR32; 319 320 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t)); 321 #endif /* _LP64 */ 322 } 323 324 /* 325 * adt_start_session -- create interface handle, create context 326 * 327 * The imported_state input is normally NULL, if not, it represents 328 * a continued session; its values obviate the need for a subsequent 329 * call to adt_set_user(). 330 * 331 * The flag is used to decide how to set the initial state of the session. 332 * If 0, the session is "no audit" until a call to adt_set_user; if 333 * ADT_USE_PROC_DATA, the session is built from the process audit 334 * characteristics obtained from the kernel. If imported_state is 335 * not NULL, the resulting audit mask is an OR of the current process 336 * audit mask and that passed in. 337 * 338 * The basic model is that the caller can use the pointer returned 339 * by adt_start_session whether or not auditing is enabled or an 340 * error was returned. The functions that take the session handle 341 * as input generally return without doing anything if auditing is 342 * disabled. 343 */ 344 345 int 346 adt_start_session(adt_session_data_t **new_session, 347 const adt_export_data_t *imported_state, adt_session_flags_t flags) 348 { 349 adt_internal_state_t *state; 350 adt_session_flags_t flgmask = ADT_FLAGS_ALL; 351 352 /* test and set auditstate */ 353 if (adt_audit_state(AUC_DISABLED)) { 354 /* c2audit excluded */ 355 *new_session = NULL; 356 return (0); 357 } 358 359 if ((flags & ~flgmask) != 0) { 360 errno = EINVAL; 361 goto return_err; 362 } 363 364 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) { 365 goto return_err; 366 } 367 368 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) { 369 goto return_err_free; /* errno from adt_init() */ 370 } 371 372 /* 373 * The imported state overwrites the initial state if the 374 * imported state represents a valid audit trail 375 */ 376 377 if (imported_state != NULL) { 378 if (adt_import(state, imported_state) != 0) { 379 goto return_err_free; 380 } 381 } else if (flags & ADT_USE_PROC_DATA) { 382 state->as_session_model = ADT_PROCESS_MODEL; 383 } 384 state->as_flags = flags; 385 DPRINTF(("(%lld) Starting session id = %08X\n", 386 (long long) getpid(), state->as_info.ai_asid)); 387 388 *new_session = (adt_session_data_t *)state; 389 return (0); 390 391 return_err_free: 392 free(state); 393 return_err: 394 *new_session = NULL; 395 adt_write_syslog("audit session create failed", errno); 396 return (-1); 397 } 398 399 /* 400 * adt_load_table() 401 * 402 * loads the event translation table into the audit session. 403 */ 404 405 void 406 adt_load_table(const adt_session_data_t *session_data, 407 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *)) 408 { 409 adt_internal_state_t *state = (adt_internal_state_t *)session_data; 410 411 if (state != NULL) { 412 assert(state->as_check == ADT_VALID); 413 state->as_xlate = xlate; 414 state->as_preload = preload; 415 } 416 } 417 418 /* 419 * adt_get_asid() and adt_set_asid() 420 * 421 * if you use this interface, you are responsible to insure that the 422 * rest of the session data is populated correctly before calling 423 * adt_proccess_attr() 424 * 425 * neither of these are intended for general use and will likely 426 * remain private interfaces for a long time. Forever is a long 427 * time. In the case of adt_set_asid(), you should have a very, 428 * very good reason for setting your own session id. The process 429 * audit characteristics are not changed by put, use adt_set_proc(). 430 * 431 * These are "volatile" (more changable than "evolving") and will 432 * probably change in the S10 period. 433 */ 434 435 void 436 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid) 437 { 438 439 if (session_data == NULL) { 440 *asid = 0; 441 } else { 442 assert(((adt_internal_state_t *)session_data)->as_check == 443 ADT_VALID); 444 445 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid; 446 } 447 } 448 449 void 450 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id) 451 { 452 453 if (session_data != NULL) { 454 assert(((adt_internal_state_t *)session_data)->as_check == 455 ADT_VALID); 456 457 ((adt_internal_state_t *)session_data)->as_have_user_data |= 458 ADT_HAVE_ASID; 459 ((adt_internal_state_t *)session_data)->as_info.ai_asid = 460 session_id; 461 } 462 } 463 464 /* 465 * adt_get_auid() and adt_set_auid() 466 * 467 * neither of these are intended for general use and will likely 468 * remain private interfaces for a long time. Forever is a long 469 * time. In the case of adt_set_auid(), you should have a very, 470 * very good reason for setting your own audit id. The process 471 * audit characteristics are not changed by put, use adt_set_proc(). 472 */ 473 474 void 475 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid) 476 { 477 478 if (session_data == NULL) { 479 *auid = AU_NOAUDITID; 480 } else { 481 assert(((adt_internal_state_t *)session_data)->as_check == 482 ADT_VALID); 483 484 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid; 485 } 486 } 487 488 void 489 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id) 490 { 491 492 if (session_data != NULL) { 493 assert(((adt_internal_state_t *)session_data)->as_check == 494 ADT_VALID); 495 496 ((adt_internal_state_t *)session_data)->as_have_user_data |= 497 ADT_HAVE_AUID; 498 ((adt_internal_state_t *)session_data)->as_info.ai_auid = 499 audit_id; 500 } 501 } 502 503 /* 504 * adt_get_termid(), adt_set_termid() 505 * 506 * if you use this interface, you are responsible to insure that the 507 * rest of the session data is populated correctly before calling 508 * adt_proccess_attr() 509 * 510 * The process audit characteristics are not changed by put, use 511 * adt_set_proc(). 512 */ 513 514 void 515 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid) 516 { 517 518 if (session_data == NULL) { 519 (void) memset(termid, 0, sizeof (au_tid_addr_t)); 520 termid->at_type = AU_IPv4; 521 } else { 522 assert(((adt_internal_state_t *)session_data)->as_check == 523 ADT_VALID); 524 525 *termid = 526 ((adt_internal_state_t *)session_data)->as_info.ai_termid; 527 } 528 } 529 530 void 531 adt_set_termid(const adt_session_data_t *session_data, 532 const au_tid_addr_t *termid) 533 { 534 535 if (session_data != NULL) { 536 assert(((adt_internal_state_t *)session_data)->as_check == 537 ADT_VALID); 538 539 ((adt_internal_state_t *)session_data)->as_info.ai_termid = 540 *termid; 541 542 ((adt_internal_state_t *)session_data)->as_have_user_data |= 543 ADT_HAVE_TID; 544 } 545 } 546 547 /* 548 * adt_get_mask(), adt_set_mask() 549 * 550 * if you use this interface, you are responsible to insure that the 551 * rest of the session data is populated correctly before calling 552 * adt_proccess_attr() 553 * 554 * The process audit characteristics are not changed by put, use 555 * adt_set_proc(). 556 */ 557 558 void 559 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask) 560 { 561 562 if (session_data == NULL) { 563 mask->am_success = 0; 564 mask->am_failure = 0; 565 } else { 566 assert(((adt_internal_state_t *)session_data)->as_check == 567 ADT_VALID); 568 569 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask; 570 } 571 } 572 573 void 574 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask) 575 { 576 577 if (session_data != NULL) { 578 assert(((adt_internal_state_t *)session_data)->as_check == 579 ADT_VALID); 580 581 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask; 582 583 ((adt_internal_state_t *)session_data)->as_have_user_data |= 584 ADT_HAVE_MASK; 585 } 586 } 587 588 /* 589 * helpers for adt_load_termid 590 */ 591 592 static dev_t 593 adt_ports_to_at_port(in_port_t remote, in_port_t local) 594 { 595 dev_t port; 596 597 #ifdef _LP64 598 dev_t tmp; 599 600 /* 601 * In 64-bit, at_port is a 64-bit value encoding major/minor 602 * device numbers as 32-bits each. However when a 32-bit application 603 * subsequently requests the audit address via getaudit_addr(), this 604 * value must be capable of being compressed down to a 14-bit major and 605 * 18-bit minor number or the call will fail. 606 * 607 * In order to construct a 32-bit compatible value, the top 14-bits of 608 * the remote port are used for the major number and the remaining 609 * 2-bits + local port are used for the minor. 610 */ 611 612 tmp = ((remote<<16) | (local)); 613 port = (tmp & MAXMIN32); 614 port |= (((tmp >> NBITSMINOR32) & MAXMAJ32) << NBITSMINOR64); 615 #else 616 port = ((remote<<16) | (local)); 617 #endif 618 619 return (port); 620 } 621 622 static void 623 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock, 624 au_tid_addr_t *termid) 625 { 626 termid->at_port = 627 adt_ports_to_at_port(peer->sin6_port, sock->sin6_port); 628 termid->at_type = AU_IPv6; 629 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t)); 630 } 631 632 static void 633 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock, 634 au_tid_addr_t *termid) 635 { 636 termid->at_port = adt_ports_to_at_port(peer->sin_port, sock->sin_port); 637 termid->at_type = AU_IPv4; 638 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr; 639 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t)); 640 } 641 642 /* 643 * adt_load_termid: convenience function; inputs file handle and 644 * outputs an au_tid_addr struct. 645 * 646 * This code was stolen from audit_settid.c; it differs from audit_settid() 647 * in that it does not write the terminal id to the process. 648 */ 649 650 int 651 adt_load_termid(int fd, adt_termid_t **termid) 652 { 653 au_tid_addr_t *p_term; 654 struct sockaddr_in6 peer; 655 struct sockaddr_in6 sock; 656 int peerlen = sizeof (peer); 657 int socklen = sizeof (sock); 658 659 /* get peer name if its a socket, else assume local terminal */ 660 661 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen) 662 < 0) { 663 if (errno == ENOTSOCK) { 664 return (adt_load_hostname(NULL, termid)); 665 } 666 goto return_err; 667 } 668 669 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 670 goto return_err; 671 } 672 673 /* get sock name */ 674 if (getsockname(fd, (struct sockaddr *)&sock, 675 (socklen_t *)&socklen) < 0) { 676 goto return_err_free; 677 } 678 679 if (peer.sin6_family == AF_INET6) { 680 adt_do_ipv6_address(&peer, &sock, p_term); 681 } else { 682 adt_do_ipv4_address((struct sockaddr_in *)&peer, 683 (struct sockaddr_in *)&sock, p_term); 684 } 685 *termid = (adt_termid_t *)p_term; 686 687 return (0); 688 689 return_err_free: 690 free(p_term); 691 return_err: 692 *termid = NULL; 693 return (-1); 694 } 695 696 static boolean_t 697 adt_have_termid(au_tid_addr_t *dest) 698 { 699 struct auditinfo_addr audit_data; 700 701 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) { 702 adt_write_syslog("getaudit failed", errno); 703 return (B_FALSE); 704 } 705 706 if ((audit_data.ai_termid.at_type == 0) || 707 (audit_data.ai_termid.at_addr[0] | 708 audit_data.ai_termid.at_addr[1] | 709 audit_data.ai_termid.at_addr[2] | 710 audit_data.ai_termid.at_addr[3]) == 0) 711 return (B_FALSE); 712 713 (void) memcpy(dest, &(audit_data.ai_termid), 714 sizeof (au_tid_addr_t)); 715 716 return (B_TRUE); 717 } 718 719 /* 720 * adt_get_hostIP - construct a terminal id from a hostname 721 * 722 * Returns 0 = success 723 * -1 = failure and errno = ENETDOWN with the address 724 * defaulted to IPv4 loopback. 725 */ 726 727 static int 728 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term) 729 { 730 struct addrinfo *ai = NULL; 731 int tries = 3; 732 char msg[512]; 733 int eai_err; 734 735 while ((tries-- > 0) && 736 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) { 737 /* 738 * getaddrinfo returns its own set of errors. 739 * Log them here, so any subsequent syslogs will 740 * have a context. adt_get_hostIP callers can only 741 * return errno, so subsequent syslogs may be lacking 742 * that getaddrinfo failed. 743 */ 744 (void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) " 745 "failed[%s]", hostname, gai_strerror(eai_err)); 746 adt_write_syslog(msg, 0); 747 748 if (eai_err != EAI_AGAIN) { 749 750 break; 751 } 752 /* see if resolution becomes available */ 753 (void) sleep(1); 754 } 755 if (ai != NULL) { 756 if (ai->ai_family == AF_INET) { 757 p_term->at_type = AU_IPv4; 758 (void) memcpy(p_term->at_addr, 759 /* LINTED */ 760 &((struct sockaddr_in *)ai->ai_addr)->sin_addr, 761 AU_IPv4); 762 } else { 763 p_term->at_type = AU_IPv6; 764 (void) memcpy(p_term->at_addr, 765 /* LINTED */ 766 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr, 767 AU_IPv6); 768 } 769 freeaddrinfo(ai); 770 return (0); 771 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) { 772 auditinfo_addr_t audit_info; 773 774 /* 775 * auditd is running so there should be a 776 * kernel audit context 777 */ 778 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info, 779 sizeof (audit_info)) < 0) { 780 adt_write_syslog("unable to get kernel audit context", 781 errno); 782 goto try_interface; 783 } 784 adt_write_syslog("setting Audit IP address to kernel", 0); 785 *p_term = audit_info.ai_termid; 786 return (0); 787 } 788 try_interface: 789 { 790 struct ifaddrlist al; 791 int family; 792 char ntop[INET6_ADDRSTRLEN]; 793 794 /* 795 * getaddrinfo has failed to map the hostname 796 * to an IP address, try to get an IP address 797 * from a local interface. If none up, default 798 * to loopback. 799 */ 800 family = AF_INET6; 801 if (adt_get_local_address(family, &al) != 0) { 802 family = AF_INET; 803 804 if (adt_get_local_address(family, &al) != 0) { 805 adt_write_syslog("adt_get_local_address " 806 "failed, no Audit IP address available, " 807 "faking loopback and error", 808 errno); 809 IN_SET_LOOPBACK_ADDR( 810 (struct sockaddr_in *)&(al.addr.addr)); 811 (void) memcpy(p_term->at_addr, &al.addr.addr, 812 AU_IPv4); 813 p_term->at_type = AU_IPv4; 814 return (-1); 815 } 816 } 817 if (family == AF_INET) { 818 p_term->at_type = AU_IPv4; 819 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4); 820 } else { 821 p_term->at_type = AU_IPv6; 822 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6); 823 } 824 825 (void) snprintf(msg, sizeof (msg), "mapping %s to %s", 826 hostname, inet_ntop(family, &(al.addr), ntop, 827 sizeof (ntop))); 828 adt_write_syslog(msg, 0); 829 return (0); 830 } 831 } 832 833 /* 834 * adt_load_hostname() is called when the caller does not have a file 835 * handle that gives access to the socket info or any other way to 836 * pass in both port and ip address. The hostname input is ignored if 837 * the terminal id has already been set; instead it returns the 838 * existing terminal id. 839 * 840 * If c2audit is excluded, success is returned. 841 * If the hostname lookup fails, the loopback address is assumed, 842 * errno is set to ENETDOWN, this allows the caller to interpret 843 * whether failure is fatal, and if not to have a address for the 844 * hostname. 845 * Otherwise the caller would need to be aware of the audit state. 846 * 847 * Other errors are ignored if not auditing. 848 */ 849 850 int 851 adt_load_hostname(const char *hostname, adt_termid_t **termid) 852 { 853 char localhost[MAXHOSTNAMELEN + 1]; 854 au_tid_addr_t *p_term; 855 856 if (adt_audit_state(AUC_DISABLED)) { 857 /* c2audit excluded */ 858 *termid = NULL; 859 return (0); 860 } 861 862 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 863 goto return_err; 864 } 865 866 if (adt_have_termid(p_term)) { 867 *termid = (adt_termid_t *)p_term; 868 return (0); 869 } 870 p_term->at_port = 0; 871 872 if (hostname == NULL || *hostname == '\0') { 873 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN); 874 hostname = localhost; 875 } 876 if (adt_get_hostIP(hostname, p_term) == 0) { 877 *termid = (adt_termid_t *)p_term; 878 return (0); 879 } else { 880 *termid = (adt_termid_t *)p_term; 881 return (-1); 882 } 883 884 return_err: 885 *termid = NULL; 886 if (auditstate & AUC_NOAUDIT) { 887 return (0); 888 } 889 890 return (-1); 891 } 892 893 /* 894 * adt_load_ttyname() is called when the caller does not have a file 895 * handle that gives access to the local terminal or any other way 896 * of determining the device id. The ttyname input is ignored if 897 * the terminal id has already been set; instead it returns the 898 * existing terminal id. 899 * 900 * If c2audit is excluded, success is returned. 901 * The local hostname is used for the local IP address. 902 * If that hostname lookup fails, the loopback address is assumed, 903 * errno is set to ENETDOWN, this allows the caller to interpret 904 * whether failure is fatal, and if not to have a address for the 905 * hostname. 906 * Otherwise the caller would need to be aware of the audit state. 907 * 908 * Other errors are ignored if not auditing. 909 */ 910 911 int 912 adt_load_ttyname(const char *ttyname, adt_termid_t **termid) 913 { 914 char localhost[MAXHOSTNAMELEN + 1]; 915 au_tid_addr_t *p_term; 916 struct stat stat_buf; 917 918 if (adt_audit_state(AUC_DISABLED)) { 919 /* c2audit excluded */ 920 *termid = NULL; 921 return (0); 922 } 923 924 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) { 925 goto return_err; 926 } 927 928 if (adt_have_termid(p_term)) { 929 *termid = (adt_termid_t *)p_term; 930 return (0); 931 } 932 933 p_term->at_port = 0; 934 935 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) { 936 goto return_err_free; /* errno from sysinfo */ 937 } 938 939 if (ttyname != NULL && *ttyname != '\0') { 940 if (stat(ttyname, &stat_buf) < 0) { 941 goto return_err_free; 942 } 943 944 p_term->at_port = stat_buf.st_rdev; 945 } 946 947 if (adt_get_hostIP(localhost, p_term) == 0) { 948 *termid = (adt_termid_t *)p_term; 949 return (0); 950 } else { 951 *termid = (adt_termid_t *)p_term; 952 return (-1); 953 } 954 955 return_err_free: 956 free(p_term); 957 958 return_err: 959 *termid = NULL; 960 if (auditstate & AUC_NOAUDIT) { 961 return (0); 962 } 963 964 return (-1); 965 } 966 967 /* 968 * adt_get_session_id returns a stringified representation of 969 * the audit session id. See also adt_get_asid() for how to 970 * get the unexpurgated version. No guarantees as to how long 971 * the returned string will be or its general form; hex for now. 972 * 973 * An empty string is returned if auditing is off; length = 1 974 * and the pointer is valid. 975 * 976 * returns strlen + 1 if buffer is valid; else 0 and errno. 977 */ 978 979 size_t 980 adt_get_session_id(const adt_session_data_t *session_data, char **buff) 981 { 982 au_asid_t session_id; 983 size_t length; 984 /* 985 * output is 0x followed by 986 * two characters per byte 987 * plus terminator, 988 * except leading 0's are suppressed, so a few bytes may 989 * be unused. 990 */ 991 length = 2 + (2 * sizeof (session_id)) + 1; 992 *buff = malloc(length); 993 994 if (*buff == NULL) { 995 return (0); 996 } 997 if (session_data == NULL) { /* NULL is not an error */ 998 **buff = '\0'; 999 return (1); 1000 } 1001 adt_get_asid(session_data, &session_id); 1002 1003 length = snprintf(*buff, length, "0x%X", (int)session_id); 1004 1005 /* length < 1 is a bug: the session data type may have changed */ 1006 assert(length > 0); 1007 1008 return (length); 1009 } 1010 1011 /* 1012 * adt_end_session -- close handle, clear context 1013 * 1014 * if as_check is invalid, no harm, no foul, EXCEPT that this could 1015 * be an attempt to free data already free'd, so output to syslog 1016 * to help explain why the process cored dumped. 1017 */ 1018 1019 int 1020 adt_end_session(adt_session_data_t *session_data) 1021 { 1022 adt_internal_state_t *state; 1023 1024 if (session_data != NULL) { 1025 state = (adt_internal_state_t *)session_data; 1026 if (state->as_check != ADT_VALID) { 1027 adt_write_syslog("freeing invalid data", EINVAL); 1028 } else { 1029 state->as_check = 0; 1030 m_label_free(state->as_label); 1031 free(session_data); 1032 } 1033 } 1034 /* no errors yet defined */ 1035 return (0); 1036 } 1037 1038 /* 1039 * adt_dup_session -- copy the session data 1040 */ 1041 1042 int 1043 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest) 1044 { 1045 adt_internal_state_t *source_state; 1046 adt_internal_state_t *dest_state = NULL; 1047 int rc = 0; 1048 1049 if (source != NULL) { 1050 source_state = (adt_internal_state_t *)source; 1051 assert(source_state->as_check == ADT_VALID); 1052 1053 dest_state = malloc(sizeof (adt_internal_state_t)); 1054 if (dest_state == NULL) { 1055 rc = -1; 1056 goto return_rc; 1057 } 1058 (void) memcpy(dest_state, source, 1059 sizeof (struct adt_internal_state)); 1060 1061 if (source_state->as_label != NULL) { 1062 dest_state->as_label = NULL; 1063 if ((rc = m_label_dup(&dest_state->as_label, 1064 source_state->as_label)) != 0) { 1065 free(dest_state); 1066 dest_state = NULL; 1067 } 1068 } 1069 } 1070 return_rc: 1071 *dest = (adt_session_data_t *)dest_state; 1072 return (rc); 1073 } 1074 1075 /* 1076 * from_export_format() 1077 * read from a network order buffer into struct adt_session_data 1078 */ 1079 1080 static size_t 1081 adt_from_export_format(adt_internal_state_t *internal, 1082 const adt_export_data_t *external) 1083 { 1084 struct export_header head; 1085 struct export_link link; 1086 adr_t context; 1087 int32_t offset; 1088 int32_t length; 1089 int32_t version; 1090 size_t label_len; 1091 char *p = (char *)external; 1092 1093 adrm_start(&context, (char *)external); 1094 adrm_int32(&context, (int *)&head, 4); 1095 1096 if ((internal->as_check = head.ax_check) != ADT_VALID) { 1097 errno = EINVAL; 1098 return (0); 1099 } 1100 offset = head.ax_link.ax_offset; 1101 version = head.ax_link.ax_version; 1102 length = head.ax_buffer_length; 1103 1104 /* 1105 * Skip newer versions. 1106 */ 1107 while (version > PROTOCOL_VERSION_2) { 1108 if (offset < 1) { 1109 return (0); /* failed to match version */ 1110 } 1111 p += offset; /* point to next version # */ 1112 1113 if (p > (char *)external + length) { 1114 return (0); 1115 } 1116 adrm_start(&context, p); 1117 adrm_int32(&context, (int *)&link, 2); 1118 offset = link.ax_offset; 1119 version = link.ax_version; 1120 assert(version != 0); 1121 } 1122 /* 1123 * Adjust buffer pointer to the first data item (euid). 1124 */ 1125 if (p == (char *)external) { 1126 adrm_start(&context, (char *)(p + sizeof (head))); 1127 } else { 1128 adrm_start(&context, (char *)(p + sizeof (link))); 1129 } 1130 /* 1131 * if down rev version, neither pid nor label are included 1132 * in v1 ax_size_of_tsol_data intentionally ignored 1133 */ 1134 if (version == PROTOCOL_VERSION_1) { 1135 adrm_int32(&context, (int *)&(internal->as_euid), 1); 1136 adrm_int32(&context, (int *)&(internal->as_ruid), 1); 1137 adrm_int32(&context, (int *)&(internal->as_egid), 1); 1138 adrm_int32(&context, (int *)&(internal->as_rgid), 1); 1139 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1); 1140 adrm_int32(&context, 1141 (int *)&(internal->as_info.ai_mask.am_success), 2); 1142 adrm_int32(&context, 1143 (int *)&(internal->as_info.ai_termid.at_port), 1); 1144 adrm_int32(&context, 1145 (int *)&(internal->as_info.ai_termid.at_type), 1); 1146 adrm_int32(&context, 1147 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1148 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1); 1149 adrm_int32(&context, (int *)&(internal->as_audit_state), 1); 1150 internal->as_pid = (pid_t)-1; 1151 internal->as_label = NULL; 1152 } else if (version == PROTOCOL_VERSION_2) { 1153 adrm_int32(&context, (int *)&(internal->as_euid), 1); 1154 adrm_int32(&context, (int *)&(internal->as_ruid), 1); 1155 adrm_int32(&context, (int *)&(internal->as_egid), 1); 1156 adrm_int32(&context, (int *)&(internal->as_rgid), 1); 1157 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1); 1158 adrm_int32(&context, 1159 (int *)&(internal->as_info.ai_mask.am_success), 2); 1160 adrm_int32(&context, 1161 (int *)&(internal->as_info.ai_termid.at_port), 1); 1162 adrm_int32(&context, 1163 (int *)&(internal->as_info.ai_termid.at_type), 1); 1164 adrm_int32(&context, 1165 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1166 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1); 1167 adrm_int32(&context, (int *)&(internal->as_audit_state), 1); 1168 adrm_int32(&context, (int *)&(internal->as_pid), 1); 1169 adrm_int32(&context, (int *)&label_len, 1); 1170 if (label_len > 0) { 1171 /* read in and deal with different sized labels. */ 1172 size32_t my_label_len = blabel_size(); 1173 1174 if ((internal->as_label = 1175 m_label_alloc(MAC_LABEL)) == NULL) { 1176 return (0); 1177 } 1178 if (label_len > my_label_len) { 1179 errno = EINVAL; 1180 m_label_free(internal->as_label); 1181 return (0); 1182 } 1183 (void) memset(internal->as_label, 0, my_label_len); 1184 adrm_int32(&context, (int *)(internal->as_label), 1185 label_len / sizeof (int32_t)); 1186 } else { 1187 internal->as_label = NULL; 1188 } 1189 } 1190 1191 return (length); 1192 } 1193 1194 /* 1195 * adt_to_export_format 1196 * read from struct adt_session_data into a network order buffer. 1197 * 1198 * (network order 'cause this data may be shared with a remote host.) 1199 */ 1200 1201 static size_t 1202 adt_to_export_format(adt_export_data_t *external, 1203 adt_internal_state_t *internal) 1204 { 1205 struct export_header head; 1206 struct export_link tail; 1207 adr_t context; 1208 size32_t label_len = 0; 1209 1210 adrm_start(&context, (char *)external); 1211 1212 if (internal->as_label != NULL) { 1213 label_len = blabel_size(); 1214 } 1215 1216 head.ax_check = ADT_VALID; 1217 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len; 1218 1219 /* version 2 first */ 1220 1221 head.ax_link.ax_version = PROTOCOL_VERSION_2; 1222 head.ax_link.ax_offset = sizeof (struct export_header) + 1223 sizeof (struct adt_export_v2) + label_len; 1224 1225 adrm_putint32(&context, (int *)&head, 4); 1226 1227 adrm_putint32(&context, (int *)&(internal->as_euid), 1); 1228 adrm_putint32(&context, (int *)&(internal->as_ruid), 1); 1229 adrm_putint32(&context, (int *)&(internal->as_egid), 1); 1230 adrm_putint32(&context, (int *)&(internal->as_rgid), 1); 1231 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1); 1232 adrm_putint32(&context, 1233 (int *)&(internal->as_info.ai_mask.am_success), 2); 1234 adrm_putint32(&context, 1235 (int *)&(internal->as_info.ai_termid.at_port), 1); 1236 adrm_putint32(&context, 1237 (int *)&(internal->as_info.ai_termid.at_type), 1); 1238 adrm_putint32(&context, 1239 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1240 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1); 1241 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1); 1242 adrm_putint32(&context, (int *)&(internal->as_pid), 1); 1243 adrm_putint32(&context, (int *)&label_len, 1); 1244 if (internal->as_label != NULL) { 1245 /* serialize the label */ 1246 adrm_putint32(&context, (int *)(internal->as_label), 1247 (label_len / sizeof (int32_t))); 1248 } 1249 1250 /* now version 1 */ 1251 1252 tail.ax_version = PROTOCOL_VERSION_1; 1253 tail.ax_offset = 0; 1254 1255 adrm_putint32(&context, (int *)&tail, 2); 1256 1257 adrm_putint32(&context, (int *)&(internal->as_euid), 1); 1258 adrm_putint32(&context, (int *)&(internal->as_ruid), 1); 1259 adrm_putint32(&context, (int *)&(internal->as_egid), 1); 1260 adrm_putint32(&context, (int *)&(internal->as_rgid), 1); 1261 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1); 1262 adrm_putint32(&context, 1263 (int *)&(internal->as_info.ai_mask.am_success), 2); 1264 adrm_putint32(&context, 1265 (int *)&(internal->as_info.ai_termid.at_port), 1); 1266 adrm_putint32(&context, 1267 (int *)&(internal->as_info.ai_termid.at_type), 1); 1268 adrm_putint32(&context, 1269 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4); 1270 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1); 1271 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1); 1272 /* ignored in v1 */ 1273 adrm_putint32(&context, (int *)&label_len, 1); 1274 1275 /* finally terminator */ 1276 1277 tail.ax_version = 0; /* invalid version number */ 1278 tail.ax_offset = 0; 1279 1280 adrm_putint32(&context, (int *)&tail, 2); 1281 1282 return (head.ax_buffer_length); 1283 } 1284 1285 /* 1286 * adt_ucred_label() -- if label is available, duplicate it. 1287 */ 1288 1289 static m_label_t * 1290 adt_ucred_label(ucred_t *uc) 1291 { 1292 m_label_t *ul = NULL; 1293 1294 if (ucred_getlabel(uc) != NULL) { 1295 (void) m_label_dup(&ul, ucred_getlabel(uc)); 1296 } 1297 1298 return (ul); 1299 } 1300 1301 /* 1302 * adt_import() -- convert from network order to machine-specific order 1303 */ 1304 1305 static int 1306 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external) 1307 { 1308 au_mask_t mask; 1309 1310 /* save local audit state */ 1311 int local_audit_state = internal->as_audit_state; 1312 1313 if (adt_from_export_format(internal, external) < 1) 1314 return (-1); /* errno from adt_from_export_format */ 1315 1316 /* 1317 * If audit isn't enabled on the remote, they were unable 1318 * to generate the audit mask, so generate it based on 1319 * local configuration. If the user id has changed, the 1320 * resulting mask may miss some subtleties that occurred 1321 * on the remote system. 1322 * 1323 * If the remote failed to generate a terminal id, it is not 1324 * recoverable. 1325 */ 1326 1327 if (!(internal->as_audit_state & AUC_DISABLED)) { 1328 if (adt_get_mask_from_user(internal->as_info.ai_auid, 1329 &(internal->as_info.ai_mask))) 1330 return (-1); 1331 if (internal->as_info.ai_auid != internal->as_ruid) { 1332 if (adt_get_mask_from_user(internal->as_info.ai_auid, 1333 &mask)) 1334 return (-1); 1335 internal->as_info.ai_mask.am_success |= 1336 mask.am_success; 1337 internal->as_info.ai_mask.am_failure |= 1338 mask.am_failure; 1339 } 1340 } 1341 internal->as_audit_state = local_audit_state; 1342 1343 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(), 1344 internal->as_info.ai_asid, 1345 internal->as_info.ai_asid)); 1346 1347 internal->as_have_user_data = ADT_HAVE_ALL; 1348 1349 return (0); 1350 } 1351 1352 /* 1353 * adt_export_session_data() 1354 * copies a adt_session_data struct into a network order buffer 1355 * 1356 * In a misconfigured network, the local host may have auditing 1357 * off while the destination may have auditing on, so if there 1358 * is sufficient memory, a buffer will be returned even in the 1359 * audit off case. 1360 */ 1361 1362 size_t 1363 adt_export_session_data(const adt_session_data_t *internal, 1364 adt_export_data_t **external) 1365 { 1366 size32_t length = 0; 1367 1368 if ((internal != NULL) && 1369 ((adt_internal_state_t *)internal)->as_label != NULL) { 1370 length = blabel_size(); 1371 } 1372 1373 *external = malloc(sizeof (adt_export_data_t) + length); 1374 1375 if (*external == NULL) 1376 return (0); 1377 1378 if (internal == NULL) { 1379 adt_internal_state_t *dummy; 1380 1381 dummy = malloc(sizeof (adt_internal_state_t)); 1382 if (dummy == NULL) 1383 goto return_length_free; 1384 1385 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */ 1386 free(dummy); 1387 goto return_length_free; 1388 } 1389 length = adt_to_export_format(*external, dummy); 1390 free(dummy); 1391 } else { 1392 length = adt_to_export_format(*external, 1393 (adt_internal_state_t *)internal); 1394 } 1395 return (length); 1396 1397 return_length_free: 1398 free(*external); 1399 *external = NULL; 1400 return (0); 1401 } 1402 1403 static void 1404 adt_setto_unaudited(adt_internal_state_t *state) 1405 { 1406 if (state->as_audit_state & AUC_DISABLED) { 1407 state->as_ruid = AU_NOAUDITID; 1408 state->as_euid = AU_NOAUDITID; 1409 state->as_rgid = AU_NOAUDITID; 1410 state->as_egid = AU_NOAUDITID; 1411 state->as_pid = (pid_t)-1; 1412 state->as_label = NULL; 1413 } else { 1414 state->as_info.ai_asid = 0; 1415 state->as_info.ai_auid = AU_NOAUDITID; 1416 1417 (void) memset((void *)&(state->as_info.ai_termid), 0, 1418 sizeof (au_tid_addr_t)); 1419 state->as_info.ai_termid.at_type = AU_IPv4; 1420 1421 (void) memset((void *)&(state->as_info.ai_mask), 0, 1422 sizeof (au_mask_t)); 1423 state->as_have_user_data = 0; 1424 } 1425 } 1426 1427 /* 1428 * adt_init -- set session context by copying the audit characteristics 1429 * from the proc and picking up current uid/tid information. 1430 * 1431 * By default, an audit session is based on the process; the default 1432 * is overriden by adt_set_user() 1433 */ 1434 1435 static int 1436 adt_init(adt_internal_state_t *state, int use_proc_data) 1437 { 1438 /* ensure auditstate is set */ 1439 1440 (void) adt_audit_state(0); 1441 state->as_audit_state = auditstate; 1442 1443 if (use_proc_data) { 1444 state->as_ruid = getuid(); 1445 state->as_euid = geteuid(); 1446 state->as_rgid = getgid(); 1447 state->as_egid = getegid(); 1448 state->as_pid = getpid(); 1449 1450 if (!(state->as_audit_state & AUC_DISABLED)) { 1451 const au_tid64_addr_t *tid; 1452 const au_mask_t *mask; 1453 ucred_t *ucred = ucred_get(P_MYID); 1454 1455 /* 1456 * Even if the ucred is NULL, the underlying 1457 * credential may have a valid terminal id; if the 1458 * terminal id is set, then that's good enough. An 1459 * example of where this matters is failed login, 1460 * where rlogin/telnet sets the terminal id before 1461 * calling login; login does not load the credential 1462 * since auth failed. 1463 */ 1464 if (ucred == NULL) { 1465 if (!adt_have_termid( 1466 &(state->as_info.ai_termid))) 1467 return (-1); 1468 } else { 1469 mask = ucred_getamask(ucred); 1470 if (mask != NULL) { 1471 state->as_info.ai_mask = *mask; 1472 } else { 1473 ucred_free(ucred); 1474 return (-1); 1475 } 1476 tid = ucred_getatid(ucred); 1477 if (tid != NULL) { 1478 adt_cpy_tid(&(state->as_info.ai_termid), 1479 tid); 1480 } else { 1481 ucred_free(ucred); 1482 return (-1); 1483 } 1484 state->as_info.ai_asid = ucred_getasid(ucred); 1485 state->as_info.ai_auid = ucred_getauid(ucred); 1486 state->as_label = adt_ucred_label(ucred); 1487 ucred_free(ucred); 1488 } 1489 state->as_have_user_data = ADT_HAVE_ALL; 1490 } 1491 } else { 1492 adt_setto_unaudited(state); 1493 } 1494 state->as_session_model = ADT_SESSION_MODEL; /* default */ 1495 1496 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) && 1497 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy), 1498 sizeof (state->as_kernel_audit_policy))) { 1499 return (-1); /* errno set by auditon */ 1500 } 1501 state->as_check = ADT_VALID; 1502 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0], 1503 &adt_preload); 1504 return (0); 1505 } 1506 1507 /* 1508 * adt_set_proc 1509 * 1510 * Copy the current session state to the process. If this function 1511 * is called, the model becomes a process model rather than a 1512 * session model. 1513 * 1514 * In the current implementation, the value state->as_have_user_data 1515 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set 1516 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in. 1517 * 1518 */ 1519 1520 int 1521 adt_set_proc(const adt_session_data_t *session_data) 1522 { 1523 adt_internal_state_t *state; 1524 1525 if (session_data == NULL) { 1526 return (0); 1527 } 1528 1529 state = (adt_internal_state_t *)session_data; 1530 1531 assert(state->as_check == ADT_VALID); 1532 1533 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) != 1534 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) { 1535 errno = EINVAL; 1536 goto return_err; 1537 } 1538 1539 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info), 1540 sizeof (auditinfo_addr_t)) < 0) { 1541 goto return_err; /* errno set by setaudit_addr() */ 1542 } 1543 1544 state->as_session_model = ADT_PROCESS_MODEL; 1545 1546 return (0); 1547 1548 return_err: 1549 adt_write_syslog("failed to set process audit characteristics", errno); 1550 return (-1); 1551 } 1552 1553 static int 1554 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid) 1555 { 1556 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0}; 1557 au_mask_t no_mask = {0, 0}; 1558 1559 if (ruid == ADT_NO_AUDIT) { 1560 state->as_info.ai_auid = AU_NOAUDITID; 1561 state->as_info.ai_asid = 0; 1562 state->as_info.ai_termid = no_tid; 1563 state->as_info.ai_mask = no_mask; 1564 return (0); 1565 } 1566 state->as_info.ai_auid = ruid; 1567 state->as_info.ai_asid = adt_get_unique_id(ruid); 1568 if (termid != NULL) 1569 state->as_info.ai_termid = *termid; 1570 1571 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask))) 1572 return (-1); 1573 1574 /* Assume intending to audit as this process */ 1575 1576 if (state->as_pid == (pid_t)-1) 1577 state->as_pid = getpid(); 1578 1579 if (is_system_labeled() && state->as_label == NULL) { 1580 ucred_t *ucred = ucred_get(P_MYID); 1581 1582 state->as_label = adt_ucred_label(ucred); 1583 ucred_free(ucred); 1584 } 1585 1586 return (0); 1587 } 1588 1589 static int 1590 adt_changeuser(adt_internal_state_t *state, uid_t ruid) 1591 { 1592 au_mask_t mask; 1593 1594 if (!(state->as_have_user_data & ADT_HAVE_AUID)) 1595 state->as_info.ai_auid = ruid; 1596 if (!(state->as_have_user_data & ADT_HAVE_ASID)) 1597 state->as_info.ai_asid = adt_get_unique_id(ruid); 1598 1599 if (ruid <= MAXEPHUID) { 1600 if (adt_get_mask_from_user(ruid, &mask)) 1601 return (-1); 1602 1603 state->as_info.ai_mask.am_success |= mask.am_success; 1604 state->as_info.ai_mask.am_failure |= mask.am_failure; 1605 } 1606 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n", 1607 state->as_info.ai_mask.am_success, 1608 state->as_info.ai_mask.am_failure, 1609 ruid)); 1610 return (0); 1611 } 1612 1613 /* 1614 * adt_set_user -- see also adt_set_from_ucred() 1615 * 1616 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or 1617 * "unattributed." If ruid, change the model to session. 1618 * 1619 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value" 1620 * only valid with ADT_UPDATE. 1621 * 1622 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there 1623 * isn't a good reason to call adt_set_user() with it unless you don't 1624 * have a good value yet and intend to replace it later; auid will be 1625 * AU_NOAUDITID. 1626 * 1627 * adt_set_user should be called even if auditing is not enabled 1628 * so that adt_export_session_data() will have useful stuff to 1629 * work with. 1630 * 1631 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID 1632 * and ADT_HAVE_ALL. 1633 */ 1634 1635 int 1636 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid, 1637 uid_t ruid, gid_t rgid, const adt_termid_t *termid, 1638 enum adt_user_context user_context) 1639 { 1640 adt_internal_state_t *state; 1641 int rc; 1642 1643 if (session_data == NULL) /* no session exists to audit */ 1644 return (0); 1645 1646 state = (adt_internal_state_t *)session_data; 1647 assert(state->as_check == ADT_VALID); 1648 1649 switch (user_context) { 1650 case ADT_NEW: 1651 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE || 1652 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) { 1653 errno = EINVAL; 1654 return (-1); 1655 } 1656 if ((rc = adt_newuser(state, ruid, 1657 (au_tid_addr_t *)termid)) != 0) 1658 return (rc); 1659 1660 state->as_have_user_data = ADT_HAVE_ALL; 1661 break; 1662 case ADT_UPDATE: 1663 if (state->as_have_user_data != ADT_HAVE_ALL) { 1664 errno = EINVAL; 1665 return (-1); 1666 } 1667 1668 if (ruid != ADT_NO_CHANGE) 1669 if ((rc = adt_changeuser(state, ruid)) != 0) 1670 return (rc); 1671 break; 1672 case ADT_USER: 1673 if (state->as_have_user_data != ADT_HAVE_ALL) { 1674 errno = EINVAL; 1675 return (-1); 1676 } 1677 break; 1678 case ADT_SETTID: 1679 assert(termid != NULL); 1680 state->as_info.ai_termid = *((au_tid_addr_t *)termid); 1681 /* avoid fooling pam_setcred()... */ 1682 state->as_info.ai_auid = AU_NOAUDITID; 1683 state->as_info.ai_asid = 0; 1684 state->as_info.ai_mask.am_failure = 0; 1685 state->as_info.ai_mask.am_success = 0; 1686 state->as_have_user_data = ADT_HAVE_TID | 1687 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK; 1688 return (0); 1689 default: 1690 errno = EINVAL; 1691 return (-1); 1692 } 1693 1694 if (ruid == ADT_NO_AUDIT) { 1695 state->as_ruid = AU_NOAUDITID; 1696 state->as_euid = AU_NOAUDITID; 1697 state->as_rgid = AU_NOAUDITID; 1698 state->as_egid = AU_NOAUDITID; 1699 } else { 1700 if (ruid != ADT_NO_CHANGE) 1701 state->as_ruid = ruid; 1702 if (euid != ADT_NO_CHANGE) 1703 state->as_euid = euid; 1704 if (rgid != ADT_NO_CHANGE) 1705 state->as_rgid = rgid; 1706 if (egid != ADT_NO_CHANGE) 1707 state->as_egid = egid; 1708 } 1709 1710 if (ruid == ADT_NO_ATTRIB) { 1711 state->as_session_model = ADT_SESSION_MODEL; 1712 } 1713 1714 return (0); 1715 } 1716 1717 /* 1718 * adt_set_from_ucred() 1719 * 1720 * an alternate to adt_set_user that fills the same role but uses 1721 * a pointer to a ucred rather than a list of id's. If the ucred 1722 * pointer is NULL, use the credential from the this process. 1723 * 1724 * A key difference is that for ADT_NEW, adt_set_from_ucred() does 1725 * not overwrite the asid and auid unless auid has not been set. 1726 * ADT_NEW differs from ADT_UPDATE in that it does not OR together 1727 * the incoming audit mask with the one that already exists. 1728 * 1729 * adt_set_from_ucred should be called even if auditing is not enabled 1730 * so that adt_export_session_data() will have useful stuff to 1731 * work with. 1732 */ 1733 1734 int 1735 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc, 1736 enum adt_user_context user_context) 1737 { 1738 adt_internal_state_t *state; 1739 int rc = -1; 1740 const au_tid64_addr_t *tid64; 1741 au_tid_addr_t termid, *tid; 1742 ucred_t *ucred = (ucred_t *)uc; 1743 boolean_t local_uc = B_FALSE; 1744 1745 if (session_data == NULL) /* no session exists to audit */ 1746 return (0); 1747 1748 state = (adt_internal_state_t *)session_data; 1749 assert(state->as_check == ADT_VALID); 1750 1751 if (ucred == NULL) { 1752 ucred = ucred_get(P_MYID); 1753 1754 if (ucred == NULL) 1755 goto return_rc; 1756 local_uc = B_TRUE; 1757 } 1758 1759 switch (user_context) { 1760 case ADT_NEW: 1761 tid64 = ucred_getatid(ucred); 1762 if (tid64 != NULL) { 1763 adt_cpy_tid(&termid, tid64); 1764 tid = &termid; 1765 } else { 1766 tid = NULL; 1767 } 1768 if (ucred_getauid(ucred) == AU_NOAUDITID) { 1769 adt_setto_unaudited(state); 1770 state->as_have_user_data = ADT_HAVE_ALL; 1771 rc = 0; 1772 goto return_rc; 1773 } else { 1774 state->as_info.ai_auid = ucred_getauid(ucred); 1775 state->as_info.ai_asid = ucred_getasid(ucred); 1776 state->as_info.ai_mask = *ucred_getamask(ucred); 1777 state->as_info.ai_termid = *tid; 1778 } 1779 state->as_have_user_data = ADT_HAVE_ALL; 1780 break; 1781 case ADT_UPDATE: 1782 if (state->as_have_user_data != ADT_HAVE_ALL) { 1783 errno = EINVAL; 1784 goto return_rc; 1785 } 1786 1787 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0) 1788 goto return_rc; 1789 break; 1790 case ADT_USER: 1791 if (state->as_have_user_data != ADT_HAVE_ALL) { 1792 errno = EINVAL; 1793 goto return_rc; 1794 } 1795 break; 1796 default: 1797 errno = EINVAL; 1798 goto return_rc; 1799 } 1800 rc = 0; 1801 1802 state->as_ruid = ucred_getruid(ucred); 1803 state->as_euid = ucred_geteuid(ucred); 1804 state->as_rgid = ucred_getrgid(ucred); 1805 state->as_egid = ucred_getegid(ucred); 1806 state->as_pid = ucred_getpid(ucred); 1807 state->as_label = adt_ucred_label(ucred); 1808 1809 return_rc: 1810 if (local_uc) { 1811 ucred_free(ucred); 1812 } 1813 return (rc); 1814 } 1815 1816 /* 1817 * adt_alloc_event() returns a pointer to allocated memory 1818 * 1819 */ 1820 1821 adt_event_data_t 1822 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id) 1823 { 1824 struct adt_event_state *event_state; 1825 adt_internal_state_t *session_state; 1826 adt_event_data_t *return_event = NULL; 1827 /* 1828 * need to return a valid event pointer even if audit is 1829 * off, else the caller will end up either (1) keeping its 1830 * own flags for on/off or (2) writing to a NULL pointer. 1831 * If auditing is on, the session data must be valid; otherwise 1832 * we don't care. 1833 */ 1834 if (session_data != NULL) { 1835 session_state = (adt_internal_state_t *)session_data; 1836 assert(session_state->as_check == ADT_VALID); 1837 } 1838 event_state = calloc(1, sizeof (struct adt_event_state)); 1839 if (event_state == NULL) 1840 goto return_ptr; 1841 1842 event_state->ae_check = ADT_VALID; 1843 1844 event_state->ae_event_id = event_id; 1845 event_state->ae_session = (struct adt_internal_state *)session_data; 1846 1847 return_event = (adt_event_data_t *)&(event_state->ae_event_data); 1848 1849 /* 1850 * preload data so the adt_au_*() functions can detect un-supplied 1851 * values (0 and NULL are free via calloc()). 1852 */ 1853 if (session_data != NULL) { 1854 session_state->as_preload(event_id, return_event); 1855 } 1856 1857 return_ptr: 1858 return (return_event); 1859 } 1860 1861 /* 1862 * adt_getXlateTable -- look up translation table address for event id 1863 */ 1864 1865 static adt_translation_t * 1866 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id) 1867 { 1868 /* xlate_table is global in adt_xlate.c */ 1869 adt_translation_t **p_xlate = xlate; 1870 adt_translation_t *p_event; 1871 1872 while (*p_xlate != NULL) { 1873 p_event = *p_xlate; 1874 if (event_id == p_event->tx_external_event) 1875 return (p_event); 1876 p_xlate++; 1877 } 1878 return (NULL); 1879 } 1880 1881 /* 1882 * adt_calcOffsets 1883 * 1884 * the call to this function is surrounded by a mutex. 1885 * 1886 * i walks down the table picking up next_token. j walks again to 1887 * calculate the offset to the input data. k points to the next 1888 * token's row. Finally, l, is used to sum the values in the 1889 * datadef array. 1890 * 1891 * What's going on? The entry array is in the order of the input 1892 * fields but the processing of array entries is in the order of 1893 * the output (see next_token). Calculating the offset to the 1894 * "next" input can't be done in the outer loop (i) since i doesn't 1895 * point to the current entry and it can't be done with the k index 1896 * because it doesn't represent the order of input fields. 1897 * 1898 * While the resulting algorithm is n**2, it is only done once per 1899 * event type. 1900 */ 1901 1902 /* 1903 * adt_calcOffsets is only called once per event type, but it uses 1904 * the address alignment of memory allocated for that event as if it 1905 * were the same for all subsequently allocated memory. This is 1906 * guaranteed by calloc/malloc. Arrays take special handling since 1907 * what matters for figuring out the correct alignment is the size 1908 * of the array element. 1909 */ 1910 1911 static void 1912 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data) 1913 { 1914 int i, j; 1915 size_t this_size, prev_size; 1916 void *struct_start = p_data; 1917 1918 for (i = 0; i < tablesize; i++) { 1919 if (p_entry[i].en_type_def == NULL) { 1920 p_entry[i].en_offset = 0; 1921 continue; 1922 } 1923 prev_size = 0; 1924 p_entry[i].en_offset = (char *)p_data - (char *)struct_start; 1925 1926 for (j = 0; j < p_entry[i].en_count_types; j++) { 1927 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG) 1928 this_size = sizeof (enum adt_generic); 1929 else 1930 this_size = 1931 p_entry[i].en_type_def[j].dd_input_size; 1932 1933 /* adj for first entry */ 1934 if (prev_size == 0) 1935 prev_size = this_size; 1936 1937 if (p_entry[i].en_type_def[j].dd_datatype == 1938 ADT_UINT32ARRAY) { 1939 p_data = (char *)adt_adjust_address(p_data, 1940 prev_size, sizeof (uint32_t)) + 1941 this_size - sizeof (uint32_t); 1942 1943 prev_size = sizeof (uint32_t); 1944 } else { 1945 p_data = adt_adjust_address(p_data, prev_size, 1946 this_size); 1947 prev_size = this_size; 1948 } 1949 } 1950 } 1951 } 1952 1953 /* 1954 * adt_generate_event 1955 * generate event record from external struct. The order is based on 1956 * the output tokens, allowing for the possibility that the input data 1957 * is in a different order. 1958 * 1959 */ 1960 1961 static int 1962 adt_generate_event(const adt_event_data_t *p_extdata, 1963 struct adt_event_state *p_event, 1964 adt_translation_t *p_xlate) 1965 { 1966 struct entry *p_entry; 1967 static mutex_t lock = DEFAULTMUTEX; 1968 1969 p_entry = p_xlate->tx_first_entry; 1970 assert(p_entry != NULL); 1971 1972 p_event->ae_internal_id = p_xlate->tx_internal_event; 1973 adt_token_open(p_event); 1974 1975 /* 1976 * offsets are not pre-calculated; the initial offsets are all 1977 * 0; valid offsets are >= 0. Offsets for no-input tokens such 1978 * as subject are set to -1 by adt_calcOffset() 1979 */ 1980 if (p_xlate->tx_offsetsCalculated == 0) { 1981 (void) mutex_lock(&lock); 1982 p_xlate->tx_offsetsCalculated = 1; 1983 1984 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries, 1985 (void *)p_extdata); 1986 (void) mutex_unlock(&lock); 1987 } 1988 while (p_entry != NULL) { 1989 adt_generate_token(p_entry, (char *)p_extdata, p_event); 1990 1991 p_entry = p_entry->en_next_token; 1992 } 1993 return (adt_token_close(p_event)); 1994 } 1995 1996 /* 1997 * adt_put_event -- main event generation function. 1998 * The input "event" is the address of the struct containing 1999 * event-specific data. 2000 * 2001 * However if auditing is off or the session handle 2002 * is NULL, no attempt to write a record is made. 2003 */ 2004 2005 int 2006 adt_put_event(const adt_event_data_t *event, int status, int return_val) 2007 { 2008 struct adt_event_state *event_state; 2009 adt_translation_t *xlate; 2010 2011 if (event == NULL) { 2012 errno = EINVAL; 2013 return (-1); 2014 } 2015 event_state = (struct adt_event_state *)event; 2016 2017 /* if this is a broken session or not auditing, exit */ 2018 if ((event_state->ae_session == NULL) || 2019 !(event_state->ae_session->as_audit_state & 2020 (AUC_AUDITING | AUC_NOSPACE))) { 2021 return (0); 2022 } 2023 2024 assert(event_state->ae_check == ADT_VALID); 2025 2026 event_state->ae_rc = status; 2027 event_state->ae_type = return_val; 2028 2029 /* look up the event */ 2030 2031 xlate = adt_getXlateTable(event_state->ae_session->as_xlate, 2032 event_state->ae_event_id); 2033 2034 if (xlate == NULL) { 2035 errno = EINVAL; 2036 return (-1); 2037 } 2038 DPRINTF(("got event %d\n", xlate->tx_internal_event)); 2039 2040 if (adt_selected(event_state, xlate->tx_internal_event, status)) { 2041 return (adt_generate_event(event, event_state, xlate)); 2042 } 2043 2044 return (0); 2045 } 2046 2047 /* 2048 * adt_free_event -- invalidate and free 2049 */ 2050 2051 void 2052 adt_free_event(adt_event_data_t *event) 2053 { 2054 struct adt_event_state *event_state; 2055 2056 if (event == NULL) 2057 return; 2058 2059 event_state = (struct adt_event_state *)event; 2060 2061 assert(event_state->ae_check == ADT_VALID); 2062 2063 event_state->ae_check = 0; 2064 2065 free(event_state); 2066 } 2067 2068 /* 2069 * adt_is_selected -- helper to adt_selected(), below. 2070 * 2071 * "sorf" is "success or fail" status; au_preselect compares 2072 * that with success, fail, or both. 2073 */ 2074 2075 static int 2076 adt_is_selected(au_event_t e, au_mask_t *m, int sorf) 2077 { 2078 int prs_sorf; 2079 2080 if (sorf == 0) 2081 prs_sorf = AU_PRS_SUCCESS; 2082 else 2083 prs_sorf = AU_PRS_FAILURE; 2084 2085 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD)); 2086 } 2087 2088 /* 2089 * selected -- see if this event is preselected. 2090 * 2091 * if errors are encountered trying to check a preselection mask 2092 * or look up a user name, the event is selected. Otherwise, the 2093 * preselection mask is used for the job. 2094 */ 2095 2096 static int 2097 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status) 2098 { 2099 adt_internal_state_t *sp; 2100 au_mask_t namask; 2101 2102 sp = event->ae_session; 2103 2104 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) { 2105 adt_write_syslog("No user data available", EINVAL); 2106 return (1); /* default is "selected" */ 2107 } 2108 2109 /* non-attributable? */ 2110 if ((sp->as_info.ai_auid == AU_NOAUDITID) || 2111 (sp->as_info.ai_auid == ADT_NO_AUDIT)) { 2112 if (auditon(A_GETKMASK, (caddr_t)&namask, 2113 sizeof (namask)) != 0) { 2114 adt_write_syslog("auditon failure", errno); 2115 return (1); 2116 } 2117 return (adt_is_selected(actual_id, &namask, status)); 2118 } else { 2119 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask), 2120 status)); 2121 } 2122 } 2123 2124 /* 2125 * Can't map the host name to an IP address in 2126 * adt_get_hostIP. Get something off an interface 2127 * to act as the hosts IP address for auditing. 2128 */ 2129 2130 static int 2131 adt_get_local_address(int family, struct ifaddrlist *al) 2132 { 2133 struct ifaddrlist *ifal; 2134 char errbuf[ERRBUFSIZE] = "empty list"; 2135 char msg[ERRBUFSIZE + 512]; 2136 int ifal_count; 2137 int i; 2138 2139 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) { 2140 int serrno = errno; 2141 2142 (void) snprintf(msg, sizeof (msg), "adt_get_local_address " 2143 "couldn't get %d addrlist %s", family, errbuf); 2144 adt_write_syslog(msg, serrno); 2145 errno = serrno; 2146 return (-1); 2147 } 2148 2149 for (i = 0; i < ifal_count; i++) { 2150 /* 2151 * loopback always defined, 2152 * even if there is no real address 2153 */ 2154 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) { 2155 break; 2156 } 2157 } 2158 if (i >= ifal_count) { 2159 free(ifal); 2160 /* 2161 * Callers of adt_get_hostIP() can only return 2162 * errno to their callers and eventually the application. 2163 * Picked one that seemed least worse for saying no 2164 * usable address for Audit terminal ID. 2165 */ 2166 errno = ENETDOWN; 2167 return (-1); 2168 } 2169 2170 *al = ifal[i]; 2171 free(ifal); 2172 return (0); 2173 } 2174