xref: /illumos-gate/usr/src/lib/libbsm/common/au_usermask.c (revision 71269a2275bf5a143dad6461eee2710a344e7261) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 #pragma ident	"%Z%%M%	%I%	%E% SMI"
23 #ifndef lint
24 static char sccsid[] = "@(#)au_usermask.c	1.9	01/06/26 SMI";
25 #endif
26 
27 /*
28  * Copyright (c) 1988, 2001 by Sun Microsystems, Inc.
29  * All rights reserved.
30  */
31 
32 #include <sys/types.h>
33 #include <stdio.h>
34 #include <bsm/audit.h>
35 #include <bsm/libbsm.h>
36 
37 #define	AUDITSTRING_LEN 512
38 
39 /*
40  * Initialize audit preselection mask. This function should be used
41  * by applications like login that set the process preselection mask
42  * when a connection or a session is created.
43  *
44  * First, the system wide default audit flags are obtained
45  *	from the audit_control(5) file.
46  *
47  * Next, the "always audit" flags, obtained from the audit_user(5) database,
48  *	are added.
49  *
50  * Finally, the "never audit" flags, also obtained from the audit_user(5)
51  *	database, are subtracted.
52  *
53  * The mask returned can be expressed as:
54  *
55  * (default audit flags + alway audit flags) - never audit flags
56  *
57  * If the lookup to audit_control(5) fails, then this function returns
58  * an error.  If the lookup to audit_user(5), the function silently
59  * continues.
60  */
61 int
62 #ifdef __STDC__
63 au_user_mask(char *username, au_mask_t *p_mask)
64 #else
65 char *username;
66 au_mask_t *p_mask;
67 #endif /* __STDC__ */
68 {
69 	char auditstring[AUDITSTRING_LEN];
70 	au_user_ent_t *p_user = NULL;
71 	int retval = -1;
72 
73 	if (p_mask == NULL)
74 		return (-1);
75 
76 	/*
77 	 * Get the system wide default audit flags out of the audit_control(5)
78 	 * file.
79 	 */
80 	setac();
81 	if (getacflg(auditstring, AUDITSTRING_LEN) == 0) {
82 		if (getauditflagsbin(auditstring, p_mask) == 0) {
83 			retval = 0;
84 		}
85 	}
86 	endac();
87 
88 	/*
89 	 * If you can't get the system wide flags, return an error code
90 	 * now and don't bother trying to get the user specific flags.
91 	 */
92 	if (retval != 0) {
93 		return (-1);
94 	}
95 
96 	/*
97 	 * Get the always audit flags and the never audit flags from
98 	 * the audit_user(5) database.
99 	 */
100 	setauuser();
101 	if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) {
102 		/* Add always audit flags. */
103 		p_mask->as_success |= p_user->au_always.as_success;
104 		p_mask->as_failure |= p_user->au_always.as_failure;
105 		/* Subtract never audit flags.  */
106 		p_mask->as_success &= ~(p_user->au_never.as_success);
107 		p_mask->as_failure &= ~(p_user->au_never.as_failure);
108 	}
109 	endauuser();
110 
111 	return (0);
112 }
113