xref: /illumos-gate/usr/src/lib/libbsm/common/audit_allocate.c (revision 59d2da88ef75ee90d89de8d98edf0521bea61f8d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <sys/types.h>
29 #include <tsol/label.h>
30 #include <bsm/audit.h>
31 #include <bsm/libbsm.h>
32 #include <bsm/audit_private.h>
33 #include <unistd.h>
34 #include <string.h>
35 #include <bsm/audit_uevents.h>
36 #include <generic.h>
37 #include <stdlib.h>
38 
39 static int s_audit;	/* successful audit event */
40 static int f_audit;	/* failure audit event */
41 
42 static int ad;		/* audit descriptor */
43 
44 void
45 audit_allocate_argv(flg, argc, argv)
46 	int   flg;
47 	int   argc;
48 	char *argv[];
49 {
50 	int i;
51 
52 	if (cannot_audit(0)) {
53 		return;
54 	}
55 
56 	switch (flg) {
57 	case 0:
58 		s_audit = AUE_allocate_succ;
59 		f_audit = AUE_allocate_fail;
60 		break;
61 	case 1:
62 		s_audit = AUE_deallocate_succ;
63 		f_audit = AUE_deallocate_fail;
64 		break;
65 	case 2:
66 		s_audit = AUE_listdevice_succ;
67 		f_audit = AUE_listdevice_fail;
68 		break;
69 	}
70 
71 	ad = au_open();
72 
73 	for (i = 0; i < argc; i++)
74 		(void) au_write(ad, au_to_text(argv[i]));
75 }
76 
77 void
78 audit_allocate_device(path)
79 	char *path;
80 {
81 	if (cannot_audit(0)) {
82 		return;
83 	}
84 	(void) au_write(ad, au_to_path(path));
85 }
86 
87 int
88 audit_allocate_record(status)
89 	char	status;		/* success failure of operation */
90 {
91 	auditinfo_addr_t mask;		/* audit ID */
92 	au_event_t	event;		/* audit event number */
93 	int		policy;		/* audit policy */
94 	int		ng;		/* number of groups in process */
95 	gid_t		grplst[NGROUPS_UMAX];
96 
97 #ifdef DEBUG
98 	printf(("audit_allocate_record(%d)\n", status));
99 #endif
100 
101 	if (cannot_audit(0)) {
102 		return (0);
103 	}
104 
105 	if (getaudit_addr(&mask, sizeof (mask)) < 0) {
106 		if (!status)
107 			return (1);
108 		return (0);
109 	}
110 
111 	if (auditon(A_GETPOLICY, (caddr_t)&policy, 0) < 0) {
112 		if (!status)
113 			return (1);
114 		return (0);
115 	}
116 
117 
118 		/* determine if we're preselected */
119 	if (status)
120 		event = f_audit;
121 	else
122 		event = s_audit;
123 
124 	if (au_preselect(event, &mask.ai_mask, AU_PRS_BOTH, AU_PRS_REREAD)
125 		== NULL)
126 		return (0);
127 
128 	(void) au_write(ad, au_to_me());	/* add subject token */
129 	if (is_system_labeled())
130 		(void) au_write(ad, au_to_mylabel());
131 
132 	if (policy & AUDIT_GROUP) {	/* add optional group token */
133 		(void) memset(grplst, 0, sizeof (grplst));
134 		if ((ng = getgroups(NGROUPS_UMAX, grplst)) < 0) {
135 			(void) au_close(ad, 0, 0);
136 			if (!status)
137 				return (1);
138 			return (0);
139 		}
140 		(void) au_write(ad, au_to_newgroups(ng, grplst));
141 	}
142 
143 	if (status)
144 		(void) au_write(ad, au_to_exit(status, -1));
145 	else
146 		(void) au_write(ad, au_to_exit(0, 0));
147 
148 		/* write audit record */
149 	if (au_close(ad, 1, event) < 0) {
150 		(void) au_close(ad, 0, 0);
151 		if (!status)
152 			return (1);
153 	}
154 
155 	return (0);
156 }
157 
158 void
159 audit_allocate_list(list)
160 	char *list;
161 {
162 	char *buf;
163 	char *file;
164 	char *last;
165 
166 	if (cannot_audit(0)) {
167 		return;
168 	}
169 
170 	if ((buf = strdup(list)) == NULL)
171 		return;
172 
173 	for (file = strtok_r(buf, " ", &last); file;
174 	    file = strtok_r(NULL, " ", &last))
175 		(void) au_write(ad, au_to_path(file));
176 
177 	free(buf);
178 }
179