xref: /illumos-gate/usr/src/lib/libbsm/common/audit_kadmind.c (revision 35a5a3587fd94b666239c157d3722745250ccbd7)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright (c) 2000 by Sun Microsystems, Inc.
24  * All rights reserved.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <sys/types.h>
30 #include <sys/param.h>
31 #include <stdio.h>
32 #include <sys/fcntl.h>
33 #include <bsm/audit.h>
34 #include <bsm/audit_record.h>
35 #include <bsm/audit_uevents.h>
36 #include <bsm/libbsm.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <syslog.h>
40 #include <netinet/in.h>
41 #include <sys/socket.h>
42 #include <rpc/rpc.h>
43 #include <tiuser.h>
44 #include <unistd.h>
45 #include <generic.h>
46 #include <note.h>
47 
48 #ifdef C2_DEBUG2
49 #define	dprintf(x) { printf x; }
50 #else
51 #define	dprintf(x)
52 #endif
53 
54 /*
55  * netbuf2pm()
56  *
57  * Given an endpt in netbuf form,  return the port and machine.
58  * kadmind (currently) only works over IPv4, so only handle IPv4 addresses.
59  */
60 static void
61 netbuf2pm(
62 	struct netbuf *addr,
63 	in_port_t *port,
64 	uint32_t *machine)
65 {
66 	struct sockaddr_in sin4;
67 
68 	if (!addr) {
69 		syslog(LOG_DEBUG, "netbuf2pm: addr == NULL");
70 		return;
71 	}
72 
73 	if (!addr->buf) {
74 		syslog(LOG_DEBUG, "netbuf2pm: addr->buf == NULL");
75 		return;
76 	}
77 
78 	(void) memcpy(&sin4, addr->buf, sizeof (struct sockaddr_in));
79 	if (sin4.sin_family == AF_INET) {
80 		if (machine)
81 			*machine = sin4.sin_addr.s_addr;
82 		if (port)
83 			*port = sin4.sin_port;
84 	} else {
85 		dprintf(("netbuf2pm: unknown caller IP address family %d",
86 			sin4.sin_family));
87 		syslog(LOG_DEBUG,
88 		    "netbuf2pm: unknown caller IP address family %d",
89 		    sin4.sin_family);
90 	}
91 }
92 
93 #define	AUD_NULL_STR(s)		((s) ? (s) : "(null)")
94 
95 static void
96 common_audit(
97 	au_event_t event,	/* audit event */
98 	SVCXPRT *xprt,		/* net transport handle */
99 	in_port_t l_port,	/* local port */
100 	char *op,		/* requested operation */
101 	char *prime_arg,	/* argument for op */
102 	char *clnt_name,	/* client principal name */
103 	int sorf) 		/* flag for success or failure */
104 
105 {
106 	auditinfo_t ai;
107 	in_port_t r_port = 0;
108 	dev_t port;
109 	uint32_t machine = 0;
110 	char text_buf[512];
111 
112 	dprintf(("common_audit() start\n"));
113 
114 	/* if auditing turned off, then don't do anything */
115 	if (cannot_audit(0))
116 		return;
117 
118 	(void) aug_save_namask();
119 
120 	/*
121 	 * set default values. We will overwrite them if appropriate.
122 	 */
123 	if (getaudit(&ai)) {
124 		perror("kadmind");
125 		return;
126 	}
127 	aug_save_auid(ai.ai_auid);	/* Audit ID */
128 	aug_save_uid(getuid());		/* User ID */
129 	aug_save_euid(geteuid());	/* Effective User ID */
130 	aug_save_gid(getgid());		/* Group ID */
131 	aug_save_egid(getegid());	/* Effective Group ID */
132 	aug_save_pid(getpid());		/* process ID */
133 	aug_save_asid(getpid());	/* session ID */
134 
135 	aug_save_event(event);
136 	aug_save_sorf(sorf);
137 
138 	(void) snprintf(text_buf, sizeof (text_buf), "Op: %s",
139 		AUD_NULL_STR(op));
140 	aug_save_text(text_buf);
141 	(void) snprintf(text_buf, sizeof (text_buf), "Arg: %s",
142 		AUD_NULL_STR(prime_arg));
143 	aug_save_text1(text_buf);
144 	(void) snprintf(text_buf, sizeof (text_buf), "Client: %s",
145 		AUD_NULL_STR(clnt_name));
146 	aug_save_text2(text_buf);
147 
148 	netbuf2pm(svc_getrpccaller(xprt), &r_port, &machine);
149 
150 	dprintf(("common_audit(): l_port=%d, r_port=%d,\n",
151 		ntohs(l_port), ntohs(r_port)));
152 
153 	port = (r_port<<16 | l_port);
154 
155 	aug_save_tid_ex(port,  &machine, AU_IPv4);
156 
157 	(void) aug_audit();
158 }
159 
160 void
161 audit_kadmind_auth(
162 	SVCXPRT *xprt,
163 	in_port_t l_port,
164 	char *op,
165 	char *prime_arg,
166 	char *clnt_name,
167 	int sorf)
168 {
169 	common_audit(AUE_kadmind_auth, xprt, l_port, op, prime_arg,
170 		    clnt_name, sorf);
171 }
172 
173 void
174 audit_kadmind_unauth(
175 	SVCXPRT *xprt,
176 	in_port_t l_port,
177 	char *op,
178 	char *prime_arg,
179 	char *clnt_name)
180 {
181 	common_audit(AUE_kadmind_unauth, xprt, l_port, op, prime_arg,
182 		    clnt_name, 1);
183 }
184