xref: /illumos-gate/usr/src/lib/libbsm/common/audit_rshd.c (revision 5422785d352a2bb398daceab3d1898a8aa64d006)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #include <sys/types.h>
26 #include <sys/param.h>
27 #include <stdio.h>
28 #include <sys/fcntl.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/audit_uevents.h>
32 #include <bsm/libbsm.h>
33 #include <bsm/audit_private.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <syslog.h>
37 #include <netinet/in.h>
38 #include <tsol/label.h>
39 #include <locale.h>
40 #include <unistd.h>
41 #include <generic.h>
42 
43 static au_event_t	rshd_event;	/* audit event number */
44 static uint32_t		rshd_addr[4];	/* peer address */
45 
46 static void generate_record(char *, char *, char *, int, char *);
47 static void setup_session(char *);
48 static int selected(uid_t, char *, au_event_t, int);
49 
50 int
51 audit_rshd_setup()
52 {
53 	rshd_event = AUE_rshd;
54 	return (0);
55 }
56 
57 /* ARGSUSED */
58 int
59 audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf)
60 char	*msg;		/* message containing failure information */
61 char	*hostname;		/* hostname of machine requesting service */
62 char	*remuser;		/* username at machine requesting service */
63 char	*locuser;		/* username of local machine */
64 char	*cmdbuf;		/* command line to be executed locally */
65 {
66 	if (cannot_audit(0)) {
67 		return (0);
68 	}
69 	generate_record(remuser, locuser, cmdbuf, -1, msg);
70 	return (0);
71 }
72 
73 /* ARGSUSED */
74 int
75 audit_rshd_success(hostname, remuser, locuser, cmdbuf)
76 char	*hostname;		/* hostname of machine requesting service */
77 char	*remuser;		/* username at machine requesting service */
78 char	*locuser;		/* username at local machine */
79 char	*cmdbuf;		/* command line to be executed locally */
80 {
81 	if (cannot_audit(0)) {
82 		return (0);
83 	}
84 	generate_record(remuser, locuser, cmdbuf, 0, "");
85 	setup_session(locuser);
86 	return (0);
87 }
88 
89 
90 #include <pwd.h>
91 
92 static void
93 generate_record(char *remuser,	/* username at machine requesting service */
94 		char *locuser,	/* username of local machine */
95 		char *cmdbuf,	/* command line to be executed locally */
96 		int sf_flag,	/* success (0) or failure (-1) flag */
97 		char *msg)	/* message containing failure information */
98 {
99 	int	rd;		/* audit record descriptor */
100 	char	buf[256];	/* temporary buffer */
101 	char	*tbuf;		/* temporary buffer */
102 	int	tlen;
103 	const char *gtxt;
104 	uid_t	uid;
105 	gid_t	gid;
106 	pid_t	pid;
107 	struct passwd *pwd;
108 	struct auditinfo_addr info;
109 
110 	if (cannot_audit(0)) {
111 		return;
112 	}
113 
114 	pwd = getpwnam(locuser);
115 	if (pwd == NULL) {
116 		uid = (uid_t)-1;
117 		gid = (gid_t)-1;
118 	} else {
119 		uid = pwd->pw_uid;
120 		gid = pwd->pw_gid;
121 	}
122 
123 	if (!selected(uid, locuser, rshd_event, sf_flag))
124 		return;
125 
126 	pid = getpid();
127 
128 	/* see if terminal id already set */
129 	if (getaudit_addr(&info, sizeof (info)) < 0) {
130 		perror("getaudit");
131 	}
132 	rd = au_open();
133 
134 	(void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
135 	    &info.ai_termid));
136 	if (is_system_labeled())
137 		(void) au_write(rd, au_to_mylabel());
138 
139 	gtxt = dgettext(bsm_dom, "cmd %s");
140 	tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
141 	if ((tbuf = malloc(tlen)) == NULL) {
142 		(void) au_close(rd, 0, 0);
143 		return;
144 	}
145 	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
146 	(void) au_write(rd, au_to_text(tbuf));
147 	(void) free(tbuf);
148 
149 	if (strcmp(remuser, locuser) != 0) {
150 		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
151 		    "remote user %s"), remuser);
152 		(void) au_write(rd, au_to_text(buf));
153 	}
154 
155 	if (sf_flag == -1) {
156 		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
157 		    "local user %s"), locuser);
158 		(void) au_write(rd, au_to_text(buf));
159 		(void) au_write(rd, au_to_text(msg));
160 	}
161 
162 #ifdef _LP64
163 	(void) au_write(rd, au_to_return64(sf_flag, (int64_t)0));
164 #else
165 	(void) au_write(rd, au_to_return32(sf_flag, (int32_t)0));
166 #endif
167 
168 	if (au_close(rd, 1, rshd_event) < 0) {
169 		(void) au_close(rd, 0, 0);
170 	}
171 }
172 
173 static int
174 selected(uid_t uid, char *locuser, au_event_t event, int sf)
175 {
176 	int		sorf;
177 	struct au_mask	mask;
178 
179 	mask.am_success = mask.am_failure = 0;
180 	if (uid > MAXEPHUID) {
181 		/* get non-attrib flags */
182 		(void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
183 	} else {
184 		(void) au_user_mask(locuser, &mask);
185 	}
186 
187 	if (sf == 0) {
188 		sorf = AU_PRS_SUCCESS;
189 	} else if (sf == -1) {
190 		sorf = AU_PRS_FAILURE;
191 	} else {
192 		sorf = AU_PRS_BOTH;
193 	}
194 
195 	return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
196 }
197 
198 static void
199 setup_session(char *locuser)
200 {
201 	int	rc;
202 	struct auditinfo_addr info;
203 	au_mask_t		mask;
204 	uid_t			uid;
205 	struct passwd *pwd;
206 
207 	pwd = getpwnam(locuser);
208 	if (pwd == NULL)
209 		uid = (uid_t)-1;
210 	else
211 		uid = pwd->pw_uid;
212 
213 	/* see if terminal id already set */
214 	if (getaudit_addr(&info, sizeof (info)) < 0) {
215 		perror("getaudit");
216 	}
217 
218 	info.ai_auid = uid;
219 	info.ai_asid = getpid();
220 
221 	mask.am_success = 0;
222 	mask.am_failure = 0;
223 	(void) au_user_mask(locuser, &mask);
224 
225 	info.ai_mask.am_success = mask.am_success;
226 	info.ai_mask.am_failure = mask.am_failure;
227 
228 	rshd_addr[0] = info.ai_termid.at_addr[0];
229 	rshd_addr[1] = info.ai_termid.at_addr[1];
230 	rshd_addr[2] = info.ai_termid.at_addr[2];
231 	rshd_addr[3] = info.ai_termid.at_addr[3];
232 
233 	rc = setaudit_addr(&info, sizeof (info));
234 	if (rc < 0) {
235 		perror("setaudit");
236 	}
237 }
238