1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2001-2002 Sun Microsystems, Inc. 24 * All rights reserved. 25 * Use is subject to license terms. 26 */ 27 28 #pragma ident "%Z%%M% %I% %E% SMI" 29 30 #include <netdb.h> 31 #include <netinet/in.h> 32 #include <pwd.h> 33 #include <sys/errno.h> 34 #include <sys/mutex.h> 35 #include <sys/param.h> 36 #include <sys/socket.h> 37 #include <sys/stat.h> 38 #include <sys/types.h> 39 #include <string.h> 40 #include <unistd.h> 41 #include <stdlib.h> 42 #include <sys/smedia.h> 43 #include "smserver.h" 44 #include <bsm/audit.h> 45 #include <bsm/libbsm.h> 46 #include <bsm/audit_uevents.h> 47 #include <bsm/audit_record.h> 48 49 /* Private Functions */ 50 static int selected(au_event_t, au_mask_t *, int); 51 52 static int audit_selected(door_data_t *); 53 static int audit_na_selected(door_data_t *); 54 static int audit_save_namask(door_data_t *door_dp); 55 static int audit_save_policy(door_data_t *door_dp); 56 57 /* 58 * can_audit: 59 * Return 1 if audit module is loaded. 60 * Return 0 otherwise. 61 * 62 */ 63 int 64 can_audit(void) 65 { 66 static int auc = AUC_UNSET; 67 int cond = 0; 68 69 if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) { 70 auc = AUC_DISABLED; 71 } else { 72 auc = cond; 73 } 74 if (auc == AUC_DISABLED) 75 return (0); 76 else return (1); 77 } 78 79 static int 80 audit_save_policy(door_data_t *door_dp) 81 { 82 int policy; 83 84 if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) { 85 return (-1); 86 } 87 door_dp->audit_policy = policy; 88 return (0); 89 } 90 91 /* 92 * audit_init(): 93 * Initialize variables. 94 */ 95 void 96 audit_init(door_data_t *door_dp) 97 { 98 door_dp->audit_auid = -1; 99 door_dp->audit_uid = -1; 100 door_dp->audit_euid = -1; 101 door_dp->audit_gid = -1; 102 door_dp->audit_egid = -1; 103 door_dp->audit_pid = -1; 104 door_dp->audit_tid.at_port = 0; 105 door_dp->audit_tid.at_type = 0; 106 door_dp->audit_tid.at_addr[0] = 0; 107 door_dp->audit_tid.at_addr[1] = 0; 108 door_dp->audit_tid.at_addr[2] = 0; 109 door_dp->audit_tid.at_addr[3] = 0; 110 door_dp->audit_namask.am_success = (int)-1; 111 door_dp->audit_namask.am_failure = (int)-1; 112 door_dp->audit_event = 0; 113 door_dp->audit_sorf = -2; 114 door_dp->audit_user = NULL; 115 door_dp->audit_text[0] = NULL; 116 door_dp->audit_text1[0] = NULL; 117 door_dp->audit_na = 0; 118 door_dp->audit_asid = -1; 119 door_dp->audit_path = NULL; 120 } 121 122 int 123 audit_save_me(door_data_t *door_dp) 124 { 125 door_cred_t client_cred; 126 int ret_val; 127 int i; 128 129 ret_val = door_cred(&client_cred); 130 if (ret_val == -1) 131 return (ret_val); 132 door_dp->audit_ap.ap_pid = client_cred.dc_pid; 133 ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap, 134 sizeof (door_dp->audit_ap)); 135 if (ret_val == -1) 136 return (ret_val); 137 138 door_dp->audit_auid = door_dp->audit_ap.ap_auid; 139 door_dp->audit_euid = client_cred.dc_euid; 140 door_dp->audit_egid = client_cred.dc_egid; 141 door_dp->audit_uid = client_cred.dc_ruid; 142 door_dp->audit_gid = client_cred.dc_rgid; 143 door_dp->audit_pid = client_cred.dc_pid; 144 door_dp->audit_asid = door_dp->audit_ap.ap_asid; 145 door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port; 146 door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type; 147 for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++) 148 door_dp->audit_tid.at_addr[i] = 149 door_dp->audit_ap.ap_termid.at_addr[i]; 150 (void) audit_save_policy(door_dp); 151 return (0); 152 } 153 154 /* 155 * audit_save_namask(): 156 * Save the namask using the naflags entry in the audit_control file. 157 * Return 0 if successful. 158 * Return -1, and don't change the namask, if failed. 159 * Side Effect: Sets audit_na to -1 if error, 1 if successful. 160 */ 161 static int 162 audit_save_namask(door_data_t *door_dp) 163 { 164 au_mask_t mask; 165 166 door_dp->audit_na = -1; 167 168 /* 169 * get non-attributable system event mask from kernel. 170 */ 171 if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) { 172 return (-1); 173 } 174 175 door_dp->audit_namask.am_success = mask.am_success; 176 door_dp->audit_namask.am_failure = mask.am_failure; 177 door_dp->audit_na = 1; 178 return (0); 179 } 180 181 /* 182 * audit_audit: 183 * Cut and audit record if it is selected. 184 * Return 0, if successfully written. 185 * Return 0, if not written, and not expected to write. 186 * Return -1, if not written because of unexpected error. 187 */ 188 int 189 audit_audit(door_data_t *door_dp) 190 { 191 int ad; 192 193 if (can_audit() == 0) { 194 return (0); 195 } 196 197 if (door_dp->audit_na) { 198 if (!audit_na_selected(door_dp)) { 199 return (0); 200 } 201 } else if (!audit_selected(door_dp)) { 202 return (0); 203 } 204 205 if ((ad = au_open()) == -1) { 206 return (-1); 207 } 208 209 (void) au_write(ad, au_to_subject_ex(door_dp->audit_auid, 210 door_dp->audit_euid, 211 door_dp->audit_egid, 212 door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid, 213 door_dp->audit_asid, &door_dp->audit_tid)); 214 if (door_dp->audit_policy & AUDIT_GROUP) { 215 216 int ng; 217 gid_t grplst[NGROUPS_MAX]; 218 219 (void) memset(grplst, 0, sizeof (grplst)); 220 if ((ng = getgroups(NGROUPS_UMAX, grplst))) { 221 (void) au_write(ad, au_to_newgroups(ng, grplst)); 222 } 223 } 224 if (strlen(door_dp->audit_text) != 0) { 225 (void) au_write(ad, au_to_text(door_dp->audit_text)); 226 } 227 if (strlen(door_dp->audit_text1) != 0) { 228 (void) au_write(ad, au_to_text(door_dp->audit_text1)); 229 } 230 if (door_dp->audit_path != NULL) { 231 (void) au_write(ad, au_to_path(door_dp->audit_path)); 232 } 233 #ifdef _LP64 234 (void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1, 235 (int64_t)door_dp->audit_sorf)); 236 #else 237 (void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1, 238 (int32_t)door_dp->audit_sorf)); 239 #endif 240 if (au_close(ad, 1, door_dp->audit_event) < 0) { 241 (void) au_close(ad, 0, 0); 242 return (-1); 243 } 244 245 return (0); 246 } 247 248 static int 249 audit_na_selected(door_data_t *door_dp) 250 { 251 if (door_dp->audit_na == -1) { 252 return (-1); 253 } 254 255 return (selected(door_dp->audit_event, 256 &door_dp->audit_namask, door_dp->audit_sorf)); 257 } 258 259 static int 260 audit_selected(door_data_t *door_dp) 261 { 262 263 if (door_dp->audit_uid < 0) { 264 (void) audit_save_namask(door_dp); 265 return (audit_na_selected(door_dp)); 266 } 267 268 return (selected(door_dp->audit_event, 269 &door_dp->audit_ap.ap_mask, door_dp->audit_sorf)); 270 } 271 272 static int 273 selected(au_event_t e, au_mask_t *m, int sorf) 274 { 275 int prs_sorf; 276 277 if (sorf == 0) { 278 prs_sorf = AU_PRS_SUCCESS; 279 } else if (sorf == -1) { 280 prs_sorf = AU_PRS_FAILURE; 281 } else { 282 prs_sorf = AU_PRS_BOTH; 283 } 284 285 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD)); 286 } 287