1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <assert.h>
27 #include <priv.h>
28 #include <pwd.h>
29 #include <signal.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <syslog.h>
33 #include <unistd.h>
34 #include <sys/wait.h>
35
36 #include <bsm/adt.h>
37 #include <bsm/adt_event.h>
38 #include "login_audit.h"
39
40 /*
41 * Key assumption: login is single threaded.
42 */
43 static void audit_logout(adt_session_data_t *);
44
45 /*
46 * if audit is not enabled, the adt_*() functions simply return without
47 * doing anything. In the success case, the credential has already been
48 * setup with audit data by PAM.
49 */
50
51 /*
52 * There is no information passed to login.c from rlogin or telnet
53 * about the terminal id. They both set the tid before they
54 * exec login; the value is picked up by adt_start_session() and is
55 * carefully *not* overwritten by adt_load_hostname().
56 */
57
58 void
audit_success(uint_t event_id,struct passwd * pwd,char * optional_text)59 audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)
60 {
61 adt_session_data_t *ah;
62 adt_event_data_t *event;
63 int rc;
64
65 assert(pwd != NULL);
66
67 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
68 syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m");
69 return;
70 }
71 if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid,
72 pwd->pw_uid, pwd->pw_gid, NULL, ADT_USER)) {
73 syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m");
74 (void) adt_end_session(ah);
75 return;
76 }
77 event = adt_alloc_event(ah, event_id);
78
79 if (event == NULL)
80 return;
81
82 switch (event_id) {
83 case ADT_zlogin:
84 event->adt_zlogin.message = optional_text;
85 break;
86 default:
87 break;
88 }
89 rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
90
91 (void) adt_free_event(event);
92 if (rc) {
93 (void) adt_end_session(ah);
94 syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m");
95 return;
96 }
97 /*
98 * The code above executes whether or not audit is enabled.
99 * However audit_logout must only execute if audit is
100 * enabled so we don't fork unnecessarily.
101 */
102 if (adt_audit_enabled()) {
103 switch (event_id) {
104 case ADT_login:
105 case ADT_rlogin:
106 case ADT_telnet:
107 case ADT_zlogin:
108 audit_logout(ah); /* fork to catch logout */
109 break;
110 }
111 }
112 (void) adt_end_session(ah);
113 }
114
115 /*
116 * errors are ignored since there is no action to take on error
117 */
118 static void
audit_logout(adt_session_data_t * ah)119 audit_logout(adt_session_data_t *ah)
120 {
121 adt_event_data_t *logout;
122 int status; /* wait status */
123 pid_t pid;
124 priv_set_t *priv; /* waiting process privs */
125
126 if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {
127 syslog(LOG_AUTH | LOG_ALERT,
128 "adt_alloc_event(ADT_logout): %m");
129 return;
130 }
131 if ((priv = priv_allocset()) == NULL) {
132 syslog(LOG_AUTH | LOG_ALERT,
133 "login audit_logout: could not alloc basic privs: %m");
134 adt_free_event(logout);
135 return;
136 }
137
138 /*
139 * The child returns and continues the login processing.
140 * The parent's sole job is to wait for child exit, write the
141 * logout audit record, and replay the child's exit code.
142 */
143
144 if ((pid = fork()) == 0) {
145 /* child */
146
147 adt_free_event(logout);
148 priv_freeset(priv);
149 return;
150 }
151 if (pid == -1) {
152 /* failure */
153
154 syslog(LOG_AUTH | LOG_ALERT,
155 "login audit_logout: could not fork: %m");
156 adt_free_event(logout);
157 priv_freeset(priv);
158 return;
159 }
160
161 /* parent process */
162
163 /*
164 * When this routine is called, the current working
165 * directory is the user's home directory and there are
166 * unknown open files. For the waiting process, change the
167 * current directory to root and close files so that the
168 * user's home directory and anything else can be unmounted
169 * if necessary.
170 */
171 if (chdir("/") != 0) {
172 syslog(LOG_AUTH | LOG_ALERT,
173 "login audit_logut: could not chdir /: %m");
174 }
175 /*
176 * Reduce privileges to just those needed.
177 */
178 priv_basicset(priv);
179 (void) priv_delset(priv, PRIV_PROC_EXEC);
180 (void) priv_delset(priv, PRIV_PROC_FORK);
181 (void) priv_delset(priv, PRIV_PROC_INFO);
182 (void) priv_delset(priv, PRIV_PROC_SESSION);
183 (void) priv_delset(priv, PRIV_FILE_LINK_ANY);
184 if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||
185 (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
186 syslog(LOG_AUTH | LOG_ALERT,
187 "login audit_logout: could not reduce privs: %m");
188 }
189 closefrom(0);
190 priv_freeset(priv);
191 while (pid != waitpid(pid, &status, 0))
192 continue;
193
194 (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
195 adt_free_event(logout);
196 (void) adt_end_session(ah);
197 exit(WEXITSTATUS(status));
198 }
199
200 /*
201 * errors are ignored since there is no action to take on error.
202 *
203 * If the user id is invalid, pwd is NULL.
204 */
205 void
audit_failure(uint_t event_id,int failure_code,struct passwd * pwd,const char * hostname,const char * ttyname,char * optional_text)206 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
207 const char *hostname, const char *ttyname, char *optional_text)
208 {
209 adt_session_data_t *ah;
210 adt_event_data_t *event;
211 uid_t uid;
212 gid_t gid;
213 adt_termid_t *p_tid;
214
215 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
216 return;
217
218 uid = ADT_NO_ATTRIB;
219 gid = ADT_NO_ATTRIB;
220 if (pwd != NULL) {
221 uid = pwd->pw_uid;
222 gid = pwd->pw_gid;
223 }
224 /*
225 * If this is a remote login, in.rlogind or in.telnetd has
226 * already set the terminal id, in which case
227 * adt_load_hostname() will use the preset terminal id and
228 * ignore hostname. (If no remote host and ttyname is NULL,
229 * let adt_load_ttyname() figure out what to do.)
230 */
231 if (*hostname == '\0')
232 (void) adt_load_ttyname(ttyname, &p_tid);
233 else
234 (void) adt_load_hostname(hostname, &p_tid);
235
236 if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
237 (void) adt_end_session(ah);
238 if (p_tid != NULL)
239 free(p_tid);
240 return;
241 }
242 if (p_tid != NULL)
243 free(p_tid);
244
245 event = adt_alloc_event(ah, event_id);
246 if (event == NULL) {
247 return;
248 }
249 switch (event_id) {
250 case ADT_zlogin:
251 event->adt_zlogin.message = optional_text;
252 break;
253 }
254 (void) adt_put_event(event, ADT_FAILURE, failure_code);
255
256 adt_free_event(event);
257 (void) adt_end_session(ah);
258 }
259