xref: /titanic_44/usr/src/cmd/smserverd/myaudit.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2001-2002 Sun Microsystems, Inc.
24  * All rights reserved.
25  * Use is subject to license terms.
26  */
27 
28 #pragma ident	"%Z%%M%	%I%	%E% SMI"
29 
30 #include <netdb.h>
31 #include <netinet/in.h>
32 #include <pwd.h>
33 #include <sys/errno.h>
34 #include <sys/mutex.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/stat.h>
38 #include <sys/types.h>
39 #include <string.h>
40 #include <unistd.h>
41 #include <stdlib.h>
42 #include <sys/smedia.h>
43 #include "smserver.h"
44 #include <bsm/audit.h>
45 #include <bsm/libbsm.h>
46 #include <bsm/audit_uevents.h>
47 #include <bsm/audit_record.h>
48 
49 /* Private Functions */
50 static int selected(au_event_t, au_mask_t *, int);
51 
52 static int audit_selected(door_data_t *);
53 static int audit_na_selected(door_data_t *);
54 static int audit_save_namask(door_data_t *door_dp);
55 static int audit_save_policy(door_data_t *door_dp);
56 
57 /*
58  * can_audit:
59  *	Return 1 if audit module is loaded.
60  *	Return 0 otherwise.
61  *
62  */
63 int
64 can_audit(void)
65 {
66 	static int auc = AUC_UNSET;
67 	int cond = 0;
68 
69 	if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) {
70 		auc = AUC_DISABLED;
71 	} else {
72 		auc = cond;
73 	}
74 	if (auc == AUC_DISABLED)
75 		return (0);
76 	else return (1);
77 }
78 
79 static int
80 audit_save_policy(door_data_t *door_dp)
81 {
82 	int policy;
83 
84 	if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) {
85 		return (-1);
86 	}
87 	door_dp->audit_policy = policy;
88 	return (0);
89 }
90 
91 /*
92  * audit_init():
93  *	Initialize variables.
94  */
95 void
96 audit_init(door_data_t *door_dp)
97 {
98 	door_dp->audit_auid = -1;
99 	door_dp->audit_uid = -1;
100 	door_dp->audit_euid = -1;
101 	door_dp->audit_gid = -1;
102 	door_dp->audit_egid = -1;
103 	door_dp->audit_pid = -1;
104 	door_dp->audit_tid.at_port = 0;
105 	door_dp->audit_tid.at_type = 0;
106 	door_dp->audit_tid.at_addr[0] = 0;
107 	door_dp->audit_tid.at_addr[1] = 0;
108 	door_dp->audit_tid.at_addr[2] = 0;
109 	door_dp->audit_tid.at_addr[3] = 0;
110 	door_dp->audit_namask.am_success = (int)-1;
111 	door_dp->audit_namask.am_failure = (int)-1;
112 	door_dp->audit_event = 0;
113 	door_dp->audit_sorf = -2;
114 	door_dp->audit_user = NULL;
115 	door_dp->audit_text[0] = NULL;
116 	door_dp->audit_text1[0] = NULL;
117 	door_dp->audit_na = 0;
118 	door_dp->audit_asid = -1;
119 	door_dp->audit_path = NULL;
120 }
121 
122 int
123 audit_save_me(door_data_t	*door_dp)
124 {
125 	door_cred_t	client_cred;
126 	int		ret_val;
127 	int		i;
128 
129 	ret_val = door_cred(&client_cred);
130 	if (ret_val == -1)
131 		return (ret_val);
132 	door_dp->audit_ap.ap_pid = client_cred.dc_pid;
133 	ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
134 		sizeof (door_dp->audit_ap));
135 	if (ret_val == -1)
136 		return (ret_val);
137 
138 	door_dp->audit_auid = door_dp->audit_ap.ap_auid;
139 	door_dp->audit_euid = client_cred.dc_euid;
140 	door_dp->audit_egid = client_cred.dc_egid;
141 	door_dp->audit_uid = client_cred.dc_ruid;
142 	door_dp->audit_gid = client_cred.dc_rgid;
143 	door_dp->audit_pid = client_cred.dc_pid;
144 	door_dp->audit_asid = door_dp->audit_ap.ap_asid;
145 	door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port;
146 	door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
147 	for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
148 		door_dp->audit_tid.at_addr[i] =
149 			door_dp->audit_ap.ap_termid.at_addr[i];
150 	(void) audit_save_policy(door_dp);
151 	return (0);
152 }
153 
154 /*
155  * audit_save_namask():
156  *	Save the namask using the naflags entry in the audit_control file.
157  *	Return 0 if successful.
158  *	Return -1, and don't change the namask, if failed.
159  *	Side Effect: Sets audit_na to -1 if error, 1 if successful.
160  */
161 static int
162 audit_save_namask(door_data_t *door_dp)
163 {
164 	au_mask_t mask;
165 
166 	door_dp->audit_na = -1;
167 
168 	/*
169 	 * get non-attributable system event mask from kernel.
170 	 */
171 	if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) {
172 		return (-1);
173 	}
174 
175 	door_dp->audit_namask.am_success = mask.am_success;
176 	door_dp->audit_namask.am_failure = mask.am_failure;
177 	door_dp->audit_na = 1;
178 	return (0);
179 }
180 
181 /*
182  * audit_audit:
183  *	Cut and audit record if it is selected.
184  *	Return 0, if successfully written.
185  *	Return 0, if not written, and not expected to write.
186  *	Return -1, if not written because of unexpected error.
187  */
188 int
189 audit_audit(door_data_t *door_dp)
190 {
191 	int ad;
192 
193 	if (can_audit() == 0) {
194 		return (0);
195 	}
196 
197 	if (door_dp->audit_na) {
198 		if (!audit_na_selected(door_dp)) {
199 			return (0);
200 		}
201 	} else if (!audit_selected(door_dp)) {
202 		return (0);
203 	}
204 
205 	if ((ad = au_open()) == -1) {
206 		return (-1);
207 	}
208 
209 	(void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
210 		door_dp->audit_euid,
211 		door_dp->audit_egid,
212 		door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
213 		door_dp->audit_asid, &door_dp->audit_tid));
214 	if (door_dp->audit_policy & AUDIT_GROUP) {
215 
216 		int ng;
217 		gid_t grplst[NGROUPS_MAX];
218 
219 		(void) memset(grplst, 0, sizeof (grplst));
220 		if ((ng = getgroups(NGROUPS_UMAX, grplst))) {
221 			(void) au_write(ad, au_to_newgroups(ng, grplst));
222 		}
223 	}
224 	if (strlen(door_dp->audit_text) != 0) {
225 		(void) au_write(ad, au_to_text(door_dp->audit_text));
226 	}
227 	if (strlen(door_dp->audit_text1) != 0) {
228 		(void) au_write(ad, au_to_text(door_dp->audit_text1));
229 	}
230 	if (door_dp->audit_path != NULL) {
231 		(void) au_write(ad, au_to_path(door_dp->audit_path));
232 	}
233 #ifdef _LP64
234 	(void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
235 		(int64_t)door_dp->audit_sorf));
236 #else
237 	(void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
238 		(int32_t)door_dp->audit_sorf));
239 #endif
240 	if (au_close(ad, 1, door_dp->audit_event) < 0) {
241 		(void) au_close(ad, 0, 0);
242 		return (-1);
243 	}
244 
245 	return (0);
246 }
247 
248 static int
249 audit_na_selected(door_data_t *door_dp)
250 {
251 	if (door_dp->audit_na == -1) {
252 		return (-1);
253 	}
254 
255 	return (selected(door_dp->audit_event,
256 		&door_dp->audit_namask, door_dp->audit_sorf));
257 }
258 
259 static int
260 audit_selected(door_data_t *door_dp)
261 {
262 
263 	if (door_dp->audit_uid < 0) {
264 		(void) audit_save_namask(door_dp);
265 		return (audit_na_selected(door_dp));
266 	}
267 
268 	return (selected(door_dp->audit_event,
269 		&door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
270 }
271 
272 static int
273 selected(au_event_t e, au_mask_t *m, int sorf)
274 {
275 	int prs_sorf;
276 
277 	if (sorf == 0) {
278 		prs_sorf = AU_PRS_SUCCESS;
279 	} else if (sorf == -1) {
280 		prs_sorf = AU_PRS_FAILURE;
281 	} else {
282 		prs_sorf = AU_PRS_BOTH;
283 	}
284 
285 	return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
286 }
287