xref: /titanic_44/usr/src/cmd/smserverd/myaudit.c (revision 81d9f076db88c1f40c85831ce1ebb444a209c5a8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 
27 #include <netdb.h>
28 #include <netinet/in.h>
29 #include <pwd.h>
30 #include <sys/errno.h>
31 #include <sys/mutex.h>
32 #include <sys/param.h>
33 #include <sys/socket.h>
34 #include <sys/stat.h>
35 #include <sys/types.h>
36 #include <string.h>
37 #include <unistd.h>
38 #include <stdlib.h>
39 #include <alloca.h>
40 #include <sys/smedia.h>
41 #include <tsol/label.h>
42 #include "smserver.h"
43 #include <bsm/audit.h>
44 #include <bsm/libbsm.h>
45 #include <bsm/audit_uevents.h>
46 #include <bsm/audit_record.h>
47 
48 /* Private Functions */
49 static int selected(au_event_t, au_mask_t *, int);
50 
51 static int audit_selected(door_data_t *);
52 static int audit_na_selected(door_data_t *);
53 static int audit_save_namask(door_data_t *door_dp);
54 static int audit_save_policy(door_data_t *door_dp);
55 
56 /*
57  * can_audit:
58  *	Return 1 if audit module is loaded.
59  *	Return 0 otherwise.
60  *
61  */
62 int
63 can_audit(void)
64 {
65 	static int auc = AUC_UNSET;
66 	int cond = 0;
67 
68 	if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) {
69 		auc = AUC_DISABLED;
70 	} else {
71 		auc = cond;
72 	}
73 	if (auc == AUC_DISABLED)
74 		return (0);
75 	else return (1);
76 }
77 
78 static int
79 audit_save_policy(door_data_t *door_dp)
80 {
81 	int policy;
82 
83 	if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) {
84 		return (-1);
85 	}
86 	door_dp->audit_policy = policy;
87 	return (0);
88 }
89 
90 /*
91  * audit_init():
92  *	Initialize variables.
93  */
94 void
95 audit_init(door_data_t *door_dp)
96 {
97 	door_dp->audit_auid = (uid_t)-1;
98 	door_dp->audit_uid = (uid_t)-1;
99 	door_dp->audit_euid = (uid_t)-1;
100 	door_dp->audit_gid = (gid_t)-1;
101 	door_dp->audit_egid = (gid_t)-1;
102 	door_dp->audit_pid = -1;
103 	door_dp->audit_tid.at_port = 0;
104 	door_dp->audit_tid.at_type = 0;
105 	door_dp->audit_tid.at_addr[0] = 0;
106 	door_dp->audit_tid.at_addr[1] = 0;
107 	door_dp->audit_tid.at_addr[2] = 0;
108 	door_dp->audit_tid.at_addr[3] = 0;
109 	door_dp->audit_namask.am_success = (int)-1;
110 	door_dp->audit_namask.am_failure = (int)-1;
111 	door_dp->audit_event = 0;
112 	door_dp->audit_sorf = -2;
113 	door_dp->audit_user = NULL;
114 	door_dp->audit_text[0] = NULL;
115 	door_dp->audit_text1[0] = NULL;
116 	door_dp->audit_na = 0;
117 	door_dp->audit_asid = (au_asid_t)(-1);
118 	door_dp->audit_path = NULL;
119 }
120 
121 int
122 audit_save_me(door_data_t	*door_dp)
123 {
124 	door_cred_t	client_cred;
125 	int		ret_val;
126 	int		i;
127 
128 	ret_val = door_cred(&client_cred);
129 	if (ret_val == -1)
130 		return (ret_val);
131 	door_dp->audit_ap.ap_pid = client_cred.dc_pid;
132 	ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
133 	    sizeof (door_dp->audit_ap));
134 	if (ret_val == -1)
135 		return (ret_val);
136 
137 	door_dp->audit_auid = door_dp->audit_ap.ap_auid;
138 	door_dp->audit_euid = client_cred.dc_euid;
139 	door_dp->audit_egid = client_cred.dc_egid;
140 	door_dp->audit_uid = client_cred.dc_ruid;
141 	door_dp->audit_gid = client_cred.dc_rgid;
142 	door_dp->audit_pid = client_cred.dc_pid;
143 	door_dp->audit_asid = door_dp->audit_ap.ap_asid;
144 	door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port;
145 	door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
146 	for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
147 		door_dp->audit_tid.at_addr[i] =
148 		    door_dp->audit_ap.ap_termid.at_addr[i];
149 	(void) audit_save_policy(door_dp);
150 	return (0);
151 }
152 
153 /*
154  * audit_save_namask():
155  *	Save the namask using the naflags entry in the audit_control file.
156  *	Return 0 if successful.
157  *	Return -1, and don't change the namask, if failed.
158  *	Side Effect: Sets audit_na to -1 if error, 1 if successful.
159  */
160 static int
161 audit_save_namask(door_data_t *door_dp)
162 {
163 	au_mask_t mask;
164 
165 	door_dp->audit_na = -1;
166 
167 	/*
168 	 * get non-attributable system event mask from kernel.
169 	 */
170 	if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) {
171 		return (-1);
172 	}
173 
174 	door_dp->audit_namask.am_success = mask.am_success;
175 	door_dp->audit_namask.am_failure = mask.am_failure;
176 	door_dp->audit_na = 1;
177 	return (0);
178 }
179 
180 /*
181  * audit_audit:
182  *	Cut and audit record if it is selected.
183  *	Return 0, if successfully written.
184  *	Return 0, if not written, and not expected to write.
185  *	Return -1, if not written because of unexpected error.
186  */
187 int
188 audit_audit(door_data_t *door_dp)
189 {
190 	int ad;
191 
192 	if (can_audit() == 0) {
193 		return (0);
194 	}
195 
196 	if (door_dp->audit_na) {
197 		if (!audit_na_selected(door_dp)) {
198 			return (0);
199 		}
200 	} else if (!audit_selected(door_dp)) {
201 		return (0);
202 	}
203 
204 	if ((ad = au_open()) == -1) {
205 		return (-1);
206 	}
207 
208 	(void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
209 	    door_dp->audit_euid,
210 	    door_dp->audit_egid,
211 	    door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
212 	    door_dp->audit_asid, &door_dp->audit_tid));
213 	if (is_system_labeled())
214 		(void) au_write(ad, au_to_mylabel());
215 	if (door_dp->audit_policy & AUDIT_GROUP) {
216 
217 		int ng;
218 		int maxgrp = getgroups(0, NULL);
219 		gid_t *grplst = alloca(maxgrp * sizeof (gid_t));
220 
221 		if ((ng = getgroups(maxgrp, grplst))) {
222 			(void) au_write(ad, au_to_newgroups(ng, grplst));
223 		}
224 	}
225 	if (strlen(door_dp->audit_text) != 0) {
226 		(void) au_write(ad, au_to_text(door_dp->audit_text));
227 	}
228 	if (strlen(door_dp->audit_text1) != 0) {
229 		(void) au_write(ad, au_to_text(door_dp->audit_text1));
230 	}
231 	if (door_dp->audit_path != NULL) {
232 		(void) au_write(ad, au_to_path(door_dp->audit_path));
233 	}
234 #ifdef _LP64
235 	(void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
236 	    (int64_t)door_dp->audit_sorf));
237 #else
238 	(void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
239 	    (int32_t)door_dp->audit_sorf));
240 #endif
241 	if (au_close(ad, 1, door_dp->audit_event) < 0) {
242 		(void) au_close(ad, 0, 0);
243 		return (-1);
244 	}
245 
246 	return (0);
247 }
248 
249 static int
250 audit_na_selected(door_data_t *door_dp)
251 {
252 	if (door_dp->audit_na == -1) {
253 		return (-1);
254 	}
255 
256 	return (selected(door_dp->audit_event,
257 	    &door_dp->audit_namask, door_dp->audit_sorf));
258 }
259 
260 static int
261 audit_selected(door_data_t *door_dp)
262 {
263 
264 	if (door_dp->audit_uid > MAXUID) {
265 		(void) audit_save_namask(door_dp);
266 		return (audit_na_selected(door_dp));
267 	}
268 
269 	return (selected(door_dp->audit_event,
270 	    &door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
271 }
272 
273 static int
274 selected(au_event_t e, au_mask_t *m, int sorf)
275 {
276 	int prs_sorf;
277 
278 	if (sorf == 0) {
279 		prs_sorf = AU_PRS_SUCCESS;
280 	} else if (sorf == -1) {
281 		prs_sorf = AU_PRS_FAILURE;
282 	} else {
283 		prs_sorf = AU_PRS_BOTH;
284 	}
285 
286 	return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
287 }
288