xref: /titanic_50/usr/src/lib/libbsm/common/au_usermask.c (revision 6a634c9dca3093f3922e4b7ab826d7bdf17bf78e) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
55707ed5dSMarek Pospisil  * Common Development and Distribution License (the "License").
65707ed5dSMarek Pospisil  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate 
227c478bd9Sstevel@tonic-gate /*
2307925104Sgww  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
2607925104Sgww #include <errno.h>
2707925104Sgww #include <nss.h>
2807925104Sgww #include <secdb.h>
2907925104Sgww #include <stdlib.h>
3007925104Sgww #include <string.h>
3107925104Sgww #include <user_attr.h>
3207925104Sgww #include <zone.h>
3307925104Sgww 
347c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h>
357c478bd9Sstevel@tonic-gate 
3607925104Sgww #include <adt_xlate.h>		/* adt_write_syslog */
377c478bd9Sstevel@tonic-gate 
3807925104Sgww /* ARGSUSED */
3907925104Sgww static int
audit_flags(const char * name,kva_t * kva,void * ctxt,void * pres)4007925104Sgww audit_flags(const char *name, kva_t *kva, void *ctxt, void *pres)
417c478bd9Sstevel@tonic-gate {
4207925104Sgww 	char *val;
437c478bd9Sstevel@tonic-gate 
4407925104Sgww 	if ((val = kva_match(kva, USERATTR_AUDIT_FLAGS_KW)) != NULL) {
4507925104Sgww 		if ((*(char **)ctxt = strdup(val)) == NULL) {
4607925104Sgww 			adt_write_syslog("au_user_mask strdup failed", errno);
4707925104Sgww 		}
4807925104Sgww 		return (1);
4907925104Sgww 	}
5007925104Sgww 	return (0);
5107925104Sgww }
527c478bd9Sstevel@tonic-gate 
537c478bd9Sstevel@tonic-gate /*
5407925104Sgww  * Build user's audit preselection mask.
5507925104Sgww  *
5607925104Sgww  * per-user audit flags are optional and may be missing.
5707925104Sgww  * If global zone auditing is set, a local zone cannot reduce the default
5807925104Sgww  * flags.
5907925104Sgww  *
6007925104Sgww  * success flags = (system default success flags + per-user always success) -
6107925104Sgww  *			per-user never success flags
6207925104Sgww  * failure flags = (system default failure flags + per-user always failure) -
6307925104Sgww  *			per-user never failure flags
647c478bd9Sstevel@tonic-gate  */
6507925104Sgww 
6607925104Sgww int
au_user_mask(char * user,au_mask_t * mask)6707925104Sgww au_user_mask(char *user, au_mask_t *mask)
6807925104Sgww {
6907925104Sgww 	char		*last = NULL;
7007925104Sgww 	char		*user_flags = NULL;
7107925104Sgww 
7207925104Sgww 	if (mask == NULL) {
7307925104Sgww 		return (-1);
747c478bd9Sstevel@tonic-gate 	}
7507925104Sgww 
7607925104Sgww 	/*
77*f8994074SJan Friedel 	 * Get the system wide default audit flags. If you can't get the
78*f8994074SJan Friedel 	 * system wide flags, return an error code now and don't bother
79*f8994074SJan Friedel 	 * trying to get the user specific flags.
8007925104Sgww 	 */
81*f8994074SJan Friedel 	if (auditon(A_GETAMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
8207925104Sgww 		return (-1);
837c478bd9Sstevel@tonic-gate 	}
847c478bd9Sstevel@tonic-gate 
857c478bd9Sstevel@tonic-gate 	/*
8607925104Sgww 	 * Get per-user audit flags.
877c478bd9Sstevel@tonic-gate 	 */
8807925104Sgww 	(void) _enum_attrs(user, audit_flags, &user_flags, NULL);
8907925104Sgww 	if (user_flags != NULL) {
9007925104Sgww 		au_user_ent_t  per_user;
917c478bd9Sstevel@tonic-gate 
9207925104Sgww 		(void) getauditflagsbin(_strtok_escape(user_flags,
9307925104Sgww 		    KV_AUDIT_DELIMIT, &last), &(per_user.au_always));
9407925104Sgww 		(void) getauditflagsbin(_strtok_escape(NULL,
9507925104Sgww 		    KV_AUDIT_DELIMIT, &last), &(per_user.au_never));
9607925104Sgww 		/* merge default and per-user */
9707925104Sgww 		mask->as_success |= per_user.au_always.as_success;
9807925104Sgww 		mask->as_failure |= per_user.au_always.as_failure;
9907925104Sgww 		mask->as_success &= ~(per_user.au_never.as_success);
10007925104Sgww 		mask->as_failure &= ~(per_user.au_never.as_failure);
10107925104Sgww 		free(user_flags);
1027c478bd9Sstevel@tonic-gate 	}
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate 	return (0);
1057c478bd9Sstevel@tonic-gate }
106