xref: /titanic_50/usr/src/lib/libbsm/common/audit_rshd.c (revision 8696d418011068e5cedf3a229f7a6613e7798e92)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 #pragma ident	"%Z%%M%	%I%	%E% SMI"
26 
27 #include <sys/types.h>
28 #include <sys/param.h>
29 #include <stdio.h>
30 #include <sys/fcntl.h>
31 #include <bsm/audit.h>
32 #include <bsm/audit_record.h>
33 #include <bsm/audit_uevents.h>
34 #include <bsm/libbsm.h>
35 #include <bsm/audit_private.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <syslog.h>
39 #include <netinet/in.h>
40 #include <tsol/label.h>
41 #include <locale.h>
42 #include <unistd.h>
43 #include <generic.h>
44 
45 static au_event_t	rshd_event;	/* audit event number */
46 static uint32_t		rshd_addr[4];	/* peer address */
47 
48 static void generate_record(char *, char *, char *, int, char *);
49 static void setup_session(char *);
50 static int selected(uid_t, char *, au_event_t, int);
51 
52 int
53 audit_rshd_setup()
54 {
55 	rshd_event = AUE_rshd;
56 	return (0);
57 }
58 
59 /* ARGSUSED */
60 int
61 audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf)
62 char	*msg;		/* message containing failure information */
63 char	*hostname;		/* hostname of machine requesting service */
64 char	*remuser;		/* username at machine requesting service */
65 char	*locuser;		/* username of local machine */
66 char	*cmdbuf;		/* command line to be executed locally */
67 {
68 	if (cannot_audit(0)) {
69 		return (0);
70 	}
71 	generate_record(remuser, locuser, cmdbuf, -1, msg);
72 	return (0);
73 }
74 
75 /* ARGSUSED */
76 int
77 audit_rshd_success(hostname, remuser, locuser, cmdbuf)
78 char	*hostname;		/* hostname of machine requesting service */
79 char	*remuser;		/* username at machine requesting service */
80 char	*locuser;		/* username at local machine */
81 char	*cmdbuf;		/* command line to be executed locally */
82 {
83 	if (cannot_audit(0)) {
84 		return (0);
85 	}
86 	generate_record(remuser, locuser, cmdbuf, 0, "");
87 	setup_session(locuser);
88 	return (0);
89 }
90 
91 
92 #include <pwd.h>
93 
94 static void
95 generate_record(char *remuser,	/* username at machine requesting service */
96 		char *locuser,	/* username of local machine */
97 		char *cmdbuf,	/* command line to be executed locally */
98 		int sf_flag,	/* success (0) or failure (-1) flag */
99 		char *msg)	/* message containing failure information */
100 {
101 	int	rd;		/* audit record descriptor */
102 	char	buf[256];	/* temporary buffer */
103 	char	*tbuf;		/* temporary buffer */
104 	int	tlen;
105 	const char *gtxt;
106 	uid_t	uid;
107 	gid_t	gid;
108 	pid_t	pid;
109 	struct passwd *pwd;
110 	struct auditinfo_addr info;
111 
112 	if (cannot_audit(0)) {
113 		return;
114 	}
115 
116 	pwd = getpwnam(locuser);
117 	if (pwd == NULL) {
118 		uid = (uid_t)-1;
119 		gid = (gid_t)-1;
120 	} else {
121 		uid = pwd->pw_uid;
122 		gid = pwd->pw_gid;
123 	}
124 
125 	if (!selected(uid, locuser, rshd_event, sf_flag))
126 		return;
127 
128 	pid = getpid();
129 
130 	/* see if terminal id already set */
131 	if (getaudit_addr(&info, sizeof (info)) < 0) {
132 		perror("getaudit");
133 	}
134 	rd = au_open();
135 
136 	(void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
137 		&info.ai_termid));
138 	if (is_system_labeled())
139 		(void) au_write(rd, au_to_mylabel());
140 
141 	gtxt = dgettext(bsm_dom, "cmd %s");
142 	tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
143 	if ((tbuf = malloc(tlen)) == NULL) {
144 		(void) au_close(rd, 0, 0);
145 		return;
146 	}
147 	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
148 	(void) au_write(rd, au_to_text(tbuf));
149 	(void) free(tbuf);
150 
151 	if (strcmp(remuser, locuser) != 0) {
152 		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
153 			"remote user %s"), remuser);
154 		(void) au_write(rd, au_to_text(buf));
155 	}
156 
157 	if (sf_flag == -1) {
158 		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
159 			"local user %s"), locuser);
160 		(void) au_write(rd, au_to_text(buf));
161 		(void) au_write(rd, au_to_text(msg));
162 	}
163 
164 #ifdef _LP64
165 	(void) au_write(rd, au_to_return64(sf_flag, (int64_t)0));
166 #else
167 	(void) au_write(rd, au_to_return32(sf_flag, (int32_t)0));
168 #endif
169 
170 	if (au_close(rd, 1, rshd_event) < 0) {
171 		(void) au_close(rd, 0, 0);
172 	}
173 }
174 
175 static int
176 selected(uid_t uid, char *locuser, au_event_t event, int sf)
177 {
178 	int	rc, sorf;
179 	char	naflags[512];
180 	struct au_mask mask;
181 
182 	mask.am_success = mask.am_failure = 0;
183 	if (uid > MAXEPHUID) {
184 		rc = getacna(naflags, 256); /* get non-attrib flags */
185 		if (rc == 0)
186 			(void) getauditflagsbin(naflags, &mask);
187 	} else {
188 		rc = au_user_mask(locuser, &mask);
189 	}
190 
191 	if (sf == 0)
192 		sorf = AU_PRS_SUCCESS;
193 	else if (sf == -1)
194 		sorf = AU_PRS_FAILURE;
195 	else
196 		sorf = AU_PRS_BOTH;
197 	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
198 	return (rc);
199 }
200 
201 static void
202 setup_session(char *locuser)
203 {
204 	int	rc;
205 	struct auditinfo_addr info;
206 	au_mask_t		mask;
207 	uid_t			uid;
208 	struct passwd *pwd;
209 
210 	pwd = getpwnam(locuser);
211 	if (pwd == NULL)
212 		uid = (uid_t)-1;
213 	else
214 		uid = pwd->pw_uid;
215 
216 	/* see if terminal id already set */
217 	if (getaudit_addr(&info, sizeof (info)) < 0) {
218 		perror("getaudit");
219 	}
220 
221 	info.ai_auid = uid;
222 	info.ai_asid = getpid();
223 
224 	mask.am_success = 0;
225 	mask.am_failure = 0;
226 	(void) au_user_mask(locuser, &mask);
227 
228 	info.ai_mask.am_success = mask.am_success;
229 	info.ai_mask.am_failure = mask.am_failure;
230 
231 	rshd_addr[0] = info.ai_termid.at_addr[0];
232 	rshd_addr[1] = info.ai_termid.at_addr[1];
233 	rshd_addr[2] = info.ai_termid.at_addr[2];
234 	rshd_addr[3] = info.ai_termid.at_addr[3];
235 
236 	rc = setaudit_addr(&info, sizeof (info));
237 	if (rc < 0) {
238 		perror("setaudit");
239 	}
240 }
241