17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*a98aba88Sgww * Common Development and Distribution License (the "License"). 6*a98aba88Sgww * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*a98aba88Sgww * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #include <assert.h> 29*a98aba88Sgww #include <priv.h> 307c478bd9Sstevel@tonic-gate #include <pwd.h> 317c478bd9Sstevel@tonic-gate #include <signal.h> 327c478bd9Sstevel@tonic-gate #include <stdlib.h> 337c478bd9Sstevel@tonic-gate #include <string.h> 347c478bd9Sstevel@tonic-gate #include <syslog.h> 357c478bd9Sstevel@tonic-gate #include <unistd.h> 367c478bd9Sstevel@tonic-gate #include <sys/wait.h> 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate #include <bsm/adt.h> 397c478bd9Sstevel@tonic-gate #include <bsm/adt_event.h> 407c478bd9Sstevel@tonic-gate #include "login_audit.h" 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * Key assumption: login is single threaded. 447c478bd9Sstevel@tonic-gate */ 457c478bd9Sstevel@tonic-gate static void audit_logout(adt_session_data_t *); 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate /* 487c478bd9Sstevel@tonic-gate * if audit is not enabled, the adt_*() functions simply return without 497c478bd9Sstevel@tonic-gate * doing anything. In the success case, the credential has already been 507c478bd9Sstevel@tonic-gate * setup with audit data by PAM. 517c478bd9Sstevel@tonic-gate */ 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate /* 547c478bd9Sstevel@tonic-gate * There is no information passed to login.c from rlogin or telnet 557c478bd9Sstevel@tonic-gate * about the terminal id. They both set the tid before they 567c478bd9Sstevel@tonic-gate * exec login; the value is picked up by adt_start_session() and is 577c478bd9Sstevel@tonic-gate * carefully *not* overwritten by adt_load_hostname(). 587c478bd9Sstevel@tonic-gate */ 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate void 617c478bd9Sstevel@tonic-gate audit_success(uint_t event_id, struct passwd *pwd, char *optional_text) 627c478bd9Sstevel@tonic-gate { 637c478bd9Sstevel@tonic-gate adt_session_data_t *ah; 647c478bd9Sstevel@tonic-gate adt_event_data_t *event; 657c478bd9Sstevel@tonic-gate int rc; 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate assert(pwd != NULL); 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 70*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m"); 717c478bd9Sstevel@tonic-gate return; 727c478bd9Sstevel@tonic-gate } 737c478bd9Sstevel@tonic-gate if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid, 747c478bd9Sstevel@tonic-gate pwd->pw_uid, pwd->pw_gid, NULL, ADT_USER)) { 75*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m"); 767c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 777c478bd9Sstevel@tonic-gate return; 787c478bd9Sstevel@tonic-gate } 797c478bd9Sstevel@tonic-gate event = adt_alloc_event(ah, event_id); 807c478bd9Sstevel@tonic-gate 817c478bd9Sstevel@tonic-gate if (event == NULL) 827c478bd9Sstevel@tonic-gate return; 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate switch (event_id) { 857c478bd9Sstevel@tonic-gate case ADT_zlogin: 867c478bd9Sstevel@tonic-gate event->adt_zlogin.message = optional_text; 877c478bd9Sstevel@tonic-gate break; 887c478bd9Sstevel@tonic-gate default: 897c478bd9Sstevel@tonic-gate break; 907c478bd9Sstevel@tonic-gate } 917c478bd9Sstevel@tonic-gate rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS); 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate (void) adt_free_event(event); 947c478bd9Sstevel@tonic-gate if (rc) { 957c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 96*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m"); 977c478bd9Sstevel@tonic-gate return; 987c478bd9Sstevel@tonic-gate } 997c478bd9Sstevel@tonic-gate /* 1007c478bd9Sstevel@tonic-gate * The code above executes whether or not audit is enabled. 1017c478bd9Sstevel@tonic-gate * However audit_logout must only execute if audit is 1027c478bd9Sstevel@tonic-gate * enabled so we don't fork unnecessarily. 1037c478bd9Sstevel@tonic-gate */ 1047c478bd9Sstevel@tonic-gate if (adt_audit_enabled()) { 1057c478bd9Sstevel@tonic-gate switch (event_id) { 1067c478bd9Sstevel@tonic-gate case ADT_login: 1077c478bd9Sstevel@tonic-gate case ADT_rlogin: 1087c478bd9Sstevel@tonic-gate case ADT_telnet: 1097c478bd9Sstevel@tonic-gate case ADT_zlogin: 1107c478bd9Sstevel@tonic-gate audit_logout(ah); /* fork to catch logout */ 1117c478bd9Sstevel@tonic-gate break; 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate } 1147c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 1157c478bd9Sstevel@tonic-gate } 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate /* 1187c478bd9Sstevel@tonic-gate * errors are ignored since there is no action to take on error 1197c478bd9Sstevel@tonic-gate */ 1207c478bd9Sstevel@tonic-gate static void 1217c478bd9Sstevel@tonic-gate audit_logout(adt_session_data_t *ah) 1227c478bd9Sstevel@tonic-gate { 1237c478bd9Sstevel@tonic-gate adt_event_data_t *logout; 1247c478bd9Sstevel@tonic-gate int status; /* wait status */ 1257c478bd9Sstevel@tonic-gate pid_t pid; 126*a98aba88Sgww priv_set_t *priv; /* waiting process privs */ 127*a98aba88Sgww 128*a98aba88Sgww if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) { 129*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, 130*a98aba88Sgww "adt_alloc_event(ADT_logout): %m"); 131*a98aba88Sgww return; 132*a98aba88Sgww } 133*a98aba88Sgww if ((priv = priv_allocset()) == NULL) { 134*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, 135*a98aba88Sgww "login audit_logout: could not alloc privs: %m"); 136*a98aba88Sgww adt_free_event(logout); 137*a98aba88Sgww return; 138*a98aba88Sgww } 139*a98aba88Sgww 140*a98aba88Sgww /* 141*a98aba88Sgww * The child returns and continues the login processing. 142*a98aba88Sgww * The parent's sole job is to wait for child exit, write the 143*a98aba88Sgww * logout audit record, and replay the child's exit code. 144*a98aba88Sgww */ 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate if ((pid = fork()) == 0) { 147*a98aba88Sgww /* child */ 148*a98aba88Sgww 149*a98aba88Sgww adt_free_event(logout); 150*a98aba88Sgww priv_freeset(priv); 1517c478bd9Sstevel@tonic-gate return; 152*a98aba88Sgww } 153*a98aba88Sgww if (pid == -1) { 154*a98aba88Sgww /* failure */ 155*a98aba88Sgww 156*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, 157*a98aba88Sgww "login audit_logout: could not fork: %m"); 158*a98aba88Sgww adt_free_event(logout); 159*a98aba88Sgww priv_freeset(priv); 160*a98aba88Sgww return; 161*a98aba88Sgww } 162*a98aba88Sgww 163*a98aba88Sgww /* parent process */ 164*a98aba88Sgww 1657c478bd9Sstevel@tonic-gate /* 1667c478bd9Sstevel@tonic-gate * When this routine is called, the current working 167*a98aba88Sgww * directory is the user's home directory and there are 168*a98aba88Sgww * unknown open files. For the waiting process, change the 169*a98aba88Sgww * current directory to root and close files so that the 170*a98aba88Sgww * user's home directory and anything else can be unmounted 171*a98aba88Sgww * if necessary. 1727c478bd9Sstevel@tonic-gate */ 1737c478bd9Sstevel@tonic-gate if (chdir("/") != 0) { 1747c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, 175*a98aba88Sgww "login audit_logut: could not chdir /: %m"); 1767c478bd9Sstevel@tonic-gate } 177*a98aba88Sgww /* 178*a98aba88Sgww * Reduce privileges to just those needed. 179*a98aba88Sgww */ 180*a98aba88Sgww priv_emptyset(priv); 181*a98aba88Sgww if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) || 182*a98aba88Sgww (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) { 183*a98aba88Sgww syslog(LOG_AUTH | LOG_ALERT, 184*a98aba88Sgww "login audit_logout: could not reduce privs: %m"); 185*a98aba88Sgww } 186*a98aba88Sgww closefrom(0); 187*a98aba88Sgww priv_freeset(priv); 1887c478bd9Sstevel@tonic-gate while (pid != waitpid(pid, &status, 0)) 1897c478bd9Sstevel@tonic-gate continue; 1907c478bd9Sstevel@tonic-gate 1917c478bd9Sstevel@tonic-gate (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS); 1927c478bd9Sstevel@tonic-gate adt_free_event(logout); 193*a98aba88Sgww (void) adt_end_session(ah); 194*a98aba88Sgww exit(WEXITSTATUS(status)); 1957c478bd9Sstevel@tonic-gate } 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate /* 1987c478bd9Sstevel@tonic-gate * errors are ignored since there is no action to take on error. 1997c478bd9Sstevel@tonic-gate * 2007c478bd9Sstevel@tonic-gate * If the user id is invalid, pwd is NULL. 2017c478bd9Sstevel@tonic-gate */ 2027c478bd9Sstevel@tonic-gate void 2037c478bd9Sstevel@tonic-gate audit_failure(uint_t event_id, int failure_code, struct passwd *pwd, 2047c478bd9Sstevel@tonic-gate const char *hostname, const char *ttyname, char *optional_text) 2057c478bd9Sstevel@tonic-gate { 2067c478bd9Sstevel@tonic-gate adt_session_data_t *ah; 2077c478bd9Sstevel@tonic-gate adt_event_data_t *event; 2087c478bd9Sstevel@tonic-gate uid_t uid; 2097c478bd9Sstevel@tonic-gate gid_t gid; 2107c478bd9Sstevel@tonic-gate adt_termid_t *p_tid; 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) 2137c478bd9Sstevel@tonic-gate return; 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate uid = ADT_NO_ATTRIB; 2167c478bd9Sstevel@tonic-gate gid = ADT_NO_ATTRIB; 2177c478bd9Sstevel@tonic-gate if (pwd != NULL) { 2187c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 2197c478bd9Sstevel@tonic-gate gid = pwd->pw_gid; 2207c478bd9Sstevel@tonic-gate } 2217c478bd9Sstevel@tonic-gate /* 2227c478bd9Sstevel@tonic-gate * If this is a remote login, in.rlogind or in.telnetd has 2237c478bd9Sstevel@tonic-gate * already set the terminal id, in which case 2247c478bd9Sstevel@tonic-gate * adt_load_hostname() will use the preset terminal id and 2257c478bd9Sstevel@tonic-gate * ignore hostname. (If no remote host and ttyname is NULL, 2267c478bd9Sstevel@tonic-gate * let adt_load_ttyname() figure out what to do.) 2277c478bd9Sstevel@tonic-gate */ 2287c478bd9Sstevel@tonic-gate if (*hostname == '\0') 2297c478bd9Sstevel@tonic-gate (void) adt_load_ttyname(ttyname, &p_tid); 2307c478bd9Sstevel@tonic-gate else 2317c478bd9Sstevel@tonic-gate (void) adt_load_hostname(hostname, &p_tid); 2327c478bd9Sstevel@tonic-gate 2337c478bd9Sstevel@tonic-gate if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) { 2347c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 2357c478bd9Sstevel@tonic-gate if (p_tid != NULL) 2367c478bd9Sstevel@tonic-gate free(p_tid); 2377c478bd9Sstevel@tonic-gate return; 2387c478bd9Sstevel@tonic-gate } 2397c478bd9Sstevel@tonic-gate if (p_tid != NULL) 2407c478bd9Sstevel@tonic-gate free(p_tid); 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate event = adt_alloc_event(ah, event_id); 2437c478bd9Sstevel@tonic-gate if (event == NULL) { 2447c478bd9Sstevel@tonic-gate return; 2457c478bd9Sstevel@tonic-gate } 2467c478bd9Sstevel@tonic-gate switch (event_id) { 2477c478bd9Sstevel@tonic-gate case ADT_zlogin: 2487c478bd9Sstevel@tonic-gate event->adt_zlogin.message = optional_text; 2497c478bd9Sstevel@tonic-gate break; 2507c478bd9Sstevel@tonic-gate } 2517c478bd9Sstevel@tonic-gate (void) adt_put_event(event, ADT_FAILURE, failure_code); 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate adt_free_event(event); 2547c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 2557c478bd9Sstevel@tonic-gate } 256