| blob | c26b4caed7209833d58ddac4ec30f62d51524490 |
1 /* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
3 /*
4 * TODO
5 *
6 * - deal with overlap between this and sys_auth_allowed_user
7 * sys_auth_record_login and record_failed_login.
8 */
10 /*
11 * Copyright 1988-2002 Sun Microsystems, Inc. All rights reserved.
12 * Use is subject to license terms.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 */
35 /* #pragma ident "@(#)bsmaudit.c 1.1 01/09/17 SMI" */
38 #if defined(USE_BSM_AUDIT)
40 #include <sys/types.h>
42 #include <errno.h>
43 #include <stdarg.h>
44 #include <unistd.h>
53 #ifndef AUE_openssh
54 # define AUE_openssh 32800
55 #endif
56 #include <bsm/audit.h>
57 #include <bsm/libbsm.h>
58 #include <bsm/audit_uevents.h>
59 #include <bsm/audit_record.h>
60 #include <locale.h>
62 #if defined(HAVE_GETAUDIT_ADDR)
63 #define AuditInfoStruct auditinfo_addr
64 #define AuditInfoTermID au_tid_addr_t
65 #define GetAuditFunc(a,b) getaudit_addr((a),(b))
67 #define SetAuditFunc(a,b) setaudit_addr((a),(b))
69 #define AUToSubjectFunc au_to_subject_ex
70 #define AUToReturnFunc(a,b) au_to_return32((a), (int32_t)(b))
71 #else
72 #define AuditInfoStruct auditinfo
73 #define AuditInfoTermID au_tid_t
74 #define GetAuditFunc(a,b) getaudit(a)
76 #define SetAuditFunc(a,b) setaudit(a)
78 #define AUToSubjectFunc au_to_subject
79 #define AUToReturnFunc(a,b) au_to_return((a), (u_int)(b))
80 #endif
112 #ifndef HAVE_GETTEXT
113 # define gettext(a) (a)
114 #endif
119 /* Below is the low-level BSM interface code */
121 /*
122 * Check if the specified event is selected (enabled) for auditing.
123 * Returns 1 if the event is selected, 0 if not and -1 on failure.
124 */
125 static int
127 {
134 /* get flags for non-attributable (to a real user) events */
143 }
145 static void
147 {
157 }
177 }
179 static void
181 {
184 au_mask_t mask;
189 }
193 else
210 }
212 static void
214 {
227 }
228 }
230 /* Below is the sshd audit API code */
232 void
234 {
242 /* populate our terminal id structure */
243 #if defined(HAVE_GETAUDIT_ADDR)
249 #else
250 /* this is used on IPv4-only machines */
255 #endif
256 }
258 void
260 {
261 /* not implemented */
262 }
264 void
266 {
267 /* not implemented */
268 }
270 void
272 {
273 /* not implemented */
274 }
276 void
278 {
296 /*
297 * We can also get a close event if the user attempted auth
298 * but never succeeded.
299 */
306 __func__);
307 }
335 }
336 }