usr/src/lib/libbsm/common/audit_rexecd.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24
  25 #include <sys/types.h>
  26 #include <stdio.h>
  27 #include <unistd.h>
  28 #include <sys/fcntl.h>
  29 #include <bsm/audit.h>
  30 #include <bsm/audit_record.h>
  31 #include <bsm/audit_uevents.h>
  32 #include <bsm/libbsm.h>
  33 #include <bsm/audit_private.h>
  34 #include <stdlib.h>
  35 #include <string.h>
  36 #include <syslog.h>
  37 #include <pwd.h>
  38 #include <netinet/in.h>
  39 #include <locale.h>
  40 #include "generic.h"
  41
  42 #ifdef C2_DEBUG
  43 #define dprintf(x) { (void) printf x; }
  44 #else
  45 #define dprintf(x)
  46 #endif
  47
  48 static au_event_t       event;
  49 static int              audit_rexecd_status = 0;
  50
  51 static int
  52 selected(uid, user, event, sf)
  53 uid_t uid;
  54 char    *user;
  55 au_event_t      event;
  56 int     sf;
  57 {
  58         int             sorf;
  59         struct au_mask  mask;
  60
  61         mask.am_success = mask.am_failure = 0;
  62         if (uid > MAXEPHUID) {
  63                 /* get non-attrib flags */
  64                 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
  65         } else {
  66                 (void) au_user_mask(user, &mask);
  67         }
  68
  69         if (sf == 0) {
  70                 sorf = AU_PRS_SUCCESS;
  71         } else if (sf == -1) {
  72                 sorf = AU_PRS_FAILURE;
  73         } else {
  74                 sorf = AU_PRS_BOTH;
  75         }
  76
  77         return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
  78 }
  79
  80 void
  81 audit_rexecd_setup()
  82 {
  83         dprintf(("audit_rexecd_setup()\n"));
  84
  85         event = AUE_rexecd;
  86 }
  87
  88
  89 static void
  90 audit_rexecd_session_setup(char *name, char *mach, uid_t uid)
  91 {
  92         int                     rc;
  93         au_mask_t               mask;
  94         struct auditinfo_addr   info;
  95         uint32_t addr[4], type;
  96
  97         info.ai_auid = uid;
  98         info.ai_asid = getpid();
  99
 100         mask.am_success = 0;
 101         mask.am_failure = 0;
 102
 103         (void) au_user_mask(name, &mask);
 104
 105         info.ai_mask.am_success  = mask.am_success;
 106         info.ai_mask.am_failure  = mask.am_failure;
 107
 108         rc = aug_get_machine(mach, addr, &type);
 109         if (rc < 0) {
 110                 perror("get address");
 111         }
 112         info.ai_termid.at_port = aug_get_port();
 113         info.ai_termid.at_type    = type;
 114         info.ai_termid.at_addr[0] = addr[0];
 115         info.ai_termid.at_addr[1] = addr[1];
 116         info.ai_termid.at_addr[2] = addr[2];
 117         info.ai_termid.at_addr[3] = addr[3];
 118
 119         rc = setaudit_addr(&info, sizeof (info));
 120         if (rc < 0) {
 121                 perror("setaudit");
 122         }
 123 }
 124
 125 void
 126 audit_rexecd_fail(msg, hostname, user, cmdbuf)
 127 char    *msg;           /* message containing failure information */
 128 char    *hostname;      /* hostname of machine requesting service */
 129 char    *user;          /* username of user requesting service */
 130 char    *cmdbuf;        /* command line to be executed locally */
 131 {
 132         int     rd;             /* audit record descriptor */
 133         char    buf[256];       /* temporary buffer */
 134         char    *tbuf;          /* temporary buffer */
 135         int     tlen;
 136         const char *gtxt;
 137         uid_t   uid;
 138         gid_t   gid;
 139         pid_t   pid;
 140         au_tid_addr_t   tid;
 141         struct passwd   *pwd;
 142         uint32_t addr[4], type;
 143         int rc;
 144
 145         dprintf(("audit_rexecd_fail()\n"));
 146
 147         /*
 148          * check if audit_rexecd_fail() or audit_rexecd_success()
 149          * have been called already.
 150          */
 151         if (audit_rexecd_status == 1) {
 152                 return;
 153         }
 154
 155         if (cannot_audit(0)) {
 156                 return;
 157         }
 158
 159         /*
 160          * set status to prevent multiple calls
 161          * to audit_rexecd_fail() and audit_rexecd_success()
 162          */
 163         audit_rexecd_status = 1;
 164
 165         pwd = getpwnam(user);
 166         if (pwd == NULL) {
 167                 uid = (uid_t)-1;
 168                 gid = (gid_t)-1;
 169         } else {
 170                 uid = pwd->pw_uid;
 171                 gid = pwd->pw_gid;
 172         }
 173
 174         /* determine if we're preselected */
 175         if (!selected(uid, user, event, -1))
 176                 return;
 177
 178         pid = getpid();
 179         rc = aug_get_machine(hostname, addr, &type);
 180         if (rc < 0) {
 181                 perror("get address");
 182         }
 183
 184         tid.at_port    = aug_get_port();
 185         tid.at_addr[0] = addr[0];
 186         tid.at_addr[1] = addr[1];
 187         tid.at_addr[2] = addr[2];
 188         tid.at_addr[3] = addr[3];
 189         tid.at_type    = type;
 190
 191         rd = au_open();
 192
 193         /* add subject token */
 194         (void) au_write(rd,
 195                 au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, &tid));
 196
 197         /* add reason for failure */
 198         (void) au_write(rd, au_to_text(msg));
 199
 200         /* add hostname of machine requesting service */
 201         (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 202                 "Remote execution requested by: %s"), hostname);
 203         (void) au_write(rd, au_to_text(buf));
 204
 205         /* add username of user requesting service */
 206         (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 207                 "Username: %s"), user);
 208         (void) au_write(rd, au_to_text(buf));
 209
 210         /* add command line to be executed locally */
 211         gtxt = dgettext(bsm_dom, "Command line: %s");
 212         tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
 213         if ((tbuf = malloc(tlen)) == NULL) {
 214                 (void) au_close(rd, 0, 0);
 215                 return;
 216         }
 217         (void) snprintf(tbuf, tlen, gtxt, cmdbuf);
 218         (void) au_write(rd, au_to_text(tbuf));
 219         (void) free(tbuf);
 220
 221         /* add return token */
 222 #ifdef _LP64
 223         (void) au_write(rd, au_to_return64(-1, (int64_t)0));
 224 #else
 225         (void) au_write(rd, au_to_return32(-1, (int32_t)0));
 226 #endif
 227
 228         /* write audit record */
 229         if (au_close(rd, 1, event) < 0) {
 230                 (void) au_close(rd, 0, 0);
 231                 return;
 232         }
 233 }
 234
 235 void
 236 audit_rexecd_success(hostname, user, cmdbuf)
 237 char    *hostname;      /* hostname of machine requesting service */
 238 char    *user;          /* username of user requesting service */
 239 char    *cmdbuf;        /* command line to be executed locally */
 240 {
 241         int     rd;             /* audit record descriptor */
 242         char    buf[256];       /* temporary buffer */
 243         char    *tbuf;          /* temporary buffer */
 244         int     tlen;
 245         const char *gtxt;
 246         uid_t   uid;
 247         gid_t   gid;
 248         pid_t   pid;
 249         au_tid_addr_t   tid;
 250         struct passwd   *pwd;
 251         uint32_t addr[4], type;
 252         int rc;
 253
 254         dprintf(("audit_rexecd_success()\n"));
 255
 256         /*
 257          * check if audit_rexecd_fail() or audit_rexecd_success()
 258          * have been called already.
 259          */
 260         if (audit_rexecd_status == 1) {
 261                 return;
 262         }
 263
 264         if (cannot_audit(0)) {
 265                 return;
 266         }
 267
 268         /*
 269          * set status to prevent multiple calls
 270          * to audit_rexecd_fail() and audit_rexecd_success()
 271          */
 272         audit_rexecd_status = 1;
 273
 274         pwd = getpwnam(user);
 275         if (pwd == NULL) {
 276                 uid = (uid_t)-1;
 277                 gid = (gid_t)-1;
 278         } else {
 279                 uid = pwd->pw_uid;
 280                 gid = pwd->pw_gid;
 281         }
 282
 283         /* determine if we're preselected */
 284         if (!selected(uid, user, event, 0))
 285                 goto rexecd_audit_session;
 286
 287         pid = getpid();
 288         rc = aug_get_machine(hostname, addr, &type);
 289         if (rc < 0) {
 290                 perror("get address");
 291         }
 292
 293         tid.at_port    = aug_get_port();
 294         tid.at_addr[0] = addr[0];
 295         tid.at_addr[1] = addr[1];
 296         tid.at_addr[2] = addr[2];
 297         tid.at_addr[3] = addr[3];
 298         tid.at_type    = type;
 299
 300         rd = au_open();
 301
 302         /* add subject token */
 303         (void) au_write(rd,
 304                 au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, &tid));
 305
 306         /* add hostname of machine requesting service */
 307         (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 308                 "Remote execution requested by: %s"), hostname);
 309         (void) au_write(rd, au_to_text(buf));
 310
 311         /* add username at machine requesting service */
 312         (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 313             "Username: %s"), user);
 314         (void) au_write(rd, au_to_text(buf));
 315
 316         /* add command line to be executed locally */
 317         gtxt = dgettext(bsm_dom, "Command line: %s");
 318         tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
 319         if ((tbuf = malloc(tlen)) == NULL) {
 320                 (void) au_close(rd, 0, 0);
 321         } else {
 322                 (void) snprintf(tbuf, tlen, gtxt, cmdbuf);
 323                 (void) au_write(rd, au_to_text(tbuf));
 324                 (void) free(tbuf);
 325
 326                 /* add return token */
 327 #ifdef _LP64
 328                 (void) au_write(rd, au_to_return64(0, (int64_t)0));
 329 #else
 330                 (void) au_write(rd, au_to_return32(0, (int32_t)0));
 331 #endif
 332
 333                 /* write audit record */
 334                 if (au_close(rd, 1, event) < 0) {
 335                         (void) au_close(rd, 0, 0);
 336                 }
 337         }
 338
 339 rexecd_audit_session:
 340         audit_rexecd_session_setup(user, hostname, uid);
 341 }