4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
25 #include <sys/types.h>
28 #include <sys/fcntl.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/audit_uevents.h>
32 #include <bsm/libbsm.h>
33 #include <bsm/audit_private.h>
38 #include <netinet/in.h>
43 #define dprintf(x) { (void) printf x; }
48 static au_event_t event
;
49 static int audit_rexecd_status
= 0;
52 selected(uid
, user
, event
, sf
)
61 mask
.am_success
= mask
.am_failure
= 0;
62 if (uid
> MAXEPHUID
) {
63 /* get non-attrib flags */
64 (void) auditon(A_GETKMASK
, (caddr_t
)&mask
, sizeof (mask
));
66 (void) au_user_mask(user
, &mask
);
70 sorf
= AU_PRS_SUCCESS
;
71 } else if (sf
== -1) {
72 sorf
= AU_PRS_FAILURE
;
77 return (au_preselect(event
, &mask
, sorf
, AU_PRS_REREAD
));
83 dprintf(("audit_rexecd_setup()\n"));
90 audit_rexecd_session_setup(char *name
, char *mach
, uid_t uid
)
94 struct auditinfo_addr info
;
95 uint32_t addr
[4], type
;
98 info
.ai_asid
= getpid();
103 (void) au_user_mask(name
, &mask
);
105 info
.ai_mask
.am_success
= mask
.am_success
;
106 info
.ai_mask
.am_failure
= mask
.am_failure
;
108 rc
= aug_get_machine(mach
, addr
, &type
);
110 perror("get address");
112 info
.ai_termid
.at_port
= aug_get_port();
113 info
.ai_termid
.at_type
= type
;
114 info
.ai_termid
.at_addr
[0] = addr
[0];
115 info
.ai_termid
.at_addr
[1] = addr
[1];
116 info
.ai_termid
.at_addr
[2] = addr
[2];
117 info
.ai_termid
.at_addr
[3] = addr
[3];
119 rc
= setaudit_addr(&info
, sizeof (info
));
126 audit_rexecd_fail(msg
, hostname
, user
, cmdbuf
)
127 char *msg
; /* message containing failure information */
128 char *hostname
; /* hostname of machine requesting service */
129 char *user
; /* username of user requesting service */
130 char *cmdbuf
; /* command line to be executed locally */
132 int rd
; /* audit record descriptor */
133 char buf
[256]; /* temporary buffer */
134 char *tbuf
; /* temporary buffer */
142 uint32_t addr
[4], type
;
145 dprintf(("audit_rexecd_fail()\n"));
148 * check if audit_rexecd_fail() or audit_rexecd_success()
149 * have been called already.
151 if (audit_rexecd_status
== 1) {
155 if (cannot_audit(0)) {
160 * set status to prevent multiple calls
161 * to audit_rexecd_fail() and audit_rexecd_success()
163 audit_rexecd_status
= 1;
165 pwd
= getpwnam(user
);
174 /* determine if we're preselected */
175 if (!selected(uid
, user
, event
, -1))
179 rc
= aug_get_machine(hostname
, addr
, &type
);
181 perror("get address");
184 tid
.at_port
= aug_get_port();
185 tid
.at_addr
[0] = addr
[0];
186 tid
.at_addr
[1] = addr
[1];
187 tid
.at_addr
[2] = addr
[2];
188 tid
.at_addr
[3] = addr
[3];
193 /* add subject token */
195 au_to_subject_ex(uid
, uid
, gid
, uid
, gid
, pid
, pid
, &tid
));
197 /* add reason for failure */
198 (void) au_write(rd
, au_to_text(msg
));
200 /* add hostname of machine requesting service */
201 (void) snprintf(buf
, sizeof (buf
), dgettext(bsm_dom
,
202 "Remote execution requested by: %s"), hostname
);
203 (void) au_write(rd
, au_to_text(buf
));
205 /* add username of user requesting service */
206 (void) snprintf(buf
, sizeof (buf
), dgettext(bsm_dom
,
207 "Username: %s"), user
);
208 (void) au_write(rd
, au_to_text(buf
));
210 /* add command line to be executed locally */
211 gtxt
= dgettext(bsm_dom
, "Command line: %s");
212 tlen
= strlen(gtxt
) + strlen(cmdbuf
) + 1;
213 if ((tbuf
= malloc(tlen
)) == NULL
) {
214 (void) au_close(rd
, 0, 0);
217 (void) snprintf(tbuf
, tlen
, gtxt
, cmdbuf
);
218 (void) au_write(rd
, au_to_text(tbuf
));
221 /* add return token */
223 (void) au_write(rd
, au_to_return64(-1, (int64_t)0));
225 (void) au_write(rd
, au_to_return32(-1, (int32_t)0));
228 /* write audit record */
229 if (au_close(rd
, 1, event
) < 0) {
230 (void) au_close(rd
, 0, 0);
236 audit_rexecd_success(hostname
, user
, cmdbuf
)
237 char *hostname
; /* hostname of machine requesting service */
238 char *user
; /* username of user requesting service */
239 char *cmdbuf
; /* command line to be executed locally */
241 int rd
; /* audit record descriptor */
242 char buf
[256]; /* temporary buffer */
243 char *tbuf
; /* temporary buffer */
251 uint32_t addr
[4], type
;
254 dprintf(("audit_rexecd_success()\n"));
257 * check if audit_rexecd_fail() or audit_rexecd_success()
258 * have been called already.
260 if (audit_rexecd_status
== 1) {
264 if (cannot_audit(0)) {
269 * set status to prevent multiple calls
270 * to audit_rexecd_fail() and audit_rexecd_success()
272 audit_rexecd_status
= 1;
274 pwd
= getpwnam(user
);
283 /* determine if we're preselected */
284 if (!selected(uid
, user
, event
, 0))
285 goto rexecd_audit_session
;
288 rc
= aug_get_machine(hostname
, addr
, &type
);
290 perror("get address");
293 tid
.at_port
= aug_get_port();
294 tid
.at_addr
[0] = addr
[0];
295 tid
.at_addr
[1] = addr
[1];
296 tid
.at_addr
[2] = addr
[2];
297 tid
.at_addr
[3] = addr
[3];
302 /* add subject token */
304 au_to_subject_ex(uid
, uid
, gid
, uid
, gid
, pid
, pid
, &tid
));
306 /* add hostname of machine requesting service */
307 (void) snprintf(buf
, sizeof (buf
), dgettext(bsm_dom
,
308 "Remote execution requested by: %s"), hostname
);
309 (void) au_write(rd
, au_to_text(buf
));
311 /* add username at machine requesting service */
312 (void) snprintf(buf
, sizeof (buf
), dgettext(bsm_dom
,
313 "Username: %s"), user
);
314 (void) au_write(rd
, au_to_text(buf
));
316 /* add command line to be executed locally */
317 gtxt
= dgettext(bsm_dom
, "Command line: %s");
318 tlen
= strlen(gtxt
) + strlen(cmdbuf
) + 1;
319 if ((tbuf
= malloc(tlen
)) == NULL
) {
320 (void) au_close(rd
, 0, 0);
322 (void) snprintf(tbuf
, tlen
, gtxt
, cmdbuf
);
323 (void) au_write(rd
, au_to_text(tbuf
));
326 /* add return token */
328 (void) au_write(rd
, au_to_return64(0, (int64_t)0));
330 (void) au_write(rd
, au_to_return32(0, (int32_t)0));
333 /* write audit record */
334 if (au_close(rd
, 1, event
) < 0) {
335 (void) au_close(rd
, 0, 0);
339 rexecd_audit_session
:
340 audit_rexecd_session_setup(user
, hostname
, uid
);