usr/src/cmd/smserverd/myaudit.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26
  27 #include <netdb.h>
  28 #include <netinet/in.h>
  29 #include <pwd.h>
  30 #include <sys/errno.h>
  31 #include <sys/mutex.h>
  32 #include <sys/param.h>
  33 #include <sys/socket.h>
  34 #include <sys/stat.h>
  35 #include <sys/types.h>
  36 #include <string.h>
  37 #include <unistd.h>
  38 #include <stdlib.h>
  39 #include <alloca.h>
  40 #include <sys/smedia.h>
  41 #include <tsol/label.h>
  42 #include "smserver.h"
  43 #include <bsm/audit.h>
  44 #include <bsm/libbsm.h>
  45 #include <bsm/audit_uevents.h>
  46 #include <bsm/audit_record.h>
  47
  48 /* Private Functions */
  49 static int selected(au_event_t, au_mask_t *, int);
  50
  51 static int audit_selected(door_data_t *);
  52 static int audit_na_selected(door_data_t *);
  53 static int audit_save_namask(door_data_t *door_dp);
  54 static int audit_save_policy(door_data_t *door_dp);
  55
  56 /*
  57  * can_audit:
  58  *      Return 1 if audit module is loaded.
  59  *      Return 0 otherwise.
  60  *
  61  */
  62 int
  63 can_audit(void)
  64 {
  65         static int auc = AUC_UNSET;
  66         int cond = 0;
  67
  68         if (auditon(A_GETCOND, (caddr_t)&cond, sizeof (cond))) {
  69                 auc = AUC_DISABLED;
  70         } else {
  71                 auc = cond;
  72         }
  73         if (auc == AUC_DISABLED)
  74                 return (0);
  75         else return (1);
  76 }
  77
  78 static int
  79 audit_save_policy(door_data_t *door_dp)
  80 {
  81         uint32_t policy;
  82
  83         if (auditon(A_GETPOLICY, (caddr_t)&policy, sizeof (policy))) {
  84                 return (-1);
  85         }
  86         door_dp->audit_policy = policy;
  87         return (0);
  88 }
  89
  90 /*
  91  * audit_init():
  92  *      Initialize variables.
  93  */
  94 void
  95 audit_init(door_data_t *door_dp)
  96 {
  97         door_dp->audit_auid = (uid_t)-1;
  98         door_dp->audit_uid = (uid_t)-1;
  99         door_dp->audit_euid = (uid_t)-1;
 100         door_dp->audit_gid = (gid_t)-1;
 101         door_dp->audit_egid = (gid_t)-1;
 102         door_dp->audit_pid = -1;
 103         door_dp->audit_tid.at_port = 0;
 104         door_dp->audit_tid.at_type = 0;
 105         door_dp->audit_tid.at_addr[0] = 0;
 106         door_dp->audit_tid.at_addr[1] = 0;
 107         door_dp->audit_tid.at_addr[2] = 0;
 108         door_dp->audit_tid.at_addr[3] = 0;
 109         door_dp->audit_namask.am_success = (int)-1;
 110         door_dp->audit_namask.am_failure = (int)-1;
 111         door_dp->audit_event = 0;
 112         door_dp->audit_sorf = -2;
 113         door_dp->audit_user = NULL;
 114         door_dp->audit_text[0] = NULL;
 115         door_dp->audit_text1[0] = NULL;
 116         door_dp->audit_na = 0;
 117         door_dp->audit_asid = (au_asid_t)(-1);
 118         door_dp->audit_path = NULL;
 119 }
 120
 121 int
 122 audit_save_me(door_data_t       *door_dp)
 123 {
 124         door_cred_t     client_cred;
 125         int             ret_val;
 126         int             i;
 127
 128         ret_val = door_cred(&client_cred);
 129         if (ret_val == -1)
 130                 return (ret_val);
 131         door_dp->audit_ap.ap_pid = client_cred.dc_pid;
 132         ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap,
 133             sizeof (door_dp->audit_ap));
 134         if (ret_val == -1)
 135                 return (ret_val);
 136
 137         door_dp->audit_auid = door_dp->audit_ap.ap_auid;
 138         door_dp->audit_euid = client_cred.dc_euid;
 139         door_dp->audit_egid = client_cred.dc_egid;
 140         door_dp->audit_uid = client_cred.dc_ruid;
 141         door_dp->audit_gid = client_cred.dc_rgid;
 142         door_dp->audit_pid = client_cred.dc_pid;
 143         door_dp->audit_asid = door_dp->audit_ap.ap_asid;
 144         door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port;
 145         door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type;
 146         for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++)
 147                 door_dp->audit_tid.at_addr[i] =
 148                     door_dp->audit_ap.ap_termid.at_addr[i];
 149         (void) audit_save_policy(door_dp);
 150         return (0);
 151 }
 152
 153 /*
 154  * audit_save_namask():
 155  *      Save the namask using the naflags entry in the audit_control file.
 156  *      Return 0 if successful.
 157  *      Return -1, and don't change the namask, if failed.
 158  *      Side Effect: Sets audit_na to -1 if error, 1 if successful.
 159  */
 160 static int
 161 audit_save_namask(door_data_t *door_dp)
 162 {
 163         au_mask_t mask;
 164
 165         door_dp->audit_na = -1;
 166
 167         /*
 168          * get non-attributable system event mask from kernel.
 169          */
 170         if (auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask)) != 0) {
 171                 return (-1);
 172         }
 173
 174         door_dp->audit_namask.am_success = mask.am_success;
 175         door_dp->audit_namask.am_failure = mask.am_failure;
 176         door_dp->audit_na = 1;
 177         return (0);
 178 }
 179
 180 /*
 181  * audit_audit:
 182  *      Cut and audit record if it is selected.
 183  *      Return 0, if successfully written.
 184  *      Return 0, if not written, and not expected to write.
 185  *      Return -1, if not written because of unexpected error.
 186  */
 187 int
 188 audit_audit(door_data_t *door_dp)
 189 {
 190         int ad;
 191
 192         if (can_audit() == 0) {
 193                 return (0);
 194         }
 195
 196         if (door_dp->audit_na) {
 197                 if (!audit_na_selected(door_dp)) {
 198                         return (0);
 199                 }
 200         } else if (!audit_selected(door_dp)) {
 201                 return (0);
 202         }
 203
 204         if ((ad = au_open()) == -1) {
 205                 return (-1);
 206         }
 207
 208         (void) au_write(ad, au_to_subject_ex(door_dp->audit_auid,
 209             door_dp->audit_euid,
 210             door_dp->audit_egid,
 211             door_dp->audit_uid, door_dp->audit_gid, door_dp->audit_pid,
 212             door_dp->audit_asid, &door_dp->audit_tid));
 213         if (is_system_labeled())
 214                 (void) au_write(ad, au_to_mylabel());
 215         if (door_dp->audit_policy & AUDIT_GROUP) {
 216
 217                 int ng;
 218                 int maxgrp = getgroups(0, NULL);
 219                 gid_t *grplst = alloca(maxgrp * sizeof (gid_t));
 220
 221                 if ((ng = getgroups(maxgrp, grplst))) {
 222                         (void) au_write(ad, au_to_newgroups(ng, grplst));
 223                 }
 224         }
 225         if (strlen(door_dp->audit_text) != 0) {
 226                 (void) au_write(ad, au_to_text(door_dp->audit_text));
 227         }
 228         if (strlen(door_dp->audit_text1) != 0) {
 229                 (void) au_write(ad, au_to_text(door_dp->audit_text1));
 230         }
 231         if (door_dp->audit_path != NULL) {
 232                 (void) au_write(ad, au_to_path(door_dp->audit_path));
 233         }
 234 #ifdef _LP64
 235         (void) au_write(ad, au_to_return64((door_dp->audit_sorf == 0) ? 0 : -1,
 236             (int64_t)door_dp->audit_sorf));
 237 #else
 238         (void) au_write(ad, au_to_return32((door_dp->audit_sorf == 0) ? 0 : -1,
 239             (int32_t)door_dp->audit_sorf));
 240 #endif
 241         if (au_close(ad, 1, door_dp->audit_event) < 0) {
 242                 (void) au_close(ad, 0, 0);
 243                 return (-1);
 244         }
 245
 246         return (0);
 247 }
 248
 249 static int
 250 audit_na_selected(door_data_t *door_dp)
 251 {
 252         if (door_dp->audit_na == -1) {
 253                 return (-1);
 254         }
 255
 256         return (selected(door_dp->audit_event,
 257             &door_dp->audit_namask, door_dp->audit_sorf));
 258 }
 259
 260 static int
 261 audit_selected(door_data_t *door_dp)
 262 {
 263
 264         if (door_dp->audit_uid > MAXUID) {
 265                 (void) audit_save_namask(door_dp);
 266                 return (audit_na_selected(door_dp));
 267         }
 268
 269         return (selected(door_dp->audit_event,
 270             &door_dp->audit_ap.ap_mask, door_dp->audit_sorf));
 271 }
 272
 273 static int
 274 selected(au_event_t e, au_mask_t *m, int sorf)
 275 {
 276         int prs_sorf;
 277
 278         if (sorf == 0) {
 279                 prs_sorf = AU_PRS_SUCCESS;
 280         } else if (sorf == -1) {
 281                 prs_sorf = AU_PRS_FAILURE;
 282         } else {
 283                 prs_sorf = AU_PRS_BOTH;
 284         }
 285
 286         return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
 287 }