1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <bsm/adt.h>
27 #include <bsm/adt_event.h>
28 #include <assert.h>
29 #include <bsm/audit.h>
30 #include <bsm/audit_record.h>
31 #include <bsm/libbsm.h>
32 #include <door.h>
33 #include <errno.h>
34 #include <generic.h>
35 #include <md5.h>
36 #include <sys/mkdev.h>
37 #include <netdb.h>
38 #include <nss_dbdefs.h>
39 #include <pwd.h>
40 #include <sys/stat.h>
41 #include <time.h>
42 #include <stdlib.h>
43 #include <string.h>
44 #include <synch.h>
45 #include <sys/systeminfo.h>
46 #include <syslog.h>
47 #include <thread.h>
48 #include <unistd.h>
49 #include <adt_xlate.h>
50 #include <adt_ucred.h>
51 #include <arpa/inet.h>
52 #include <net/if.h>
53 #include <libinetutil.h>
54
55 static int adt_selected(struct adt_event_state *, au_event_t, int);
56 static int adt_init(adt_internal_state_t *, int);
57 static int adt_import(adt_internal_state_t *, const adt_export_data_t *);
58 static m_label_t *adt_ucred_label(ucred_t *);
59 static void adt_setto_unaudited(adt_internal_state_t *);
60 static int adt_get_local_address(int, struct ifaddrlist *);
61
62 #ifdef C2_DEBUG
63 #define DPRINTF(x) { (void) printf x; }
64 #define DFLUSH (void) fflush(stdout);
65 #else
66 #define DPRINTF(x)
67 #define DFLUSH
68 #endif
69
70 /*
71 * Local audit states are a bit mask
72 *
73 * The global audit states are
74 *
75 * AUC_UNSET 0 - on/off hasn't been decided
76 * AUC_ENABLED 1 - loaded and enabled
77 *
78 * The local Zone states are
79 *
80 * AUC_AUDITING 0x1 - audit daemon is active
81 * AUC_NOAUDIT 0x2 - audit daemon is not active
82 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run
83 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records
84 *
85 * The only values returned by auditon(A_GETCOND) are:
86 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE
87 *
88 * The pseudo audit state used when the c2audit module is excluded is
89 *
90 * AUC_DISABLED 0x100 - c2audit module is excluded
91 */
92
93 static int auditstate = AUC_DISABLED; /* default state */
94
95 /*
96 * adt_write_syslog
97 *
98 * errors that are not the user's fault (bugs or whatever in
99 * the underlying audit code are noted in syslog.)
100 *
101 * Avoid calling adt_write_syslog for things that can happen
102 * at high volume.
103 *
104 * syslog's open (openlog) and close (closelog) are interesting;
105 * openlog *may* create a file descriptor and is optional. closelog
106 * *will* close any open file descriptors and is also optional.
107 *
108 * Since syslog may also be used by the calling application, the
109 * choice is to avoid openlog, which sets some otherwise useful
110 * parameters, and to embed "Solaris_audit" in the log message.
111 */
112
113 void
adt_write_syslog(const char * message,int err)114 adt_write_syslog(const char *message, int err)
115 {
116 int save_errno = errno;
117 int mask_priority;
118
119 DPRINTF(("syslog called: %s\n", message));
120
121 mask_priority = setlogmask(LOG_MASK(LOG_ALERT));
122 errno = err;
123 syslog(LOG_ALERT, "Solaris_audit %s: %m", message);
124 (void) setlogmask(mask_priority);
125 errno = save_errno;
126 }
127
128 /*
129 * return true if c2audit is not excluded.
130 *
131 * For purpose of this API, anything but AUC_DISABLED
132 * is enabled; however one never actually sees
133 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any
134 * auditon error is considered the same as ENOTSUP for our
135 * purpose. auditstate is not changed by auditon if an error
136 * is returned.
137 */
138
139 /*
140 * XXX this should probably be eliminated and adt_audit_state() replace it.
141 * All the legitimate uses are to not fork a waiting process for
142 * process exit processing, as in su, login, dtlogin. Other bogus
143 * users are zoneadmd and init.
144 * All but dtlogin are in ON, so we can do this without cross gate
145 * synchronization.
146 *
147 * No longer used in adt.c.
148 */
149
150 boolean_t
adt_audit_enabled(void)151 adt_audit_enabled(void)
152 {
153
154 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
155
156 return (auditstate != AUC_DISABLED);
157 }
158
159 /*
160 * See adt_audit_enabled() for state discussions.
161 * The state parameter is a hedge until all the uses become clear.
162 * Likely if adt_audit_enabled is brought internal to this file,
163 * it could be modified to take one or more parameters to describe the
164 * state.
165 */
166
167 boolean_t
adt_audit_state(int states)168 adt_audit_state(int states)
169 {
170
171 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
172
173 return ((auditstate & states) ? B_TRUE : B_FALSE);
174 }
175
176 /*
177 * Get user_specific/non-attributable audit mask. This may be called even when
178 * auditing is off.
179 */
180
181 static int
adt_get_mask_from_user(uid_t uid,au_mask_t * mask)182 adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
183 {
184 struct passwd pwd;
185 long buff_sz;
186 char *pwd_buff;
187
188
189 if (auditstate & AUC_DISABLED) {
190 /* c2audit excluded */
191 mask->am_success = 0;
192 mask->am_failure = 0;
193 } else if (uid <= MAXUID) {
194 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
195 adt_write_syslog("couldn't determine maximum size of "
196 "password buffer", errno);
197 return (-1);
198 }
199 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
200 return (-1);
201 }
202 if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
203 errno = EINVAL; /* user doesn't exist */
204 free(pwd_buff);
205 return (-1);
206 }
207 free(pwd_buff);
208 if (au_user_mask(pwd.pw_name, mask)) {
209 errno = EFAULT; /* undetermined failure */
210 return (-1);
211 }
212 } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
213 return (-1);
214 }
215
216 return (0);
217 }
218
219 /*
220 * adt_get_unique_id -- generate a hopefully unique 32 bit value
221 *
222 * there will be a follow up to replace this with the use of /dev/random
223 *
224 * An MD5 hash is taken on a buffer of
225 * hostname . audit id . unix time . pid . count
226 *
227 * "count = noise++;" is subject to a race condition but I don't
228 * see a need to put a lock around it.
229 */
230
231 au_asid_t
adt_get_unique_id(au_id_t uid)232 adt_get_unique_id(au_id_t uid)
233 {
234 char hostname[MAXHOSTNAMELEN];
235 union {
236 au_id_t v[4];
237 unsigned char obuff[128/8];
238 } output;
239 MD5_CTX context;
240
241 static int noise = 0;
242
243 int count = noise++;
244 time_t timebits = time(NULL);
245 pid_t pidbits = getpid();
246 au_asid_t retval = 0;
247
248 if (gethostname(hostname, MAXHOSTNAMELEN)) {
249 adt_write_syslog("gethostname call failed", errno);
250 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN);
251 }
252
253 while (retval == 0) { /* 0 is the only invalid result */
254 MD5Init(&context);
255
256 MD5Update(&context, (unsigned char *)hostname,
257 (unsigned int) strlen((const char *)hostname));
258
259 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t));
260
261 MD5Update(&context,
262 (unsigned char *) &timebits, sizeof (time_t));
263
264 MD5Update(&context, (unsigned char *) &pidbits,
265 sizeof (pid_t));
266
267 MD5Update(&context, (unsigned char *) &(count), sizeof (int));
268 MD5Final(output.obuff, &context);
269
270 retval = output.v[count % 4];
271 }
272 return (retval);
273 }
274
275 /*
276 * the following "port" function deals with the following issues:
277 *
278 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made
279 * up from a 32 bit major and 32 bit minor.
280 * 2 User space deals with a dev_t as either the above 64 bit value
281 * or a 32 bit value made from a 14 bit major and an 18 bit minor.
282 * 3 The various audit interfaces (except ucred) pass the 32 or
283 * 64 bit version depending the architecture of the userspace
284 * application. If you get a port value from ucred and pass it
285 * to the kernel via auditon(), it must be squeezed into a 32
286 * bit value because the kernel knows the userspace app's bit
287 * size.
288 *
289 * The internal state structure for adt (adt_internal_state_t) uses
290 * dev_t, so adt converts data from ucred to fit. The import/export
291 * functions, however, can't know if they are importing/exporting
292 * from 64 or 32 bit applications, so they always send 64 bits and
293 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as
294 * appropriate.
295 */
296
297 /*
298 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are
299 * both 64 bits). If lib is 32 bits, squeeze the two-int port into
300 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t,
301 * so it isn't broken up into pieces. (When it goes to the kernel
302 * and back, however, it will have been split into major/minor
303 * pieces.)
304 */
305
306 static void
adt_cpy_tid(au_tid_addr_t * dest,const au_tid64_addr_t * src)307 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
308 {
309 #ifdef _LP64
310 (void) memcpy(dest, src, sizeof (au_tid_addr_t));
311 #else /* _LP64 */
312 dest->at_type = src->at_type;
313
314 dest->at_port = src->at_port.at_minor & MAXMIN32;
315 dest->at_port |= (src->at_port.at_major & MAXMAJ32) <<
316 NBITSMINOR32;
317
318 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t));
319 #endif /* _LP64 */
320 }
321
322 /*
323 * adt_start_session -- create interface handle, create context
324 *
325 * The imported_state input is normally NULL, if not, it represents
326 * a continued session; its values obviate the need for a subsequent
327 * call to adt_set_user().
328 *
329 * The flag is used to decide how to set the initial state of the session.
330 * If 0, the session is "no audit" until a call to adt_set_user; if
331 * ADT_USE_PROC_DATA, the session is built from the process audit
332 * characteristics obtained from the kernel. If imported_state is
333 * not NULL, the resulting audit mask is an OR of the current process
334 * audit mask and that passed in.
335 *
336 * The basic model is that the caller can use the pointer returned
337 * by adt_start_session whether or not auditing is enabled or an
338 * error was returned. The functions that take the session handle
339 * as input generally return without doing anything if auditing is
340 * disabled.
341 */
342
343 int
adt_start_session(adt_session_data_t ** new_session,const adt_export_data_t * imported_state,adt_session_flags_t flags)344 adt_start_session(adt_session_data_t **new_session,
345 const adt_export_data_t *imported_state, adt_session_flags_t flags)
346 {
347 adt_internal_state_t *state;
348 adt_session_flags_t flgmask = ADT_FLAGS_ALL;
349
350 /* test and set auditstate */
351 if (adt_audit_state(AUC_DISABLED)) {
352 /* c2audit excluded */
353 *new_session = NULL;
354 return (0);
355 }
356
357 if ((flags & ~flgmask) != 0) {
358 errno = EINVAL;
359 goto return_err;
360 }
361
362 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) {
363 goto return_err;
364 }
365
366 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) {
367 goto return_err_free; /* errno from adt_init() */
368 }
369
370 /*
371 * The imported state overwrites the initial state if the
372 * imported state represents a valid audit trail
373 */
374
375 if (imported_state != NULL) {
376 if (adt_import(state, imported_state) != 0) {
377 goto return_err_free;
378 }
379 } else if (flags & ADT_USE_PROC_DATA) {
380 state->as_session_model = ADT_PROCESS_MODEL;
381 }
382 state->as_flags = flags;
383 DPRINTF(("(%lld) Starting session id = %08X\n",
384 (long long) getpid(), state->as_info.ai_asid));
385
386 *new_session = (adt_session_data_t *)state;
387 return (0);
388
389 return_err_free:
390 free(state);
391 return_err:
392 *new_session = NULL;
393 adt_write_syslog("audit session create failed", errno);
394 return (-1);
395 }
396
397 /*
398 * adt_load_table()
399 *
400 * loads the event translation table into the audit session.
401 */
402
403 void
adt_load_table(const adt_session_data_t * session_data,adt_translation_t ** xlate,void (* preload)(au_event_t,adt_event_data_t *))404 adt_load_table(const adt_session_data_t *session_data,
405 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *))
406 {
407 adt_internal_state_t *state = (adt_internal_state_t *)session_data;
408
409 if (state != NULL) {
410 assert(state->as_check == ADT_VALID);
411 state->as_xlate = xlate;
412 state->as_preload = preload;
413 }
414 }
415
416 /*
417 * adt_get_asid() and adt_set_asid()
418 *
419 * if you use this interface, you are responsible to insure that the
420 * rest of the session data is populated correctly before calling
421 * adt_proccess_attr()
422 *
423 * neither of these are intended for general use and will likely
424 * remain private interfaces for a long time. Forever is a long
425 * time. In the case of adt_set_asid(), you should have a very,
426 * very good reason for setting your own session id. The process
427 * audit characteristics are not changed by put, use adt_set_proc().
428 *
429 * These are "volatile" (more changable than "evolving") and will
430 * probably change in the S10 period.
431 */
432
433 void
adt_get_asid(const adt_session_data_t * session_data,au_asid_t * asid)434 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
435 {
436
437 if (session_data == NULL) {
438 *asid = 0;
439 } else {
440 assert(((adt_internal_state_t *)session_data)->as_check ==
441 ADT_VALID);
442
443 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid;
444 }
445 }
446
447 void
adt_set_asid(const adt_session_data_t * session_data,const au_asid_t session_id)448 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
449 {
450
451 if (session_data != NULL) {
452 assert(((adt_internal_state_t *)session_data)->as_check ==
453 ADT_VALID);
454
455 ((adt_internal_state_t *)session_data)->as_have_user_data |=
456 ADT_HAVE_ASID;
457 ((adt_internal_state_t *)session_data)->as_info.ai_asid =
458 session_id;
459 }
460 }
461
462 /*
463 * adt_get_auid() and adt_set_auid()
464 *
465 * neither of these are intended for general use and will likely
466 * remain private interfaces for a long time. Forever is a long
467 * time. In the case of adt_set_auid(), you should have a very,
468 * very good reason for setting your own audit id. The process
469 * audit characteristics are not changed by put, use adt_set_proc().
470 */
471
472 void
adt_get_auid(const adt_session_data_t * session_data,au_id_t * auid)473 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
474 {
475
476 if (session_data == NULL) {
477 *auid = AU_NOAUDITID;
478 } else {
479 assert(((adt_internal_state_t *)session_data)->as_check ==
480 ADT_VALID);
481
482 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid;
483 }
484 }
485
486 void
adt_set_auid(const adt_session_data_t * session_data,const au_id_t audit_id)487 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
488 {
489
490 if (session_data != NULL) {
491 assert(((adt_internal_state_t *)session_data)->as_check ==
492 ADT_VALID);
493
494 ((adt_internal_state_t *)session_data)->as_have_user_data |=
495 ADT_HAVE_AUID;
496 ((adt_internal_state_t *)session_data)->as_info.ai_auid =
497 audit_id;
498 }
499 }
500
501 /*
502 * adt_get_termid(), adt_set_termid()
503 *
504 * if you use this interface, you are responsible to insure that the
505 * rest of the session data is populated correctly before calling
506 * adt_proccess_attr()
507 *
508 * The process audit characteristics are not changed by put, use
509 * adt_set_proc().
510 */
511
512 void
adt_get_termid(const adt_session_data_t * session_data,au_tid_addr_t * termid)513 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
514 {
515
516 if (session_data == NULL) {
517 (void) memset(termid, 0, sizeof (au_tid_addr_t));
518 termid->at_type = AU_IPv4;
519 } else {
520 assert(((adt_internal_state_t *)session_data)->as_check ==
521 ADT_VALID);
522
523 *termid =
524 ((adt_internal_state_t *)session_data)->as_info.ai_termid;
525 }
526 }
527
528 void
adt_set_termid(const adt_session_data_t * session_data,const au_tid_addr_t * termid)529 adt_set_termid(const adt_session_data_t *session_data,
530 const au_tid_addr_t *termid)
531 {
532
533 if (session_data != NULL) {
534 assert(((adt_internal_state_t *)session_data)->as_check ==
535 ADT_VALID);
536
537 ((adt_internal_state_t *)session_data)->as_info.ai_termid =
538 *termid;
539
540 ((adt_internal_state_t *)session_data)->as_have_user_data |=
541 ADT_HAVE_TID;
542 }
543 }
544
545 /*
546 * adt_get_mask(), adt_set_mask()
547 *
548 * if you use this interface, you are responsible to insure that the
549 * rest of the session data is populated correctly before calling
550 * adt_proccess_attr()
551 *
552 * The process audit characteristics are not changed by put, use
553 * adt_set_proc().
554 */
555
556 void
adt_get_mask(const adt_session_data_t * session_data,au_mask_t * mask)557 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
558 {
559
560 if (session_data == NULL) {
561 mask->am_success = 0;
562 mask->am_failure = 0;
563 } else {
564 assert(((adt_internal_state_t *)session_data)->as_check ==
565 ADT_VALID);
566
567 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask;
568 }
569 }
570
571 void
adt_set_mask(const adt_session_data_t * session_data,const au_mask_t * mask)572 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
573 {
574
575 if (session_data != NULL) {
576 assert(((adt_internal_state_t *)session_data)->as_check ==
577 ADT_VALID);
578
579 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask;
580
581 ((adt_internal_state_t *)session_data)->as_have_user_data |=
582 ADT_HAVE_MASK;
583 }
584 }
585
586 /*
587 * helpers for adt_load_termid
588 */
589
590 static void
adt_do_ipv6_address(struct sockaddr_in6 * peer,struct sockaddr_in6 * sock,au_tid_addr_t * termid)591 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
592 au_tid_addr_t *termid)
593 {
594
595 termid->at_port = ((peer->sin6_port<<16) | (sock->sin6_port));
596 termid->at_type = AU_IPv6;
597 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t));
598 }
599
600 static void
adt_do_ipv4_address(struct sockaddr_in * peer,struct sockaddr_in * sock,au_tid_addr_t * termid)601 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock,
602 au_tid_addr_t *termid)
603 {
604
605 termid->at_port = ((peer->sin_port<<16) | (sock->sin_port));
606
607 termid->at_type = AU_IPv4;
608 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr;
609 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t));
610 }
611
612 /*
613 * adt_load_termid: convenience function; inputs file handle and
614 * outputs an au_tid_addr struct.
615 *
616 * This code was stolen from audit_settid.c; it differs from audit_settid()
617 * in that it does not write the terminal id to the process.
618 */
619
620 int
adt_load_termid(int fd,adt_termid_t ** termid)621 adt_load_termid(int fd, adt_termid_t **termid)
622 {
623 au_tid_addr_t *p_term;
624 struct sockaddr_in6 peer;
625 struct sockaddr_in6 sock;
626 int peerlen = sizeof (peer);
627 int socklen = sizeof (sock);
628
629 /* get peer name if its a socket, else assume local terminal */
630
631 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
632 < 0) {
633 if (errno == ENOTSOCK) {
634 return (adt_load_hostname(NULL, termid));
635 }
636 goto return_err;
637 }
638
639 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
640 goto return_err;
641 }
642
643 /* get sock name */
644 if (getsockname(fd, (struct sockaddr *)&sock,
645 (socklen_t *)&socklen) < 0) {
646 goto return_err_free;
647 }
648
649 if (peer.sin6_family == AF_INET6) {
650 adt_do_ipv6_address(&peer, &sock, p_term);
651 } else {
652 adt_do_ipv4_address((struct sockaddr_in *)&peer,
653 (struct sockaddr_in *)&sock, p_term);
654 }
655 *termid = (adt_termid_t *)p_term;
656
657 return (0);
658
659 return_err_free:
660 free(p_term);
661 return_err:
662 *termid = NULL;
663 return (-1);
664 }
665
666 static boolean_t
adt_have_termid(au_tid_addr_t * dest)667 adt_have_termid(au_tid_addr_t *dest)
668 {
669 struct auditinfo_addr audit_data;
670
671 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) {
672 adt_write_syslog("getaudit failed", errno);
673 return (B_FALSE);
674 }
675
676 if ((audit_data.ai_termid.at_type == 0) ||
677 (audit_data.ai_termid.at_addr[0] |
678 audit_data.ai_termid.at_addr[1] |
679 audit_data.ai_termid.at_addr[2] |
680 audit_data.ai_termid.at_addr[3]) == 0)
681 return (B_FALSE);
682
683 (void) memcpy(dest, &(audit_data.ai_termid),
684 sizeof (au_tid_addr_t));
685
686 return (B_TRUE);
687 }
688
689 /*
690 * adt_get_hostIP - construct a terminal id from a hostname
691 *
692 * Returns 0 = success
693 * -1 = failure and errno = ENETDOWN with the address
694 * defaulted to IPv4 loopback.
695 */
696
697 static int
adt_get_hostIP(const char * hostname,au_tid_addr_t * p_term)698 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
699 {
700 struct addrinfo *ai = NULL;
701 int tries = 3;
702 char msg[512];
703 int eai_err;
704
705 while ((tries-- > 0) &&
706 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) {
707 /*
708 * getaddrinfo returns its own set of errors.
709 * Log them here, so any subsequent syslogs will
710 * have a context. adt_get_hostIP callers can only
711 * return errno, so subsequent syslogs may be lacking
712 * that getaddrinfo failed.
713 */
714 (void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) "
715 "failed[%s]", hostname, gai_strerror(eai_err));
716 adt_write_syslog(msg, 0);
717
718 if (eai_err != EAI_AGAIN) {
719
720 break;
721 }
722 /* see if resolution becomes available */
723 (void) sleep(1);
724 }
725 if (ai != NULL) {
726 if (ai->ai_family == AF_INET) {
727 p_term->at_type = AU_IPv4;
728 (void) memcpy(p_term->at_addr,
729 /* LINTED */
730 &((struct sockaddr_in *)ai->ai_addr)->sin_addr,
731 AU_IPv4);
732 } else {
733 p_term->at_type = AU_IPv6;
734 (void) memcpy(p_term->at_addr,
735 /* LINTED */
736 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
737 AU_IPv6);
738 }
739 freeaddrinfo(ai);
740 return (0);
741 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) {
742 auditinfo_addr_t audit_info;
743
744 /*
745 * auditd is running so there should be a
746 * kernel audit context
747 */
748 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
749 sizeof (audit_info)) < 0) {
750 adt_write_syslog("unable to get kernel audit context",
751 errno);
752 goto try_interface;
753 }
754 adt_write_syslog("setting Audit IP address to kernel", 0);
755 *p_term = audit_info.ai_termid;
756 return (0);
757 }
758 try_interface:
759 {
760 struct ifaddrlist al;
761 int family;
762 char ntop[INET6_ADDRSTRLEN];
763
764 /*
765 * getaddrinfo has failed to map the hostname
766 * to an IP address, try to get an IP address
767 * from a local interface. If none up, default
768 * to loopback.
769 */
770 family = AF_INET6;
771 if (adt_get_local_address(family, &al) != 0) {
772 family = AF_INET;
773
774 if (adt_get_local_address(family, &al) != 0) {
775 adt_write_syslog("adt_get_local_address "
776 "failed, no Audit IP address available, "
777 "faking loopback and error",
778 errno);
779 IN_SET_LOOPBACK_ADDR(
780 (struct sockaddr_in *)&(al.addr.addr));
781 (void) memcpy(p_term->at_addr, &al.addr.addr,
782 AU_IPv4);
783 p_term->at_type = AU_IPv4;
784 return (-1);
785 }
786 }
787 if (family == AF_INET) {
788 p_term->at_type = AU_IPv4;
789 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4);
790 } else {
791 p_term->at_type = AU_IPv6;
792 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6);
793 }
794
795 (void) snprintf(msg, sizeof (msg), "mapping %s to %s",
796 hostname, inet_ntop(family, &(al.addr), ntop,
797 sizeof (ntop)));
798 adt_write_syslog(msg, 0);
799 return (0);
800 }
801 }
802
803 /*
804 * adt_load_hostname() is called when the caller does not have a file
805 * handle that gives access to the socket info or any other way to
806 * pass in both port and ip address. The hostname input is ignored if
807 * the terminal id has already been set; instead it returns the
808 * existing terminal id.
809 *
810 * If c2audit is excluded, success is returned.
811 * If the hostname lookup fails, the loopback address is assumed,
812 * errno is set to ENETDOWN, this allows the caller to interpret
813 * whether failure is fatal, and if not to have a address for the
814 * hostname.
815 * Otherwise the caller would need to be aware of the audit state.
816 *
817 * Other errors are ignored if not auditing.
818 */
819
820 int
adt_load_hostname(const char * hostname,adt_termid_t ** termid)821 adt_load_hostname(const char *hostname, adt_termid_t **termid)
822 {
823 char localhost[MAXHOSTNAMELEN + 1];
824 au_tid_addr_t *p_term;
825
826 if (adt_audit_state(AUC_DISABLED)) {
827 /* c2audit excluded */
828 *termid = NULL;
829 return (0);
830 }
831
832 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
833 goto return_err;
834 }
835
836 if (adt_have_termid(p_term)) {
837 *termid = (adt_termid_t *)p_term;
838 return (0);
839 }
840 p_term->at_port = 0;
841
842 if (hostname == NULL || *hostname == '\0') {
843 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN);
844 hostname = localhost;
845 }
846 if (adt_get_hostIP(hostname, p_term) == 0) {
847 *termid = (adt_termid_t *)p_term;
848 return (0);
849 } else {
850 *termid = (adt_termid_t *)p_term;
851 return (-1);
852 }
853
854 return_err:
855 *termid = NULL;
856 if (auditstate & AUC_NOAUDIT) {
857 return (0);
858 }
859
860 return (-1);
861 }
862
863 /*
864 * adt_load_ttyname() is called when the caller does not have a file
865 * handle that gives access to the local terminal or any other way
866 * of determining the device id. The ttyname input is ignored if
867 * the terminal id has already been set; instead it returns the
868 * existing terminal id.
869 *
870 * If c2audit is excluded, success is returned.
871 * The local hostname is used for the local IP address.
872 * If that hostname lookup fails, the loopback address is assumed,
873 * errno is set to ENETDOWN, this allows the caller to interpret
874 * whether failure is fatal, and if not to have a address for the
875 * hostname.
876 * Otherwise the caller would need to be aware of the audit state.
877 *
878 * Other errors are ignored if not auditing.
879 */
880
881 int
adt_load_ttyname(const char * ttyname,adt_termid_t ** termid)882 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
883 {
884 char localhost[MAXHOSTNAMELEN + 1];
885 au_tid_addr_t *p_term;
886 struct stat stat_buf;
887
888 if (adt_audit_state(AUC_DISABLED)) {
889 /* c2audit excluded */
890 *termid = NULL;
891 return (0);
892 }
893
894 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
895 goto return_err;
896 }
897
898 if (adt_have_termid(p_term)) {
899 *termid = (adt_termid_t *)p_term;
900 return (0);
901 }
902
903 p_term->at_port = 0;
904
905 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) {
906 goto return_err_free; /* errno from sysinfo */
907 }
908
909 if (ttyname != NULL && *ttyname != '\0') {
910 if (stat(ttyname, &stat_buf) < 0) {
911 goto return_err_free;
912 }
913
914 p_term->at_port = stat_buf.st_rdev;
915 }
916
917 if (adt_get_hostIP(localhost, p_term) == 0) {
918 *termid = (adt_termid_t *)p_term;
919 return (0);
920 } else {
921 *termid = (adt_termid_t *)p_term;
922 return (-1);
923 }
924
925 return_err_free:
926 free(p_term);
927
928 return_err:
929 *termid = NULL;
930 if (auditstate & AUC_NOAUDIT) {
931 return (0);
932 }
933
934 return (-1);
935 }
936
937 /*
938 * adt_get_session_id returns a stringified representation of
939 * the audit session id. See also adt_get_asid() for how to
940 * get the unexpurgated version. No guarantees as to how long
941 * the returned string will be or its general form; hex for now.
942 *
943 * An empty string is returned if auditing is off; length = 1
944 * and the pointer is valid.
945 *
946 * returns strlen + 1 if buffer is valid; else 0 and errno.
947 */
948
949 size_t
adt_get_session_id(const adt_session_data_t * session_data,char ** buff)950 adt_get_session_id(const adt_session_data_t *session_data, char **buff)
951 {
952 au_asid_t session_id;
953 size_t length;
954 /*
955 * output is 0x followed by
956 * two characters per byte
957 * plus terminator,
958 * except leading 0's are suppressed, so a few bytes may
959 * be unused.
960 */
961 length = 2 + (2 * sizeof (session_id)) + 1;
962 *buff = malloc(length);
963
964 if (*buff == NULL) {
965 return (0);
966 }
967 if (session_data == NULL) { /* NULL is not an error */
968 **buff = '\0';
969 return (1);
970 }
971 adt_get_asid(session_data, &session_id);
972
973 length = snprintf(*buff, length, "0x%X", (int)session_id);
974
975 /* length < 1 is a bug: the session data type may have changed */
976 assert(length > 0);
977
978 return (length);
979 }
980
981 /*
982 * adt_end_session -- close handle, clear context
983 *
984 * if as_check is invalid, no harm, no foul, EXCEPT that this could
985 * be an attempt to free data already free'd, so output to syslog
986 * to help explain why the process cored dumped.
987 */
988
989 int
adt_end_session(adt_session_data_t * session_data)990 adt_end_session(adt_session_data_t *session_data)
991 {
992 adt_internal_state_t *state;
993
994 if (session_data != NULL) {
995 state = (adt_internal_state_t *)session_data;
996 if (state->as_check != ADT_VALID) {
997 adt_write_syslog("freeing invalid data", EINVAL);
998 } else {
999 state->as_check = 0;
1000 m_label_free(state->as_label);
1001 free(session_data);
1002 }
1003 }
1004 /* no errors yet defined */
1005 return (0);
1006 }
1007
1008 /*
1009 * adt_dup_session -- copy the session data
1010 */
1011
1012 int
adt_dup_session(const adt_session_data_t * source,adt_session_data_t ** dest)1013 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest)
1014 {
1015 adt_internal_state_t *source_state;
1016 adt_internal_state_t *dest_state = NULL;
1017 int rc = 0;
1018
1019 if (source != NULL) {
1020 source_state = (adt_internal_state_t *)source;
1021 assert(source_state->as_check == ADT_VALID);
1022
1023 dest_state = malloc(sizeof (adt_internal_state_t));
1024 if (dest_state == NULL) {
1025 rc = -1;
1026 goto return_rc;
1027 }
1028 (void) memcpy(dest_state, source,
1029 sizeof (struct adt_internal_state));
1030
1031 if (source_state->as_label != NULL) {
1032 dest_state->as_label = NULL;
1033 if ((rc = m_label_dup(&dest_state->as_label,
1034 source_state->as_label)) != 0) {
1035 free(dest_state);
1036 dest_state = NULL;
1037 }
1038 }
1039 }
1040 return_rc:
1041 *dest = (adt_session_data_t *)dest_state;
1042 return (rc);
1043 }
1044
1045 /*
1046 * from_export_format()
1047 * read from a network order buffer into struct adt_session_data
1048 */
1049
1050 static size_t
adt_from_export_format(adt_internal_state_t * internal,const adt_export_data_t * external)1051 adt_from_export_format(adt_internal_state_t *internal,
1052 const adt_export_data_t *external)
1053 {
1054 struct export_header head;
1055 struct export_link link;
1056 adr_t context;
1057 int32_t offset;
1058 int32_t length;
1059 int32_t version;
1060 size_t label_len;
1061 char *p = (char *)external;
1062
1063 adrm_start(&context, (char *)external);
1064 adrm_int32(&context, (int *)&head, 4);
1065
1066 if ((internal->as_check = head.ax_check) != ADT_VALID) {
1067 errno = EINVAL;
1068 return (0);
1069 }
1070 offset = head.ax_link.ax_offset;
1071 version = head.ax_link.ax_version;
1072 length = head.ax_buffer_length;
1073
1074 /*
1075 * Skip newer versions.
1076 */
1077 while (version > PROTOCOL_VERSION_2) {
1078 if (offset < 1) {
1079 return (0); /* failed to match version */
1080 }
1081 p += offset; /* point to next version # */
1082
1083 if (p > (char *)external + length) {
1084 return (0);
1085 }
1086 adrm_start(&context, p);
1087 adrm_int32(&context, (int *)&link, 2);
1088 offset = link.ax_offset;
1089 version = link.ax_version;
1090 assert(version != 0);
1091 }
1092 /*
1093 * Adjust buffer pointer to the first data item (euid).
1094 */
1095 if (p == (char *)external) {
1096 adrm_start(&context, (char *)(p + sizeof (head)));
1097 } else {
1098 adrm_start(&context, (char *)(p + sizeof (link)));
1099 }
1100 /*
1101 * if down rev version, neither pid nor label are included
1102 * in v1 ax_size_of_tsol_data intentionally ignored
1103 */
1104 if (version == PROTOCOL_VERSION_1) {
1105 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1106 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1107 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1108 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1109 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1110 adrm_int32(&context,
1111 (int *)&(internal->as_info.ai_mask.am_success), 2);
1112 adrm_int32(&context,
1113 (int *)&(internal->as_info.ai_termid.at_port), 1);
1114 adrm_int32(&context,
1115 (int *)&(internal->as_info.ai_termid.at_type), 1);
1116 adrm_int32(&context,
1117 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1118 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1119 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1120 internal->as_pid = (pid_t)-1;
1121 internal->as_label = NULL;
1122 } else if (version == PROTOCOL_VERSION_2) {
1123 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1124 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1125 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1126 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1127 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1128 adrm_int32(&context,
1129 (int *)&(internal->as_info.ai_mask.am_success), 2);
1130 adrm_int32(&context,
1131 (int *)&(internal->as_info.ai_termid.at_port), 1);
1132 adrm_int32(&context,
1133 (int *)&(internal->as_info.ai_termid.at_type), 1);
1134 adrm_int32(&context,
1135 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1136 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1137 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1138 adrm_int32(&context, (int *)&(internal->as_pid), 1);
1139 adrm_int32(&context, (int *)&label_len, 1);
1140 if (label_len > 0) {
1141 /* read in and deal with different sized labels. */
1142 size32_t my_label_len = blabel_size();
1143
1144 if ((internal->as_label =
1145 m_label_alloc(MAC_LABEL)) == NULL) {
1146 return (0);
1147 }
1148 if (label_len > my_label_len) {
1149 errno = EINVAL;
1150 m_label_free(internal->as_label);
1151 return (0);
1152 }
1153 (void) memset(internal->as_label, 0, my_label_len);
1154 adrm_int32(&context, (int *)(internal->as_label),
1155 label_len / sizeof (int32_t));
1156 } else {
1157 internal->as_label = NULL;
1158 }
1159 }
1160
1161 return (length);
1162 }
1163
1164 /*
1165 * adt_to_export_format
1166 * read from struct adt_session_data into a network order buffer.
1167 *
1168 * (network order 'cause this data may be shared with a remote host.)
1169 */
1170
1171 static size_t
adt_to_export_format(adt_export_data_t * external,adt_internal_state_t * internal)1172 adt_to_export_format(adt_export_data_t *external,
1173 adt_internal_state_t *internal)
1174 {
1175 struct export_header head;
1176 struct export_link tail;
1177 adr_t context;
1178 size32_t label_len = 0;
1179
1180 adrm_start(&context, (char *)external);
1181
1182 if (internal->as_label != NULL) {
1183 label_len = blabel_size();
1184 }
1185
1186 head.ax_check = ADT_VALID;
1187 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len;
1188
1189 /* version 2 first */
1190
1191 head.ax_link.ax_version = PROTOCOL_VERSION_2;
1192 head.ax_link.ax_offset = sizeof (struct export_header) +
1193 sizeof (struct adt_export_v2) + label_len;
1194
1195 adrm_putint32(&context, (int *)&head, 4);
1196
1197 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1198 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1199 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1200 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1201 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1202 adrm_putint32(&context,
1203 (int *)&(internal->as_info.ai_mask.am_success), 2);
1204 adrm_putint32(&context,
1205 (int *)&(internal->as_info.ai_termid.at_port), 1);
1206 adrm_putint32(&context,
1207 (int *)&(internal->as_info.ai_termid.at_type), 1);
1208 adrm_putint32(&context,
1209 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1210 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1211 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1212 adrm_putint32(&context, (int *)&(internal->as_pid), 1);
1213 adrm_putint32(&context, (int *)&label_len, 1);
1214 if (internal->as_label != NULL) {
1215 /* serialize the label */
1216 adrm_putint32(&context, (int *)(internal->as_label),
1217 (label_len / sizeof (int32_t)));
1218 }
1219
1220 /* now version 1 */
1221
1222 tail.ax_version = PROTOCOL_VERSION_1;
1223 tail.ax_offset = 0;
1224
1225 adrm_putint32(&context, (int *)&tail, 2);
1226
1227 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1228 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1229 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1230 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1231 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1232 adrm_putint32(&context,
1233 (int *)&(internal->as_info.ai_mask.am_success), 2);
1234 adrm_putint32(&context,
1235 (int *)&(internal->as_info.ai_termid.at_port), 1);
1236 adrm_putint32(&context,
1237 (int *)&(internal->as_info.ai_termid.at_type), 1);
1238 adrm_putint32(&context,
1239 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1240 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1241 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1242 /* ignored in v1 */
1243 adrm_putint32(&context, (int *)&label_len, 1);
1244
1245 /* finally terminator */
1246
1247 tail.ax_version = 0; /* invalid version number */
1248 tail.ax_offset = 0;
1249
1250 adrm_putint32(&context, (int *)&tail, 2);
1251
1252 return (head.ax_buffer_length);
1253 }
1254
1255 /*
1256 * adt_ucred_label() -- if label is available, duplicate it.
1257 */
1258
1259 static m_label_t *
adt_ucred_label(ucred_t * uc)1260 adt_ucred_label(ucred_t *uc)
1261 {
1262 m_label_t *ul = NULL;
1263
1264 if (ucred_getlabel(uc) != NULL) {
1265 (void) m_label_dup(&ul, ucred_getlabel(uc));
1266 }
1267
1268 return (ul);
1269 }
1270
1271 /*
1272 * adt_import() -- convert from network order to machine-specific order
1273 */
1274
1275 static int
adt_import(adt_internal_state_t * internal,const adt_export_data_t * external)1276 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
1277 {
1278 au_mask_t mask;
1279
1280 /* save local audit state */
1281 int local_audit_state = internal->as_audit_state;
1282
1283 if (adt_from_export_format(internal, external) < 1)
1284 return (-1); /* errno from adt_from_export_format */
1285
1286 /*
1287 * If audit isn't enabled on the remote, they were unable
1288 * to generate the audit mask, so generate it based on
1289 * local configuration. If the user id has changed, the
1290 * resulting mask may miss some subtleties that occurred
1291 * on the remote system.
1292 *
1293 * If the remote failed to generate a terminal id, it is not
1294 * recoverable.
1295 */
1296
1297 if (!(internal->as_audit_state & AUC_DISABLED)) {
1298 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1299 &(internal->as_info.ai_mask)))
1300 return (-1);
1301 if (internal->as_info.ai_auid != internal->as_ruid) {
1302 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1303 &mask))
1304 return (-1);
1305 internal->as_info.ai_mask.am_success |=
1306 mask.am_success;
1307 internal->as_info.ai_mask.am_failure |=
1308 mask.am_failure;
1309 }
1310 }
1311 internal->as_audit_state = local_audit_state;
1312
1313 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(),
1314 internal->as_info.ai_asid,
1315 internal->as_info.ai_asid));
1316
1317 internal->as_have_user_data = ADT_HAVE_ALL;
1318
1319 return (0);
1320 }
1321
1322 /*
1323 * adt_export_session_data()
1324 * copies a adt_session_data struct into a network order buffer
1325 *
1326 * In a misconfigured network, the local host may have auditing
1327 * off while the destination may have auditing on, so if there
1328 * is sufficient memory, a buffer will be returned even in the
1329 * audit off case.
1330 */
1331
1332 size_t
adt_export_session_data(const adt_session_data_t * internal,adt_export_data_t ** external)1333 adt_export_session_data(const adt_session_data_t *internal,
1334 adt_export_data_t **external)
1335 {
1336 size32_t length = 0;
1337
1338 if ((internal != NULL) &&
1339 ((adt_internal_state_t *)internal)->as_label != NULL) {
1340 length = blabel_size();
1341 }
1342
1343 *external = malloc(sizeof (adt_export_data_t) + length);
1344
1345 if (*external == NULL)
1346 return (0);
1347
1348 if (internal == NULL) {
1349 adt_internal_state_t *dummy;
1350
1351 dummy = malloc(sizeof (adt_internal_state_t));
1352 if (dummy == NULL)
1353 goto return_length_free;
1354
1355 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */
1356 free(dummy);
1357 goto return_length_free;
1358 }
1359 length = adt_to_export_format(*external, dummy);
1360 free(dummy);
1361 } else {
1362 length = adt_to_export_format(*external,
1363 (adt_internal_state_t *)internal);
1364 }
1365 return (length);
1366
1367 return_length_free:
1368 free(*external);
1369 *external = NULL;
1370 return (0);
1371 }
1372
1373 static void
adt_setto_unaudited(adt_internal_state_t * state)1374 adt_setto_unaudited(adt_internal_state_t *state)
1375 {
1376 if (state->as_audit_state & AUC_DISABLED) {
1377 state->as_ruid = AU_NOAUDITID;
1378 state->as_euid = AU_NOAUDITID;
1379 state->as_rgid = AU_NOAUDITID;
1380 state->as_egid = AU_NOAUDITID;
1381 state->as_pid = (pid_t)-1;
1382 state->as_label = NULL;
1383 } else {
1384 state->as_info.ai_asid = 0;
1385 state->as_info.ai_auid = AU_NOAUDITID;
1386
1387 (void) memset((void *)&(state->as_info.ai_termid), 0,
1388 sizeof (au_tid_addr_t));
1389 state->as_info.ai_termid.at_type = AU_IPv4;
1390
1391 (void) memset((void *)&(state->as_info.ai_mask), 0,
1392 sizeof (au_mask_t));
1393 state->as_have_user_data = 0;
1394 }
1395 }
1396
1397 /*
1398 * adt_init -- set session context by copying the audit characteristics
1399 * from the proc and picking up current uid/tid information.
1400 *
1401 * By default, an audit session is based on the process; the default
1402 * is overriden by adt_set_user()
1403 */
1404
1405 static int
adt_init(adt_internal_state_t * state,int use_proc_data)1406 adt_init(adt_internal_state_t *state, int use_proc_data)
1407 {
1408 /* ensure auditstate is set */
1409
1410 (void) adt_audit_state(0);
1411 state->as_audit_state = auditstate;
1412
1413 if (use_proc_data) {
1414 state->as_ruid = getuid();
1415 state->as_euid = geteuid();
1416 state->as_rgid = getgid();
1417 state->as_egid = getegid();
1418 state->as_pid = getpid();
1419
1420 if (!(state->as_audit_state & AUC_DISABLED)) {
1421 const au_tid64_addr_t *tid;
1422 const au_mask_t *mask;
1423 ucred_t *ucred = ucred_get(P_MYID);
1424
1425 /*
1426 * Even if the ucred is NULL, the underlying
1427 * credential may have a valid terminal id; if the
1428 * terminal id is set, then that's good enough. An
1429 * example of where this matters is failed login,
1430 * where rlogin/telnet sets the terminal id before
1431 * calling login; login does not load the credential
1432 * since auth failed.
1433 */
1434 if (ucred == NULL) {
1435 if (!adt_have_termid(
1436 &(state->as_info.ai_termid)))
1437 return (-1);
1438 } else {
1439 mask = ucred_getamask(ucred);
1440 if (mask != NULL) {
1441 state->as_info.ai_mask = *mask;
1442 } else {
1443 ucred_free(ucred);
1444 return (-1);
1445 }
1446 tid = ucred_getatid(ucred);
1447 if (tid != NULL) {
1448 adt_cpy_tid(&(state->as_info.ai_termid),
1449 tid);
1450 } else {
1451 ucred_free(ucred);
1452 return (-1);
1453 }
1454 state->as_info.ai_asid = ucred_getasid(ucred);
1455 state->as_info.ai_auid = ucred_getauid(ucred);
1456 state->as_label = adt_ucred_label(ucred);
1457 ucred_free(ucred);
1458 }
1459 state->as_have_user_data = ADT_HAVE_ALL;
1460 }
1461 } else {
1462 adt_setto_unaudited(state);
1463 }
1464 state->as_session_model = ADT_SESSION_MODEL; /* default */
1465
1466 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) &&
1467 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy),
1468 sizeof (state->as_kernel_audit_policy))) {
1469 return (-1); /* errno set by auditon */
1470 }
1471 state->as_check = ADT_VALID;
1472 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0],
1473 &adt_preload);
1474 return (0);
1475 }
1476
1477 /*
1478 * adt_set_proc
1479 *
1480 * Copy the current session state to the process. If this function
1481 * is called, the model becomes a process model rather than a
1482 * session model.
1483 *
1484 * In the current implementation, the value state->as_have_user_data
1485 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set
1486 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in.
1487 *
1488 */
1489
1490 int
adt_set_proc(const adt_session_data_t * session_data)1491 adt_set_proc(const adt_session_data_t *session_data)
1492 {
1493 adt_internal_state_t *state;
1494
1495 if (session_data == NULL) {
1496 return (0);
1497 }
1498
1499 state = (adt_internal_state_t *)session_data;
1500
1501 assert(state->as_check == ADT_VALID);
1502
1503 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) !=
1504 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) {
1505 errno = EINVAL;
1506 goto return_err;
1507 }
1508
1509 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info),
1510 sizeof (auditinfo_addr_t)) < 0) {
1511 goto return_err; /* errno set by setaudit_addr() */
1512 }
1513
1514 state->as_session_model = ADT_PROCESS_MODEL;
1515
1516 return (0);
1517
1518 return_err:
1519 adt_write_syslog("failed to set process audit characteristics", errno);
1520 return (-1);
1521 }
1522
1523 static int
adt_newuser(adt_internal_state_t * state,uid_t ruid,au_tid_addr_t * termid)1524 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
1525 {
1526 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0};
1527 au_mask_t no_mask = {0, 0};
1528
1529 if (ruid == ADT_NO_AUDIT) {
1530 state->as_info.ai_auid = AU_NOAUDITID;
1531 state->as_info.ai_asid = 0;
1532 state->as_info.ai_termid = no_tid;
1533 state->as_info.ai_mask = no_mask;
1534 return (0);
1535 }
1536 state->as_info.ai_auid = ruid;
1537 state->as_info.ai_asid = adt_get_unique_id(ruid);
1538 if (termid != NULL)
1539 state->as_info.ai_termid = *termid;
1540
1541 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask)))
1542 return (-1);
1543
1544 /* Assume intending to audit as this process */
1545
1546 if (state->as_pid == (pid_t)-1)
1547 state->as_pid = getpid();
1548
1549 if (is_system_labeled() && state->as_label == NULL) {
1550 ucred_t *ucred = ucred_get(P_MYID);
1551
1552 state->as_label = adt_ucred_label(ucred);
1553 ucred_free(ucred);
1554 }
1555
1556 return (0);
1557 }
1558
1559 static int
adt_changeuser(adt_internal_state_t * state,uid_t ruid)1560 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
1561 {
1562 au_mask_t mask;
1563
1564 if (!(state->as_have_user_data & ADT_HAVE_AUID))
1565 state->as_info.ai_auid = ruid;
1566 if (!(state->as_have_user_data & ADT_HAVE_ASID))
1567 state->as_info.ai_asid = adt_get_unique_id(ruid);
1568
1569 if (ruid <= MAXEPHUID) {
1570 if (adt_get_mask_from_user(ruid, &mask))
1571 return (-1);
1572
1573 state->as_info.ai_mask.am_success |= mask.am_success;
1574 state->as_info.ai_mask.am_failure |= mask.am_failure;
1575 }
1576 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n",
1577 state->as_info.ai_mask.am_success,
1578 state->as_info.ai_mask.am_failure,
1579 ruid));
1580 return (0);
1581 }
1582
1583 /*
1584 * adt_set_user -- see also adt_set_from_ucred()
1585 *
1586 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
1587 * "unattributed." If ruid, change the model to session.
1588 *
1589 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
1590 * only valid with ADT_UPDATE.
1591 *
1592 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
1593 * isn't a good reason to call adt_set_user() with it unless you don't
1594 * have a good value yet and intend to replace it later; auid will be
1595 * AU_NOAUDITID.
1596 *
1597 * adt_set_user should be called even if auditing is not enabled
1598 * so that adt_export_session_data() will have useful stuff to
1599 * work with.
1600 *
1601 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
1602 * and ADT_HAVE_ALL.
1603 */
1604
1605 int
adt_set_user(const adt_session_data_t * session_data,uid_t euid,gid_t egid,uid_t ruid,gid_t rgid,const adt_termid_t * termid,enum adt_user_context user_context)1606 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
1607 uid_t ruid, gid_t rgid, const adt_termid_t *termid,
1608 enum adt_user_context user_context)
1609 {
1610 adt_internal_state_t *state;
1611 int rc;
1612
1613 if (session_data == NULL) /* no session exists to audit */
1614 return (0);
1615
1616 state = (adt_internal_state_t *)session_data;
1617 assert(state->as_check == ADT_VALID);
1618
1619 switch (user_context) {
1620 case ADT_NEW:
1621 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE ||
1622 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) {
1623 errno = EINVAL;
1624 return (-1);
1625 }
1626 if ((rc = adt_newuser(state, ruid,
1627 (au_tid_addr_t *)termid)) != 0)
1628 return (rc);
1629
1630 state->as_have_user_data = ADT_HAVE_ALL;
1631 break;
1632 case ADT_UPDATE:
1633 if (state->as_have_user_data != ADT_HAVE_ALL) {
1634 errno = EINVAL;
1635 return (-1);
1636 }
1637
1638 if (ruid != ADT_NO_CHANGE)
1639 if ((rc = adt_changeuser(state, ruid)) != 0)
1640 return (rc);
1641 break;
1642 case ADT_USER:
1643 if (state->as_have_user_data != ADT_HAVE_ALL) {
1644 errno = EINVAL;
1645 return (-1);
1646 }
1647 break;
1648 case ADT_SETTID:
1649 assert(termid != NULL);
1650 state->as_info.ai_termid = *((au_tid_addr_t *)termid);
1651 /* avoid fooling pam_setcred()... */
1652 state->as_info.ai_auid = AU_NOAUDITID;
1653 state->as_info.ai_asid = 0;
1654 state->as_info.ai_mask.am_failure = 0;
1655 state->as_info.ai_mask.am_success = 0;
1656 state->as_have_user_data = ADT_HAVE_TID |
1657 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
1658 return (0);
1659 default:
1660 errno = EINVAL;
1661 return (-1);
1662 }
1663
1664 if (ruid == ADT_NO_AUDIT) {
1665 state->as_ruid = AU_NOAUDITID;
1666 state->as_euid = AU_NOAUDITID;
1667 state->as_rgid = AU_NOAUDITID;
1668 state->as_egid = AU_NOAUDITID;
1669 } else {
1670 if (ruid != ADT_NO_CHANGE)
1671 state->as_ruid = ruid;
1672 if (euid != ADT_NO_CHANGE)
1673 state->as_euid = euid;
1674 if (rgid != ADT_NO_CHANGE)
1675 state->as_rgid = rgid;
1676 if (egid != ADT_NO_CHANGE)
1677 state->as_egid = egid;
1678 }
1679
1680 if (ruid == ADT_NO_ATTRIB) {
1681 state->as_session_model = ADT_SESSION_MODEL;
1682 }
1683
1684 return (0);
1685 }
1686
1687 /*
1688 * adt_set_from_ucred()
1689 *
1690 * an alternate to adt_set_user that fills the same role but uses
1691 * a pointer to a ucred rather than a list of id's. If the ucred
1692 * pointer is NULL, use the credential from the this process.
1693 *
1694 * A key difference is that for ADT_NEW, adt_set_from_ucred() does
1695 * not overwrite the asid and auid unless auid has not been set.
1696 * ADT_NEW differs from ADT_UPDATE in that it does not OR together
1697 * the incoming audit mask with the one that already exists.
1698 *
1699 * adt_set_from_ucred should be called even if auditing is not enabled
1700 * so that adt_export_session_data() will have useful stuff to
1701 * work with.
1702 */
1703
1704 int
adt_set_from_ucred(const adt_session_data_t * session_data,const ucred_t * uc,enum adt_user_context user_context)1705 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
1706 enum adt_user_context user_context)
1707 {
1708 adt_internal_state_t *state;
1709 int rc = -1;
1710 const au_tid64_addr_t *tid64;
1711 au_tid_addr_t termid, *tid;
1712 ucred_t *ucred = (ucred_t *)uc;
1713 boolean_t local_uc = B_FALSE;
1714
1715 if (session_data == NULL) /* no session exists to audit */
1716 return (0);
1717
1718 state = (adt_internal_state_t *)session_data;
1719 assert(state->as_check == ADT_VALID);
1720
1721 if (ucred == NULL) {
1722 ucred = ucred_get(P_MYID);
1723
1724 if (ucred == NULL)
1725 goto return_rc;
1726 local_uc = B_TRUE;
1727 }
1728
1729 switch (user_context) {
1730 case ADT_NEW:
1731 tid64 = ucred_getatid(ucred);
1732 if (tid64 != NULL) {
1733 adt_cpy_tid(&termid, tid64);
1734 tid = &termid;
1735 } else {
1736 tid = NULL;
1737 }
1738 if (ucred_getauid(ucred) == AU_NOAUDITID) {
1739 adt_setto_unaudited(state);
1740 state->as_have_user_data = ADT_HAVE_ALL;
1741 rc = 0;
1742 goto return_rc;
1743 } else {
1744 state->as_info.ai_auid = ucred_getauid(ucred);
1745 state->as_info.ai_asid = ucred_getasid(ucred);
1746 state->as_info.ai_mask = *ucred_getamask(ucred);
1747 state->as_info.ai_termid = *tid;
1748 }
1749 state->as_have_user_data = ADT_HAVE_ALL;
1750 break;
1751 case ADT_UPDATE:
1752 if (state->as_have_user_data != ADT_HAVE_ALL) {
1753 errno = EINVAL;
1754 goto return_rc;
1755 }
1756
1757 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0)
1758 goto return_rc;
1759 break;
1760 case ADT_USER:
1761 if (state->as_have_user_data != ADT_HAVE_ALL) {
1762 errno = EINVAL;
1763 goto return_rc;
1764 }
1765 break;
1766 default:
1767 errno = EINVAL;
1768 goto return_rc;
1769 }
1770 rc = 0;
1771
1772 state->as_ruid = ucred_getruid(ucred);
1773 state->as_euid = ucred_geteuid(ucred);
1774 state->as_rgid = ucred_getrgid(ucred);
1775 state->as_egid = ucred_getegid(ucred);
1776 state->as_pid = ucred_getpid(ucred);
1777 state->as_label = adt_ucred_label(ucred);
1778
1779 return_rc:
1780 if (local_uc) {
1781 ucred_free(ucred);
1782 }
1783 return (rc);
1784 }
1785
1786 /*
1787 * adt_alloc_event() returns a pointer to allocated memory
1788 *
1789 */
1790
1791 adt_event_data_t
adt_alloc_event(const adt_session_data_t * session_data,au_event_t event_id)1792 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id)
1793 {
1794 struct adt_event_state *event_state;
1795 adt_internal_state_t *session_state;
1796 adt_event_data_t *return_event = NULL;
1797 /*
1798 * need to return a valid event pointer even if audit is
1799 * off, else the caller will end up either (1) keeping its
1800 * own flags for on/off or (2) writing to a NULL pointer.
1801 * If auditing is on, the session data must be valid; otherwise
1802 * we don't care.
1803 */
1804 if (session_data != NULL) {
1805 session_state = (adt_internal_state_t *)session_data;
1806 assert(session_state->as_check == ADT_VALID);
1807 }
1808 event_state = calloc(1, sizeof (struct adt_event_state));
1809 if (event_state == NULL)
1810 goto return_ptr;
1811
1812 event_state->ae_check = ADT_VALID;
1813
1814 event_state->ae_event_id = event_id;
1815 event_state->ae_session = (struct adt_internal_state *)session_data;
1816
1817 return_event = (adt_event_data_t *)&(event_state->ae_event_data);
1818
1819 /*
1820 * preload data so the adt_au_*() functions can detect un-supplied
1821 * values (0 and NULL are free via calloc()).
1822 */
1823 if (session_data != NULL) {
1824 session_state->as_preload(event_id, return_event);
1825 }
1826
1827 return_ptr:
1828 return (return_event);
1829 }
1830
1831 /*
1832 * adt_getXlateTable -- look up translation table address for event id
1833 */
1834
1835 static adt_translation_t *
adt_getXlateTable(adt_translation_t ** xlate,au_event_t event_id)1836 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id)
1837 {
1838 /* xlate_table is global in adt_xlate.c */
1839 adt_translation_t **p_xlate = xlate;
1840 adt_translation_t *p_event;
1841
1842 while (*p_xlate != NULL) {
1843 p_event = *p_xlate;
1844 if (event_id == p_event->tx_external_event)
1845 return (p_event);
1846 p_xlate++;
1847 }
1848 return (NULL);
1849 }
1850
1851 /*
1852 * adt_calcOffsets
1853 *
1854 * the call to this function is surrounded by a mutex.
1855 *
1856 * i walks down the table picking up next_token. j walks again to
1857 * calculate the offset to the input data. k points to the next
1858 * token's row. Finally, l, is used to sum the values in the
1859 * datadef array.
1860 *
1861 * What's going on? The entry array is in the order of the input
1862 * fields but the processing of array entries is in the order of
1863 * the output (see next_token). Calculating the offset to the
1864 * "next" input can't be done in the outer loop (i) since i doesn't
1865 * point to the current entry and it can't be done with the k index
1866 * because it doesn't represent the order of input fields.
1867 *
1868 * While the resulting algorithm is n**2, it is only done once per
1869 * event type.
1870 */
1871
1872 /*
1873 * adt_calcOffsets is only called once per event type, but it uses
1874 * the address alignment of memory allocated for that event as if it
1875 * were the same for all subsequently allocated memory. This is
1876 * guaranteed by calloc/malloc. Arrays take special handling since
1877 * what matters for figuring out the correct alignment is the size
1878 * of the array element.
1879 */
1880
1881 static void
adt_calcOffsets(struct entry * p_entry,int tablesize,void * p_data)1882 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data)
1883 {
1884 int i, j;
1885 size_t this_size, prev_size;
1886 void *struct_start = p_data;
1887
1888 for (i = 0; i < tablesize; i++) {
1889 if (p_entry[i].en_type_def == NULL) {
1890 p_entry[i].en_offset = 0;
1891 continue;
1892 }
1893 prev_size = 0;
1894 p_entry[i].en_offset = (char *)p_data - (char *)struct_start;
1895
1896 for (j = 0; j < p_entry[i].en_count_types; j++) {
1897 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG)
1898 this_size = sizeof (enum adt_generic);
1899 else
1900 this_size =
1901 p_entry[i].en_type_def[j].dd_input_size;
1902
1903 /* adj for first entry */
1904 if (prev_size == 0)
1905 prev_size = this_size;
1906
1907 if (p_entry[i].en_type_def[j].dd_datatype ==
1908 ADT_UINT32ARRAY) {
1909 p_data = (char *)adt_adjust_address(p_data,
1910 prev_size, sizeof (uint32_t)) +
1911 this_size - sizeof (uint32_t);
1912
1913 prev_size = sizeof (uint32_t);
1914 } else {
1915 p_data = adt_adjust_address(p_data, prev_size,
1916 this_size);
1917 prev_size = this_size;
1918 }
1919 }
1920 }
1921 }
1922
1923 /*
1924 * adt_generate_event
1925 * generate event record from external struct. The order is based on
1926 * the output tokens, allowing for the possibility that the input data
1927 * is in a different order.
1928 *
1929 */
1930
1931 static int
adt_generate_event(const adt_event_data_t * p_extdata,struct adt_event_state * p_event,adt_translation_t * p_xlate)1932 adt_generate_event(const adt_event_data_t *p_extdata,
1933 struct adt_event_state *p_event,
1934 adt_translation_t *p_xlate)
1935 {
1936 struct entry *p_entry;
1937 static mutex_t lock = DEFAULTMUTEX;
1938
1939 p_entry = p_xlate->tx_first_entry;
1940 assert(p_entry != NULL);
1941
1942 p_event->ae_internal_id = p_xlate->tx_internal_event;
1943 adt_token_open(p_event);
1944
1945 /*
1946 * offsets are not pre-calculated; the initial offsets are all
1947 * 0; valid offsets are >= 0. Offsets for no-input tokens such
1948 * as subject are set to -1 by adt_calcOffset()
1949 */
1950 if (p_xlate->tx_offsetsCalculated == 0) {
1951 (void) mutex_lock(&lock);
1952 p_xlate->tx_offsetsCalculated = 1;
1953
1954 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries,
1955 (void *)p_extdata);
1956 (void) mutex_unlock(&lock);
1957 }
1958 while (p_entry != NULL) {
1959 adt_generate_token(p_entry, (char *)p_extdata, p_event);
1960
1961 p_entry = p_entry->en_next_token;
1962 }
1963 return (adt_token_close(p_event));
1964 }
1965
1966 /*
1967 * adt_put_event -- main event generation function.
1968 * The input "event" is the address of the struct containing
1969 * event-specific data.
1970 *
1971 * However if auditing is off or the session handle
1972 * is NULL, no attempt to write a record is made.
1973 */
1974
1975 int
adt_put_event(const adt_event_data_t * event,int status,int return_val)1976 adt_put_event(const adt_event_data_t *event, int status, int return_val)
1977 {
1978 struct adt_event_state *event_state;
1979 adt_translation_t *xlate;
1980
1981 if (event == NULL) {
1982 errno = EINVAL;
1983 return (-1);
1984 }
1985 event_state = (struct adt_event_state *)event;
1986
1987 /* if this is a broken session or not auditing, exit */
1988 if ((event_state->ae_session == NULL) ||
1989 !(event_state->ae_session->as_audit_state &
1990 (AUC_AUDITING | AUC_NOSPACE))) {
1991 return (0);
1992 }
1993
1994 assert(event_state->ae_check == ADT_VALID);
1995
1996 event_state->ae_rc = status;
1997 event_state->ae_type = return_val;
1998
1999 /* look up the event */
2000
2001 xlate = adt_getXlateTable(event_state->ae_session->as_xlate,
2002 event_state->ae_event_id);
2003
2004 if (xlate == NULL) {
2005 errno = EINVAL;
2006 return (-1);
2007 }
2008 DPRINTF(("got event %d\n", xlate->tx_internal_event));
2009
2010 if (adt_selected(event_state, xlate->tx_internal_event, status)) {
2011 return (adt_generate_event(event, event_state, xlate));
2012 }
2013
2014 return (0);
2015 }
2016
2017 /*
2018 * adt_free_event -- invalidate and free
2019 */
2020
2021 void
adt_free_event(adt_event_data_t * event)2022 adt_free_event(adt_event_data_t *event)
2023 {
2024 struct adt_event_state *event_state;
2025
2026 if (event == NULL)
2027 return;
2028
2029 event_state = (struct adt_event_state *)event;
2030
2031 assert(event_state->ae_check == ADT_VALID);
2032
2033 event_state->ae_check = 0;
2034
2035 free(event_state);
2036 }
2037
2038 /*
2039 * adt_is_selected -- helper to adt_selected(), below.
2040 *
2041 * "sorf" is "success or fail" status; au_preselect compares
2042 * that with success, fail, or both.
2043 */
2044
2045 static int
adt_is_selected(au_event_t e,au_mask_t * m,int sorf)2046 adt_is_selected(au_event_t e, au_mask_t *m, int sorf)
2047 {
2048 int prs_sorf;
2049
2050 if (sorf == 0)
2051 prs_sorf = AU_PRS_SUCCESS;
2052 else
2053 prs_sorf = AU_PRS_FAILURE;
2054
2055 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
2056 }
2057
2058 /*
2059 * selected -- see if this event is preselected.
2060 *
2061 * if errors are encountered trying to check a preselection mask
2062 * or look up a user name, the event is selected. Otherwise, the
2063 * preselection mask is used for the job.
2064 */
2065
2066 static int
adt_selected(struct adt_event_state * event,au_event_t actual_id,int status)2067 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status)
2068 {
2069 adt_internal_state_t *sp;
2070 au_mask_t namask;
2071
2072 sp = event->ae_session;
2073
2074 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) {
2075 adt_write_syslog("No user data available", EINVAL);
2076 return (1); /* default is "selected" */
2077 }
2078
2079 /* non-attributable? */
2080 if ((sp->as_info.ai_auid == AU_NOAUDITID) ||
2081 (sp->as_info.ai_auid == ADT_NO_AUDIT)) {
2082 if (auditon(A_GETKMASK, (caddr_t)&namask,
2083 sizeof (namask)) != 0) {
2084 adt_write_syslog("auditon failure", errno);
2085 return (1);
2086 }
2087 return (adt_is_selected(actual_id, &namask, status));
2088 } else {
2089 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask),
2090 status));
2091 }
2092 }
2093
2094 /*
2095 * Can't map the host name to an IP address in
2096 * adt_get_hostIP. Get something off an interface
2097 * to act as the hosts IP address for auditing.
2098 */
2099
2100 static int
adt_get_local_address(int family,struct ifaddrlist * al)2101 adt_get_local_address(int family, struct ifaddrlist *al)
2102 {
2103 struct ifaddrlist *ifal;
2104 char errbuf[ERRBUFSIZE] = "empty list";
2105 char msg[ERRBUFSIZE + 512];
2106 int ifal_count;
2107 int i;
2108
2109 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) {
2110 int serrno = errno;
2111
2112 (void) snprintf(msg, sizeof (msg), "adt_get_local_address "
2113 "couldn't get %d addrlist %s", family, errbuf);
2114 adt_write_syslog(msg, serrno);
2115 errno = serrno;
2116 return (-1);
2117 }
2118
2119 for (i = 0; i < ifal_count; i++) {
2120 /*
2121 * loopback always defined,
2122 * even if there is no real address
2123 */
2124 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) {
2125 break;
2126 }
2127 }
2128 if (i >= ifal_count) {
2129 free(ifal);
2130 /*
2131 * Callers of adt_get_hostIP() can only return
2132 * errno to their callers and eventually the application.
2133 * Picked one that seemed least worse for saying no
2134 * usable address for Audit terminal ID.
2135 */
2136 errno = ENETDOWN;
2137 return (-1);
2138 }
2139
2140 *al = ifal[i];
2141 free(ifal);
2142 return (0);
2143 }
2144