libbsm/common/audit_kadmind.c

*0Sstevel@tonic-gate/*
*0Sstevel@tonic-gate * CDDL HEADER START
*0Sstevel@tonic-gate *
*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the
*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
*0Sstevel@tonic-gate * (the "License").  You may not use this file except in compliance
*0Sstevel@tonic-gate * with the License.
*0Sstevel@tonic-gate *
*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
*0Sstevel@tonic-gate * See the License for the specific language governing permissions
*0Sstevel@tonic-gate * and limitations under the License.
*0Sstevel@tonic-gate *
*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
*0Sstevel@tonic-gate *
*0Sstevel@tonic-gate * CDDL HEADER END
*0Sstevel@tonic-gate */
*0Sstevel@tonic-gate/*
*0Sstevel@tonic-gate * Copyright (c) 2000 by Sun Microsystems, Inc.
*0Sstevel@tonic-gate * All rights reserved.
*0Sstevel@tonic-gate */
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate#pragma ident	"%Z%%M%	%I%	%E% SMI"
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate#include <sys/types.h>
*0Sstevel@tonic-gate#include <sys/param.h>
*0Sstevel@tonic-gate#include <stdio.h>
*0Sstevel@tonic-gate#include <sys/fcntl.h>
*0Sstevel@tonic-gate#include <bsm/audit.h>
*0Sstevel@tonic-gate#include <bsm/audit_record.h>
*0Sstevel@tonic-gate#include <bsm/audit_uevents.h>
*0Sstevel@tonic-gate#include <bsm/libbsm.h>
*0Sstevel@tonic-gate#include <stdlib.h>
*0Sstevel@tonic-gate#include <string.h>
*0Sstevel@tonic-gate#include <syslog.h>
*0Sstevel@tonic-gate#include <netinet/in.h>
*0Sstevel@tonic-gate#include <sys/socket.h>
*0Sstevel@tonic-gate#include <rpc/rpc.h>
*0Sstevel@tonic-gate#include <tiuser.h>
*0Sstevel@tonic-gate#include <unistd.h>
*0Sstevel@tonic-gate#include <generic.h>
*0Sstevel@tonic-gate#include <note.h>
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate#ifdef C2_DEBUG2
*0Sstevel@tonic-gate#define	dprintf(x) { printf x; }
*0Sstevel@tonic-gate#else
*0Sstevel@tonic-gate#define	dprintf(x)
*0Sstevel@tonic-gate#endif
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate/*
*0Sstevel@tonic-gate * netbuf2pm()
*0Sstevel@tonic-gate *
*0Sstevel@tonic-gate * Given an endpt in netbuf form,  return the port and machine.
*0Sstevel@tonic-gate * kadmind (currently) only works over IPv4, so only handle IPv4 addresses.
*0Sstevel@tonic-gate */
*0Sstevel@tonic-gatestatic void
*0Sstevel@tonic-gatenetbuf2pm(
*0Sstevel@tonic-gate	struct netbuf *addr,
*0Sstevel@tonic-gate	in_port_t *port,
*0Sstevel@tonic-gate	uint32_t *machine)
*0Sstevel@tonic-gate{
*0Sstevel@tonic-gate	struct sockaddr_in sin4;
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	if (!addr) {
*0Sstevel@tonic-gate		syslog(LOG_DEBUG, "netbuf2pm: addr == NULL");
*0Sstevel@tonic-gate		return;
*0Sstevel@tonic-gate	}
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	if (!addr->buf) {
*0Sstevel@tonic-gate		syslog(LOG_DEBUG, "netbuf2pm: addr->buf == NULL");
*0Sstevel@tonic-gate		return;
*0Sstevel@tonic-gate	}
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	(void) memcpy(&sin4, addr->buf, sizeof (struct sockaddr_in));
*0Sstevel@tonic-gate	if (sin4.sin_family == AF_INET) {
*0Sstevel@tonic-gate		if (machine)
*0Sstevel@tonic-gate			*machine = sin4.sin_addr.s_addr;
*0Sstevel@tonic-gate		if (port)
*0Sstevel@tonic-gate			*port = sin4.sin_port;
*0Sstevel@tonic-gate	} else {
*0Sstevel@tonic-gate		dprintf(("netbuf2pm: unknown caller IP address family %d",
*0Sstevel@tonic-gate			sin4.sin_family));
*0Sstevel@tonic-gate		syslog(LOG_DEBUG,
*0Sstevel@tonic-gate		    "netbuf2pm: unknown caller IP address family %d",
*0Sstevel@tonic-gate		    sin4.sin_family);
*0Sstevel@tonic-gate	}
*0Sstevel@tonic-gate}
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate#define	AUD_NULL_STR(s)		((s) ? (s) : "(null)")
*0Sstevel@tonic-gate
*0Sstevel@tonic-gatestatic void
*0Sstevel@tonic-gatecommon_audit(
*0Sstevel@tonic-gate	au_event_t event,	/* audit event */
*0Sstevel@tonic-gate	SVCXPRT *xprt,		/* net transport handle */
*0Sstevel@tonic-gate	in_port_t l_port,	/* local port */
*0Sstevel@tonic-gate	char *op,		/* requested operation */
*0Sstevel@tonic-gate	char *prime_arg,	/* argument for op */
*0Sstevel@tonic-gate	char *clnt_name,	/* client principal name */
*0Sstevel@tonic-gate	int sorf) 		/* flag for success or failure */
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate{
*0Sstevel@tonic-gate	auditinfo_t ai;
*0Sstevel@tonic-gate	in_port_t r_port = 0;
*0Sstevel@tonic-gate	dev_t port;
*0Sstevel@tonic-gate	uint32_t machine = 0;
*0Sstevel@tonic-gate	char text_buf[512];
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	dprintf(("common_audit() start\n"));
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	/* if auditing turned off, then don't do anything */
*0Sstevel@tonic-gate	if (cannot_audit(0))
*0Sstevel@tonic-gate		return;
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	(void) aug_save_namask();
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	/*
*0Sstevel@tonic-gate	 * set default values. We will overwrite them if appropriate.
*0Sstevel@tonic-gate	 */
*0Sstevel@tonic-gate	if (getaudit(&ai)) {
*0Sstevel@tonic-gate		perror("kadmind");
*0Sstevel@tonic-gate		return;
*0Sstevel@tonic-gate	}
*0Sstevel@tonic-gate	aug_save_auid(ai.ai_auid);	/* Audit ID */
*0Sstevel@tonic-gate	aug_save_uid(getuid());		/* User ID */
*0Sstevel@tonic-gate	aug_save_euid(geteuid());	/* Effective User ID */
*0Sstevel@tonic-gate	aug_save_gid(getgid());		/* Group ID */
*0Sstevel@tonic-gate	aug_save_egid(getegid());	/* Effective Group ID */
*0Sstevel@tonic-gate	aug_save_pid(getpid());		/* process ID */
*0Sstevel@tonic-gate	aug_save_asid(getpid());	/* session ID */
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	aug_save_event(event);
*0Sstevel@tonic-gate	aug_save_sorf(sorf);
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	(void) snprintf(text_buf, sizeof (text_buf), "Op: %s",
*0Sstevel@tonic-gate		AUD_NULL_STR(op));
*0Sstevel@tonic-gate	aug_save_text(text_buf);
*0Sstevel@tonic-gate	(void) snprintf(text_buf, sizeof (text_buf), "Arg: %s",
*0Sstevel@tonic-gate		AUD_NULL_STR(prime_arg));
*0Sstevel@tonic-gate	aug_save_text1(text_buf);
*0Sstevel@tonic-gate	(void) snprintf(text_buf, sizeof (text_buf), "Client: %s",
*0Sstevel@tonic-gate		AUD_NULL_STR(clnt_name));
*0Sstevel@tonic-gate	aug_save_text2(text_buf);
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	netbuf2pm(svc_getrpccaller(xprt), &r_port, &machine);
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	dprintf(("common_audit(): l_port=%d, r_port=%d,\n",
*0Sstevel@tonic-gate		ntohs(l_port), ntohs(r_port)));
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	port = (r_port<<16 | l_port);
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	aug_save_tid_ex(port,  &machine, AU_IPv4);
*0Sstevel@tonic-gate
*0Sstevel@tonic-gate	(void) aug_audit();
*0Sstevel@tonic-gate}
*0Sstevel@tonic-gate
*0Sstevel@tonic-gatevoid
*0Sstevel@tonic-gateaudit_kadmind_auth(
*0Sstevel@tonic-gate	SVCXPRT *xprt,
*0Sstevel@tonic-gate	in_port_t l_port,
*0Sstevel@tonic-gate	char *op,
*0Sstevel@tonic-gate	char *prime_arg,
*0Sstevel@tonic-gate	char *clnt_name,
*0Sstevel@tonic-gate	int sorf)
*0Sstevel@tonic-gate{
*0Sstevel@tonic-gate	common_audit(AUE_kadmind_auth, xprt, l_port, op, prime_arg,
*0Sstevel@tonic-gate		    clnt_name, sorf);
*0Sstevel@tonic-gate}
*0Sstevel@tonic-gate
*0Sstevel@tonic-gatevoid
*0Sstevel@tonic-gateaudit_kadmind_unauth(
*0Sstevel@tonic-gate	SVCXPRT *xprt,
*0Sstevel@tonic-gate	in_port_t l_port,
*0Sstevel@tonic-gate	char *op,
*0Sstevel@tonic-gate	char *prime_arg,
*0Sstevel@tonic-gate	char *clnt_name)
*0Sstevel@tonic-gate{
*0Sstevel@tonic-gate	common_audit(AUE_kadmind_unauth, xprt, l_port, op, prime_arg,
*0Sstevel@tonic-gate		    clnt_name, 1);
*0Sstevel@tonic-gate}