1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 27*0Sstevel@tonic-gate 28*0Sstevel@tonic-gate #include <sys/types.h> 29*0Sstevel@tonic-gate #include <stdio.h> 30*0Sstevel@tonic-gate #include <sys/fcntl.h> 31*0Sstevel@tonic-gate #include <bsm/audit.h> 32*0Sstevel@tonic-gate #include <bsm/audit_record.h> 33*0Sstevel@tonic-gate #include <bsm/audit_uevents.h> 34*0Sstevel@tonic-gate #include <bsm/libbsm.h> 35*0Sstevel@tonic-gate #include <bsm/audit_private.h> 36*0Sstevel@tonic-gate #include <stdlib.h> 37*0Sstevel@tonic-gate #include <string.h> 38*0Sstevel@tonic-gate #include <syslog.h> 39*0Sstevel@tonic-gate #include <netinet/in.h> 40*0Sstevel@tonic-gate #include <locale.h> 41*0Sstevel@tonic-gate #include <unistd.h> 42*0Sstevel@tonic-gate #include <generic.h> 43*0Sstevel@tonic-gate 44*0Sstevel@tonic-gate static au_event_t rshd_event; /* audit event number */ 45*0Sstevel@tonic-gate static uint32_t rshd_addr[4]; /* peer address */ 46*0Sstevel@tonic-gate 47*0Sstevel@tonic-gate static void generate_record(char *, char *, char *, int, char *); 48*0Sstevel@tonic-gate static void setup_session(char *); 49*0Sstevel@tonic-gate static int selected(uid_t, char *, au_event_t, int); 50*0Sstevel@tonic-gate 51*0Sstevel@tonic-gate int 52*0Sstevel@tonic-gate audit_rshd_setup() 53*0Sstevel@tonic-gate { 54*0Sstevel@tonic-gate rshd_event = AUE_rshd; 55*0Sstevel@tonic-gate return (0); 56*0Sstevel@tonic-gate } 57*0Sstevel@tonic-gate 58*0Sstevel@tonic-gate /* ARGSUSED */ 59*0Sstevel@tonic-gate int 60*0Sstevel@tonic-gate audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf) 61*0Sstevel@tonic-gate char *msg; /* message containing failure information */ 62*0Sstevel@tonic-gate char *hostname; /* hostname of machine requesting service */ 63*0Sstevel@tonic-gate char *remuser; /* username at machine requesting service */ 64*0Sstevel@tonic-gate char *locuser; /* username of local machine */ 65*0Sstevel@tonic-gate char *cmdbuf; /* command line to be executed locally */ 66*0Sstevel@tonic-gate { 67*0Sstevel@tonic-gate if (cannot_audit(0)) { 68*0Sstevel@tonic-gate return (0); 69*0Sstevel@tonic-gate } 70*0Sstevel@tonic-gate generate_record(remuser, locuser, cmdbuf, -1, msg); 71*0Sstevel@tonic-gate return (0); 72*0Sstevel@tonic-gate } 73*0Sstevel@tonic-gate 74*0Sstevel@tonic-gate /* ARGSUSED */ 75*0Sstevel@tonic-gate int 76*0Sstevel@tonic-gate audit_rshd_success(hostname, remuser, locuser, cmdbuf) 77*0Sstevel@tonic-gate char *hostname; /* hostname of machine requesting service */ 78*0Sstevel@tonic-gate char *remuser; /* username at machine requesting service */ 79*0Sstevel@tonic-gate char *locuser; /* username at local machine */ 80*0Sstevel@tonic-gate char *cmdbuf; /* command line to be executed locally */ 81*0Sstevel@tonic-gate { 82*0Sstevel@tonic-gate if (cannot_audit(0)) { 83*0Sstevel@tonic-gate return (0); 84*0Sstevel@tonic-gate } 85*0Sstevel@tonic-gate generate_record(remuser, locuser, cmdbuf, 0, ""); 86*0Sstevel@tonic-gate setup_session(locuser); 87*0Sstevel@tonic-gate return (0); 88*0Sstevel@tonic-gate } 89*0Sstevel@tonic-gate 90*0Sstevel@tonic-gate 91*0Sstevel@tonic-gate #include <pwd.h> 92*0Sstevel@tonic-gate 93*0Sstevel@tonic-gate static void 94*0Sstevel@tonic-gate generate_record(char *remuser, /* username at machine requesting service */ 95*0Sstevel@tonic-gate char *locuser, /* username of local machine */ 96*0Sstevel@tonic-gate char *cmdbuf, /* command line to be executed locally */ 97*0Sstevel@tonic-gate int sf_flag, /* success (0) or failure (-1) flag */ 98*0Sstevel@tonic-gate char *msg) /* message containing failure information */ 99*0Sstevel@tonic-gate { 100*0Sstevel@tonic-gate int rd; /* audit record descriptor */ 101*0Sstevel@tonic-gate char buf[256]; /* temporary buffer */ 102*0Sstevel@tonic-gate char *tbuf; /* temporary buffer */ 103*0Sstevel@tonic-gate int tlen; 104*0Sstevel@tonic-gate const char *gtxt; 105*0Sstevel@tonic-gate uid_t uid; 106*0Sstevel@tonic-gate gid_t gid; 107*0Sstevel@tonic-gate pid_t pid; 108*0Sstevel@tonic-gate struct passwd *pwd; 109*0Sstevel@tonic-gate struct auditinfo_addr info; 110*0Sstevel@tonic-gate 111*0Sstevel@tonic-gate if (cannot_audit(0)) { 112*0Sstevel@tonic-gate return; 113*0Sstevel@tonic-gate } 114*0Sstevel@tonic-gate 115*0Sstevel@tonic-gate pwd = getpwnam(locuser); 116*0Sstevel@tonic-gate if (pwd == NULL) { 117*0Sstevel@tonic-gate uid = -1; 118*0Sstevel@tonic-gate gid = -1; 119*0Sstevel@tonic-gate } else { 120*0Sstevel@tonic-gate uid = pwd->pw_uid; 121*0Sstevel@tonic-gate gid = pwd->pw_gid; 122*0Sstevel@tonic-gate } 123*0Sstevel@tonic-gate 124*0Sstevel@tonic-gate if (!selected(uid, locuser, rshd_event, sf_flag)) 125*0Sstevel@tonic-gate return; 126*0Sstevel@tonic-gate 127*0Sstevel@tonic-gate pid = getpid(); 128*0Sstevel@tonic-gate 129*0Sstevel@tonic-gate /* see if terminal id already set */ 130*0Sstevel@tonic-gate if (getaudit_addr(&info, sizeof (info)) < 0) { 131*0Sstevel@tonic-gate perror("getaudit"); 132*0Sstevel@tonic-gate } 133*0Sstevel@tonic-gate rd = au_open(); 134*0Sstevel@tonic-gate 135*0Sstevel@tonic-gate (void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, 136*0Sstevel@tonic-gate &info.ai_termid)); 137*0Sstevel@tonic-gate 138*0Sstevel@tonic-gate gtxt = dgettext(bsm_dom, "cmd %s"); 139*0Sstevel@tonic-gate tlen = strlen(gtxt) + strlen(cmdbuf) + 1; 140*0Sstevel@tonic-gate if ((tbuf = malloc(tlen)) == NULL) { 141*0Sstevel@tonic-gate (void) au_close(rd, 0, 0); 142*0Sstevel@tonic-gate return; 143*0Sstevel@tonic-gate } 144*0Sstevel@tonic-gate (void) snprintf(tbuf, tlen, gtxt, cmdbuf); 145*0Sstevel@tonic-gate (void) au_write(rd, au_to_text(tbuf)); 146*0Sstevel@tonic-gate (void) free(tbuf); 147*0Sstevel@tonic-gate 148*0Sstevel@tonic-gate if (strcmp(remuser, locuser) != 0) { 149*0Sstevel@tonic-gate (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, 150*0Sstevel@tonic-gate "remote user %s"), remuser); 151*0Sstevel@tonic-gate (void) au_write(rd, au_to_text(buf)); 152*0Sstevel@tonic-gate } 153*0Sstevel@tonic-gate 154*0Sstevel@tonic-gate if (sf_flag == -1) { 155*0Sstevel@tonic-gate (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, 156*0Sstevel@tonic-gate "local user %s"), locuser); 157*0Sstevel@tonic-gate (void) au_write(rd, au_to_text(buf)); 158*0Sstevel@tonic-gate (void) au_write(rd, au_to_text(msg)); 159*0Sstevel@tonic-gate } 160*0Sstevel@tonic-gate 161*0Sstevel@tonic-gate #ifdef _LP64 162*0Sstevel@tonic-gate (void) au_write(rd, au_to_return64(sf_flag, (int64_t)0)); 163*0Sstevel@tonic-gate #else 164*0Sstevel@tonic-gate (void) au_write(rd, au_to_return32(sf_flag, (int32_t)0)); 165*0Sstevel@tonic-gate #endif 166*0Sstevel@tonic-gate 167*0Sstevel@tonic-gate if (au_close(rd, 1, rshd_event) < 0) { 168*0Sstevel@tonic-gate (void) au_close(rd, 0, 0); 169*0Sstevel@tonic-gate } 170*0Sstevel@tonic-gate } 171*0Sstevel@tonic-gate 172*0Sstevel@tonic-gate static int 173*0Sstevel@tonic-gate selected(uid_t uid, char *locuser, au_event_t event, int sf) 174*0Sstevel@tonic-gate { 175*0Sstevel@tonic-gate int rc, sorf; 176*0Sstevel@tonic-gate char naflags[512]; 177*0Sstevel@tonic-gate struct au_mask mask; 178*0Sstevel@tonic-gate 179*0Sstevel@tonic-gate mask.am_success = mask.am_failure = 0; 180*0Sstevel@tonic-gate if (uid < 0) { 181*0Sstevel@tonic-gate rc = getacna(naflags, 256); /* get non-attrib flags */ 182*0Sstevel@tonic-gate if (rc == 0) 183*0Sstevel@tonic-gate (void) getauditflagsbin(naflags, &mask); 184*0Sstevel@tonic-gate } else { 185*0Sstevel@tonic-gate rc = au_user_mask(locuser, &mask); 186*0Sstevel@tonic-gate } 187*0Sstevel@tonic-gate 188*0Sstevel@tonic-gate if (sf == 0) 189*0Sstevel@tonic-gate sorf = AU_PRS_SUCCESS; 190*0Sstevel@tonic-gate else if (sf == -1) 191*0Sstevel@tonic-gate sorf = AU_PRS_FAILURE; 192*0Sstevel@tonic-gate else 193*0Sstevel@tonic-gate sorf = AU_PRS_BOTH; 194*0Sstevel@tonic-gate rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD); 195*0Sstevel@tonic-gate return (rc); 196*0Sstevel@tonic-gate } 197*0Sstevel@tonic-gate 198*0Sstevel@tonic-gate static void 199*0Sstevel@tonic-gate setup_session(char *locuser) 200*0Sstevel@tonic-gate { 201*0Sstevel@tonic-gate int rc; 202*0Sstevel@tonic-gate struct auditinfo_addr info; 203*0Sstevel@tonic-gate au_mask_t mask; 204*0Sstevel@tonic-gate uid_t uid; 205*0Sstevel@tonic-gate struct passwd *pwd; 206*0Sstevel@tonic-gate 207*0Sstevel@tonic-gate pwd = getpwnam(locuser); 208*0Sstevel@tonic-gate if (pwd == NULL) 209*0Sstevel@tonic-gate uid = -1; 210*0Sstevel@tonic-gate else 211*0Sstevel@tonic-gate uid = pwd->pw_uid; 212*0Sstevel@tonic-gate 213*0Sstevel@tonic-gate /* see if terminal id already set */ 214*0Sstevel@tonic-gate if (getaudit_addr(&info, sizeof (info)) < 0) { 215*0Sstevel@tonic-gate perror("getaudit"); 216*0Sstevel@tonic-gate } 217*0Sstevel@tonic-gate 218*0Sstevel@tonic-gate info.ai_auid = uid; 219*0Sstevel@tonic-gate info.ai_asid = getpid(); 220*0Sstevel@tonic-gate 221*0Sstevel@tonic-gate mask.am_success = 0; 222*0Sstevel@tonic-gate mask.am_failure = 0; 223*0Sstevel@tonic-gate (void) au_user_mask(locuser, &mask); 224*0Sstevel@tonic-gate 225*0Sstevel@tonic-gate info.ai_mask.am_success = mask.am_success; 226*0Sstevel@tonic-gate info.ai_mask.am_failure = mask.am_failure; 227*0Sstevel@tonic-gate 228*0Sstevel@tonic-gate rshd_addr[0] = info.ai_termid.at_addr[0]; 229*0Sstevel@tonic-gate rshd_addr[1] = info.ai_termid.at_addr[1]; 230*0Sstevel@tonic-gate rshd_addr[2] = info.ai_termid.at_addr[2]; 231*0Sstevel@tonic-gate rshd_addr[3] = info.ai_termid.at_addr[3]; 232*0Sstevel@tonic-gate 233*0Sstevel@tonic-gate rc = setaudit_addr(&info, sizeof (info)); 234*0Sstevel@tonic-gate if (rc < 0) { 235*0Sstevel@tonic-gate perror("setaudit"); 236*0Sstevel@tonic-gate } 237*0Sstevel@tonic-gate } 238