1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25#include <sys/types.h>
26#include <sys/param.h>
27#include <stdio.h>
28#include <sys/fcntl.h>
29#include <bsm/audit.h>
30#include <bsm/audit_record.h>
31#include <bsm/audit_uevents.h>
32#include <bsm/libbsm.h>
33#include <bsm/audit_private.h>
34#include <stdlib.h>
35#include <string.h>
36#include <syslog.h>
37#include <netinet/in.h>
38#include <tsol/label.h>
39#include <locale.h>
40#include <unistd.h>
41#include <generic.h>
42
43static au_event_t	rshd_event;	/* audit event number */
44static uint32_t		rshd_addr[4];	/* peer address */
45
46static void generate_record(char *, char *, char *, int, char *);
47static void setup_session(char *);
48static int selected(uid_t, char *, au_event_t, int);
49
50int
51audit_rshd_setup()
52{
53	rshd_event = AUE_rshd;
54	return (0);
55}
56
57/* ARGSUSED */
58int
59audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf)
60char	*msg;		/* message containing failure information */
61char	*hostname;		/* hostname of machine requesting service */
62char	*remuser;		/* username at machine requesting service */
63char	*locuser;		/* username of local machine */
64char	*cmdbuf;		/* command line to be executed locally */
65{
66	if (cannot_audit(0)) {
67		return (0);
68	}
69	generate_record(remuser, locuser, cmdbuf, -1, msg);
70	return (0);
71}
72
73/* ARGSUSED */
74int
75audit_rshd_success(hostname, remuser, locuser, cmdbuf)
76char	*hostname;		/* hostname of machine requesting service */
77char	*remuser;		/* username at machine requesting service */
78char	*locuser;		/* username at local machine */
79char	*cmdbuf;		/* command line to be executed locally */
80{
81	if (cannot_audit(0)) {
82		return (0);
83	}
84	generate_record(remuser, locuser, cmdbuf, 0, "");
85	setup_session(locuser);
86	return (0);
87}
88
89
90#include <pwd.h>
91
92static void
93generate_record(char *remuser,	/* username at machine requesting service */
94		char *locuser,	/* username of local machine */
95		char *cmdbuf,	/* command line to be executed locally */
96		int sf_flag,	/* success (0) or failure (-1) flag */
97		char *msg)	/* message containing failure information */
98{
99	int	rd;		/* audit record descriptor */
100	char	buf[256];	/* temporary buffer */
101	char	*tbuf;		/* temporary buffer */
102	int	tlen;
103	const char *gtxt;
104	uid_t	uid;
105	gid_t	gid;
106	pid_t	pid;
107	struct passwd *pwd;
108	struct auditinfo_addr info;
109
110	if (cannot_audit(0)) {
111		return;
112	}
113
114	pwd = getpwnam(locuser);
115	if (pwd == NULL) {
116		uid = (uid_t)-1;
117		gid = (gid_t)-1;
118	} else {
119		uid = pwd->pw_uid;
120		gid = pwd->pw_gid;
121	}
122
123	if (!selected(uid, locuser, rshd_event, sf_flag))
124		return;
125
126	pid = getpid();
127
128	/* see if terminal id already set */
129	if (getaudit_addr(&info, sizeof (info)) < 0) {
130		perror("getaudit");
131	}
132	rd = au_open();
133
134	(void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
135	    &info.ai_termid));
136	if (is_system_labeled())
137		(void) au_write(rd, au_to_mylabel());
138
139	gtxt = dgettext(bsm_dom, "cmd %s");
140	tlen = strlen(gtxt) + strlen(cmdbuf) + 1;
141	if ((tbuf = malloc(tlen)) == NULL) {
142		(void) au_close(rd, 0, 0);
143		return;
144	}
145	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
146	(void) au_write(rd, au_to_text(tbuf));
147	(void) free(tbuf);
148
149	if (strcmp(remuser, locuser) != 0) {
150		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
151		    "remote user %s"), remuser);
152		(void) au_write(rd, au_to_text(buf));
153	}
154
155	if (sf_flag == -1) {
156		(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
157		    "local user %s"), locuser);
158		(void) au_write(rd, au_to_text(buf));
159		(void) au_write(rd, au_to_text(msg));
160	}
161
162#ifdef _LP64
163	(void) au_write(rd, au_to_return64(sf_flag, (int64_t)0));
164#else
165	(void) au_write(rd, au_to_return32(sf_flag, (int32_t)0));
166#endif
167
168	if (au_close(rd, 1, rshd_event) < 0) {
169		(void) au_close(rd, 0, 0);
170	}
171}
172
173static int
174selected(uid_t uid, char *locuser, au_event_t event, int sf)
175{
176	int		sorf;
177	struct au_mask	mask;
178
179	mask.am_success = mask.am_failure = 0;
180	if (uid > MAXEPHUID) {
181		/* get non-attrib flags */
182		(void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
183	} else {
184		(void) au_user_mask(locuser, &mask);
185	}
186
187	if (sf == 0) {
188		sorf = AU_PRS_SUCCESS;
189	} else if (sf == -1) {
190		sorf = AU_PRS_FAILURE;
191	} else {
192		sorf = AU_PRS_BOTH;
193	}
194
195	return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
196}
197
198static void
199setup_session(char *locuser)
200{
201	int	rc;
202	struct auditinfo_addr info;
203	au_mask_t		mask;
204	uid_t			uid;
205	struct passwd *pwd;
206
207	pwd = getpwnam(locuser);
208	if (pwd == NULL)
209		uid = (uid_t)-1;
210	else
211		uid = pwd->pw_uid;
212
213	/* see if terminal id already set */
214	if (getaudit_addr(&info, sizeof (info)) < 0) {
215		perror("getaudit");
216	}
217
218	info.ai_auid = uid;
219	info.ai_asid = getpid();
220
221	mask.am_success = 0;
222	mask.am_failure = 0;
223	(void) au_user_mask(locuser, &mask);
224
225	info.ai_mask.am_success = mask.am_success;
226	info.ai_mask.am_failure = mask.am_failure;
227
228	rshd_addr[0] = info.ai_termid.at_addr[0];
229	rshd_addr[1] = info.ai_termid.at_addr[1];
230	rshd_addr[2] = info.ai_termid.at_addr[2];
231	rshd_addr[3] = info.ai_termid.at_addr[3];
232
233	rc = setaudit_addr(&info, sizeof (info));
234	if (rc < 0) {
235		perror("setaudit");
236	}
237}
238