1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 27*7c478bd9Sstevel@tonic-gate 28*7c478bd9Sstevel@tonic-gate #include <sys/types.h> 29*7c478bd9Sstevel@tonic-gate #include <stdio.h> 30*7c478bd9Sstevel@tonic-gate #include <sys/fcntl.h> 31*7c478bd9Sstevel@tonic-gate #include <bsm/audit.h> 32*7c478bd9Sstevel@tonic-gate #include <bsm/audit_record.h> 33*7c478bd9Sstevel@tonic-gate #include <bsm/audit_uevents.h> 34*7c478bd9Sstevel@tonic-gate #include <bsm/libbsm.h> 35*7c478bd9Sstevel@tonic-gate #include <bsm/audit_private.h> 36*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 37*7c478bd9Sstevel@tonic-gate #include <string.h> 38*7c478bd9Sstevel@tonic-gate #include <syslog.h> 39*7c478bd9Sstevel@tonic-gate #include <netinet/in.h> 40*7c478bd9Sstevel@tonic-gate #include <locale.h> 41*7c478bd9Sstevel@tonic-gate #include <unistd.h> 42*7c478bd9Sstevel@tonic-gate #include <generic.h> 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gate static au_event_t rshd_event; /* audit event number */ 45*7c478bd9Sstevel@tonic-gate static uint32_t rshd_addr[4]; /* peer address */ 46*7c478bd9Sstevel@tonic-gate 47*7c478bd9Sstevel@tonic-gate static void generate_record(char *, char *, char *, int, char *); 48*7c478bd9Sstevel@tonic-gate static void setup_session(char *); 49*7c478bd9Sstevel@tonic-gate static int selected(uid_t, char *, au_event_t, int); 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate int 52*7c478bd9Sstevel@tonic-gate audit_rshd_setup() 53*7c478bd9Sstevel@tonic-gate { 54*7c478bd9Sstevel@tonic-gate rshd_event = AUE_rshd; 55*7c478bd9Sstevel@tonic-gate return (0); 56*7c478bd9Sstevel@tonic-gate } 57*7c478bd9Sstevel@tonic-gate 58*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 59*7c478bd9Sstevel@tonic-gate int 60*7c478bd9Sstevel@tonic-gate audit_rshd_fail(msg, hostname, remuser, locuser, cmdbuf) 61*7c478bd9Sstevel@tonic-gate char *msg; /* message containing failure information */ 62*7c478bd9Sstevel@tonic-gate char *hostname; /* hostname of machine requesting service */ 63*7c478bd9Sstevel@tonic-gate char *remuser; /* username at machine requesting service */ 64*7c478bd9Sstevel@tonic-gate char *locuser; /* username of local machine */ 65*7c478bd9Sstevel@tonic-gate char *cmdbuf; /* command line to be executed locally */ 66*7c478bd9Sstevel@tonic-gate { 67*7c478bd9Sstevel@tonic-gate if (cannot_audit(0)) { 68*7c478bd9Sstevel@tonic-gate return (0); 69*7c478bd9Sstevel@tonic-gate } 70*7c478bd9Sstevel@tonic-gate generate_record(remuser, locuser, cmdbuf, -1, msg); 71*7c478bd9Sstevel@tonic-gate return (0); 72*7c478bd9Sstevel@tonic-gate } 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate /* ARGSUSED */ 75*7c478bd9Sstevel@tonic-gate int 76*7c478bd9Sstevel@tonic-gate audit_rshd_success(hostname, remuser, locuser, cmdbuf) 77*7c478bd9Sstevel@tonic-gate char *hostname; /* hostname of machine requesting service */ 78*7c478bd9Sstevel@tonic-gate char *remuser; /* username at machine requesting service */ 79*7c478bd9Sstevel@tonic-gate char *locuser; /* username at local machine */ 80*7c478bd9Sstevel@tonic-gate char *cmdbuf; /* command line to be executed locally */ 81*7c478bd9Sstevel@tonic-gate { 82*7c478bd9Sstevel@tonic-gate if (cannot_audit(0)) { 83*7c478bd9Sstevel@tonic-gate return (0); 84*7c478bd9Sstevel@tonic-gate } 85*7c478bd9Sstevel@tonic-gate generate_record(remuser, locuser, cmdbuf, 0, ""); 86*7c478bd9Sstevel@tonic-gate setup_session(locuser); 87*7c478bd9Sstevel@tonic-gate return (0); 88*7c478bd9Sstevel@tonic-gate } 89*7c478bd9Sstevel@tonic-gate 90*7c478bd9Sstevel@tonic-gate 91*7c478bd9Sstevel@tonic-gate #include <pwd.h> 92*7c478bd9Sstevel@tonic-gate 93*7c478bd9Sstevel@tonic-gate static void 94*7c478bd9Sstevel@tonic-gate generate_record(char *remuser, /* username at machine requesting service */ 95*7c478bd9Sstevel@tonic-gate char *locuser, /* username of local machine */ 96*7c478bd9Sstevel@tonic-gate char *cmdbuf, /* command line to be executed locally */ 97*7c478bd9Sstevel@tonic-gate int sf_flag, /* success (0) or failure (-1) flag */ 98*7c478bd9Sstevel@tonic-gate char *msg) /* message containing failure information */ 99*7c478bd9Sstevel@tonic-gate { 100*7c478bd9Sstevel@tonic-gate int rd; /* audit record descriptor */ 101*7c478bd9Sstevel@tonic-gate char buf[256]; /* temporary buffer */ 102*7c478bd9Sstevel@tonic-gate char *tbuf; /* temporary buffer */ 103*7c478bd9Sstevel@tonic-gate int tlen; 104*7c478bd9Sstevel@tonic-gate const char *gtxt; 105*7c478bd9Sstevel@tonic-gate uid_t uid; 106*7c478bd9Sstevel@tonic-gate gid_t gid; 107*7c478bd9Sstevel@tonic-gate pid_t pid; 108*7c478bd9Sstevel@tonic-gate struct passwd *pwd; 109*7c478bd9Sstevel@tonic-gate struct auditinfo_addr info; 110*7c478bd9Sstevel@tonic-gate 111*7c478bd9Sstevel@tonic-gate if (cannot_audit(0)) { 112*7c478bd9Sstevel@tonic-gate return; 113*7c478bd9Sstevel@tonic-gate } 114*7c478bd9Sstevel@tonic-gate 115*7c478bd9Sstevel@tonic-gate pwd = getpwnam(locuser); 116*7c478bd9Sstevel@tonic-gate if (pwd == NULL) { 117*7c478bd9Sstevel@tonic-gate uid = -1; 118*7c478bd9Sstevel@tonic-gate gid = -1; 119*7c478bd9Sstevel@tonic-gate } else { 120*7c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 121*7c478bd9Sstevel@tonic-gate gid = pwd->pw_gid; 122*7c478bd9Sstevel@tonic-gate } 123*7c478bd9Sstevel@tonic-gate 124*7c478bd9Sstevel@tonic-gate if (!selected(uid, locuser, rshd_event, sf_flag)) 125*7c478bd9Sstevel@tonic-gate return; 126*7c478bd9Sstevel@tonic-gate 127*7c478bd9Sstevel@tonic-gate pid = getpid(); 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate /* see if terminal id already set */ 130*7c478bd9Sstevel@tonic-gate if (getaudit_addr(&info, sizeof (info)) < 0) { 131*7c478bd9Sstevel@tonic-gate perror("getaudit"); 132*7c478bd9Sstevel@tonic-gate } 133*7c478bd9Sstevel@tonic-gate rd = au_open(); 134*7c478bd9Sstevel@tonic-gate 135*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid, 136*7c478bd9Sstevel@tonic-gate &info.ai_termid)); 137*7c478bd9Sstevel@tonic-gate 138*7c478bd9Sstevel@tonic-gate gtxt = dgettext(bsm_dom, "cmd %s"); 139*7c478bd9Sstevel@tonic-gate tlen = strlen(gtxt) + strlen(cmdbuf) + 1; 140*7c478bd9Sstevel@tonic-gate if ((tbuf = malloc(tlen)) == NULL) { 141*7c478bd9Sstevel@tonic-gate (void) au_close(rd, 0, 0); 142*7c478bd9Sstevel@tonic-gate return; 143*7c478bd9Sstevel@tonic-gate } 144*7c478bd9Sstevel@tonic-gate (void) snprintf(tbuf, tlen, gtxt, cmdbuf); 145*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_text(tbuf)); 146*7c478bd9Sstevel@tonic-gate (void) free(tbuf); 147*7c478bd9Sstevel@tonic-gate 148*7c478bd9Sstevel@tonic-gate if (strcmp(remuser, locuser) != 0) { 149*7c478bd9Sstevel@tonic-gate (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, 150*7c478bd9Sstevel@tonic-gate "remote user %s"), remuser); 151*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_text(buf)); 152*7c478bd9Sstevel@tonic-gate } 153*7c478bd9Sstevel@tonic-gate 154*7c478bd9Sstevel@tonic-gate if (sf_flag == -1) { 155*7c478bd9Sstevel@tonic-gate (void) snprintf(buf, sizeof (buf), dgettext(bsm_dom, 156*7c478bd9Sstevel@tonic-gate "local user %s"), locuser); 157*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_text(buf)); 158*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_text(msg)); 159*7c478bd9Sstevel@tonic-gate } 160*7c478bd9Sstevel@tonic-gate 161*7c478bd9Sstevel@tonic-gate #ifdef _LP64 162*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_return64(sf_flag, (int64_t)0)); 163*7c478bd9Sstevel@tonic-gate #else 164*7c478bd9Sstevel@tonic-gate (void) au_write(rd, au_to_return32(sf_flag, (int32_t)0)); 165*7c478bd9Sstevel@tonic-gate #endif 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate if (au_close(rd, 1, rshd_event) < 0) { 168*7c478bd9Sstevel@tonic-gate (void) au_close(rd, 0, 0); 169*7c478bd9Sstevel@tonic-gate } 170*7c478bd9Sstevel@tonic-gate } 171*7c478bd9Sstevel@tonic-gate 172*7c478bd9Sstevel@tonic-gate static int 173*7c478bd9Sstevel@tonic-gate selected(uid_t uid, char *locuser, au_event_t event, int sf) 174*7c478bd9Sstevel@tonic-gate { 175*7c478bd9Sstevel@tonic-gate int rc, sorf; 176*7c478bd9Sstevel@tonic-gate char naflags[512]; 177*7c478bd9Sstevel@tonic-gate struct au_mask mask; 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate mask.am_success = mask.am_failure = 0; 180*7c478bd9Sstevel@tonic-gate if (uid < 0) { 181*7c478bd9Sstevel@tonic-gate rc = getacna(naflags, 256); /* get non-attrib flags */ 182*7c478bd9Sstevel@tonic-gate if (rc == 0) 183*7c478bd9Sstevel@tonic-gate (void) getauditflagsbin(naflags, &mask); 184*7c478bd9Sstevel@tonic-gate } else { 185*7c478bd9Sstevel@tonic-gate rc = au_user_mask(locuser, &mask); 186*7c478bd9Sstevel@tonic-gate } 187*7c478bd9Sstevel@tonic-gate 188*7c478bd9Sstevel@tonic-gate if (sf == 0) 189*7c478bd9Sstevel@tonic-gate sorf = AU_PRS_SUCCESS; 190*7c478bd9Sstevel@tonic-gate else if (sf == -1) 191*7c478bd9Sstevel@tonic-gate sorf = AU_PRS_FAILURE; 192*7c478bd9Sstevel@tonic-gate else 193*7c478bd9Sstevel@tonic-gate sorf = AU_PRS_BOTH; 194*7c478bd9Sstevel@tonic-gate rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD); 195*7c478bd9Sstevel@tonic-gate return (rc); 196*7c478bd9Sstevel@tonic-gate } 197*7c478bd9Sstevel@tonic-gate 198*7c478bd9Sstevel@tonic-gate static void 199*7c478bd9Sstevel@tonic-gate setup_session(char *locuser) 200*7c478bd9Sstevel@tonic-gate { 201*7c478bd9Sstevel@tonic-gate int rc; 202*7c478bd9Sstevel@tonic-gate struct auditinfo_addr info; 203*7c478bd9Sstevel@tonic-gate au_mask_t mask; 204*7c478bd9Sstevel@tonic-gate uid_t uid; 205*7c478bd9Sstevel@tonic-gate struct passwd *pwd; 206*7c478bd9Sstevel@tonic-gate 207*7c478bd9Sstevel@tonic-gate pwd = getpwnam(locuser); 208*7c478bd9Sstevel@tonic-gate if (pwd == NULL) 209*7c478bd9Sstevel@tonic-gate uid = -1; 210*7c478bd9Sstevel@tonic-gate else 211*7c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 212*7c478bd9Sstevel@tonic-gate 213*7c478bd9Sstevel@tonic-gate /* see if terminal id already set */ 214*7c478bd9Sstevel@tonic-gate if (getaudit_addr(&info, sizeof (info)) < 0) { 215*7c478bd9Sstevel@tonic-gate perror("getaudit"); 216*7c478bd9Sstevel@tonic-gate } 217*7c478bd9Sstevel@tonic-gate 218*7c478bd9Sstevel@tonic-gate info.ai_auid = uid; 219*7c478bd9Sstevel@tonic-gate info.ai_asid = getpid(); 220*7c478bd9Sstevel@tonic-gate 221*7c478bd9Sstevel@tonic-gate mask.am_success = 0; 222*7c478bd9Sstevel@tonic-gate mask.am_failure = 0; 223*7c478bd9Sstevel@tonic-gate (void) au_user_mask(locuser, &mask); 224*7c478bd9Sstevel@tonic-gate 225*7c478bd9Sstevel@tonic-gate info.ai_mask.am_success = mask.am_success; 226*7c478bd9Sstevel@tonic-gate info.ai_mask.am_failure = mask.am_failure; 227*7c478bd9Sstevel@tonic-gate 228*7c478bd9Sstevel@tonic-gate rshd_addr[0] = info.ai_termid.at_addr[0]; 229*7c478bd9Sstevel@tonic-gate rshd_addr[1] = info.ai_termid.at_addr[1]; 230*7c478bd9Sstevel@tonic-gate rshd_addr[2] = info.ai_termid.at_addr[2]; 231*7c478bd9Sstevel@tonic-gate rshd_addr[3] = info.ai_termid.at_addr[3]; 232*7c478bd9Sstevel@tonic-gate 233*7c478bd9Sstevel@tonic-gate rc = setaudit_addr(&info, sizeof (info)); 234*7c478bd9Sstevel@tonic-gate if (rc < 0) { 235*7c478bd9Sstevel@tonic-gate perror("setaudit"); 236*7c478bd9Sstevel@tonic-gate } 237*7c478bd9Sstevel@tonic-gate } 238