xref: /illumos-gate/usr/src/cmd/login/login_audit.c (revision 7c478bd9)
1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate  * CDDL HEADER START
3*7c478bd9Sstevel@tonic-gate  *
4*7c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*7c478bd9Sstevel@tonic-gate  * Common Development and Distribution License, Version 1.0 only
6*7c478bd9Sstevel@tonic-gate  * (the "License").  You may not use this file except in compliance
7*7c478bd9Sstevel@tonic-gate  * with the License.
8*7c478bd9Sstevel@tonic-gate  *
9*7c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*7c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
11*7c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
12*7c478bd9Sstevel@tonic-gate  * and limitations under the License.
13*7c478bd9Sstevel@tonic-gate  *
14*7c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
15*7c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*7c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
17*7c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
18*7c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
19*7c478bd9Sstevel@tonic-gate  *
20*7c478bd9Sstevel@tonic-gate  * CDDL HEADER END
21*7c478bd9Sstevel@tonic-gate  */
22*7c478bd9Sstevel@tonic-gate /*
23*7c478bd9Sstevel@tonic-gate  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24*7c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
25*7c478bd9Sstevel@tonic-gate  */
26*7c478bd9Sstevel@tonic-gate 
27*7c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
28*7c478bd9Sstevel@tonic-gate 
29*7c478bd9Sstevel@tonic-gate #include <assert.h>
30*7c478bd9Sstevel@tonic-gate #include <pwd.h>
31*7c478bd9Sstevel@tonic-gate #include <signal.h>
32*7c478bd9Sstevel@tonic-gate #include <stdlib.h>
33*7c478bd9Sstevel@tonic-gate #include <string.h>
34*7c478bd9Sstevel@tonic-gate #include <syslog.h>
35*7c478bd9Sstevel@tonic-gate #include <unistd.h>
36*7c478bd9Sstevel@tonic-gate #include <sys/wait.h>
37*7c478bd9Sstevel@tonic-gate 
38*7c478bd9Sstevel@tonic-gate #include <bsm/adt.h>
39*7c478bd9Sstevel@tonic-gate #include <bsm/adt_event.h>
40*7c478bd9Sstevel@tonic-gate #include "login_audit.h"
41*7c478bd9Sstevel@tonic-gate 
42*7c478bd9Sstevel@tonic-gate 
43*7c478bd9Sstevel@tonic-gate 
44*7c478bd9Sstevel@tonic-gate /*
45*7c478bd9Sstevel@tonic-gate  * Key assumption:  login is single threaded.
46*7c478bd9Sstevel@tonic-gate  */
47*7c478bd9Sstevel@tonic-gate static void audit_logout(adt_session_data_t *);
48*7c478bd9Sstevel@tonic-gate 
49*7c478bd9Sstevel@tonic-gate /*
50*7c478bd9Sstevel@tonic-gate  * if audit is not enabled, the adt_*() functions simply return without
51*7c478bd9Sstevel@tonic-gate  * doing anything.  In the success case, the credential has already been
52*7c478bd9Sstevel@tonic-gate  * setup with audit data by PAM.
53*7c478bd9Sstevel@tonic-gate  */
54*7c478bd9Sstevel@tonic-gate 
55*7c478bd9Sstevel@tonic-gate /*
56*7c478bd9Sstevel@tonic-gate  * There is no information passed to login.c from rlogin or telnet
57*7c478bd9Sstevel@tonic-gate  * about the terminal id.  They both set the tid before they
58*7c478bd9Sstevel@tonic-gate  * exec login; the value is picked up by adt_start_session() and is
59*7c478bd9Sstevel@tonic-gate  * carefully *not* overwritten by adt_load_hostname().
60*7c478bd9Sstevel@tonic-gate  */
61*7c478bd9Sstevel@tonic-gate 
62*7c478bd9Sstevel@tonic-gate void
63*7c478bd9Sstevel@tonic-gate audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)
64*7c478bd9Sstevel@tonic-gate {
65*7c478bd9Sstevel@tonic-gate 	adt_session_data_t	*ah;
66*7c478bd9Sstevel@tonic-gate 	adt_event_data_t	*event;
67*7c478bd9Sstevel@tonic-gate 	int			rc;
68*7c478bd9Sstevel@tonic-gate 
69*7c478bd9Sstevel@tonic-gate 	assert(pwd != NULL);
70*7c478bd9Sstevel@tonic-gate 
71*7c478bd9Sstevel@tonic-gate 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
72*7c478bd9Sstevel@tonic-gate 		syslog(LOG_AUTH | LOG_ALERT, "audit: %m");
73*7c478bd9Sstevel@tonic-gate 		return;
74*7c478bd9Sstevel@tonic-gate 	}
75*7c478bd9Sstevel@tonic-gate 	if (adt_set_user(ah, pwd->pw_uid,  pwd->pw_gid,
76*7c478bd9Sstevel@tonic-gate 	    pwd->pw_uid,  pwd->pw_gid, NULL, ADT_USER)) {
77*7c478bd9Sstevel@tonic-gate 		syslog(LOG_AUTH | LOG_ALERT, "audit: %m");
78*7c478bd9Sstevel@tonic-gate 		(void) adt_end_session(ah);
79*7c478bd9Sstevel@tonic-gate 		return;
80*7c478bd9Sstevel@tonic-gate 	}
81*7c478bd9Sstevel@tonic-gate 	event = adt_alloc_event(ah, event_id);
82*7c478bd9Sstevel@tonic-gate 
83*7c478bd9Sstevel@tonic-gate 	if (event == NULL)
84*7c478bd9Sstevel@tonic-gate 		return;
85*7c478bd9Sstevel@tonic-gate 
86*7c478bd9Sstevel@tonic-gate 	switch (event_id) {
87*7c478bd9Sstevel@tonic-gate 	case ADT_zlogin:
88*7c478bd9Sstevel@tonic-gate 		event->adt_zlogin.message = optional_text;
89*7c478bd9Sstevel@tonic-gate 		break;
90*7c478bd9Sstevel@tonic-gate 	default:
91*7c478bd9Sstevel@tonic-gate 		break;
92*7c478bd9Sstevel@tonic-gate 	}
93*7c478bd9Sstevel@tonic-gate 	rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
94*7c478bd9Sstevel@tonic-gate 
95*7c478bd9Sstevel@tonic-gate 	(void) adt_free_event(event);
96*7c478bd9Sstevel@tonic-gate 	if (rc) {
97*7c478bd9Sstevel@tonic-gate 		(void) adt_end_session(ah);
98*7c478bd9Sstevel@tonic-gate 		syslog(LOG_AUTH | LOG_ALERT, "audit: %m");
99*7c478bd9Sstevel@tonic-gate 		return;
100*7c478bd9Sstevel@tonic-gate 	}
101*7c478bd9Sstevel@tonic-gate 	/*
102*7c478bd9Sstevel@tonic-gate 	 * The code above executes whether or not audit is enabled.
103*7c478bd9Sstevel@tonic-gate 	 * However audit_logout must only execute if audit is
104*7c478bd9Sstevel@tonic-gate 	 * enabled so we don't fork unnecessarily.
105*7c478bd9Sstevel@tonic-gate 	 */
106*7c478bd9Sstevel@tonic-gate 	if (adt_audit_enabled()) {
107*7c478bd9Sstevel@tonic-gate 		switch (event_id) {
108*7c478bd9Sstevel@tonic-gate 		case ADT_login:
109*7c478bd9Sstevel@tonic-gate 		case ADT_rlogin:
110*7c478bd9Sstevel@tonic-gate 		case ADT_telnet:
111*7c478bd9Sstevel@tonic-gate 		case ADT_zlogin:
112*7c478bd9Sstevel@tonic-gate 			audit_logout(ah);	/* fork to catch logout */
113*7c478bd9Sstevel@tonic-gate 			break;
114*7c478bd9Sstevel@tonic-gate 		}
115*7c478bd9Sstevel@tonic-gate 	}
116*7c478bd9Sstevel@tonic-gate 	(void) adt_end_session(ah);
117*7c478bd9Sstevel@tonic-gate }
118*7c478bd9Sstevel@tonic-gate 
119*7c478bd9Sstevel@tonic-gate /*
120*7c478bd9Sstevel@tonic-gate  * errors are ignored since there is no action to take on error
121*7c478bd9Sstevel@tonic-gate  */
122*7c478bd9Sstevel@tonic-gate static void
123*7c478bd9Sstevel@tonic-gate audit_logout(adt_session_data_t *ah)
124*7c478bd9Sstevel@tonic-gate {
125*7c478bd9Sstevel@tonic-gate 	adt_event_data_t	*logout;
126*7c478bd9Sstevel@tonic-gate 	int			status;		/* wait status */
127*7c478bd9Sstevel@tonic-gate 	pid_t			pid;
128*7c478bd9Sstevel@tonic-gate 
129*7c478bd9Sstevel@tonic-gate 	if ((pid = fork()) == 0) {
130*7c478bd9Sstevel@tonic-gate 		return;
131*7c478bd9Sstevel@tonic-gate 	} else if (pid == -1) {
132*7c478bd9Sstevel@tonic-gate 		syslog(LOG_AUTH | LOG_ALERT, "login: could not fork: %m");
133*7c478bd9Sstevel@tonic-gate 		exit(1);
134*7c478bd9Sstevel@tonic-gate 	} else {
135*7c478bd9Sstevel@tonic-gate 		/*
136*7c478bd9Sstevel@tonic-gate 		 * When this routine is called, the current working
137*7c478bd9Sstevel@tonic-gate 		 * directory is the user's home directory. Change it
138*7c478bd9Sstevel@tonic-gate 		 * to root for the waiting process so that the user's
139*7c478bd9Sstevel@tonic-gate 		 * home directory can be unmounted if necessary.
140*7c478bd9Sstevel@tonic-gate 		 */
141*7c478bd9Sstevel@tonic-gate 		if (chdir("/") != 0) {
142*7c478bd9Sstevel@tonic-gate 			syslog(LOG_AUTH | LOG_ALERT,
143*7c478bd9Sstevel@tonic-gate 			    "login: could not chdir: %m");
144*7c478bd9Sstevel@tonic-gate 			/* since we let the child finish we just bail */
145*7c478bd9Sstevel@tonic-gate 			exit(0);
146*7c478bd9Sstevel@tonic-gate 		}
147*7c478bd9Sstevel@tonic-gate 		while (pid != waitpid(pid, &status, 0))
148*7c478bd9Sstevel@tonic-gate 			continue;
149*7c478bd9Sstevel@tonic-gate 
150*7c478bd9Sstevel@tonic-gate 		logout = adt_alloc_event(ah, ADT_logout);
151*7c478bd9Sstevel@tonic-gate 		if (logout == NULL)
152*7c478bd9Sstevel@tonic-gate 			exit(0);
153*7c478bd9Sstevel@tonic-gate 
154*7c478bd9Sstevel@tonic-gate 		(void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
155*7c478bd9Sstevel@tonic-gate 
156*7c478bd9Sstevel@tonic-gate 		adt_free_event(logout);
157*7c478bd9Sstevel@tonic-gate 		exit(0);
158*7c478bd9Sstevel@tonic-gate 	}
159*7c478bd9Sstevel@tonic-gate }
160*7c478bd9Sstevel@tonic-gate 
161*7c478bd9Sstevel@tonic-gate /*
162*7c478bd9Sstevel@tonic-gate  * errors are ignored since there is no action to take on error.
163*7c478bd9Sstevel@tonic-gate  *
164*7c478bd9Sstevel@tonic-gate  * If the user id is invalid, pwd is NULL.
165*7c478bd9Sstevel@tonic-gate  */
166*7c478bd9Sstevel@tonic-gate void
167*7c478bd9Sstevel@tonic-gate audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
168*7c478bd9Sstevel@tonic-gate     const char *hostname, const char *ttyname, char *optional_text)
169*7c478bd9Sstevel@tonic-gate {
170*7c478bd9Sstevel@tonic-gate 	adt_session_data_t	*ah;
171*7c478bd9Sstevel@tonic-gate 	adt_event_data_t	*event;
172*7c478bd9Sstevel@tonic-gate 	uid_t			uid;
173*7c478bd9Sstevel@tonic-gate 	gid_t			gid;
174*7c478bd9Sstevel@tonic-gate 	adt_termid_t		*p_tid;
175*7c478bd9Sstevel@tonic-gate 
176*7c478bd9Sstevel@tonic-gate 	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
177*7c478bd9Sstevel@tonic-gate 		return;
178*7c478bd9Sstevel@tonic-gate 
179*7c478bd9Sstevel@tonic-gate 	uid = ADT_NO_ATTRIB;
180*7c478bd9Sstevel@tonic-gate 	gid = ADT_NO_ATTRIB;
181*7c478bd9Sstevel@tonic-gate 	if (pwd != NULL) {
182*7c478bd9Sstevel@tonic-gate 		uid = pwd->pw_uid;
183*7c478bd9Sstevel@tonic-gate 		gid = pwd->pw_gid;
184*7c478bd9Sstevel@tonic-gate 	}
185*7c478bd9Sstevel@tonic-gate 	/*
186*7c478bd9Sstevel@tonic-gate 	 * If this is a remote login, in.rlogind or in.telnetd has
187*7c478bd9Sstevel@tonic-gate 	 * already set the terminal id, in which case
188*7c478bd9Sstevel@tonic-gate 	 * adt_load_hostname() will use the preset terminal id and
189*7c478bd9Sstevel@tonic-gate 	 * ignore hostname.  (If no remote host and ttyname is NULL,
190*7c478bd9Sstevel@tonic-gate 	 * let adt_load_ttyname() figure out what to do.)
191*7c478bd9Sstevel@tonic-gate 	 */
192*7c478bd9Sstevel@tonic-gate 	if (*hostname == '\0')
193*7c478bd9Sstevel@tonic-gate 		(void) adt_load_ttyname(ttyname, &p_tid);
194*7c478bd9Sstevel@tonic-gate 	else
195*7c478bd9Sstevel@tonic-gate 		(void) adt_load_hostname(hostname, &p_tid);
196*7c478bd9Sstevel@tonic-gate 
197*7c478bd9Sstevel@tonic-gate 	if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
198*7c478bd9Sstevel@tonic-gate 		(void) adt_end_session(ah);
199*7c478bd9Sstevel@tonic-gate 		if (p_tid != NULL)
200*7c478bd9Sstevel@tonic-gate 			free(p_tid);
201*7c478bd9Sstevel@tonic-gate 		return;
202*7c478bd9Sstevel@tonic-gate 	}
203*7c478bd9Sstevel@tonic-gate 	if (p_tid != NULL)
204*7c478bd9Sstevel@tonic-gate 		free(p_tid);
205*7c478bd9Sstevel@tonic-gate 
206*7c478bd9Sstevel@tonic-gate 	event = adt_alloc_event(ah, event_id);
207*7c478bd9Sstevel@tonic-gate 	if (event == NULL) {
208*7c478bd9Sstevel@tonic-gate 		return;
209*7c478bd9Sstevel@tonic-gate 	}
210*7c478bd9Sstevel@tonic-gate 	switch (event_id) {
211*7c478bd9Sstevel@tonic-gate 	case ADT_zlogin:
212*7c478bd9Sstevel@tonic-gate 		event->adt_zlogin.message = optional_text;
213*7c478bd9Sstevel@tonic-gate 		break;
214*7c478bd9Sstevel@tonic-gate 	}
215*7c478bd9Sstevel@tonic-gate 	(void) adt_put_event(event, ADT_FAILURE, failure_code);
216*7c478bd9Sstevel@tonic-gate 
217*7c478bd9Sstevel@tonic-gate 	adt_free_event(event);
218*7c478bd9Sstevel@tonic-gate 	(void) adt_end_session(ah);
219*7c478bd9Sstevel@tonic-gate }
220