1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <assert.h> 30*7c478bd9Sstevel@tonic-gate #include <pwd.h> 31*7c478bd9Sstevel@tonic-gate #include <signal.h> 32*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 33*7c478bd9Sstevel@tonic-gate #include <string.h> 34*7c478bd9Sstevel@tonic-gate #include <syslog.h> 35*7c478bd9Sstevel@tonic-gate #include <unistd.h> 36*7c478bd9Sstevel@tonic-gate #include <sys/wait.h> 37*7c478bd9Sstevel@tonic-gate 38*7c478bd9Sstevel@tonic-gate #include <bsm/adt.h> 39*7c478bd9Sstevel@tonic-gate #include <bsm/adt_event.h> 40*7c478bd9Sstevel@tonic-gate #include "login_audit.h" 41*7c478bd9Sstevel@tonic-gate 42*7c478bd9Sstevel@tonic-gate 43*7c478bd9Sstevel@tonic-gate 44*7c478bd9Sstevel@tonic-gate /* 45*7c478bd9Sstevel@tonic-gate * Key assumption: login is single threaded. 46*7c478bd9Sstevel@tonic-gate */ 47*7c478bd9Sstevel@tonic-gate static void audit_logout(adt_session_data_t *); 48*7c478bd9Sstevel@tonic-gate 49*7c478bd9Sstevel@tonic-gate /* 50*7c478bd9Sstevel@tonic-gate * if audit is not enabled, the adt_*() functions simply return without 51*7c478bd9Sstevel@tonic-gate * doing anything. In the success case, the credential has already been 52*7c478bd9Sstevel@tonic-gate * setup with audit data by PAM. 53*7c478bd9Sstevel@tonic-gate */ 54*7c478bd9Sstevel@tonic-gate 55*7c478bd9Sstevel@tonic-gate /* 56*7c478bd9Sstevel@tonic-gate * There is no information passed to login.c from rlogin or telnet 57*7c478bd9Sstevel@tonic-gate * about the terminal id. They both set the tid before they 58*7c478bd9Sstevel@tonic-gate * exec login; the value is picked up by adt_start_session() and is 59*7c478bd9Sstevel@tonic-gate * carefully *not* overwritten by adt_load_hostname(). 60*7c478bd9Sstevel@tonic-gate */ 61*7c478bd9Sstevel@tonic-gate 62*7c478bd9Sstevel@tonic-gate void 63*7c478bd9Sstevel@tonic-gate audit_success(uint_t event_id, struct passwd *pwd, char *optional_text) 64*7c478bd9Sstevel@tonic-gate { 65*7c478bd9Sstevel@tonic-gate adt_session_data_t *ah; 66*7c478bd9Sstevel@tonic-gate adt_event_data_t *event; 67*7c478bd9Sstevel@tonic-gate int rc; 68*7c478bd9Sstevel@tonic-gate 69*7c478bd9Sstevel@tonic-gate assert(pwd != NULL); 70*7c478bd9Sstevel@tonic-gate 71*7c478bd9Sstevel@tonic-gate if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) { 72*7c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, "audit: %m"); 73*7c478bd9Sstevel@tonic-gate return; 74*7c478bd9Sstevel@tonic-gate } 75*7c478bd9Sstevel@tonic-gate if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid, 76*7c478bd9Sstevel@tonic-gate pwd->pw_uid, pwd->pw_gid, NULL, ADT_USER)) { 77*7c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, "audit: %m"); 78*7c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 79*7c478bd9Sstevel@tonic-gate return; 80*7c478bd9Sstevel@tonic-gate } 81*7c478bd9Sstevel@tonic-gate event = adt_alloc_event(ah, event_id); 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate if (event == NULL) 84*7c478bd9Sstevel@tonic-gate return; 85*7c478bd9Sstevel@tonic-gate 86*7c478bd9Sstevel@tonic-gate switch (event_id) { 87*7c478bd9Sstevel@tonic-gate case ADT_zlogin: 88*7c478bd9Sstevel@tonic-gate event->adt_zlogin.message = optional_text; 89*7c478bd9Sstevel@tonic-gate break; 90*7c478bd9Sstevel@tonic-gate default: 91*7c478bd9Sstevel@tonic-gate break; 92*7c478bd9Sstevel@tonic-gate } 93*7c478bd9Sstevel@tonic-gate rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS); 94*7c478bd9Sstevel@tonic-gate 95*7c478bd9Sstevel@tonic-gate (void) adt_free_event(event); 96*7c478bd9Sstevel@tonic-gate if (rc) { 97*7c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 98*7c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, "audit: %m"); 99*7c478bd9Sstevel@tonic-gate return; 100*7c478bd9Sstevel@tonic-gate } 101*7c478bd9Sstevel@tonic-gate /* 102*7c478bd9Sstevel@tonic-gate * The code above executes whether or not audit is enabled. 103*7c478bd9Sstevel@tonic-gate * However audit_logout must only execute if audit is 104*7c478bd9Sstevel@tonic-gate * enabled so we don't fork unnecessarily. 105*7c478bd9Sstevel@tonic-gate */ 106*7c478bd9Sstevel@tonic-gate if (adt_audit_enabled()) { 107*7c478bd9Sstevel@tonic-gate switch (event_id) { 108*7c478bd9Sstevel@tonic-gate case ADT_login: 109*7c478bd9Sstevel@tonic-gate case ADT_rlogin: 110*7c478bd9Sstevel@tonic-gate case ADT_telnet: 111*7c478bd9Sstevel@tonic-gate case ADT_zlogin: 112*7c478bd9Sstevel@tonic-gate audit_logout(ah); /* fork to catch logout */ 113*7c478bd9Sstevel@tonic-gate break; 114*7c478bd9Sstevel@tonic-gate } 115*7c478bd9Sstevel@tonic-gate } 116*7c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 117*7c478bd9Sstevel@tonic-gate } 118*7c478bd9Sstevel@tonic-gate 119*7c478bd9Sstevel@tonic-gate /* 120*7c478bd9Sstevel@tonic-gate * errors are ignored since there is no action to take on error 121*7c478bd9Sstevel@tonic-gate */ 122*7c478bd9Sstevel@tonic-gate static void 123*7c478bd9Sstevel@tonic-gate audit_logout(adt_session_data_t *ah) 124*7c478bd9Sstevel@tonic-gate { 125*7c478bd9Sstevel@tonic-gate adt_event_data_t *logout; 126*7c478bd9Sstevel@tonic-gate int status; /* wait status */ 127*7c478bd9Sstevel@tonic-gate pid_t pid; 128*7c478bd9Sstevel@tonic-gate 129*7c478bd9Sstevel@tonic-gate if ((pid = fork()) == 0) { 130*7c478bd9Sstevel@tonic-gate return; 131*7c478bd9Sstevel@tonic-gate } else if (pid == -1) { 132*7c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, "login: could not fork: %m"); 133*7c478bd9Sstevel@tonic-gate exit(1); 134*7c478bd9Sstevel@tonic-gate } else { 135*7c478bd9Sstevel@tonic-gate /* 136*7c478bd9Sstevel@tonic-gate * When this routine is called, the current working 137*7c478bd9Sstevel@tonic-gate * directory is the user's home directory. Change it 138*7c478bd9Sstevel@tonic-gate * to root for the waiting process so that the user's 139*7c478bd9Sstevel@tonic-gate * home directory can be unmounted if necessary. 140*7c478bd9Sstevel@tonic-gate */ 141*7c478bd9Sstevel@tonic-gate if (chdir("/") != 0) { 142*7c478bd9Sstevel@tonic-gate syslog(LOG_AUTH | LOG_ALERT, 143*7c478bd9Sstevel@tonic-gate "login: could not chdir: %m"); 144*7c478bd9Sstevel@tonic-gate /* since we let the child finish we just bail */ 145*7c478bd9Sstevel@tonic-gate exit(0); 146*7c478bd9Sstevel@tonic-gate } 147*7c478bd9Sstevel@tonic-gate while (pid != waitpid(pid, &status, 0)) 148*7c478bd9Sstevel@tonic-gate continue; 149*7c478bd9Sstevel@tonic-gate 150*7c478bd9Sstevel@tonic-gate logout = adt_alloc_event(ah, ADT_logout); 151*7c478bd9Sstevel@tonic-gate if (logout == NULL) 152*7c478bd9Sstevel@tonic-gate exit(0); 153*7c478bd9Sstevel@tonic-gate 154*7c478bd9Sstevel@tonic-gate (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS); 155*7c478bd9Sstevel@tonic-gate 156*7c478bd9Sstevel@tonic-gate adt_free_event(logout); 157*7c478bd9Sstevel@tonic-gate exit(0); 158*7c478bd9Sstevel@tonic-gate } 159*7c478bd9Sstevel@tonic-gate } 160*7c478bd9Sstevel@tonic-gate 161*7c478bd9Sstevel@tonic-gate /* 162*7c478bd9Sstevel@tonic-gate * errors are ignored since there is no action to take on error. 163*7c478bd9Sstevel@tonic-gate * 164*7c478bd9Sstevel@tonic-gate * If the user id is invalid, pwd is NULL. 165*7c478bd9Sstevel@tonic-gate */ 166*7c478bd9Sstevel@tonic-gate void 167*7c478bd9Sstevel@tonic-gate audit_failure(uint_t event_id, int failure_code, struct passwd *pwd, 168*7c478bd9Sstevel@tonic-gate const char *hostname, const char *ttyname, char *optional_text) 169*7c478bd9Sstevel@tonic-gate { 170*7c478bd9Sstevel@tonic-gate adt_session_data_t *ah; 171*7c478bd9Sstevel@tonic-gate adt_event_data_t *event; 172*7c478bd9Sstevel@tonic-gate uid_t uid; 173*7c478bd9Sstevel@tonic-gate gid_t gid; 174*7c478bd9Sstevel@tonic-gate adt_termid_t *p_tid; 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gate if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) 177*7c478bd9Sstevel@tonic-gate return; 178*7c478bd9Sstevel@tonic-gate 179*7c478bd9Sstevel@tonic-gate uid = ADT_NO_ATTRIB; 180*7c478bd9Sstevel@tonic-gate gid = ADT_NO_ATTRIB; 181*7c478bd9Sstevel@tonic-gate if (pwd != NULL) { 182*7c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 183*7c478bd9Sstevel@tonic-gate gid = pwd->pw_gid; 184*7c478bd9Sstevel@tonic-gate } 185*7c478bd9Sstevel@tonic-gate /* 186*7c478bd9Sstevel@tonic-gate * If this is a remote login, in.rlogind or in.telnetd has 187*7c478bd9Sstevel@tonic-gate * already set the terminal id, in which case 188*7c478bd9Sstevel@tonic-gate * adt_load_hostname() will use the preset terminal id and 189*7c478bd9Sstevel@tonic-gate * ignore hostname. (If no remote host and ttyname is NULL, 190*7c478bd9Sstevel@tonic-gate * let adt_load_ttyname() figure out what to do.) 191*7c478bd9Sstevel@tonic-gate */ 192*7c478bd9Sstevel@tonic-gate if (*hostname == '\0') 193*7c478bd9Sstevel@tonic-gate (void) adt_load_ttyname(ttyname, &p_tid); 194*7c478bd9Sstevel@tonic-gate else 195*7c478bd9Sstevel@tonic-gate (void) adt_load_hostname(hostname, &p_tid); 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) { 198*7c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 199*7c478bd9Sstevel@tonic-gate if (p_tid != NULL) 200*7c478bd9Sstevel@tonic-gate free(p_tid); 201*7c478bd9Sstevel@tonic-gate return; 202*7c478bd9Sstevel@tonic-gate } 203*7c478bd9Sstevel@tonic-gate if (p_tid != NULL) 204*7c478bd9Sstevel@tonic-gate free(p_tid); 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate event = adt_alloc_event(ah, event_id); 207*7c478bd9Sstevel@tonic-gate if (event == NULL) { 208*7c478bd9Sstevel@tonic-gate return; 209*7c478bd9Sstevel@tonic-gate } 210*7c478bd9Sstevel@tonic-gate switch (event_id) { 211*7c478bd9Sstevel@tonic-gate case ADT_zlogin: 212*7c478bd9Sstevel@tonic-gate event->adt_zlogin.message = optional_text; 213*7c478bd9Sstevel@tonic-gate break; 214*7c478bd9Sstevel@tonic-gate } 215*7c478bd9Sstevel@tonic-gate (void) adt_put_event(event, ADT_FAILURE, failure_code); 216*7c478bd9Sstevel@tonic-gate 217*7c478bd9Sstevel@tonic-gate adt_free_event(event); 218*7c478bd9Sstevel@tonic-gate (void) adt_end_session(ah); 219*7c478bd9Sstevel@tonic-gate } 220