usr/src/lib/libbsm/common/audit_ftpd.c - illumos-gate - Gitiles

 /*
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
  * Common Development and Distribution License (the "License").
  * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
  * See the License for the specific language governing permissions
  * and limitations under the License.
  *
  * When distributing Covered Code, include this CDDL HEADER in each
  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  * If applicable, add the following below this CDDL HEADER, with the
  * fields enclosed by brackets "[]" replaced with your own identifying
  * information: Portions Copyright [yyyy] [name of copyright owner]
  *
  * CDDL HEADER END
  */
 /*
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */

 #pragma ident	"%Z%%M%	%I%	%E% SMI"

 #include <sys/types.h>
 #include <stdio.h>
 #include <sys/fcntl.h>
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>

 #include <sys/socket.h>
 #include <sys/sockio.h>
 #include <netinet/in.h>
 #include <tsol/label.h>

 #include <bsm/audit.h>
 #include <bsm/audit_record.h>
 #include <bsm/audit_uevents.h>
 #include <bsm/libbsm.h>
 #include <bsm/audit_private.h>

 #include <locale.h>
 #include <pwd.h>
 #include <generic.h>

 #define	BAD_PASSWD	(1)
 #define	UNKNOWN_USER	(2)
 #define	EXCLUDED_USER	(3)
 #define	NO_ANONYMOUS	(4)
 #define	MISC_FAILURE	(5)

 static char		luser[16];

 static void generate_record(char *, int, char *);
 static int selected(uid_t, char *, au_event_t, int);

 void
 audit_ftpd_bad_pw(char *uname)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	(void) strncpy(luser, uname, 8);
 	luser[8] = '\0';
 	generate_record(luser, BAD_PASSWD, dgettext(bsm_dom,
 		"bad password"));
 }


 void
 audit_ftpd_unknown(char	*uname)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	(void) strncpy(luser, uname, 8);
 	luser[8] = '\0';
 	generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom,
 		"unknown user"));
 }


 void
 audit_ftpd_excluded(char *uname)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	(void) strncpy(luser, uname, 8);
 	luser[8] = '\0';
 	generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
 		"excluded user"));
 }


 void
 audit_ftpd_no_anon(void)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	generate_record("", NO_ANONYMOUS, dgettext(bsm_dom,
 		"no anonymous"));
 }

 void
 audit_ftpd_failure(char *uname)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	generate_record(uname, MISC_FAILURE, dgettext(bsm_dom,
 		"misc failure"));
 }

 void
 audit_ftpd_success(char	*uname)
 {
 	if (cannot_audit(0)) {
 		return;
 	}
 	(void) strncpy(luser, uname, 8);
 	luser[8] = '\0';
 	generate_record(luser, 0, "");
 }


 static void
 generate_record(
 		char	*locuser,	/* username of local user */
 		int	err,		/* error status */
 					/* (=0 success, >0 error code) */
 		char	*msg)		/* error message */
 {
 	int	rd;		/* audit record descriptor */
 	char	buf[256];	/* temporary buffer */
 	uid_t	uid;
 	gid_t	gid;
 	uid_t	ruid;		/* real uid */
 	gid_t	rgid;		/* real gid */
 	pid_t	pid;
 	struct passwd *pwd;
 	uid_t	ceuid;		/* current effective uid */
 	struct auditinfo_addr info;

 	if (cannot_audit(0)) {
 		return;
 	}

 	pwd = getpwnam(locuser);
 	if (pwd == NULL) {
 		uid = -1;
 		gid = -1;
 	} else {
 		uid = pwd->pw_uid;
 		gid = pwd->pw_gid;
 	}

 	ceuid = geteuid();	/* save current euid */
 	(void) seteuid(0);	/* change to root so you can audit */

 	/* determine if we're preselected */
 	if (!selected(uid, locuser, AUE_ftpd, err)) {
 		(void) seteuid(ceuid);
 		return;
 	}

 	ruid = getuid();	/* get real uid */
 	rgid = getgid();	/* get real gid */

 	pid = getpid();

 	/* see if terminal id already set */
 	if (getaudit_addr(&info, sizeof (info)) < 0) {
 		perror("getaudit");
 	}

 	rd = au_open();

 	/* add subject token */
 	(void) au_write(rd, au_to_subject_ex(uid, uid, gid,
 		ruid, rgid, pid, pid, &info.ai_termid));

 	if (is_system_labeled())
 		(void) au_write(rd, au_to_mylabel());

 	/* add return token */
 	errno = 0;
 	if (err) {
 		/* add reason for failure */
 		if (err == UNKNOWN_USER)
 			(void) snprintf(buf, sizeof (buf),
 			    "%s %s", msg, locuser);
 		else
 			(void) snprintf(buf, sizeof (buf), "%s", msg);
 		(void) au_write(rd, au_to_text(buf));
 #ifdef _LP64
 		(void) au_write(rd, au_to_return64(-1, (int64_t)err));
 #else
 		(void) au_write(rd, au_to_return32(-1, (int32_t)err));
 #endif
 	} else {
 #ifdef _LP64
 		(void) au_write(rd, au_to_return64(0, (int64_t)0));
 #else
 		(void) au_write(rd, au_to_return32(0, (int32_t)0));
 #endif
 	}

 	/* write audit record */
 	if (au_close(rd, 1, AUE_ftpd) < 0) {
 		(void) au_close(rd, 0, 0);
 	}
 	(void) seteuid(ceuid);
 }


 static int
 selected(
 	uid_t		uid,
 	char		*locuser,
 	au_event_t	event,
 	int	err)
 {
 	int	rc, sorf;
 	char	naflags[512];
 	struct au_mask mask;

 	mask.am_success = mask.am_failure = 0;
 	if (uid < 0) {
 		rc = getacna(naflags, 256); /* get non-attrib flags */
 		if (rc == 0)
 			(void) getauditflagsbin(naflags, &mask);
 	} else {
 		rc = au_user_mask(locuser, &mask);
 	}

 	if (err == 0)
 		sorf = AU_PRS_SUCCESS;
 	else if (err >= 1)
 		sorf = AU_PRS_FAILURE;
 	else
 		sorf = AU_PRS_BOTH;
 	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
 	return (rc);
 }


 void
 audit_ftpd_logout(void)
 {
 	int	rd;		/* audit record descriptor */
 	uid_t	euid;
 	gid_t	egid;
 	uid_t	uid;
 	gid_t	gid;
 	pid_t	pid;
 	struct auditinfo_addr info;

 	if (cannot_audit(0)) {
 		return;
 	}

 	(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);

 	/* see if terminal id already set */
 	if (getaudit_addr(&info, sizeof (info)) < 0) {
 		perror("getaudit");
 	}

 	/* determine if we're preselected */
 	if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
 		AU_PRS_USECACHE) == 0) {
 		(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
 		    NULL);
 		return;
 	}

 	euid = geteuid();
 	egid = getegid();
 	uid = getuid();
 	gid = getgid();
 	pid = getpid();

 	rd = au_open();

 	/* add subject token */
 	(void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
 		egid, uid, gid, pid, pid, &info.ai_termid));

 	if (is_system_labeled())
 		(void) au_write(rd, au_to_mylabel());

 	/* add return token */
 	errno = 0;
 #ifdef _LP64
 	(void) au_write(rd, au_to_return64(0, (int64_t)0));
 #else
 	(void) au_write(rd, au_to_return32(0, (int32_t)0));
 #endif

 	/* write audit record */
 	if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
 		(void) au_close(rd, 0, 0);
 	}
 	(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
 }
	/*
	* CDDL HEADER START
	*
	* The contents of this file are subject to the terms of the
	* Common Development and Distribution License (the "License").
	* You may not use this file except in compliance with the License.
	*
	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	* or http://www.opensolaris.org/os/licensing.
	* See the License for the specific language governing permissions
	* and limitations under the License.
	*
	* When distributing Covered Code, include this CDDL HEADER in each
	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	* If applicable, add the following below this CDDL HEADER, with the
	* fields enclosed by brackets "[]" replaced with your own identifying
	* information: Portions Copyright [yyyy] [name of copyright owner]
	*
	* CDDL HEADER END
	*/
	/*
	* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
	* Use is subject to license terms.
	*/

	#pragma ident "%Z%%M% %I% %E% SMI"

	#include <sys/types.h>
	#include <stdio.h>
	#include <sys/fcntl.h>
	#include <stdlib.h>
	#include <string.h>
	#include <syslog.h>
	#include <unistd.h>

	#include <sys/socket.h>
	#include <sys/sockio.h>
	#include <netinet/in.h>
	#include <tsol/label.h>

	#include <bsm/audit.h>
	#include <bsm/audit_record.h>
	#include <bsm/audit_uevents.h>
	#include <bsm/libbsm.h>
	#include <bsm/audit_private.h>

	#include <locale.h>
	#include <pwd.h>
	#include <generic.h>

	#define BAD_PASSWD (1)
	#define UNKNOWN_USER (2)
	#define EXCLUDED_USER (3)
	#define NO_ANONYMOUS (4)
	#define MISC_FAILURE (5)

	static char luser[16];

	static void generate_record(char , int, char );
	static int selected(uid_t, char *, au_event_t, int);

	void
	audit_ftpd_bad_pw(char *uname)
	{
	if (cannot_audit(0)) {
	return;
	}
	(void) strncpy(luser, uname, 8);
	luser[8] = '\0';
	generate_record(luser, BAD_PASSWD, dgettext(bsm_dom,
	"bad password"));
	}


	void
	audit_ftpd_unknown(char *uname)
	{
	if (cannot_audit(0)) {
	return;
	}
	(void) strncpy(luser, uname, 8);
	luser[8] = '\0';
	generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom,
	"unknown user"));
	}


	void
	audit_ftpd_excluded(char *uname)
	{
	if (cannot_audit(0)) {
	return;
	}
	(void) strncpy(luser, uname, 8);
	luser[8] = '\0';
	generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
	"excluded user"));
	}


	void
	audit_ftpd_no_anon(void)
	{
	if (cannot_audit(0)) {
	return;
	}
	generate_record("", NO_ANONYMOUS, dgettext(bsm_dom,
	"no anonymous"));
	}

	void
	audit_ftpd_failure(char *uname)
	{
	if (cannot_audit(0)) {
	return;
	}
	generate_record(uname, MISC_FAILURE, dgettext(bsm_dom,
	"misc failure"));
	}

	void
	audit_ftpd_success(char *uname)
	{
	if (cannot_audit(0)) {
	return;
	}
	(void) strncpy(luser, uname, 8);
	luser[8] = '\0';
	generate_record(luser, 0, "");
	}



	static void
	generate_record(
	char locuser, / username of local user */
	int err, /* error status */
	/* (=0 success, >0 error code) */
	char msg) / error message */
	{
	int rd; /* audit record descriptor */
	char buf[256]; /* temporary buffer */
	uid_t uid;
	gid_t gid;
	uid_t ruid; /* real uid */
	gid_t rgid; /* real gid */
	pid_t pid;
	struct passwd *pwd;
	uid_t ceuid; /* current effective uid */
	struct auditinfo_addr info;

	if (cannot_audit(0)) {
	return;
	}

	pwd = getpwnam(locuser);
	if (pwd == NULL) {
	uid = -1;
	gid = -1;
	} else {
	uid = pwd->pw_uid;
	gid = pwd->pw_gid;
	}

	ceuid = geteuid(); /* save current euid */
	(void) seteuid(0); /* change to root so you can audit */

	/* determine if we're preselected */
	if (!selected(uid, locuser, AUE_ftpd, err)) {
	(void) seteuid(ceuid);
	return;
	}

	ruid = getuid(); /* get real uid */
	rgid = getgid(); /* get real gid */

	pid = getpid();

	/* see if terminal id already set */
	if (getaudit_addr(&info, sizeof (info)) < 0) {
	perror("getaudit");
	}

	rd = au_open();

	/* add subject token */
	(void) au_write(rd, au_to_subject_ex(uid, uid, gid,
	ruid, rgid, pid, pid, &info.ai_termid));

	if (is_system_labeled())
	(void) au_write(rd, au_to_mylabel());

	/* add return token */
	errno = 0;
	if (err) {
	/* add reason for failure */
	if (err == UNKNOWN_USER)
	(void) snprintf(buf, sizeof (buf),
	"%s %s", msg, locuser);
	else
	(void) snprintf(buf, sizeof (buf), "%s", msg);
	(void) au_write(rd, au_to_text(buf));
	#ifdef _LP64
	(void) au_write(rd, au_to_return64(-1, (int64_t)err));
	#else
	(void) au_write(rd, au_to_return32(-1, (int32_t)err));
	#endif
	} else {
	#ifdef _LP64
	(void) au_write(rd, au_to_return64(0, (int64_t)0));
	#else
	(void) au_write(rd, au_to_return32(0, (int32_t)0));
	#endif
	}

	/* write audit record */
	if (au_close(rd, 1, AUE_ftpd) < 0) {
	(void) au_close(rd, 0, 0);
	}
	(void) seteuid(ceuid);
	}


	static int
	selected(
	uid_t uid,
	char *locuser,
	au_event_t event,
	int err)
	{
	int rc, sorf;
	char naflags[512];
	struct au_mask mask;

	mask.am_success = mask.am_failure = 0;
	if (uid < 0) {
	rc = getacna(naflags, 256); /* get non-attrib flags */
	if (rc == 0)
	(void) getauditflagsbin(naflags, &mask);
	} else {
	rc = au_user_mask(locuser, &mask);
	}

	if (err == 0)
	sorf = AU_PRS_SUCCESS;
	else if (err >= 1)
	sorf = AU_PRS_FAILURE;
	else
	sorf = AU_PRS_BOTH;
	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
	return (rc);
	}


	void
	audit_ftpd_logout(void)
	{
	int rd; /* audit record descriptor */
	uid_t euid;
	gid_t egid;
	uid_t uid;
	gid_t gid;
	pid_t pid;
	struct auditinfo_addr info;

	if (cannot_audit(0)) {
	return;
	}

	(void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);

	/* see if terminal id already set */
	if (getaudit_addr(&info, sizeof (info)) < 0) {
	perror("getaudit");
	}

	/* determine if we're preselected */
	if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
	AU_PRS_USECACHE) == 0) {
	(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
	NULL);
	return;
	}

	euid = geteuid();
	egid = getegid();
	uid = getuid();
	gid = getgid();
	pid = getpid();

	rd = au_open();

	/* add subject token */
	(void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
	egid, uid, gid, pid, pid, &info.ai_termid));

	if (is_system_labeled())
	(void) au_write(rd, au_to_mylabel());

	/* add return token */
	errno = 0;
	#ifdef _LP64
	(void) au_write(rd, au_to_return64(0, (int64_t)0));
	#else
	(void) au_write(rd, au_to_return32(0, (int32_t)0));
	#endif

	/* write audit record */
	if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
	(void) au_close(rd, 0, 0);
	}
	(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
	}