usr/src/lib/libbsm/common/audit_rexd.c - illumos-gate - Gitiles

 /*
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
  * Common Development and Distribution License (the "License").
  * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
  * See the License for the specific language governing permissions
  * and limitations under the License.
  *
  * When distributing Covered Code, include this CDDL HEADER in each
  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  * If applicable, add the following below this CDDL HEADER, with the
  * fields enclosed by brackets "[]" replaced with your own identifying
  * information: Portions Copyright [yyyy] [name of copyright owner]
  *
  * CDDL HEADER END
  */
 /*
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 #pragma ident	"%Z%%M%	%I%	%E% SMI"

 #include <sys/types.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <sys/fcntl.h>
 #include <bsm/audit.h>
 #include <bsm/audit_record.h>
 #include <bsm/audit_uevents.h>
 #include <bsm/libbsm.h>
 #include <bsm/audit_private.h>
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
 #include <pwd.h>
 #include <netinet/in.h>
 #include <tsol/label.h>
 #include <locale.h>
 #include "generic.h"

 #ifdef C2_DEBUG
 #define	dprintf(x) { printf x; }
 #else
 #define	dprintf(x)
 #endif

 #define	UNKNOWN_CMD	"???"

 static au_event_t	event;
 static int		audit_rexd_status = 0;

 static char *
 build_cmd(char **cmd)
 {
 	int i, l;
 	char *r;

 	if (cmd == NULL)
 		return (NULL);
 	/* count the total length of command line */
 	for (i = 0, l = 0; cmd[i] != NULL; i++)
 		l += strlen(cmd[i]) + 1;

 	if (l == 0)
 		return (NULL);
 	r = malloc(l);
 	if (r != NULL) {
 		for (i = 0; cmd[i] != NULL; i++) {
 			(void) strcat(r, cmd[i]);
 			if (cmd[i + 1] != NULL)
 				(void) strcat(r, " ");
 		}
 	}
 	return (r);
 }

 static int
 selected(uid, user, event, sf)
 uid_t uid;
 char	*user;
 au_event_t	event;
 int	sf;
 {
 	int	rc, sorf;
 	char	naflags[512];
 	struct au_mask mask;

 	mask.am_success = mask.am_failure = 0;
 	if (uid < 0) {
 		rc = getacna(naflags, 256); /* get non-attrib flags */
 		if (rc == 0)
 			(void) getauditflagsbin(naflags, &mask);
 	} else {
 		rc = au_user_mask(user, &mask);
 	}

 	if (sf == 0)
 		sorf = AU_PRS_SUCCESS;
 	else if (sf == -1)
 		sorf = AU_PRS_FAILURE;
 	else
 		sorf = AU_PRS_BOTH;
 	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
 	return (rc);
 }

 void
 audit_rexd_setup()
 {
 	dprintf(("audit_rexd_setup()\n"));

 	event = AUE_rexd;
 }

 /* ARGSUSED */
 static void
 audit_rexd_session_setup(char *name, char *mach, uid_t uid)
 {
 	int			rc;
 	au_mask_t		mask;
 	struct auditinfo_addr	info;

 	if (getaudit_addr(&info, sizeof (info)) < 0) {
 		perror("getaudit_addr");
 		exit(1);
 	}

 	info.ai_auid = uid;
 	info.ai_asid = getpid();

 	mask.am_success = 0;
 	mask.am_failure = 0;

 	(void) au_user_mask(name, &mask);

 	info.ai_mask.am_success  = mask.am_success;
 	info.ai_mask.am_failure  = mask.am_failure;

 	rc = setaudit_addr(&info, sizeof (info));
 	if (rc < 0) {
 		perror("setaudit_addr");
 	}
 }

 void
 audit_rexd_fail(msg, hostname, user, uid, gid, shell, cmd)
 	char	*msg;		/* message containing failure information */
 	char	*hostname;	/* hostname of machine requesting service */
 	char	*user;		/* username of user requesting service */
 	uid_t 	uid;		/* user id of user requesting service */
 	gid_t	gid;		/* group of user requesting service */
 	char	*shell;		/* login shell of user requesting service */
 	char	**cmd;		/* argv to be executed locally */
 {
 	int	rd;		/* audit record descriptor */
 	char	buf[256];	/* temporary buffer */
 	char	*tbuf;		/* temporary buffer */
 	int	tlen;
 	const char *gtxt;	/* gettext return value */
 	pid_t	pid;
 	char	*cmdbuf;
 	char	*audit_cmd[2] = {NULL, NULL};
 	int	dont_free = 0;
 	struct auditinfo_addr info;

 	dprintf(("audit_rexd_fail()\n"));

 	/*
 	 * check if audit_rexd_fail() or audit_rexd_success()
 	 * have been called already.
 	 */
 	if (audit_rexd_status == 1) {
 		return;
 	}

 	if (cannot_audit(0)) {
 		return;
 	}

 	/*
 	 * set status to prevent multiple calls
 	 * to audit_rexd_fail() and audit_rexd_success()
 	 */
 	audit_rexd_status = 1;

 	/* determine if we're preselected */
 	if (!selected(uid, user, event, -1))
 		return;

 	pid = getpid();

 	if (getaudit_addr(&info, sizeof (info)) < 0) {
 		perror("getaudit_addr");
 		exit(1);
 	}

 	rd = au_open();

 	/* add subject token */
 	(void) au_write(rd,
 		au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
 			&info.ai_termid));
 	if (is_system_labeled())
 		(void) au_write(rd, au_to_mylabel());

 	/* add reason for failure */
 	(void) au_write(rd, au_to_text(msg));

 	/* add hostname of machine requesting service */
 	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 		"Remote execution requested by: %s"), hostname);
 	(void) au_write(rd, au_to_text(buf));

 	/* add username of user requesting service */
 	if (user == NULL)
 		user = "???";
 	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 	    "Username: %s"), user);
 	(void) au_write(rd, au_to_text(buf));

 	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 	    "User id: %d"), uid);
 	(void) au_write(rd, au_to_text(buf));

 	if (cmd == NULL) {
 		audit_cmd[0] = shell;
 		cmd = audit_cmd;
 	}

 	cmdbuf = build_cmd(cmd);
 	if (cmdbuf == NULL) {
 		cmdbuf = UNKNOWN_CMD;
 		dont_free = 1;
 	}

 	gtxt = dgettext(bsm_dom, "Command line: %s");
 	/* over estimate of size of buffer needed (%s is replaced) */
 	tlen = strlen(cmdbuf) + strlen(gtxt) + 1;

 	if ((tbuf = malloc(tlen)) == NULL) {
 		(void) au_close(rd, 0, 0);
 		return;
 	}
 	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
 	(void) au_write(rd, au_to_text(tbuf));
 	(void) free(tbuf);
 	if (!dont_free)
 		(void) free(cmdbuf);

 	/* add return token */
 #ifdef _LP64
 	(void) au_write(rd, au_to_return64(-1, (int64_t)0));
 #else
 	(void) au_write(rd, au_to_return32(-1, (int32_t)0));
 #endif

 	/* write audit record */
 	if (au_close(rd, 1, event) < 0) {
 		(void) au_close(rd, 0, 0);
 		return;
 	}
 }

 void
 audit_rexd_success(hostname, user, uid, gid, shell, cmd)
 char	*hostname;	/* hostname of machine requesting service */
 char	*user;		/* username of user requesting service, may be NULL */
 uid_t 	uid;		/* user id of user requesting service */
 gid_t	gid;		/* group of user requesting service */
 char	*shell;		/* login shell of user requesting service */
 char	**cmd;		/* argv to be executed locally, may be NULL */
 {
 	int	rd;			/* audit record descriptor */
 	char	buf[256];	/* temporary buffer */
 	char	*tbuf;		/* temporary buffer */
 	int	tlen;
 	const char *gtxt;
 	pid_t	pid;
 	char	*cmdbuf;
 	char	*audit_cmd[2] = {NULL, NULL};
 	int	dont_free = 0;
 	struct auditinfo_addr info;
 	char	*empty = "";

 	dprintf(("audit_rexd_success()\n"));

 	/*
 	 * check if audit_rexd_fail() or audit_rexd_success()
 	 * have been called already.
 	 */
 	if (audit_rexd_status == 1) {
 		return;
 	}

 	if (cannot_audit(0)) {
 		return;
 	}

 	/* a little bullet proofing... */

 	if (hostname == NULL)
 		hostname = empty;
 	if (shell == NULL)
 		shell = empty;

 	/*
 	 * set status to prevent multiple calls
 	 * to audit_rexd_fail() and audit_rexd_success()
 	 */
 	audit_rexd_status = 1;

 	/* determine if we're preselected */
 	if (!selected(uid, user, event, 0))
 		goto rexd_audit_session;

 	pid = getpid();

 	if (getaudit_addr(&info, sizeof (info)) < 0) {
 		perror("getaudit_addr");
 		exit(1);
 	}

 	rd = au_open();

 	/* add subject token */
 	(void) au_write(rd,
 		au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
 			&info.ai_termid));
 	if (is_system_labeled())
 		(void) au_write(rd, au_to_mylabel());

 	/* add hostname of machine requesting service */

 	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 		"Remote execution requested by: %s"), hostname);
 	(void) au_write(rd, au_to_text(buf));

 	/* add username at machine requesting service */
 	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
 	    "Username: %s"), user);
 	(void) au_write(rd, au_to_text(buf));

 	if (cmd == NULL) {
 		audit_cmd[0] = shell;
 		cmd = audit_cmd;
 	}

 	cmdbuf = build_cmd(cmd);
 	if (cmdbuf == NULL) {
 		cmdbuf = UNKNOWN_CMD;
 		dont_free = 1;
 	}

 	gtxt = dgettext(bsm_dom, "Command line: %s");
 	tlen = strlen(cmdbuf) + strlen(gtxt) + 1;

 	if ((tbuf = malloc(tlen)) == NULL) {
 		(void) au_close(rd, 0, 0);
 		goto rexd_audit_session;
 	}

 	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
 	(void) au_write(rd, au_to_text(tbuf));
 	(void) free(tbuf);
 	if (!dont_free)
 		(void) free(cmdbuf);

 	/* add return token */
 #ifdef _LP64
 	(void) au_write(rd, au_to_return64(0, (int64_t)0));
 #else
 	(void) au_write(rd, au_to_return32(0, (int32_t)0));
 #endif

 	/* write audit record */
 	if (au_close(rd, 1, event) < 0) {
 		(void) au_close(rd, 0, 0);
 	}

 rexd_audit_session:
 	audit_rexd_session_setup(user, hostname, uid);
 }
	/*
	* CDDL HEADER START
	*
	* The contents of this file are subject to the terms of the
	* Common Development and Distribution License (the "License").
	* You may not use this file except in compliance with the License.
	*
	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	* or http://www.opensolaris.org/os/licensing.
	* See the License for the specific language governing permissions
	* and limitations under the License.
	*
	* When distributing Covered Code, include this CDDL HEADER in each
	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	* If applicable, add the following below this CDDL HEADER, with the
	* fields enclosed by brackets "[]" replaced with your own identifying
	* information: Portions Copyright [yyyy] [name of copyright owner]
	*
	* CDDL HEADER END
	*/
	/*
	* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
	* Use is subject to license terms.
	*/
	#pragma ident "%Z%%M% %I% %E% SMI"

	#include <sys/types.h>
	#include <stdio.h>
	#include <unistd.h>
	#include <sys/fcntl.h>
	#include <bsm/audit.h>
	#include <bsm/audit_record.h>
	#include <bsm/audit_uevents.h>
	#include <bsm/libbsm.h>
	#include <bsm/audit_private.h>
	#include <stdlib.h>
	#include <string.h>
	#include <syslog.h>
	#include <pwd.h>
	#include <netinet/in.h>
	#include <tsol/label.h>
	#include <locale.h>
	#include "generic.h"

	#ifdef C2_DEBUG
	#define dprintf(x) { printf x; }
	#else
	#define dprintf(x)
	#endif

	#define UNKNOWN_CMD "???"

	static au_event_t event;
	static int audit_rexd_status = 0;

	static char *
	build_cmd(char **cmd)
	{
	int i, l;
	char *r;

	if (cmd == NULL)
	return (NULL);
	/* count the total length of command line */
	for (i = 0, l = 0; cmd[i] != NULL; i++)
	l += strlen(cmd[i]) + 1;

	if (l == 0)
	return (NULL);
	r = malloc(l);
	if (r != NULL) {
	for (i = 0; cmd[i] != NULL; i++) {
	(void) strcat(r, cmd[i]);
	if (cmd[i + 1] != NULL)
	(void) strcat(r, " ");
	}
	}
	return (r);
	}

	static int
	selected(uid, user, event, sf)
	uid_t uid;
	char *user;
	au_event_t event;
	int sf;
	{
	int rc, sorf;
	char naflags[512];
	struct au_mask mask;

	mask.am_success = mask.am_failure = 0;
	if (uid < 0) {
	rc = getacna(naflags, 256); /* get non-attrib flags */
	if (rc == 0)
	(void) getauditflagsbin(naflags, &mask);
	} else {
	rc = au_user_mask(user, &mask);
	}

	if (sf == 0)
	sorf = AU_PRS_SUCCESS;
	else if (sf == -1)
	sorf = AU_PRS_FAILURE;
	else
	sorf = AU_PRS_BOTH;
	rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
	return (rc);
	}

	void
	audit_rexd_setup()
	{
	dprintf(("audit_rexd_setup()\n"));

	event = AUE_rexd;
	}

	/* ARGSUSED */
	static void
	audit_rexd_session_setup(char name, char mach, uid_t uid)
	{
	int rc;
	au_mask_t mask;
	struct auditinfo_addr info;

	if (getaudit_addr(&info, sizeof (info)) < 0) {
	perror("getaudit_addr");
	exit(1);
	}

	info.ai_auid = uid;
	info.ai_asid = getpid();

	mask.am_success = 0;
	mask.am_failure = 0;

	(void) au_user_mask(name, &mask);

	info.ai_mask.am_success = mask.am_success;
	info.ai_mask.am_failure = mask.am_failure;

	rc = setaudit_addr(&info, sizeof (info));
	if (rc < 0) {
	perror("setaudit_addr");
	}
	}

	void
	audit_rexd_fail(msg, hostname, user, uid, gid, shell, cmd)
	char msg; / message containing failure information */
	char hostname; / hostname of machine requesting service */
	char user; / username of user requesting service */
	uid_t uid; /* user id of user requesting service */
	gid_t gid; /* group of user requesting service */
	char shell; / login shell of user requesting service */
	char *cmd; / argv to be executed locally */
	{
	int rd; /* audit record descriptor */
	char buf[256]; /* temporary buffer */
	char tbuf; / temporary buffer */
	int tlen;
	const char gtxt; / gettext return value */
	pid_t pid;
	char *cmdbuf;
	char *audit_cmd[2] = {NULL, NULL};
	int dont_free = 0;
	struct auditinfo_addr info;

	dprintf(("audit_rexd_fail()\n"));

	/*
	* check if audit_rexd_fail() or audit_rexd_success()
	* have been called already.
	*/
	if (audit_rexd_status == 1) {
	return;
	}

	if (cannot_audit(0)) {
	return;
	}

	/*
	* set status to prevent multiple calls
	* to audit_rexd_fail() and audit_rexd_success()
	*/
	audit_rexd_status = 1;

	/* determine if we're preselected */
	if (!selected(uid, user, event, -1))
	return;

	pid = getpid();

	if (getaudit_addr(&info, sizeof (info)) < 0) {
	perror("getaudit_addr");
	exit(1);
	}

	rd = au_open();

	/* add subject token */
	(void) au_write(rd,
	au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
	&info.ai_termid));
	if (is_system_labeled())
	(void) au_write(rd, au_to_mylabel());

	/* add reason for failure */
	(void) au_write(rd, au_to_text(msg));

	/* add hostname of machine requesting service */
	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
	"Remote execution requested by: %s"), hostname);
	(void) au_write(rd, au_to_text(buf));

	/* add username of user requesting service */
	if (user == NULL)
	user = "???";
	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
	"Username: %s"), user);
	(void) au_write(rd, au_to_text(buf));

	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
	"User id: %d"), uid);
	(void) au_write(rd, au_to_text(buf));

	if (cmd == NULL) {
	audit_cmd[0] = shell;
	cmd = audit_cmd;
	}

	cmdbuf = build_cmd(cmd);
	if (cmdbuf == NULL) {
	cmdbuf = UNKNOWN_CMD;
	dont_free = 1;
	}

	gtxt = dgettext(bsm_dom, "Command line: %s");
	/* over estimate of size of buffer needed (%s is replaced) */
	tlen = strlen(cmdbuf) + strlen(gtxt) + 1;

	if ((tbuf = malloc(tlen)) == NULL) {
	(void) au_close(rd, 0, 0);
	return;
	}
	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
	(void) au_write(rd, au_to_text(tbuf));
	(void) free(tbuf);
	if (!dont_free)
	(void) free(cmdbuf);

	/* add return token */
	#ifdef _LP64
	(void) au_write(rd, au_to_return64(-1, (int64_t)0));
	#else
	(void) au_write(rd, au_to_return32(-1, (int32_t)0));
	#endif

	/* write audit record */
	if (au_close(rd, 1, event) < 0) {
	(void) au_close(rd, 0, 0);
	return;
	}
	}

	void
	audit_rexd_success(hostname, user, uid, gid, shell, cmd)
	char hostname; / hostname of machine requesting service */
	char user; / username of user requesting service, may be NULL */
	uid_t uid; /* user id of user requesting service */
	gid_t gid; /* group of user requesting service */
	char shell; / login shell of user requesting service */
	char *cmd; / argv to be executed locally, may be NULL */
	{
	int rd; /* audit record descriptor */
	char buf[256]; /* temporary buffer */
	char tbuf; / temporary buffer */
	int tlen;
	const char *gtxt;
	pid_t pid;
	char *cmdbuf;
	char *audit_cmd[2] = {NULL, NULL};
	int dont_free = 0;
	struct auditinfo_addr info;
	char *empty = "";

	dprintf(("audit_rexd_success()\n"));

	/*
	* check if audit_rexd_fail() or audit_rexd_success()
	* have been called already.
	*/
	if (audit_rexd_status == 1) {
	return;
	}

	if (cannot_audit(0)) {
	return;
	}

	/* a little bullet proofing... */

	if (hostname == NULL)
	hostname = empty;
	if (shell == NULL)
	shell = empty;

	/*
	* set status to prevent multiple calls
	* to audit_rexd_fail() and audit_rexd_success()
	*/
	audit_rexd_status = 1;

	/* determine if we're preselected */
	if (!selected(uid, user, event, 0))
	goto rexd_audit_session;

	pid = getpid();

	if (getaudit_addr(&info, sizeof (info)) < 0) {
	perror("getaudit_addr");
	exit(1);
	}

	rd = au_open();

	/* add subject token */
	(void) au_write(rd,
	au_to_subject_ex(uid, uid, gid, uid, gid, pid, pid,
	&info.ai_termid));
	if (is_system_labeled())
	(void) au_write(rd, au_to_mylabel());

	/* add hostname of machine requesting service */

	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
	"Remote execution requested by: %s"), hostname);
	(void) au_write(rd, au_to_text(buf));

	/* add username at machine requesting service */
	(void) snprintf(buf, sizeof (buf), dgettext(bsm_dom,
	"Username: %s"), user);
	(void) au_write(rd, au_to_text(buf));

	if (cmd == NULL) {
	audit_cmd[0] = shell;
	cmd = audit_cmd;
	}

	cmdbuf = build_cmd(cmd);
	if (cmdbuf == NULL) {
	cmdbuf = UNKNOWN_CMD;
	dont_free = 1;
	}

	gtxt = dgettext(bsm_dom, "Command line: %s");
	tlen = strlen(cmdbuf) + strlen(gtxt) + 1;

	if ((tbuf = malloc(tlen)) == NULL) {
	(void) au_close(rd, 0, 0);
	goto rexd_audit_session;
	}

	(void) snprintf(tbuf, tlen, gtxt, cmdbuf);
	(void) au_write(rd, au_to_text(tbuf));
	(void) free(tbuf);
	if (!dont_free)
	(void) free(cmdbuf);

	/* add return token */
	#ifdef _LP64
	(void) au_write(rd, au_to_return64(0, (int64_t)0));
	#else
	(void) au_write(rd, au_to_return32(0, (int32_t)0));
	#endif

	/* write audit record */
	if (au_close(rd, 1, event) < 0) {
	(void) au_close(rd, 0, 0);
	}

	rexd_audit_session:
	audit_rexd_session_setup(user, hostname, uid);
	}