1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 * 22 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 * 25 * usr/src/cmd/ssh/sshd/bsmaudit.c 26 * 27 * Taken from the on81 usr/src/lib/libbsm/common/audit_login.c 28 */ 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #include "includes.h" 32 33 #include <sys/systeminfo.h> 34 #include <sys/param.h> 35 #include <sys/types.h> 36 #include <sys/socket.h> 37 #include <sys/systeminfo.h> 38 #include <sys/stat.h> 39 #include <sys/wait.h> 40 #include <netinet/in.h> 41 #include <netdb.h> 42 #include <signal.h> 43 44 #include <stdarg.h> 45 #include <pwd.h> 46 #include <shadow.h> 47 #include <utmpx.h> 48 #include <unistd.h> 49 #include <string.h> 50 51 #include <locale.h> 52 53 #include "log.h" 54 #include "packet.h" 55 #include "canohost.h" 56 #include "servconf.h" 57 #include <errno.h> 58 #include <bsm/adt.h> 59 #include <bsm/adt_event.h> 60 61 extern uint_t utmp_len; /* XXX - Yuck; we'll keep this for now */ 62 extern ServerOptions options; 63 /* 64 * XXX - Yuck; we should have a 65 * get_client_name_or_ip that does the 66 * right thing wrt reverse lookups 67 */ 68 69 void 70 audit_sshd_chauthtok(int pam_retval, uid_t uid, gid_t gid) 71 { 72 adt_session_data_t *ah = NULL; 73 adt_event_data_t *event = NULL; 74 const char *how = "couldn't start adt session"; 75 int saved_errno = 0; 76 77 if (adt_start_session(&ah, NULL, 0) != 0) { 78 saved_errno = errno; 79 goto fail; 80 } 81 if (adt_set_user(ah, uid, gid, uid, gid, NULL, ADT_NEW) != 0) { 82 saved_errno = errno; 83 how = "couldn't set adt user"; 84 goto fail; 85 } 86 87 if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL) { 88 saved_errno = errno; 89 how = "couldn't allocate adt event"; 90 goto fail; 91 } 92 93 if (pam_retval == PAM_SUCCESS) { 94 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { 95 saved_errno = errno; 96 how = "couldn't put adt event"; 97 goto fail; 98 } 99 } else if (adt_put_event(event, ADT_FAILURE, 100 ADT_FAIL_PAM + pam_retval) != 0) { 101 saved_errno = errno; 102 how = "couldn't put adt event"; 103 goto fail; 104 } 105 106 adt_free_event(event); 107 (void) adt_end_session(ah); 108 return; 109 110 fail: 111 adt_free_event(event); 112 (void) adt_end_session(ah); 113 114 fatal("Auditing of password change failed: %s (%s)", 115 strerror(saved_errno), how); 116 } 117 118 void 119 audit_sshd_login(adt_session_data_t **ah, uid_t uid, gid_t gid) 120 { 121 adt_event_data_t *event = NULL; 122 const char *how = "couldn't start adt session"; 123 int saved_errno = 0; 124 125 if (ah == NULL) { 126 how = "programmer error"; 127 saved_errno = EINVAL; 128 goto fail; 129 } 130 131 if (adt_start_session(ah, NULL, ADT_USE_PROC_DATA) != 0) { 132 saved_errno = errno; 133 how = "couldn't start adt session"; 134 goto fail; 135 } 136 if (adt_set_user(*ah, uid, gid, uid, gid, 137 NULL, ADT_USER) != 0) { 138 saved_errno = errno; 139 how = "couldn't set adt user"; 140 goto fail; 141 } 142 if ((event = adt_alloc_event(*ah, ADT_ssh)) == NULL) { 143 saved_errno = errno; 144 how = "couldn't allocate adt event"; 145 goto fail; 146 } 147 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { 148 saved_errno = errno; 149 how = "couldn't put adt event"; 150 goto fail; 151 } 152 153 adt_free_event(event); 154 /* Don't end adt session - leave for when logging out */ 155 return; 156 157 fail: 158 adt_free_event(event); 159 (void) adt_end_session(*ah); 160 161 fatal("Auditing of login failed: %s (%s)", 162 strerror(saved_errno), how); 163 } 164 165 void 166 audit_sshd_login_failure(adt_session_data_t **ah, int pam_retval) 167 { 168 adt_event_data_t *event = NULL; 169 const char *how = "couldn't start adt session"; 170 int saved_errno = 0; 171 172 if (ah == NULL) { 173 how = "programmer error"; 174 saved_errno = EINVAL; 175 goto fail; 176 } 177 178 if (adt_start_session(ah, NULL, ADT_USE_PROC_DATA) != 0) { 179 saved_errno = errno; 180 how = "couldn't start adt session"; 181 goto fail; 182 } 183 184 if (adt_set_user(*ah, ADT_NO_ATTRIB, ADT_NO_ATTRIB, 185 ADT_NO_ATTRIB, ADT_NO_ATTRIB, 186 NULL, ADT_NEW) != 0) { 187 saved_errno = errno; 188 how = "couldn't set adt user"; 189 goto fail; 190 } 191 if ((event = adt_alloc_event(*ah, ADT_ssh)) == NULL) { 192 saved_errno = errno; 193 how = "couldn't allocate adt event"; 194 goto fail; 195 } 196 if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_PAM + pam_retval) != 0) { 197 saved_errno = errno; 198 how = "couldn't put adt event"; 199 goto fail; 200 } 201 202 adt_free_event(event); 203 (void) adt_end_session(*ah); 204 *ah = NULL; 205 return; 206 207 fail: 208 adt_free_event(event); 209 (void) adt_end_session(*ah); 210 211 fatal("Auditing of login failed: %s (%s)", 212 strerror(saved_errno), how); 213 } 214 215 void 216 audit_sshd_logout(adt_session_data_t **ah) 217 { 218 adt_event_data_t *event = NULL; 219 const char *how = "programmer error"; 220 int saved_errno = 0; 221 222 if (!ah) { 223 saved_errno = EINVAL; 224 goto fail; 225 } 226 227 if ((event = adt_alloc_event(*ah, ADT_logout)) == NULL) { 228 saved_errno = errno; 229 how = "couldn't allocate adt event"; 230 goto fail; 231 } 232 233 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { 234 saved_errno = errno; 235 how = "couldn't put adt event"; 236 goto fail; 237 } 238 239 adt_free_event(event); 240 (void) adt_end_session(*ah); 241 *ah = NULL; 242 return; 243 244 fail: 245 adt_free_event(event); 246 (void) adt_end_session(*ah); 247 248 fatal("Auditing of logout failed: %s (%s)", 249 how, strerror(saved_errno)); 250 } 251 252 /* 253 * audit_sshd_settid stores the terminal id while it is still 254 * available. 255 * 256 * The failure cases are lack of resources or incorrect permissions. 257 * libbsm generates syslog messages, so there's no value doing more 258 * here. ADT_NO_AUDIT leaves the auid at AU_NOAUDITID and will be 259 * replaced when one of the above functions is called. 260 */ 261 void 262 audit_sshd_settid(int sock) 263 { 264 adt_session_data_t *ah; 265 adt_termid_t *termid; 266 267 if (adt_start_session(&ah, NULL, 0) == 0) { 268 if (adt_load_termid(sock, &termid) == 0) { 269 if (adt_set_user(ah, ADT_NO_AUDIT, 270 ADT_NO_AUDIT, 0, ADT_NO_AUDIT, 271 termid, ADT_SETTID) == 0) 272 (void) adt_set_proc(ah); 273 free(termid); 274 } 275 (void) adt_end_session(ah); 276 } 277 } 278
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.