Home | History | Annotate | Download | only in common
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 
     22 /*
     23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     24  * Use is subject to license terms.
     25  */
     26 
     27 #include <sys/types.h>
     28 #include <stdio.h>
     29 #include <bsm/audit.h>
     30 #include <bsm/libbsm.h>
     31 
     32 #define	AUDITSTRING_LEN 512
     33 
     34 /*
     35  * Initialize audit preselection mask. This function should be used
     36  * by applications like login that set the process preselection mask
     37  * when a connection or a session is created.
     38  *
     39  * First, the system wide default audit flags are obtained
     40  *	from the audit_control(5) file.
     41  *
     42  * Next, the "always audit" flags, obtained from the audit_user(5) database,
     43  *	are added.
     44  *
     45  * Finally, the "never audit" flags, also obtained from the audit_user(5)
     46  *	database, are subtracted.
     47  *
     48  * The mask returned can be expressed as:
     49  *
     50  * (default audit flags + alway audit flags) - never audit flags
     51  *
     52  * If the lookup to audit_control(5) fails, then this function returns
     53  * an error.  If the lookup to audit_user(5), the function silently
     54  * continues.
     55  */
     56 int
     57 au_user_mask(char *username, au_mask_t *p_mask)
     58 {
     59 	char auditstring[AUDITSTRING_LEN];
     60 	au_user_ent_t *p_user = NULL;
     61 	int retval = -1;
     62 
     63 	if (p_mask == NULL)
     64 		return (-1);
     65 
     66 	/*
     67 	 * Get the system wide default audit flags out of the audit_control(5)
     68 	 * file.
     69 	 */
     70 	setac();
     71 	if (getacflg(auditstring, AUDITSTRING_LEN) == 0) {
     72 		if (getauditflagsbin(auditstring, p_mask) == 0) {
     73 			retval = 0;
     74 		}
     75 	}
     76 	endac();
     77 
     78 	/*
     79 	 * If you can't get the system wide flags, return an error code
     80 	 * now and don't bother trying to get the user specific flags.
     81 	 */
     82 	if (retval != 0) {
     83 		return (-1);
     84 	}
     85 
     86 	/*
     87 	 * Get the always audit flags and the never audit flags from
     88 	 * the audit_user(5) database.
     89 	 */
     90 	setauuser();
     91 	if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) {
     92 		/* Add always audit flags. */
     93 		p_mask->as_success |= p_user->au_always.as_success;
     94 		p_mask->as_failure |= p_user->au_always.as_failure;
     95 		/* Subtract never audit flags.  */
     96 		p_mask->as_success &= ~(p_user->au_never.as_success);
     97 		p_mask->as_failure &= ~(p_user->au_never.as_failure);
     98 	}
     99 	endauuser();
    100 
    101 	return (0);
    102 }
    103