Home | History | Annotate | Download | only in common
      1 /*
      2  * CDDL HEADER START
      3  *
      4  * The contents of this file are subject to the terms of the
      5  * Common Development and Distribution License (the "License").
      6  * You may not use this file except in compliance with the License.
      7  *
      8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
      9  * or http://www.opensolaris.org/os/licensing.
     10  * See the License for the specific language governing permissions
     11  * and limitations under the License.
     12  *
     13  * When distributing Covered Code, include this CDDL HEADER in each
     14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     15  * If applicable, add the following below this CDDL HEADER, with the
     16  * fields enclosed by brackets "[]" replaced with your own identifying
     17  * information: Portions Copyright [yyyy] [name of copyright owner]
     18  *
     19  * CDDL HEADER END
     20  */
     21 /*
     22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     23  * Use is subject to license terms.
     24  */
     25 
     26 #include <sys/types.h>
     27 #include <tsol/label.h>
     28 #include <bsm/audit.h>
     29 #include <bsm/libbsm.h>
     30 #include <bsm/audit_private.h>
     31 #include <unistd.h>
     32 #include <string.h>
     33 #include <bsm/audit_uevents.h>
     34 #include <generic.h>
     35 #include <stdlib.h>
     36 #include <alloca.h>
     37 
     38 static int s_audit;	/* successful audit event */
     39 static int f_audit;	/* failure audit event */
     40 
     41 static int ad;		/* audit descriptor */
     42 
     43 void
     44 audit_allocate_argv(flg, argc, argv)
     45 	int   flg;
     46 	int   argc;
     47 	char *argv[];
     48 {
     49 	int i;
     50 
     51 	if (cannot_audit(0)) {
     52 		return;
     53 	}
     54 
     55 	switch (flg) {
     56 	case 0:
     57 		s_audit = AUE_allocate_succ;
     58 		f_audit = AUE_allocate_fail;
     59 		break;
     60 	case 1:
     61 		s_audit = AUE_deallocate_succ;
     62 		f_audit = AUE_deallocate_fail;
     63 		break;
     64 	case 2:
     65 		s_audit = AUE_listdevice_succ;
     66 		f_audit = AUE_listdevice_fail;
     67 		break;
     68 	}
     69 
     70 	ad = au_open();
     71 
     72 	for (i = 0; i < argc; i++)
     73 		(void) au_write(ad, au_to_text(argv[i]));
     74 }
     75 
     76 void
     77 audit_allocate_device(path)
     78 	char *path;
     79 {
     80 	if (cannot_audit(0)) {
     81 		return;
     82 	}
     83 	(void) au_write(ad, au_to_path(path));
     84 }
     85 
     86 int
     87 audit_allocate_record(status)
     88 	char	status;		/* success failure of operation */
     89 {
     90 	auditinfo_addr_t mask;		/* audit ID */
     91 	au_event_t	event;		/* audit event number */
     92 	int		policy;		/* audit policy */
     93 	int		ng;		/* number of groups in process */
     94 
     95 #ifdef DEBUG
     96 	printf(("audit_allocate_record(%d)\n", status));
     97 #endif
     98 
     99 	if (cannot_audit(0)) {
    100 		return (0);
    101 	}
    102 
    103 	if (getaudit_addr(&mask, sizeof (mask)) < 0) {
    104 		if (!status)
    105 			return (1);
    106 		return (0);
    107 	}
    108 
    109 	if (auditon(A_GETPOLICY, (caddr_t)&policy, 0) < 0) {
    110 		if (!status)
    111 			return (1);
    112 		return (0);
    113 	}
    114 
    115 
    116 		/* determine if we're preselected */
    117 	if (status)
    118 		event = f_audit;
    119 	else
    120 		event = s_audit;
    121 
    122 	if (au_preselect(event, &mask.ai_mask, AU_PRS_BOTH, AU_PRS_REREAD)
    123 		== NULL)
    124 		return (0);
    125 
    126 	(void) au_write(ad, au_to_me());	/* add subject token */
    127 	if (is_system_labeled())
    128 		(void) au_write(ad, au_to_mylabel());
    129 
    130 	if (policy & AUDIT_GROUP) {	/* add optional group token */
    131 		gid_t	*grplst;
    132 		int	maxgrp = getgroups(0, NULL);
    133 
    134 		grplst = alloca(maxgrp * sizeof (gid_t));
    135 
    136 		if ((ng = getgroups(maxgrp, grplst)) < 0) {
    137 			(void) au_close(ad, 0, 0);
    138 			if (!status)
    139 				return (1);
    140 			return (0);
    141 		}
    142 		(void) au_write(ad, au_to_newgroups(ng, grplst));
    143 	}
    144 
    145 	if (status)
    146 		(void) au_write(ad, au_to_exit(status, -1));
    147 	else
    148 		(void) au_write(ad, au_to_exit(0, 0));
    149 
    150 		/* write audit record */
    151 	if (au_close(ad, 1, event) < 0) {
    152 		(void) au_close(ad, 0, 0);
    153 		if (!status)
    154 			return (1);
    155 	}
    156 
    157 	return (0);
    158 }
    159 
    160 void
    161 audit_allocate_list(list)
    162 	char *list;
    163 {
    164 	char *buf;
    165 	char *file;
    166 	char *last;
    167 
    168 	if (cannot_audit(0)) {
    169 		return;
    170 	}
    171 
    172 	if ((buf = strdup(list)) == NULL)
    173 		return;
    174 
    175 	for (file = strtok_r(buf, " ", &last); file;
    176 	    file = strtok_r(NULL, " ", &last))
    177 		(void) au_write(ad, au_to_path(file));
    178 
    179 	free(buf);
    180 }
    181