1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 * Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
26 */
27
28 #include <bsm/adt.h>
29 #include <bsm/adt_event.h>
30 #include <assert.h>
31 #include <bsm/audit.h>
32 #include <bsm/audit_record.h>
33 #include <bsm/libbsm.h>
34 #include <door.h>
35 #include <errno.h>
36 #include <generic.h>
37 #include <md5.h>
38 #include <sys/mkdev.h>
39 #include <netdb.h>
40 #include <nss_dbdefs.h>
41 #include <pwd.h>
42 #include <sys/stat.h>
43 #include <time.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <synch.h>
47 #include <sys/systeminfo.h>
48 #include <syslog.h>
49 #include <thread.h>
50 #include <unistd.h>
51 #include <adt_xlate.h>
52 #include <adt_ucred.h>
53 #include <arpa/inet.h>
54 #include <net/if.h>
55 #include <libinetutil.h>
56
57 static int adt_selected(struct adt_event_state *, au_event_t, int);
58 static int adt_init(adt_internal_state_t *, int);
59 static int adt_import(adt_internal_state_t *, const adt_export_data_t *);
60 static m_label_t *adt_ucred_label(ucred_t *);
61 static void adt_setto_unaudited(adt_internal_state_t *);
62 static int adt_get_local_address(int, struct ifaddrlist *);
63
64 #ifdef C2_DEBUG
65 #define DPRINTF(x) { (void) printf x; }
66 #define DFLUSH (void) fflush(stdout);
67 #else
68 #define DPRINTF(x)
69 #define DFLUSH
70 #endif
71
72 /*
73 * Local audit states are a bit mask
74 *
75 * The global audit states are
76 *
77 * AUC_UNSET 0 - on/off hasn't been decided
78 * AUC_ENABLED 1 - loaded and enabled
79 *
80 * The local Zone states are
81 *
82 * AUC_AUDITING 0x1 - audit daemon is active
83 * AUC_NOAUDIT 0x2 - audit daemon is not active
84 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run
85 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records
86 *
87 * The only values returned by auditon(A_GETCOND) are:
88 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE
89 *
90 * The pseudo audit state used when the c2audit module is excluded is
91 *
92 * AUC_DISABLED 0x100 - c2audit module is excluded
93 */
94
95 static int auditstate = AUC_DISABLED; /* default state */
96
97 /*
98 * adt_write_syslog
99 *
100 * errors that are not the user's fault (bugs or whatever in
101 * the underlying audit code are noted in syslog.)
102 *
103 * Avoid calling adt_write_syslog for things that can happen
104 * at high volume.
105 *
106 * syslog's open (openlog) and close (closelog) are interesting;
107 * openlog *may* create a file descriptor and is optional. closelog
108 * *will* close any open file descriptors and is also optional.
109 *
110 * Since syslog may also be used by the calling application, the
111 * choice is to avoid openlog, which sets some otherwise useful
112 * parameters, and to embed "Solaris_audit" in the log message.
113 */
114
115 void
116 adt_write_syslog(const char *message, int err)
117 {
118 int save_errno = errno;
119 int mask_priority;
120
121 DPRINTF(("syslog called: %s\n", message));
122
123 mask_priority = setlogmask(LOG_MASK(LOG_ALERT));
124 errno = err;
125 syslog(LOG_ALERT, "Solaris_audit %s: %m", message);
126 (void) setlogmask(mask_priority);
127 errno = save_errno;
128 }
129
130 /*
131 * return true if c2audit is not excluded.
132 *
133 * For purpose of this API, anything but AUC_DISABLED
134 * is enabled; however one never actually sees
135 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any
136 * auditon error is considered the same as ENOTSUP for our
137 * purpose. auditstate is not changed by auditon if an error
138 * is returned.
139 */
140
141 /*
142 * XXX this should probably be eliminated and adt_audit_state() replace it.
143 * All the legitimate uses are to not fork a waiting process for
144 * process exit processing, as in su, login, dtlogin. Other bogus
145 * users are zoneadmd and init.
146 * All but dtlogin are in ON, so we can do this without cross gate
147 * synchronization.
148 *
149 * No longer used in adt.c.
150 */
151
152 boolean_t
153 adt_audit_enabled(void)
154 {
155
156 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
157
158 return (auditstate != AUC_DISABLED);
159 }
160
161 /*
162 * See adt_audit_enabled() for state discussions.
163 * The state parameter is a hedge until all the uses become clear.
164 * Likely if adt_audit_enabled is brought internal to this file,
165 * it could be modified to take one or more parameters to describe the
166 * state.
167 */
168
169 boolean_t
170 adt_audit_state(int states)
171 {
172
173 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
174
175 return ((auditstate & states) ? B_TRUE : B_FALSE);
176 }
177
178 /*
179 * Get user_specific/non-attributable audit mask. This may be called even when
180 * auditing is off.
181 */
182
183 static int
184 adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
185 {
186 struct passwd pwd;
187 long buff_sz;
188 char *pwd_buff;
189
190
191 if (auditstate & AUC_DISABLED) {
192 /* c2audit excluded */
193 mask->am_success = 0;
194 mask->am_failure = 0;
195 return (0);
196 }
197
198 if (uid <= MAXUID) {
199 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
200 adt_write_syslog("couldn't determine maximum size of "
201 "password buffer", errno);
202 return (-1);
203 }
204 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
205 return (-1);
206 }
207 /*
208 * Ephemeral id's and id's that exist in a name service we
209 * don't have configured (LDAP, NIS) can't be looked up,
210 * but either way it's not an error.
211 */
212 if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
213 if (au_user_mask(pwd.pw_name, mask)) {
214 free(pwd_buff);
215 errno = EFAULT; /* undetermined failure */
216 return (-1);
217 }
218 free(pwd_buff);
219 return (0);
220 }
221 free(pwd_buff);
222 }
223
224 if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
225 return (-1);
226 }
227
228 return (0);
229 }
230
231 /*
232 * adt_get_unique_id -- generate a hopefully unique 32 bit value
233 *
234 * there will be a follow up to replace this with the use of /dev/random
235 *
236 * An MD5 hash is taken on a buffer of
237 * hostname . audit id . unix time . pid . count
238 *
239 * "count = noise++;" is subject to a race condition but I don't
240 * see a need to put a lock around it.
241 */
242
243 au_asid_t
244 adt_get_unique_id(au_id_t uid)
245 {
246 char hostname[MAXHOSTNAMELEN];
247 union {
248 au_id_t v[4];
249 unsigned char obuff[128/8];
250 } output;
251 MD5_CTX context;
252
253 static int noise = 0;
254
255 int count = noise++;
256 time_t timebits = time(NULL);
257 pid_t pidbits = getpid();
258 au_asid_t retval = 0;
259
260 if (gethostname(hostname, MAXHOSTNAMELEN)) {
261 adt_write_syslog("gethostname call failed", errno);
262 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN);
263 }
264
265 while (retval == 0) { /* 0 is the only invalid result */
266 MD5Init(&context);
267
268 MD5Update(&context, (unsigned char *)hostname,
269 (unsigned int) strlen((const char *)hostname));
270
271 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t));
272
273 MD5Update(&context,
274 (unsigned char *) &timebits, sizeof (time_t));
275
276 MD5Update(&context, (unsigned char *) &pidbits,
277 sizeof (pid_t));
278
279 MD5Update(&context, (unsigned char *) &(count), sizeof (int));
280 MD5Final(output.obuff, &context);
281
282 retval = output.v[count % 4];
283 }
284 return (retval);
285 }
286
287 /*
288 * the following "port" function deals with the following issues:
289 *
290 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made
291 * up from a 32 bit major and 32 bit minor.
292 * 2 User space deals with a dev_t as either the above 64 bit value
293 * or a 32 bit value made from a 14 bit major and an 18 bit minor.
294 * 3 The various audit interfaces (except ucred) pass the 32 or
295 * 64 bit version depending the architecture of the userspace
296 * application. If you get a port value from ucred and pass it
297 * to the kernel via auditon(), it must be squeezed into a 32
298 * bit value because the kernel knows the userspace app's bit
299 * size.
300 *
301 * The internal state structure for adt (adt_internal_state_t) uses
302 * dev_t, so adt converts data from ucred to fit. The import/export
303 * functions, however, can't know if they are importing/exporting
304 * from 64 or 32 bit applications, so they always send 64 bits and
305 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as
306 * appropriate.
307 */
308
309 /*
310 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are
311 * both 64 bits). If lib is 32 bits, squeeze the two-int port into
312 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t,
313 * so it isn't broken up into pieces. (When it goes to the kernel
314 * and back, however, it will have been split into major/minor
315 * pieces.)
316 */
317
318 static void
319 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
320 {
321 #ifdef _LP64
322 (void) memcpy(dest, src, sizeof (au_tid_addr_t));
323 #else /* _LP64 */
324 dest->at_type = src->at_type;
325
326 dest->at_port = src->at_port.at_minor & MAXMIN32;
327 dest->at_port |= (src->at_port.at_major & MAXMAJ32) <<
328 NBITSMINOR32;
329
330 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t));
331 #endif /* _LP64 */
332 }
333
334 /*
335 * adt_start_session -- create interface handle, create context
336 *
337 * The imported_state input is normally NULL, if not, it represents
338 * a continued session; its values obviate the need for a subsequent
339 * call to adt_set_user().
340 *
341 * The flag is used to decide how to set the initial state of the session.
342 * If 0, the session is "no audit" until a call to adt_set_user; if
343 * ADT_USE_PROC_DATA, the session is built from the process audit
344 * characteristics obtained from the kernel. If imported_state is
345 * not NULL, the resulting audit mask is an OR of the current process
346 * audit mask and that passed in.
347 *
348 * The basic model is that the caller can use the pointer returned
349 * by adt_start_session whether or not auditing is enabled or an
350 * error was returned. The functions that take the session handle
351 * as input generally return without doing anything if auditing is
352 * disabled.
353 */
354
355 int
356 adt_start_session(adt_session_data_t **new_session,
357 const adt_export_data_t *imported_state, adt_session_flags_t flags)
358 {
359 adt_internal_state_t *state;
360 adt_session_flags_t flgmask = ADT_FLAGS_ALL;
361
362 /* test and set auditstate */
363 if (adt_audit_state(AUC_DISABLED)) {
364 /* c2audit excluded */
365 *new_session = NULL;
366 return (0);
367 }
368
369 if ((flags & ~flgmask) != 0) {
370 errno = EINVAL;
371 goto return_err;
372 }
373
374 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) {
375 goto return_err;
376 }
377
378 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) {
379 goto return_err_free; /* errno from adt_init() */
380 }
381
382 /*
383 * The imported state overwrites the initial state if the
384 * imported state represents a valid audit trail
385 */
386
387 if (imported_state != NULL) {
388 if (adt_import(state, imported_state) != 0) {
389 goto return_err_free;
390 }
391 } else if (flags & ADT_USE_PROC_DATA) {
392 state->as_session_model = ADT_PROCESS_MODEL;
393 }
394 state->as_flags = flags;
395 DPRINTF(("(%lld) Starting session id = %08X\n",
396 (long long) getpid(), state->as_info.ai_asid));
397
398 *new_session = (adt_session_data_t *)state;
399 return (0);
400
401 return_err_free:
402 free(state);
403 return_err:
404 *new_session = NULL;
405 adt_write_syslog("audit session create failed", errno);
406 return (-1);
407 }
408
409 /*
410 * adt_load_table()
411 *
412 * loads the event translation table into the audit session.
413 */
414
415 void
416 adt_load_table(const adt_session_data_t *session_data,
417 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *))
418 {
419 adt_internal_state_t *state = (adt_internal_state_t *)session_data;
420
421 if (state != NULL) {
422 assert(state->as_check == ADT_VALID);
423 state->as_xlate = xlate;
424 state->as_preload = preload;
425 }
426 }
427
428 /*
429 * adt_get_asid() and adt_set_asid()
430 *
431 * if you use this interface, you are responsible to insure that the
432 * rest of the session data is populated correctly before calling
433 * adt_proccess_attr()
434 *
435 * neither of these are intended for general use and will likely
436 * remain private interfaces for a long time. Forever is a long
437 * time. In the case of adt_set_asid(), you should have a very,
438 * very good reason for setting your own session id. The process
439 * audit characteristics are not changed by put, use adt_set_proc().
440 *
441 * These are "volatile" (more changable than "evolving") and will
442 * probably change in the S10 period.
443 */
444
445 void
446 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
447 {
448
449 if (session_data == NULL) {
450 *asid = 0;
451 } else {
452 assert(((adt_internal_state_t *)session_data)->as_check ==
453 ADT_VALID);
454
455 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid;
456 }
457 }
458
459 void
460 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
461 {
462
463 if (session_data != NULL) {
464 assert(((adt_internal_state_t *)session_data)->as_check ==
465 ADT_VALID);
466
467 ((adt_internal_state_t *)session_data)->as_have_user_data |=
468 ADT_HAVE_ASID;
469 ((adt_internal_state_t *)session_data)->as_info.ai_asid =
470 session_id;
471 }
472 }
473
474 /*
475 * adt_get_auid() and adt_set_auid()
476 *
477 * neither of these are intended for general use and will likely
478 * remain private interfaces for a long time. Forever is a long
479 * time. In the case of adt_set_auid(), you should have a very,
480 * very good reason for setting your own audit id. The process
481 * audit characteristics are not changed by put, use adt_set_proc().
482 */
483
484 void
485 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
486 {
487
488 if (session_data == NULL) {
489 *auid = AU_NOAUDITID;
490 } else {
491 assert(((adt_internal_state_t *)session_data)->as_check ==
492 ADT_VALID);
493
494 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid;
495 }
496 }
497
498 void
499 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
500 {
501
502 if (session_data != NULL) {
503 assert(((adt_internal_state_t *)session_data)->as_check ==
504 ADT_VALID);
505
506 ((adt_internal_state_t *)session_data)->as_have_user_data |=
507 ADT_HAVE_AUID;
508 ((adt_internal_state_t *)session_data)->as_info.ai_auid =
509 audit_id;
510 }
511 }
512
513 /*
514 * adt_get_termid(), adt_set_termid()
515 *
516 * if you use this interface, you are responsible to insure that the
517 * rest of the session data is populated correctly before calling
518 * adt_proccess_attr()
519 *
520 * The process audit characteristics are not changed by put, use
521 * adt_set_proc().
522 */
523
524 void
525 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
526 {
527
528 if (session_data == NULL) {
529 (void) memset(termid, 0, sizeof (au_tid_addr_t));
530 termid->at_type = AU_IPv4;
531 } else {
532 assert(((adt_internal_state_t *)session_data)->as_check ==
533 ADT_VALID);
534
535 *termid =
536 ((adt_internal_state_t *)session_data)->as_info.ai_termid;
537 }
538 }
539
540 void
541 adt_set_termid(const adt_session_data_t *session_data,
542 const au_tid_addr_t *termid)
543 {
544
545 if (session_data != NULL) {
546 assert(((adt_internal_state_t *)session_data)->as_check ==
547 ADT_VALID);
548
549 ((adt_internal_state_t *)session_data)->as_info.ai_termid =
550 *termid;
551
552 ((adt_internal_state_t *)session_data)->as_have_user_data |=
553 ADT_HAVE_TID;
554 }
555 }
556
557 /*
558 * adt_get_mask(), adt_set_mask()
559 *
560 * if you use this interface, you are responsible to insure that the
561 * rest of the session data is populated correctly before calling
562 * adt_proccess_attr()
563 *
564 * The process audit characteristics are not changed by put, use
565 * adt_set_proc().
566 */
567
568 void
569 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
570 {
571
572 if (session_data == NULL) {
573 mask->am_success = 0;
574 mask->am_failure = 0;
575 } else {
576 assert(((adt_internal_state_t *)session_data)->as_check ==
577 ADT_VALID);
578
579 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask;
580 }
581 }
582
583 void
584 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
585 {
586
587 if (session_data != NULL) {
588 assert(((adt_internal_state_t *)session_data)->as_check ==
589 ADT_VALID);
590
591 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask;
592
593 ((adt_internal_state_t *)session_data)->as_have_user_data |=
594 ADT_HAVE_MASK;
595 }
596 }
597
598 /*
599 * helpers for adt_load_termid
600 */
601
602 static dev_t
603 adt_ports_to_at_port(in_port_t remote, in_port_t local)
604 {
605 dev_t port;
606
607 #ifdef _LP64
608 dev_t tmp;
609
610 /*
611 * In 64-bit, at_port is a 64-bit value encoding major/minor
612 * device numbers as 32-bits each. However when a 32-bit application
613 * subsequently requests the audit address via getaudit_addr(), this
614 * value must be capable of being compressed down to a 14-bit major and
615 * 18-bit minor number or the call will fail.
616 *
617 * In order to construct a 32-bit compatible value, the top 14-bits of
618 * the remote port are used for the major number and the remaining
619 * 2-bits + local port are used for the minor.
620 */
621
622 tmp = ((remote<<16) | (local));
623 port = (tmp & MAXMIN32);
624 port |= (((tmp >> NBITSMINOR32) & MAXMAJ32) << NBITSMINOR64);
625 #else
626 port = ((remote<<16) | (local));
627 #endif
628
629 return (port);
630 }
631
632 static void
633 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
634 au_tid_addr_t *termid)
635 {
636 termid->at_port =
637 adt_ports_to_at_port(peer->sin6_port, sock->sin6_port);
638 termid->at_type = AU_IPv6;
639 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t));
640 }
641
642 static void
643 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock,
644 au_tid_addr_t *termid)
645 {
646 termid->at_port = adt_ports_to_at_port(peer->sin_port, sock->sin_port);
647 termid->at_type = AU_IPv4;
648 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr;
649 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t));
650 }
651
652 /*
653 * adt_load_termid: convenience function; inputs file handle and
654 * outputs an au_tid_addr struct.
655 *
656 * This code was stolen from audit_settid.c; it differs from audit_settid()
657 * in that it does not write the terminal id to the process.
658 */
659
660 int
661 adt_load_termid(int fd, adt_termid_t **termid)
662 {
663 au_tid_addr_t *p_term;
664 struct sockaddr_in6 peer;
665 struct sockaddr_in6 sock;
666 int peerlen = sizeof (peer);
667 int socklen = sizeof (sock);
668
669 /* get peer name if its a socket, else assume local terminal */
670
671 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
672 < 0) {
673 if (errno == ENOTSOCK) {
674 return (adt_load_hostname(NULL, termid));
675 }
676 goto return_err;
677 }
678
679 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
680 goto return_err;
681 }
682
683 /* get sock name */
684 if (getsockname(fd, (struct sockaddr *)&sock,
685 (socklen_t *)&socklen) < 0) {
686 goto return_err_free;
687 }
688
689 if (peer.sin6_family == AF_INET6) {
690 adt_do_ipv6_address(&peer, &sock, p_term);
691 } else {
692 adt_do_ipv4_address((struct sockaddr_in *)&peer,
693 (struct sockaddr_in *)&sock, p_term);
694 }
695 *termid = (adt_termid_t *)p_term;
696
697 return (0);
698
699 return_err_free:
700 free(p_term);
701 return_err:
702 *termid = NULL;
703 return (-1);
704 }
705
706 static boolean_t
707 adt_have_termid(au_tid_addr_t *dest)
708 {
709 struct auditinfo_addr audit_data;
710
711 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) {
712 adt_write_syslog("getaudit failed", errno);
713 return (B_FALSE);
714 }
715
716 if ((audit_data.ai_termid.at_type == 0) ||
717 (audit_data.ai_termid.at_addr[0] |
718 audit_data.ai_termid.at_addr[1] |
719 audit_data.ai_termid.at_addr[2] |
720 audit_data.ai_termid.at_addr[3]) == 0)
721 return (B_FALSE);
722
723 (void) memcpy(dest, &(audit_data.ai_termid),
724 sizeof (au_tid_addr_t));
725
726 return (B_TRUE);
727 }
728
729 /*
730 * adt_get_hostIP - construct a terminal id from a hostname
731 *
732 * Returns 0 = success
733 * -1 = failure and errno = ENETDOWN with the address
734 * defaulted to IPv4 loopback.
735 */
736
737 static int
738 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
739 {
740 struct addrinfo *ai = NULL;
741 int tries = 3;
742 char msg[512];
743 int eai_err;
744
745 while ((tries-- > 0) &&
746 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) {
747 /*
748 * getaddrinfo returns its own set of errors.
749 * Log them here, so any subsequent syslogs will
750 * have a context. adt_get_hostIP callers can only
751 * return errno, so subsequent syslogs may be lacking
752 * that getaddrinfo failed.
753 */
754 (void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) "
755 "failed[%s]", hostname, gai_strerror(eai_err));
756 adt_write_syslog(msg, 0);
757
758 if (eai_err != EAI_AGAIN) {
759
760 break;
761 }
762 /* see if resolution becomes available */
763 (void) sleep(1);
764 }
765 if (ai != NULL) {
766 if (ai->ai_family == AF_INET) {
767 p_term->at_type = AU_IPv4;
768 (void) memcpy(p_term->at_addr,
769 /* LINTED */
770 &((struct sockaddr_in *)ai->ai_addr)->sin_addr,
771 AU_IPv4);
772 } else {
773 p_term->at_type = AU_IPv6;
774 (void) memcpy(p_term->at_addr,
775 /* LINTED */
776 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
777 AU_IPv6);
778 }
779 freeaddrinfo(ai);
780 return (0);
781 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) {
782 auditinfo_addr_t audit_info;
783
784 /*
785 * auditd is running so there should be a
786 * kernel audit context
787 */
788 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
789 sizeof (audit_info)) < 0) {
790 adt_write_syslog("unable to get kernel audit context",
791 errno);
792 goto try_interface;
793 }
794 adt_write_syslog("setting Audit IP address to kernel", 0);
795 *p_term = audit_info.ai_termid;
796 return (0);
797 }
798 try_interface:
799 {
800 struct ifaddrlist al;
801 int family;
802 char ntop[INET6_ADDRSTRLEN];
803
804 /*
805 * getaddrinfo has failed to map the hostname
806 * to an IP address, try to get an IP address
807 * from a local interface. If none up, default
808 * to loopback.
809 */
810 family = AF_INET6;
811 if (adt_get_local_address(family, &al) != 0) {
812 family = AF_INET;
813
814 if (adt_get_local_address(family, &al) != 0) {
815 adt_write_syslog("adt_get_local_address "
816 "failed, no Audit IP address available, "
817 "faking loopback and error",
818 errno);
819 IN_SET_LOOPBACK_ADDR(
820 (struct sockaddr_in *)&(al.addr.addr));
821 (void) memcpy(p_term->at_addr, &al.addr.addr,
822 AU_IPv4);
823 p_term->at_type = AU_IPv4;
824 return (-1);
825 }
826 }
827 if (family == AF_INET) {
828 p_term->at_type = AU_IPv4;
829 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4);
830 } else {
831 p_term->at_type = AU_IPv6;
832 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6);
833 }
834
835 (void) snprintf(msg, sizeof (msg), "mapping %s to %s",
836 hostname, inet_ntop(family, &(al.addr), ntop,
837 sizeof (ntop)));
838 adt_write_syslog(msg, 0);
839 return (0);
840 }
841 }
842
843 /*
844 * adt_load_hostname() is called when the caller does not have a file
845 * handle that gives access to the socket info or any other way to
846 * pass in both port and ip address. The hostname input is ignored if
847 * the terminal id has already been set; instead it returns the
848 * existing terminal id.
849 *
850 * If c2audit is excluded, success is returned.
851 * If the hostname lookup fails, the loopback address is assumed,
852 * errno is set to ENETDOWN, this allows the caller to interpret
853 * whether failure is fatal, and if not to have a address for the
854 * hostname.
855 * Otherwise the caller would need to be aware of the audit state.
856 *
857 * Other errors are ignored if not auditing.
858 */
859
860 int
861 adt_load_hostname(const char *hostname, adt_termid_t **termid)
862 {
863 char localhost[MAXHOSTNAMELEN + 1];
864 au_tid_addr_t *p_term;
865
866 if (adt_audit_state(AUC_DISABLED)) {
867 /* c2audit excluded */
868 *termid = NULL;
869 return (0);
870 }
871
872 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
873 goto return_err;
874 }
875
876 if (adt_have_termid(p_term)) {
877 *termid = (adt_termid_t *)p_term;
878 return (0);
879 }
880 p_term->at_port = 0;
881
882 if (hostname == NULL || *hostname == '\0') {
883 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN);
884 hostname = localhost;
885 }
886 if (adt_get_hostIP(hostname, p_term) == 0) {
887 *termid = (adt_termid_t *)p_term;
888 return (0);
889 } else {
890 *termid = (adt_termid_t *)p_term;
891 return (-1);
892 }
893
894 return_err:
895 *termid = NULL;
896 if (auditstate & AUC_NOAUDIT) {
897 return (0);
898 }
899
900 return (-1);
901 }
902
903 /*
904 * adt_load_ttyname() is called when the caller does not have a file
905 * handle that gives access to the local terminal or any other way
906 * of determining the device id. The ttyname input is ignored if
907 * the terminal id has already been set; instead it returns the
908 * existing terminal id.
909 *
910 * If c2audit is excluded, success is returned.
911 * The local hostname is used for the local IP address.
912 * If that hostname lookup fails, the loopback address is assumed,
913 * errno is set to ENETDOWN, this allows the caller to interpret
914 * whether failure is fatal, and if not to have a address for the
915 * hostname.
916 * Otherwise the caller would need to be aware of the audit state.
917 *
918 * Other errors are ignored if not auditing.
919 */
920
921 int
922 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
923 {
924 char localhost[MAXHOSTNAMELEN + 1];
925 au_tid_addr_t *p_term;
926 struct stat stat_buf;
927
928 if (adt_audit_state(AUC_DISABLED)) {
929 /* c2audit excluded */
930 *termid = NULL;
931 return (0);
932 }
933
934 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
935 goto return_err;
936 }
937
938 if (adt_have_termid(p_term)) {
939 *termid = (adt_termid_t *)p_term;
940 return (0);
941 }
942
943 p_term->at_port = 0;
944
945 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) {
946 goto return_err_free; /* errno from sysinfo */
947 }
948
949 if (ttyname != NULL && *ttyname != '\0') {
950 if (stat(ttyname, &stat_buf) < 0) {
951 goto return_err_free;
952 }
953
954 p_term->at_port = stat_buf.st_rdev;
955 }
956
957 if (adt_get_hostIP(localhost, p_term) == 0) {
958 *termid = (adt_termid_t *)p_term;
959 return (0);
960 } else {
961 *termid = (adt_termid_t *)p_term;
962 return (-1);
963 }
964
965 return_err_free:
966 free(p_term);
967
968 return_err:
969 *termid = NULL;
970 if (auditstate & AUC_NOAUDIT) {
971 return (0);
972 }
973
974 return (-1);
975 }
976
977 /*
978 * adt_get_session_id returns a stringified representation of
979 * the audit session id. See also adt_get_asid() for how to
980 * get the unexpurgated version. No guarantees as to how long
981 * the returned string will be or its general form; hex for now.
982 *
983 * An empty string is returned if auditing is off; length = 1
984 * and the pointer is valid.
985 *
986 * returns strlen + 1 if buffer is valid; else 0 and errno.
987 */
988
989 size_t
990 adt_get_session_id(const adt_session_data_t *session_data, char **buff)
991 {
992 au_asid_t session_id;
993 size_t length;
994 /*
995 * output is 0x followed by
996 * two characters per byte
997 * plus terminator,
998 * except leading 0's are suppressed, so a few bytes may
999 * be unused.
1000 */
1001 length = 2 + (2 * sizeof (session_id)) + 1;
1002 *buff = malloc(length);
1003
1004 if (*buff == NULL) {
1005 return (0);
1006 }
1007 if (session_data == NULL) { /* NULL is not an error */
1008 **buff = '\0';
1009 return (1);
1010 }
1011 adt_get_asid(session_data, &session_id);
1012
1013 length = snprintf(*buff, length, "0x%X", (int)session_id);
1014
1015 /* length < 1 is a bug: the session data type may have changed */
1016 assert(length > 0);
1017
1018 return (length);
1019 }
1020
1021 /*
1022 * adt_end_session -- close handle, clear context
1023 *
1024 * if as_check is invalid, no harm, no foul, EXCEPT that this could
1025 * be an attempt to free data already free'd, so output to syslog
1026 * to help explain why the process cored dumped.
1027 */
1028
1029 int
1030 adt_end_session(adt_session_data_t *session_data)
1031 {
1032 adt_internal_state_t *state;
1033
1034 if (session_data != NULL) {
1035 state = (adt_internal_state_t *)session_data;
1036 if (state->as_check != ADT_VALID) {
1037 adt_write_syslog("freeing invalid data", EINVAL);
1038 } else {
1039 state->as_check = 0;
1040 m_label_free(state->as_label);
1041 free(session_data);
1042 }
1043 }
1044 /* no errors yet defined */
1045 return (0);
1046 }
1047
1048 /*
1049 * adt_dup_session -- copy the session data
1050 */
1051
1052 int
1053 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest)
1054 {
1055 adt_internal_state_t *source_state;
1056 adt_internal_state_t *dest_state = NULL;
1057 int rc = 0;
1058
1059 if (source != NULL) {
1060 source_state = (adt_internal_state_t *)source;
1061 assert(source_state->as_check == ADT_VALID);
1062
1063 dest_state = malloc(sizeof (adt_internal_state_t));
1064 if (dest_state == NULL) {
1065 rc = -1;
1066 goto return_rc;
1067 }
1068 (void) memcpy(dest_state, source,
1069 sizeof (struct adt_internal_state));
1070
1071 if (source_state->as_label != NULL) {
1072 dest_state->as_label = NULL;
1073 if ((rc = m_label_dup(&dest_state->as_label,
1074 source_state->as_label)) != 0) {
1075 free(dest_state);
1076 dest_state = NULL;
1077 }
1078 }
1079 }
1080 return_rc:
1081 *dest = (adt_session_data_t *)dest_state;
1082 return (rc);
1083 }
1084
1085 /*
1086 * from_export_format()
1087 * read from a network order buffer into struct adt_session_data
1088 */
1089
1090 static size_t
1091 adt_from_export_format(adt_internal_state_t *internal,
1092 const adt_export_data_t *external)
1093 {
1094 struct export_header head;
1095 struct export_link link;
1096 adr_t context;
1097 int32_t offset;
1098 int32_t length;
1099 int32_t version;
1100 size_t label_len;
1101 char *p = (char *)external;
1102
1103 adrm_start(&context, (char *)external);
1104 adrm_int32(&context, (int *)&head, 4);
1105
1106 if ((internal->as_check = head.ax_check) != ADT_VALID) {
1107 errno = EINVAL;
1108 return (0);
1109 }
1110 offset = head.ax_link.ax_offset;
1111 version = head.ax_link.ax_version;
1112 length = head.ax_buffer_length;
1113
1114 /*
1115 * Skip newer versions.
1116 */
1117 while (version > PROTOCOL_VERSION_2) {
1118 if (offset < 1) {
1119 return (0); /* failed to match version */
1120 }
1121 p += offset; /* point to next version # */
1122
1123 if (p > (char *)external + length) {
1124 return (0);
1125 }
1126 adrm_start(&context, p);
1127 adrm_int32(&context, (int *)&link, 2);
1128 offset = link.ax_offset;
1129 version = link.ax_version;
1130 assert(version != 0);
1131 }
1132 /*
1133 * Adjust buffer pointer to the first data item (euid).
1134 */
1135 if (p == (char *)external) {
1136 adrm_start(&context, (char *)(p + sizeof (head)));
1137 } else {
1138 adrm_start(&context, (char *)(p + sizeof (link)));
1139 }
1140 /*
1141 * if down rev version, neither pid nor label are included
1142 * in v1 ax_size_of_tsol_data intentionally ignored
1143 */
1144 if (version == PROTOCOL_VERSION_1) {
1145 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1146 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1147 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1148 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1149 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1150 adrm_int32(&context,
1151 (int *)&(internal->as_info.ai_mask.am_success), 2);
1152 adrm_int32(&context,
1153 (int *)&(internal->as_info.ai_termid.at_port), 1);
1154 adrm_int32(&context,
1155 (int *)&(internal->as_info.ai_termid.at_type), 1);
1156 adrm_int32(&context,
1157 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1158 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1159 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1160 internal->as_pid = (pid_t)-1;
1161 internal->as_label = NULL;
1162 } else if (version == PROTOCOL_VERSION_2) {
1163 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1164 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1165 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1166 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1167 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1168 adrm_int32(&context,
1169 (int *)&(internal->as_info.ai_mask.am_success), 2);
1170 adrm_int32(&context,
1171 (int *)&(internal->as_info.ai_termid.at_port), 1);
1172 adrm_int32(&context,
1173 (int *)&(internal->as_info.ai_termid.at_type), 1);
1174 adrm_int32(&context,
1175 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1176 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1177 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1178 adrm_int32(&context, (int *)&(internal->as_pid), 1);
1179 adrm_int32(&context, (int *)&label_len, 1);
1180 if (label_len > 0) {
1181 /* read in and deal with different sized labels. */
1182 size32_t my_label_len = blabel_size();
1183
1184 if ((internal->as_label =
1185 m_label_alloc(MAC_LABEL)) == NULL) {
1186 return (0);
1187 }
1188 if (label_len > my_label_len) {
1189 errno = EINVAL;
1190 m_label_free(internal->as_label);
1191 return (0);
1192 }
1193 (void) memset(internal->as_label, 0, my_label_len);
1194 adrm_int32(&context, (int *)(internal->as_label),
1195 label_len / sizeof (int32_t));
1196 } else {
1197 internal->as_label = NULL;
1198 }
1199 }
1200
1201 return (length);
1202 }
1203
1204 /*
1205 * adt_to_export_format
1206 * read from struct adt_session_data into a network order buffer.
1207 *
1208 * (network order 'cause this data may be shared with a remote host.)
1209 */
1210
1211 static size_t
1212 adt_to_export_format(adt_export_data_t *external,
1213 adt_internal_state_t *internal)
1214 {
1215 struct export_header head;
1216 struct export_link tail;
1217 adr_t context;
1218 size32_t label_len = 0;
1219
1220 adrm_start(&context, (char *)external);
1221
1222 if (internal->as_label != NULL) {
1223 label_len = blabel_size();
1224 }
1225
1226 head.ax_check = ADT_VALID;
1227 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len;
1228
1229 /* version 2 first */
1230
1231 head.ax_link.ax_version = PROTOCOL_VERSION_2;
1232 head.ax_link.ax_offset = sizeof (struct export_header) +
1233 sizeof (struct adt_export_v2) + label_len;
1234
1235 adrm_putint32(&context, (int *)&head, 4);
1236
1237 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1238 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1239 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1240 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1241 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1242 adrm_putint32(&context,
1243 (int *)&(internal->as_info.ai_mask.am_success), 2);
1244 adrm_putint32(&context,
1245 (int *)&(internal->as_info.ai_termid.at_port), 1);
1246 adrm_putint32(&context,
1247 (int *)&(internal->as_info.ai_termid.at_type), 1);
1248 adrm_putint32(&context,
1249 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1250 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1251 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1252 adrm_putint32(&context, (int *)&(internal->as_pid), 1);
1253 adrm_putint32(&context, (int *)&label_len, 1);
1254 if (internal->as_label != NULL) {
1255 /* serialize the label */
1256 adrm_putint32(&context, (int *)(internal->as_label),
1257 (label_len / sizeof (int32_t)));
1258 }
1259
1260 /* now version 1 */
1261
1262 tail.ax_version = PROTOCOL_VERSION_1;
1263 tail.ax_offset = 0;
1264
1265 adrm_putint32(&context, (int *)&tail, 2);
1266
1267 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1268 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1269 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1270 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1271 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1272 adrm_putint32(&context,
1273 (int *)&(internal->as_info.ai_mask.am_success), 2);
1274 adrm_putint32(&context,
1275 (int *)&(internal->as_info.ai_termid.at_port), 1);
1276 adrm_putint32(&context,
1277 (int *)&(internal->as_info.ai_termid.at_type), 1);
1278 adrm_putint32(&context,
1279 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1280 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1281 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1282 /* ignored in v1 */
1283 adrm_putint32(&context, (int *)&label_len, 1);
1284
1285 /* finally terminator */
1286
1287 tail.ax_version = 0; /* invalid version number */
1288 tail.ax_offset = 0;
1289
1290 adrm_putint32(&context, (int *)&tail, 2);
1291
1292 return (head.ax_buffer_length);
1293 }
1294
1295 /*
1296 * adt_ucred_label() -- if label is available, duplicate it.
1297 */
1298
1299 static m_label_t *
1300 adt_ucred_label(ucred_t *uc)
1301 {
1302 m_label_t *ul = NULL;
1303
1304 if (ucred_getlabel(uc) != NULL) {
1305 (void) m_label_dup(&ul, ucred_getlabel(uc));
1306 }
1307
1308 return (ul);
1309 }
1310
1311 /*
1312 * adt_import() -- convert from network order to machine-specific order
1313 */
1314
1315 static int
1316 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
1317 {
1318 au_mask_t mask;
1319
1320 /* save local audit state */
1321 int local_audit_state = internal->as_audit_state;
1322
1323 if (adt_from_export_format(internal, external) < 1)
1324 return (-1); /* errno from adt_from_export_format */
1325
1326 /*
1327 * If audit isn't enabled on the remote, they were unable
1328 * to generate the audit mask, so generate it based on
1329 * local configuration. If the user id has changed, the
1330 * resulting mask may miss some subtleties that occurred
1331 * on the remote system.
1332 *
1333 * If the remote failed to generate a terminal id, it is not
1334 * recoverable.
1335 */
1336
1337 if (!(internal->as_audit_state & AUC_DISABLED)) {
1338 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1339 &(internal->as_info.ai_mask)))
1340 return (-1);
1341 if (internal->as_info.ai_auid != internal->as_ruid) {
1342 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1343 &mask))
1344 return (-1);
1345 internal->as_info.ai_mask.am_success |=
1346 mask.am_success;
1347 internal->as_info.ai_mask.am_failure |=
1348 mask.am_failure;
1349 }
1350 }
1351 internal->as_audit_state = local_audit_state;
1352
1353 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(),
1354 internal->as_info.ai_asid,
1355 internal->as_info.ai_asid));
1356
1357 internal->as_have_user_data = ADT_HAVE_ALL;
1358
1359 return (0);
1360 }
1361
1362 /*
1363 * adt_export_session_data()
1364 * copies a adt_session_data struct into a network order buffer
1365 *
1366 * In a misconfigured network, the local host may have auditing
1367 * off while the destination may have auditing on, so if there
1368 * is sufficient memory, a buffer will be returned even in the
1369 * audit off case.
1370 */
1371
1372 size_t
1373 adt_export_session_data(const adt_session_data_t *internal,
1374 adt_export_data_t **external)
1375 {
1376 size32_t length = 0;
1377
1378 if ((internal != NULL) &&
1379 ((adt_internal_state_t *)internal)->as_label != NULL) {
1380 length = blabel_size();
1381 }
1382
1383 *external = malloc(sizeof (adt_export_data_t) + length);
1384
1385 if (*external == NULL)
1386 return (0);
1387
1388 if (internal == NULL) {
1389 adt_internal_state_t *dummy;
1390
1391 dummy = malloc(sizeof (adt_internal_state_t));
1392 if (dummy == NULL)
1393 goto return_length_free;
1394
1395 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */
1396 free(dummy);
1397 goto return_length_free;
1398 }
1399 length = adt_to_export_format(*external, dummy);
1400 free(dummy);
1401 } else {
1402 length = adt_to_export_format(*external,
1403 (adt_internal_state_t *)internal);
1404 }
1405 return (length);
1406
1407 return_length_free:
1408 free(*external);
1409 *external = NULL;
1410 return (0);
1411 }
1412
1413 static void
1414 adt_setto_unaudited(adt_internal_state_t *state)
1415 {
1416 if (state->as_audit_state & AUC_DISABLED) {
1417 state->as_ruid = AU_NOAUDITID;
1418 state->as_euid = AU_NOAUDITID;
1419 state->as_rgid = AU_NOAUDITID;
1420 state->as_egid = AU_NOAUDITID;
1421 state->as_pid = (pid_t)-1;
1422 state->as_label = NULL;
1423 } else {
1424 state->as_info.ai_asid = 0;
1425 state->as_info.ai_auid = AU_NOAUDITID;
1426
1427 (void) memset((void *)&(state->as_info.ai_termid), 0,
1428 sizeof (au_tid_addr_t));
1429 state->as_info.ai_termid.at_type = AU_IPv4;
1430
1431 (void) memset((void *)&(state->as_info.ai_mask), 0,
1432 sizeof (au_mask_t));
1433 state->as_have_user_data = 0;
1434 }
1435 }
1436
1437 /*
1438 * adt_init -- set session context by copying the audit characteristics
1439 * from the proc and picking up current uid/tid information.
1440 *
1441 * By default, an audit session is based on the process; the default
1442 * is overriden by adt_set_user()
1443 */
1444
1445 static int
1446 adt_init(adt_internal_state_t *state, int use_proc_data)
1447 {
1448 /* ensure auditstate is set */
1449
1450 (void) adt_audit_state(0);
1451 state->as_audit_state = auditstate;
1452
1453 if (use_proc_data) {
1454 state->as_ruid = getuid();
1455 state->as_euid = geteuid();
1456 state->as_rgid = getgid();
1457 state->as_egid = getegid();
1458 state->as_pid = getpid();
1459
1460 if (!(state->as_audit_state & AUC_DISABLED)) {
1461 const au_tid64_addr_t *tid;
1462 const au_mask_t *mask;
1463 ucred_t *ucred = ucred_get(P_MYID);
1464
1465 /*
1466 * Even if the ucred is NULL, the underlying
1467 * credential may have a valid terminal id; if the
1468 * terminal id is set, then that's good enough. An
1469 * example of where this matters is failed login,
1470 * where rlogin/telnet sets the terminal id before
1471 * calling login; login does not load the credential
1472 * since auth failed.
1473 */
1474 if (ucred == NULL) {
1475 if (!adt_have_termid(
1476 &(state->as_info.ai_termid)))
1477 return (-1);
1478 } else {
1479 mask = ucred_getamask(ucred);
1480 if (mask != NULL) {
1481 state->as_info.ai_mask = *mask;
1482 } else {
1483 ucred_free(ucred);
1484 return (-1);
1485 }
1486 tid = ucred_getatid(ucred);
1487 if (tid != NULL) {
1488 adt_cpy_tid(&(state->as_info.ai_termid),
1489 tid);
1490 } else {
1491 ucred_free(ucred);
1492 return (-1);
1493 }
1494 state->as_info.ai_asid = ucred_getasid(ucred);
1495 state->as_info.ai_auid = ucred_getauid(ucred);
1496 state->as_label = adt_ucred_label(ucred);
1497 ucred_free(ucred);
1498 }
1499 state->as_have_user_data = ADT_HAVE_ALL;
1500 }
1501 } else {
1502 adt_setto_unaudited(state);
1503 }
1504 state->as_session_model = ADT_SESSION_MODEL; /* default */
1505
1506 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) &&
1507 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy),
1508 sizeof (state->as_kernel_audit_policy))) {
1509 return (-1); /* errno set by auditon */
1510 }
1511 state->as_check = ADT_VALID;
1512 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0],
1513 &adt_preload);
1514 return (0);
1515 }
1516
1517 /*
1518 * adt_set_proc
1519 *
1520 * Copy the current session state to the process. If this function
1521 * is called, the model becomes a process model rather than a
1522 * session model.
1523 *
1524 * In the current implementation, the value state->as_have_user_data
1525 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set
1526 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in.
1527 *
1528 */
1529
1530 int
1531 adt_set_proc(const adt_session_data_t *session_data)
1532 {
1533 adt_internal_state_t *state;
1534
1535 if (session_data == NULL) {
1536 return (0);
1537 }
1538
1539 state = (adt_internal_state_t *)session_data;
1540
1541 assert(state->as_check == ADT_VALID);
1542
1543 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) !=
1544 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) {
1545 errno = EINVAL;
1546 goto return_err;
1547 }
1548
1549 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info),
1550 sizeof (auditinfo_addr_t)) < 0) {
1551 goto return_err; /* errno set by setaudit_addr() */
1552 }
1553
1554 state->as_session_model = ADT_PROCESS_MODEL;
1555
1556 return (0);
1557
1558 return_err:
1559 adt_write_syslog("failed to set process audit characteristics", errno);
1560 return (-1);
1561 }
1562
1563 static int
1564 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
1565 {
1566 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0};
1567 au_mask_t no_mask = {0, 0};
1568
1569 if (ruid == ADT_NO_AUDIT) {
1570 state->as_info.ai_auid = AU_NOAUDITID;
1571 state->as_info.ai_asid = 0;
1572 state->as_info.ai_termid = no_tid;
1573 state->as_info.ai_mask = no_mask;
1574 return (0);
1575 }
1576 state->as_info.ai_auid = ruid;
1577 state->as_info.ai_asid = adt_get_unique_id(ruid);
1578 if (termid != NULL)
1579 state->as_info.ai_termid = *termid;
1580
1581 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask)))
1582 return (-1);
1583
1584 /* Assume intending to audit as this process */
1585
1586 if (state->as_pid == (pid_t)-1)
1587 state->as_pid = getpid();
1588
1589 if (is_system_labeled() && state->as_label == NULL) {
1590 ucred_t *ucred = ucred_get(P_MYID);
1591
1592 state->as_label = adt_ucred_label(ucred);
1593 ucred_free(ucred);
1594 }
1595
1596 return (0);
1597 }
1598
1599 static int
1600 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
1601 {
1602 au_mask_t mask;
1603
1604 if (!(state->as_have_user_data & ADT_HAVE_AUID))
1605 state->as_info.ai_auid = ruid;
1606 if (!(state->as_have_user_data & ADT_HAVE_ASID))
1607 state->as_info.ai_asid = adt_get_unique_id(ruid);
1608
1609 if (ruid <= MAXEPHUID) {
1610 if (adt_get_mask_from_user(ruid, &mask))
1611 return (-1);
1612
1613 state->as_info.ai_mask.am_success |= mask.am_success;
1614 state->as_info.ai_mask.am_failure |= mask.am_failure;
1615 }
1616 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n",
1617 state->as_info.ai_mask.am_success,
1618 state->as_info.ai_mask.am_failure,
1619 ruid));
1620 return (0);
1621 }
1622
1623 /*
1624 * adt_set_user -- see also adt_set_from_ucred()
1625 *
1626 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
1627 * "unattributed." If ruid, change the model to session.
1628 *
1629 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
1630 * only valid with ADT_UPDATE.
1631 *
1632 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
1633 * isn't a good reason to call adt_set_user() with it unless you don't
1634 * have a good value yet and intend to replace it later; auid will be
1635 * AU_NOAUDITID.
1636 *
1637 * adt_set_user should be called even if auditing is not enabled
1638 * so that adt_export_session_data() will have useful stuff to
1639 * work with.
1640 *
1641 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
1642 * and ADT_HAVE_ALL.
1643 */
1644
1645 int
1646 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
1647 uid_t ruid, gid_t rgid, const adt_termid_t *termid,
1648 enum adt_user_context user_context)
1649 {
1650 adt_internal_state_t *state;
1651 int rc;
1652
1653 if (session_data == NULL) /* no session exists to audit */
1654 return (0);
1655
1656 state = (adt_internal_state_t *)session_data;
1657 assert(state->as_check == ADT_VALID);
1658
1659 switch (user_context) {
1660 case ADT_NEW:
1661 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE ||
1662 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) {
1663 errno = EINVAL;
1664 return (-1);
1665 }
1666 if ((rc = adt_newuser(state, ruid,
1667 (au_tid_addr_t *)termid)) != 0)
1668 return (rc);
1669
1670 state->as_have_user_data = ADT_HAVE_ALL;
1671 break;
1672 case ADT_UPDATE:
1673 if (state->as_have_user_data != ADT_HAVE_ALL) {
1674 errno = EINVAL;
1675 return (-1);
1676 }
1677
1678 if (ruid != ADT_NO_CHANGE)
1679 if ((rc = adt_changeuser(state, ruid)) != 0)
1680 return (rc);
1681 break;
1682 case ADT_USER:
1683 if (state->as_have_user_data != ADT_HAVE_ALL) {
1684 errno = EINVAL;
1685 return (-1);
1686 }
1687 break;
1688 case ADT_SETTID:
1689 assert(termid != NULL);
1690 state->as_info.ai_termid = *((au_tid_addr_t *)termid);
1691 /* avoid fooling pam_setcred()... */
1692 state->as_info.ai_auid = AU_NOAUDITID;
1693 state->as_info.ai_asid = 0;
1694 state->as_info.ai_mask.am_failure = 0;
1695 state->as_info.ai_mask.am_success = 0;
1696 state->as_have_user_data = ADT_HAVE_TID |
1697 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
1698 return (0);
1699 default:
1700 errno = EINVAL;
1701 return (-1);
1702 }
1703
1704 if (ruid == ADT_NO_AUDIT) {
1705 state->as_ruid = AU_NOAUDITID;
1706 state->as_euid = AU_NOAUDITID;
1707 state->as_rgid = AU_NOAUDITID;
1708 state->as_egid = AU_NOAUDITID;
1709 } else {
1710 if (ruid != ADT_NO_CHANGE)
1711 state->as_ruid = ruid;
1712 if (euid != ADT_NO_CHANGE)
1713 state->as_euid = euid;
1714 if (rgid != ADT_NO_CHANGE)
1715 state->as_rgid = rgid;
1716 if (egid != ADT_NO_CHANGE)
1717 state->as_egid = egid;
1718 }
1719
1720 if (ruid == ADT_NO_ATTRIB) {
1721 state->as_session_model = ADT_SESSION_MODEL;
1722 }
1723
1724 return (0);
1725 }
1726
1727 /*
1728 * adt_set_from_ucred()
1729 *
1730 * an alternate to adt_set_user that fills the same role but uses
1731 * a pointer to a ucred rather than a list of id's. If the ucred
1732 * pointer is NULL, use the credential from the this process.
1733 *
1734 * A key difference is that for ADT_NEW, adt_set_from_ucred() does
1735 * not overwrite the asid and auid unless auid has not been set.
1736 * ADT_NEW differs from ADT_UPDATE in that it does not OR together
1737 * the incoming audit mask with the one that already exists.
1738 *
1739 * adt_set_from_ucred should be called even if auditing is not enabled
1740 * so that adt_export_session_data() will have useful stuff to
1741 * work with.
1742 */
1743
1744 int
1745 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
1746 enum adt_user_context user_context)
1747 {
1748 adt_internal_state_t *state;
1749 int rc = -1;
1750 const au_tid64_addr_t *tid64;
1751 au_tid_addr_t termid, *tid;
1752 ucred_t *ucred = (ucred_t *)uc;
1753 boolean_t local_uc = B_FALSE;
1754
1755 if (session_data == NULL) /* no session exists to audit */
1756 return (0);
1757
1758 state = (adt_internal_state_t *)session_data;
1759 assert(state->as_check == ADT_VALID);
1760
1761 if (ucred == NULL) {
1762 ucred = ucred_get(P_MYID);
1763
1764 if (ucred == NULL)
1765 goto return_rc;
1766 local_uc = B_TRUE;
1767 }
1768
1769 switch (user_context) {
1770 case ADT_NEW:
1771 tid64 = ucred_getatid(ucred);
1772 if (tid64 != NULL) {
1773 adt_cpy_tid(&termid, tid64);
1774 tid = &termid;
1775 } else {
1776 tid = NULL;
1777 }
1778 if (ucred_getauid(ucred) == AU_NOAUDITID) {
1779 adt_setto_unaudited(state);
1780 state->as_have_user_data = ADT_HAVE_ALL;
1781 rc = 0;
1782 goto return_rc;
1783 } else {
1784 state->as_info.ai_auid = ucred_getauid(ucred);
1785 state->as_info.ai_asid = ucred_getasid(ucred);
1786 state->as_info.ai_mask = *ucred_getamask(ucred);
1787 state->as_info.ai_termid = *tid;
1788 }
1789 state->as_have_user_data = ADT_HAVE_ALL;
1790 break;
1791 case ADT_UPDATE:
1792 if (state->as_have_user_data != ADT_HAVE_ALL) {
1793 errno = EINVAL;
1794 goto return_rc;
1795 }
1796
1797 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0)
1798 goto return_rc;
1799 break;
1800 case ADT_USER:
1801 if (state->as_have_user_data != ADT_HAVE_ALL) {
1802 errno = EINVAL;
1803 goto return_rc;
1804 }
1805 break;
1806 default:
1807 errno = EINVAL;
1808 goto return_rc;
1809 }
1810 rc = 0;
1811
1812 state->as_ruid = ucred_getruid(ucred);
1813 state->as_euid = ucred_geteuid(ucred);
1814 state->as_rgid = ucred_getrgid(ucred);
1815 state->as_egid = ucred_getegid(ucred);
1816 state->as_pid = ucred_getpid(ucred);
1817 state->as_label = adt_ucred_label(ucred);
1818
1819 return_rc:
1820 if (local_uc) {
1821 ucred_free(ucred);
1822 }
1823 return (rc);
1824 }
1825
1826 /*
1827 * adt_alloc_event() returns a pointer to allocated memory
1828 *
1829 */
1830
1831 adt_event_data_t
1832 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id)
1833 {
1834 struct adt_event_state *event_state;
1835 adt_internal_state_t *session_state;
1836 adt_event_data_t *return_event = NULL;
1837 /*
1838 * need to return a valid event pointer even if audit is
1839 * off, else the caller will end up either (1) keeping its
1840 * own flags for on/off or (2) writing to a NULL pointer.
1841 * If auditing is on, the session data must be valid; otherwise
1842 * we don't care.
1843 */
1844 if (session_data != NULL) {
1845 session_state = (adt_internal_state_t *)session_data;
1846 assert(session_state->as_check == ADT_VALID);
1847 }
1848 event_state = calloc(1, sizeof (struct adt_event_state));
1849 if (event_state == NULL)
1850 goto return_ptr;
1851
1852 event_state->ae_check = ADT_VALID;
1853
1854 event_state->ae_event_id = event_id;
1855 event_state->ae_session = (struct adt_internal_state *)session_data;
1856
1857 return_event = (adt_event_data_t *)&(event_state->ae_event_data);
1858
1859 /*
1860 * preload data so the adt_au_*() functions can detect un-supplied
1861 * values (0 and NULL are free via calloc()).
1862 */
1863 if (session_data != NULL) {
1864 session_state->as_preload(event_id, return_event);
1865 }
1866
1867 return_ptr:
1868 return (return_event);
1869 }
1870
1871 /*
1872 * adt_getXlateTable -- look up translation table address for event id
1873 */
1874
1875 static adt_translation_t *
1876 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id)
1877 {
1878 /* xlate_table is global in adt_xlate.c */
1879 adt_translation_t **p_xlate = xlate;
1880 adt_translation_t *p_event;
1881
1882 while (*p_xlate != NULL) {
1883 p_event = *p_xlate;
1884 if (event_id == p_event->tx_external_event)
1885 return (p_event);
1886 p_xlate++;
1887 }
1888 return (NULL);
1889 }
1890
1891 /*
1892 * adt_calcOffsets
1893 *
1894 * the call to this function is surrounded by a mutex.
1895 *
1896 * i walks down the table picking up next_token. j walks again to
1897 * calculate the offset to the input data. k points to the next
1898 * token's row. Finally, l, is used to sum the values in the
1899 * datadef array.
1900 *
1901 * What's going on? The entry array is in the order of the input
1902 * fields but the processing of array entries is in the order of
1903 * the output (see next_token). Calculating the offset to the
1904 * "next" input can't be done in the outer loop (i) since i doesn't
1905 * point to the current entry and it can't be done with the k index
1906 * because it doesn't represent the order of input fields.
1907 *
1908 * While the resulting algorithm is n**2, it is only done once per
1909 * event type.
1910 */
1911
1912 /*
1913 * adt_calcOffsets is only called once per event type, but it uses
1914 * the address alignment of memory allocated for that event as if it
1915 * were the same for all subsequently allocated memory. This is
1916 * guaranteed by calloc/malloc. Arrays take special handling since
1917 * what matters for figuring out the correct alignment is the size
1918 * of the array element.
1919 */
1920
1921 static void
1922 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data)
1923 {
1924 int i, j;
1925 size_t this_size, prev_size;
1926 void *struct_start = p_data;
1927
1928 for (i = 0; i < tablesize; i++) {
1929 if (p_entry[i].en_type_def == NULL) {
1930 p_entry[i].en_offset = 0;
1931 continue;
1932 }
1933 prev_size = 0;
1934 p_entry[i].en_offset = (char *)p_data - (char *)struct_start;
1935
1936 for (j = 0; j < p_entry[i].en_count_types; j++) {
1937 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG)
1938 this_size = sizeof (enum adt_generic);
1939 else
1940 this_size =
1941 p_entry[i].en_type_def[j].dd_input_size;
1942
1943 /* adj for first entry */
1944 if (prev_size == 0)
1945 prev_size = this_size;
1946
1947 if (p_entry[i].en_type_def[j].dd_datatype ==
1948 ADT_UINT32ARRAY) {
1949 p_data = (char *)adt_adjust_address(p_data,
1950 prev_size, sizeof (uint32_t)) +
1951 this_size - sizeof (uint32_t);
1952
1953 prev_size = sizeof (uint32_t);
1954 } else {
1955 p_data = adt_adjust_address(p_data, prev_size,
1956 this_size);
1957 prev_size = this_size;
1958 }
1959 }
1960 }
1961 }
1962
1963 /*
1964 * adt_generate_event
1965 * generate event record from external struct. The order is based on
1966 * the output tokens, allowing for the possibility that the input data
1967 * is in a different order.
1968 *
1969 */
1970
1971 static int
1972 adt_generate_event(const adt_event_data_t *p_extdata,
1973 struct adt_event_state *p_event,
1974 adt_translation_t *p_xlate)
1975 {
1976 struct entry *p_entry;
1977 static mutex_t lock = DEFAULTMUTEX;
1978
1979 p_entry = p_xlate->tx_first_entry;
1980 assert(p_entry != NULL);
1981
1982 p_event->ae_internal_id = p_xlate->tx_internal_event;
1983 adt_token_open(p_event);
1984
1985 /*
1986 * offsets are not pre-calculated; the initial offsets are all
1987 * 0; valid offsets are >= 0. Offsets for no-input tokens such
1988 * as subject are set to -1 by adt_calcOffset()
1989 */
1990 if (p_xlate->tx_offsetsCalculated == 0) {
1991 (void) mutex_lock(&lock);
1992 p_xlate->tx_offsetsCalculated = 1;
1993
1994 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries,
1995 (void *)p_extdata);
1996 (void) mutex_unlock(&lock);
1997 }
1998 while (p_entry != NULL) {
1999 adt_generate_token(p_entry, (char *)p_extdata, p_event);
2000
2001 p_entry = p_entry->en_next_token;
2002 }
2003 return (adt_token_close(p_event));
2004 }
2005
2006 /*
2007 * adt_put_event -- main event generation function.
2008 * The input "event" is the address of the struct containing
2009 * event-specific data.
2010 *
2011 * However if auditing is off or the session handle
2012 * is NULL, no attempt to write a record is made.
2013 */
2014
2015 int
2016 adt_put_event(const adt_event_data_t *event, int status, int return_val)
2017 {
2018 struct adt_event_state *event_state;
2019 adt_translation_t *xlate;
2020
2021 if (event == NULL) {
2022 errno = EINVAL;
2023 return (-1);
2024 }
2025 event_state = (struct adt_event_state *)event;
2026
2027 /* if this is a broken session or not auditing, exit */
2028 if ((event_state->ae_session == NULL) ||
2029 !(event_state->ae_session->as_audit_state &
2030 (AUC_AUDITING | AUC_NOSPACE))) {
2031 return (0);
2032 }
2033
2034 assert(event_state->ae_check == ADT_VALID);
2035
2036 event_state->ae_rc = status;
2037 event_state->ae_type = return_val;
2038
2039 /* look up the event */
2040
2041 xlate = adt_getXlateTable(event_state->ae_session->as_xlate,
2042 event_state->ae_event_id);
2043
2044 if (xlate == NULL) {
2045 errno = EINVAL;
2046 return (-1);
2047 }
2048 DPRINTF(("got event %d\n", xlate->tx_internal_event));
2049
2050 if (adt_selected(event_state, xlate->tx_internal_event, status)) {
2051 return (adt_generate_event(event, event_state, xlate));
2052 }
2053
2054 return (0);
2055 }
2056
2057 /*
2058 * adt_free_event -- invalidate and free
2059 */
2060
2061 void
2062 adt_free_event(adt_event_data_t *event)
2063 {
2064 struct adt_event_state *event_state;
2065
2066 if (event == NULL)
2067 return;
2068
2069 event_state = (struct adt_event_state *)event;
2070
2071 assert(event_state->ae_check == ADT_VALID);
2072
2073 event_state->ae_check = 0;
2074
2075 free(event_state);
2076 }
2077
2078 /*
2079 * adt_is_selected -- helper to adt_selected(), below.
2080 *
2081 * "sorf" is "success or fail" status; au_preselect compares
2082 * that with success, fail, or both.
2083 */
2084
2085 static int
2086 adt_is_selected(au_event_t e, au_mask_t *m, int sorf)
2087 {
2088 int prs_sorf;
2089
2090 if (sorf == 0)
2091 prs_sorf = AU_PRS_SUCCESS;
2092 else
2093 prs_sorf = AU_PRS_FAILURE;
2094
2095 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
2096 }
2097
2098 /*
2099 * selected -- see if this event is preselected.
2100 *
2101 * if errors are encountered trying to check a preselection mask
2102 * or look up a user name, the event is selected. Otherwise, the
2103 * preselection mask is used for the job.
2104 */
2105
2106 static int
2107 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status)
2108 {
2109 adt_internal_state_t *sp;
2110 au_mask_t namask;
2111
2112 sp = event->ae_session;
2113
2114 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) {
2115 adt_write_syslog("No user data available", EINVAL);
2116 return (1); /* default is "selected" */
2117 }
2118
2119 /* non-attributable? */
2120 if ((sp->as_info.ai_auid == AU_NOAUDITID) ||
2121 (sp->as_info.ai_auid == ADT_NO_AUDIT)) {
2122 if (auditon(A_GETKMASK, (caddr_t)&namask,
2123 sizeof (namask)) != 0) {
2124 adt_write_syslog("auditon failure", errno);
2125 return (1);
2126 }
2127 return (adt_is_selected(actual_id, &namask, status));
2128 } else {
2129 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask),
2130 status));
2131 }
2132 }
2133
2134 /*
2135 * Can't map the host name to an IP address in
2136 * adt_get_hostIP. Get something off an interface
2137 * to act as the hosts IP address for auditing.
2138 */
2139
2140 static int
2141 adt_get_local_address(int family, struct ifaddrlist *al)
2142 {
2143 struct ifaddrlist *ifal;
2144 char errbuf[ERRBUFSIZE] = "empty list";
2145 char msg[ERRBUFSIZE + 512];
2146 int ifal_count;
2147 int i;
2148
2149 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) {
2150 int serrno = errno;
2151
2152 (void) snprintf(msg, sizeof (msg), "adt_get_local_address "
2153 "couldn't get %d addrlist %s", family, errbuf);
2154 adt_write_syslog(msg, serrno);
2155 errno = serrno;
2156 return (-1);
2157 }
2158
2159 for (i = 0; i < ifal_count; i++) {
2160 /*
2161 * loopback always defined,
2162 * even if there is no real address
2163 */
2164 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) {
2165 break;
2166 }
2167 }
2168 if (i >= ifal_count) {
2169 free(ifal);
2170 /*
2171 * Callers of adt_get_hostIP() can only return
2172 * errno to their callers and eventually the application.
2173 * Picked one that seemed least worse for saying no
2174 * usable address for Audit terminal ID.
2175 */
2176 errno = ENETDOWN;
2177 return (-1);
2178 }
2179
2180 *al = ifal[i];
2181 free(ifal);
2182 return (0);
2183 }