Print this page
NEX-2842 SMB client authentication fails in adt_set_user() with IDMU enabled
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libbsm/common/adt.c
+++ new/usr/src/lib/libbsm/common/adt.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
24 + * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
24 25 * Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
25 26 */
26 27
27 28 #include <bsm/adt.h>
28 29 #include <bsm/adt_event.h>
29 30 #include <assert.h>
30 31 #include <bsm/audit.h>
31 32 #include <bsm/audit_record.h>
32 33 #include <bsm/libbsm.h>
33 34 #include <door.h>
34 35 #include <errno.h>
35 36 #include <generic.h>
36 37 #include <md5.h>
37 38 #include <sys/mkdev.h>
38 39 #include <netdb.h>
39 40 #include <nss_dbdefs.h>
40 41 #include <pwd.h>
41 42 #include <sys/stat.h>
42 43 #include <time.h>
43 44 #include <stdlib.h>
44 45 #include <string.h>
45 46 #include <synch.h>
46 47 #include <sys/systeminfo.h>
47 48 #include <syslog.h>
48 49 #include <thread.h>
49 50 #include <unistd.h>
50 51 #include <adt_xlate.h>
51 52 #include <adt_ucred.h>
52 53 #include <arpa/inet.h>
53 54 #include <net/if.h>
54 55 #include <libinetutil.h>
55 56
56 57 static int adt_selected(struct adt_event_state *, au_event_t, int);
57 58 static int adt_init(adt_internal_state_t *, int);
58 59 static int adt_import(adt_internal_state_t *, const adt_export_data_t *);
59 60 static m_label_t *adt_ucred_label(ucred_t *);
60 61 static void adt_setto_unaudited(adt_internal_state_t *);
61 62 static int adt_get_local_address(int, struct ifaddrlist *);
62 63
63 64 #ifdef C2_DEBUG
64 65 #define DPRINTF(x) { (void) printf x; }
65 66 #define DFLUSH (void) fflush(stdout);
66 67 #else
67 68 #define DPRINTF(x)
68 69 #define DFLUSH
69 70 #endif
70 71
71 72 /*
72 73 * Local audit states are a bit mask
73 74 *
74 75 * The global audit states are
75 76 *
76 77 * AUC_UNSET 0 - on/off hasn't been decided
77 78 * AUC_ENABLED 1 - loaded and enabled
78 79 *
79 80 * The local Zone states are
80 81 *
81 82 * AUC_AUDITING 0x1 - audit daemon is active
82 83 * AUC_NOAUDIT 0x2 - audit daemon is not active
83 84 * AUC_INIT_AUDIT 0x4 - audit is ready but auditd has not run
84 85 * AUC_NOSPACE 0x8 - audit enabled, no space for audit records
85 86 *
86 87 * The only values returned by auditon(A_GETCOND) are:
87 88 * AUC_INIT_AUDIT, AUC_AUDITING, AUC_NOAUDIT, AUC_NOSPACE
88 89 *
89 90 * The pseudo audit state used when the c2audit module is excluded is
90 91 *
91 92 * AUC_DISABLED 0x100 - c2audit module is excluded
92 93 */
93 94
94 95 static int auditstate = AUC_DISABLED; /* default state */
95 96
96 97 /*
97 98 * adt_write_syslog
98 99 *
99 100 * errors that are not the user's fault (bugs or whatever in
100 101 * the underlying audit code are noted in syslog.)
101 102 *
102 103 * Avoid calling adt_write_syslog for things that can happen
103 104 * at high volume.
104 105 *
105 106 * syslog's open (openlog) and close (closelog) are interesting;
106 107 * openlog *may* create a file descriptor and is optional. closelog
107 108 * *will* close any open file descriptors and is also optional.
108 109 *
109 110 * Since syslog may also be used by the calling application, the
110 111 * choice is to avoid openlog, which sets some otherwise useful
111 112 * parameters, and to embed "Solaris_audit" in the log message.
112 113 */
113 114
114 115 void
115 116 adt_write_syslog(const char *message, int err)
116 117 {
117 118 int save_errno = errno;
118 119 int mask_priority;
119 120
120 121 DPRINTF(("syslog called: %s\n", message));
121 122
122 123 mask_priority = setlogmask(LOG_MASK(LOG_ALERT));
123 124 errno = err;
124 125 syslog(LOG_ALERT, "Solaris_audit %s: %m", message);
125 126 (void) setlogmask(mask_priority);
126 127 errno = save_errno;
127 128 }
128 129
129 130 /*
130 131 * return true if c2audit is not excluded.
131 132 *
132 133 * For purpose of this API, anything but AUC_DISABLED
133 134 * is enabled; however one never actually sees
134 135 * AUC_DISABLED since auditon returns ENOTSUP in that case. Any
135 136 * auditon error is considered the same as ENOTSUP for our
136 137 * purpose. auditstate is not changed by auditon if an error
137 138 * is returned.
138 139 */
139 140
140 141 /*
141 142 * XXX this should probably be eliminated and adt_audit_state() replace it.
142 143 * All the legitimate uses are to not fork a waiting process for
143 144 * process exit processing, as in su, login, dtlogin. Other bogus
144 145 * users are zoneadmd and init.
145 146 * All but dtlogin are in ON, so we can do this without cross gate
146 147 * synchronization.
147 148 *
148 149 * No longer used in adt.c.
149 150 */
150 151
151 152 boolean_t
152 153 adt_audit_enabled(void)
153 154 {
154 155
155 156 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
156 157
157 158 return (auditstate != AUC_DISABLED);
158 159 }
159 160
160 161 /*
161 162 * See adt_audit_enabled() for state discussions.
162 163 * The state parameter is a hedge until all the uses become clear.
163 164 * Likely if adt_audit_enabled is brought internal to this file,
164 165 * it could be modified to take one or more parameters to describe the
165 166 * state.
166 167 */
167 168
168 169 boolean_t
169 170 adt_audit_state(int states)
170 171 {
171 172
172 173 (void) auditon(A_GETCOND, (caddr_t)&auditstate, sizeof (auditstate));
173 174
174 175 return ((auditstate & states) ? B_TRUE : B_FALSE);
175 176 }
176 177
177 178 /*
178 179 * Get user_specific/non-attributable audit mask. This may be called even when
179 180 * auditing is off.
180 181 */
181 182
182 183 static int
183 184 adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
|
↓ open down ↓ |
150 lines elided |
↑ open up ↑ |
184 185 {
185 186 struct passwd pwd;
186 187 long buff_sz;
187 188 char *pwd_buff;
188 189
189 190
190 191 if (auditstate & AUC_DISABLED) {
191 192 /* c2audit excluded */
192 193 mask->am_success = 0;
193 194 mask->am_failure = 0;
194 - } else if (uid <= MAXUID) {
195 + return (0);
196 + }
197 +
198 + if (uid <= MAXUID) {
195 199 if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
196 200 adt_write_syslog("couldn't determine maximum size of "
197 201 "password buffer", errno);
198 202 return (-1);
199 203 }
200 204 if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
201 205 return (-1);
202 206 }
203 - if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
204 - errno = EINVAL; /* user doesn't exist */
207 + /*
208 + * Ephemeral id's and id's that exist in a name service we
209 + * don't have configured (LDAP, NIS) can't be looked up,
210 + * but either way it's not an error.
211 + */
212 + if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
213 + if (au_user_mask(pwd.pw_name, mask)) {
214 + free(pwd_buff);
215 + errno = EFAULT; /* undetermined failure */
216 + return (-1);
217 + }
205 218 free(pwd_buff);
206 - return (-1);
219 + return (0);
207 220 }
208 - if (au_user_mask(pwd.pw_name, mask)) {
209 - free(pwd_buff);
210 - errno = EFAULT; /* undetermined failure */
211 - return (-1);
212 - }
213 221 free(pwd_buff);
214 - } else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
222 + }
223 +
224 + if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
215 225 return (-1);
216 226 }
217 227
218 228 return (0);
219 229 }
220 230
221 231 /*
222 232 * adt_get_unique_id -- generate a hopefully unique 32 bit value
223 233 *
224 234 * there will be a follow up to replace this with the use of /dev/random
225 235 *
226 236 * An MD5 hash is taken on a buffer of
227 237 * hostname . audit id . unix time . pid . count
228 238 *
229 239 * "count = noise++;" is subject to a race condition but I don't
230 240 * see a need to put a lock around it.
231 241 */
232 242
233 243 au_asid_t
234 244 adt_get_unique_id(au_id_t uid)
235 245 {
236 246 char hostname[MAXHOSTNAMELEN];
237 247 union {
238 248 au_id_t v[4];
239 249 unsigned char obuff[128/8];
240 250 } output;
241 251 MD5_CTX context;
242 252
243 253 static int noise = 0;
244 254
245 255 int count = noise++;
246 256 time_t timebits = time(NULL);
247 257 pid_t pidbits = getpid();
248 258 au_asid_t retval = 0;
249 259
250 260 if (gethostname(hostname, MAXHOSTNAMELEN)) {
251 261 adt_write_syslog("gethostname call failed", errno);
252 262 (void) strncpy(hostname, "invalidHostName", MAXHOSTNAMELEN);
253 263 }
254 264
255 265 while (retval == 0) { /* 0 is the only invalid result */
256 266 MD5Init(&context);
257 267
258 268 MD5Update(&context, (unsigned char *)hostname,
259 269 (unsigned int) strlen((const char *)hostname));
260 270
261 271 MD5Update(&context, (unsigned char *) &uid, sizeof (uid_t));
262 272
263 273 MD5Update(&context,
264 274 (unsigned char *) &timebits, sizeof (time_t));
265 275
266 276 MD5Update(&context, (unsigned char *) &pidbits,
267 277 sizeof (pid_t));
268 278
269 279 MD5Update(&context, (unsigned char *) &(count), sizeof (int));
270 280 MD5Final(output.obuff, &context);
271 281
272 282 retval = output.v[count % 4];
273 283 }
274 284 return (retval);
275 285 }
276 286
277 287 /*
278 288 * the following "port" function deals with the following issues:
279 289 *
280 290 * 1 the kernel and ucred deal with a dev_t as a 64 bit value made
281 291 * up from a 32 bit major and 32 bit minor.
282 292 * 2 User space deals with a dev_t as either the above 64 bit value
283 293 * or a 32 bit value made from a 14 bit major and an 18 bit minor.
284 294 * 3 The various audit interfaces (except ucred) pass the 32 or
285 295 * 64 bit version depending the architecture of the userspace
286 296 * application. If you get a port value from ucred and pass it
287 297 * to the kernel via auditon(), it must be squeezed into a 32
288 298 * bit value because the kernel knows the userspace app's bit
289 299 * size.
290 300 *
291 301 * The internal state structure for adt (adt_internal_state_t) uses
292 302 * dev_t, so adt converts data from ucred to fit. The import/export
293 303 * functions, however, can't know if they are importing/exporting
294 304 * from 64 or 32 bit applications, so they always send 64 bits and
295 305 * the 32 bit end(s) are responsible to convert 32 -> 64 -> 32 as
296 306 * appropriate.
297 307 */
298 308
299 309 /*
300 310 * adt_cpy_tid() -- if lib is 64 bit, just copy it (dev_t and port are
301 311 * both 64 bits). If lib is 32 bits, squeeze the two-int port into
302 312 * a 32 bit dev_t. A port fits in the "minor" part of au_port_t,
303 313 * so it isn't broken up into pieces. (When it goes to the kernel
304 314 * and back, however, it will have been split into major/minor
305 315 * pieces.)
306 316 */
307 317
308 318 static void
309 319 adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
310 320 {
311 321 #ifdef _LP64
312 322 (void) memcpy(dest, src, sizeof (au_tid_addr_t));
313 323 #else /* _LP64 */
314 324 dest->at_type = src->at_type;
315 325
316 326 dest->at_port = src->at_port.at_minor & MAXMIN32;
317 327 dest->at_port |= (src->at_port.at_major & MAXMAJ32) <<
318 328 NBITSMINOR32;
319 329
320 330 (void) memcpy(dest->at_addr, src->at_addr, 4 * sizeof (uint32_t));
321 331 #endif /* _LP64 */
322 332 }
323 333
324 334 /*
325 335 * adt_start_session -- create interface handle, create context
326 336 *
327 337 * The imported_state input is normally NULL, if not, it represents
328 338 * a continued session; its values obviate the need for a subsequent
329 339 * call to adt_set_user().
330 340 *
331 341 * The flag is used to decide how to set the initial state of the session.
332 342 * If 0, the session is "no audit" until a call to adt_set_user; if
333 343 * ADT_USE_PROC_DATA, the session is built from the process audit
334 344 * characteristics obtained from the kernel. If imported_state is
335 345 * not NULL, the resulting audit mask is an OR of the current process
336 346 * audit mask and that passed in.
337 347 *
338 348 * The basic model is that the caller can use the pointer returned
339 349 * by adt_start_session whether or not auditing is enabled or an
340 350 * error was returned. The functions that take the session handle
341 351 * as input generally return without doing anything if auditing is
342 352 * disabled.
343 353 */
344 354
345 355 int
346 356 adt_start_session(adt_session_data_t **new_session,
347 357 const adt_export_data_t *imported_state, adt_session_flags_t flags)
348 358 {
349 359 adt_internal_state_t *state;
350 360 adt_session_flags_t flgmask = ADT_FLAGS_ALL;
351 361
352 362 /* test and set auditstate */
353 363 if (adt_audit_state(AUC_DISABLED)) {
354 364 /* c2audit excluded */
355 365 *new_session = NULL;
356 366 return (0);
357 367 }
358 368
359 369 if ((flags & ~flgmask) != 0) {
360 370 errno = EINVAL;
361 371 goto return_err;
362 372 }
363 373
364 374 if ((state = calloc(1, sizeof (adt_internal_state_t))) == NULL) {
365 375 goto return_err;
366 376 }
367 377
368 378 if (adt_init(state, flags & ADT_USE_PROC_DATA) != 0) {
369 379 goto return_err_free; /* errno from adt_init() */
370 380 }
371 381
372 382 /*
373 383 * The imported state overwrites the initial state if the
374 384 * imported state represents a valid audit trail
375 385 */
376 386
377 387 if (imported_state != NULL) {
378 388 if (adt_import(state, imported_state) != 0) {
379 389 goto return_err_free;
380 390 }
381 391 } else if (flags & ADT_USE_PROC_DATA) {
382 392 state->as_session_model = ADT_PROCESS_MODEL;
383 393 }
384 394 state->as_flags = flags;
385 395 DPRINTF(("(%lld) Starting session id = %08X\n",
386 396 (long long) getpid(), state->as_info.ai_asid));
387 397
388 398 *new_session = (adt_session_data_t *)state;
389 399 return (0);
390 400
391 401 return_err_free:
392 402 free(state);
393 403 return_err:
394 404 *new_session = NULL;
395 405 adt_write_syslog("audit session create failed", errno);
396 406 return (-1);
397 407 }
398 408
399 409 /*
400 410 * adt_load_table()
401 411 *
402 412 * loads the event translation table into the audit session.
403 413 */
404 414
405 415 void
406 416 adt_load_table(const adt_session_data_t *session_data,
407 417 adt_translation_t **xlate, void (*preload)(au_event_t, adt_event_data_t *))
408 418 {
409 419 adt_internal_state_t *state = (adt_internal_state_t *)session_data;
410 420
411 421 if (state != NULL) {
412 422 assert(state->as_check == ADT_VALID);
413 423 state->as_xlate = xlate;
414 424 state->as_preload = preload;
415 425 }
416 426 }
417 427
418 428 /*
419 429 * adt_get_asid() and adt_set_asid()
420 430 *
421 431 * if you use this interface, you are responsible to insure that the
422 432 * rest of the session data is populated correctly before calling
423 433 * adt_proccess_attr()
424 434 *
425 435 * neither of these are intended for general use and will likely
426 436 * remain private interfaces for a long time. Forever is a long
427 437 * time. In the case of adt_set_asid(), you should have a very,
428 438 * very good reason for setting your own session id. The process
429 439 * audit characteristics are not changed by put, use adt_set_proc().
430 440 *
431 441 * These are "volatile" (more changable than "evolving") and will
432 442 * probably change in the S10 period.
433 443 */
434 444
435 445 void
436 446 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
437 447 {
438 448
439 449 if (session_data == NULL) {
440 450 *asid = 0;
441 451 } else {
442 452 assert(((adt_internal_state_t *)session_data)->as_check ==
443 453 ADT_VALID);
444 454
445 455 *asid = ((adt_internal_state_t *)session_data)->as_info.ai_asid;
446 456 }
447 457 }
448 458
449 459 void
450 460 adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
451 461 {
452 462
453 463 if (session_data != NULL) {
454 464 assert(((adt_internal_state_t *)session_data)->as_check ==
455 465 ADT_VALID);
456 466
457 467 ((adt_internal_state_t *)session_data)->as_have_user_data |=
458 468 ADT_HAVE_ASID;
459 469 ((adt_internal_state_t *)session_data)->as_info.ai_asid =
460 470 session_id;
461 471 }
462 472 }
463 473
464 474 /*
465 475 * adt_get_auid() and adt_set_auid()
466 476 *
467 477 * neither of these are intended for general use and will likely
468 478 * remain private interfaces for a long time. Forever is a long
469 479 * time. In the case of adt_set_auid(), you should have a very,
470 480 * very good reason for setting your own audit id. The process
471 481 * audit characteristics are not changed by put, use adt_set_proc().
472 482 */
473 483
474 484 void
475 485 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
476 486 {
477 487
478 488 if (session_data == NULL) {
479 489 *auid = AU_NOAUDITID;
480 490 } else {
481 491 assert(((adt_internal_state_t *)session_data)->as_check ==
482 492 ADT_VALID);
483 493
484 494 *auid = ((adt_internal_state_t *)session_data)->as_info.ai_auid;
485 495 }
486 496 }
487 497
488 498 void
489 499 adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
490 500 {
491 501
492 502 if (session_data != NULL) {
493 503 assert(((adt_internal_state_t *)session_data)->as_check ==
494 504 ADT_VALID);
495 505
496 506 ((adt_internal_state_t *)session_data)->as_have_user_data |=
497 507 ADT_HAVE_AUID;
498 508 ((adt_internal_state_t *)session_data)->as_info.ai_auid =
499 509 audit_id;
500 510 }
501 511 }
502 512
503 513 /*
504 514 * adt_get_termid(), adt_set_termid()
505 515 *
506 516 * if you use this interface, you are responsible to insure that the
507 517 * rest of the session data is populated correctly before calling
508 518 * adt_proccess_attr()
509 519 *
510 520 * The process audit characteristics are not changed by put, use
511 521 * adt_set_proc().
512 522 */
513 523
514 524 void
515 525 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
516 526 {
517 527
518 528 if (session_data == NULL) {
519 529 (void) memset(termid, 0, sizeof (au_tid_addr_t));
520 530 termid->at_type = AU_IPv4;
521 531 } else {
522 532 assert(((adt_internal_state_t *)session_data)->as_check ==
523 533 ADT_VALID);
524 534
525 535 *termid =
526 536 ((adt_internal_state_t *)session_data)->as_info.ai_termid;
527 537 }
528 538 }
529 539
530 540 void
531 541 adt_set_termid(const adt_session_data_t *session_data,
532 542 const au_tid_addr_t *termid)
533 543 {
534 544
535 545 if (session_data != NULL) {
536 546 assert(((adt_internal_state_t *)session_data)->as_check ==
537 547 ADT_VALID);
538 548
539 549 ((adt_internal_state_t *)session_data)->as_info.ai_termid =
540 550 *termid;
541 551
542 552 ((adt_internal_state_t *)session_data)->as_have_user_data |=
543 553 ADT_HAVE_TID;
544 554 }
545 555 }
546 556
547 557 /*
548 558 * adt_get_mask(), adt_set_mask()
549 559 *
550 560 * if you use this interface, you are responsible to insure that the
551 561 * rest of the session data is populated correctly before calling
552 562 * adt_proccess_attr()
553 563 *
554 564 * The process audit characteristics are not changed by put, use
555 565 * adt_set_proc().
556 566 */
557 567
558 568 void
559 569 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
560 570 {
561 571
562 572 if (session_data == NULL) {
563 573 mask->am_success = 0;
564 574 mask->am_failure = 0;
565 575 } else {
566 576 assert(((adt_internal_state_t *)session_data)->as_check ==
567 577 ADT_VALID);
568 578
569 579 *mask = ((adt_internal_state_t *)session_data)->as_info.ai_mask;
570 580 }
571 581 }
572 582
573 583 void
574 584 adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
575 585 {
576 586
577 587 if (session_data != NULL) {
578 588 assert(((adt_internal_state_t *)session_data)->as_check ==
579 589 ADT_VALID);
580 590
581 591 ((adt_internal_state_t *)session_data)->as_info.ai_mask = *mask;
582 592
583 593 ((adt_internal_state_t *)session_data)->as_have_user_data |=
584 594 ADT_HAVE_MASK;
585 595 }
586 596 }
587 597
588 598 /*
589 599 * helpers for adt_load_termid
590 600 */
591 601
592 602 static dev_t
593 603 adt_ports_to_at_port(in_port_t remote, in_port_t local)
594 604 {
595 605 dev_t port;
596 606
597 607 #ifdef _LP64
598 608 dev_t tmp;
599 609
600 610 /*
601 611 * In 64-bit, at_port is a 64-bit value encoding major/minor
602 612 * device numbers as 32-bits each. However when a 32-bit application
603 613 * subsequently requests the audit address via getaudit_addr(), this
604 614 * value must be capable of being compressed down to a 14-bit major and
605 615 * 18-bit minor number or the call will fail.
606 616 *
607 617 * In order to construct a 32-bit compatible value, the top 14-bits of
608 618 * the remote port are used for the major number and the remaining
609 619 * 2-bits + local port are used for the minor.
610 620 */
611 621
612 622 tmp = ((remote<<16) | (local));
613 623 port = (tmp & MAXMIN32);
614 624 port |= (((tmp >> NBITSMINOR32) & MAXMAJ32) << NBITSMINOR64);
615 625 #else
616 626 port = ((remote<<16) | (local));
617 627 #endif
618 628
619 629 return (port);
620 630 }
621 631
622 632 static void
623 633 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
624 634 au_tid_addr_t *termid)
625 635 {
626 636 termid->at_port =
627 637 adt_ports_to_at_port(peer->sin6_port, sock->sin6_port);
628 638 termid->at_type = AU_IPv6;
629 639 (void) memcpy(termid->at_addr, &peer->sin6_addr, 4 * sizeof (uint_t));
630 640 }
631 641
632 642 static void
633 643 adt_do_ipv4_address(struct sockaddr_in *peer, struct sockaddr_in *sock,
634 644 au_tid_addr_t *termid)
635 645 {
636 646 termid->at_port = adt_ports_to_at_port(peer->sin_port, sock->sin_port);
637 647 termid->at_type = AU_IPv4;
638 648 termid->at_addr[0] = (uint32_t)peer->sin_addr.s_addr;
639 649 (void) memset(&(termid->at_addr[1]), 0, 3 * sizeof (uint_t));
640 650 }
641 651
642 652 /*
643 653 * adt_load_termid: convenience function; inputs file handle and
644 654 * outputs an au_tid_addr struct.
645 655 *
646 656 * This code was stolen from audit_settid.c; it differs from audit_settid()
647 657 * in that it does not write the terminal id to the process.
648 658 */
649 659
650 660 int
651 661 adt_load_termid(int fd, adt_termid_t **termid)
652 662 {
653 663 au_tid_addr_t *p_term;
654 664 struct sockaddr_in6 peer;
655 665 struct sockaddr_in6 sock;
656 666 int peerlen = sizeof (peer);
657 667 int socklen = sizeof (sock);
658 668
659 669 /* get peer name if its a socket, else assume local terminal */
660 670
661 671 if (getpeername(fd, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
662 672 < 0) {
663 673 if (errno == ENOTSOCK) {
664 674 return (adt_load_hostname(NULL, termid));
665 675 }
666 676 goto return_err;
667 677 }
668 678
669 679 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
670 680 goto return_err;
671 681 }
672 682
673 683 /* get sock name */
674 684 if (getsockname(fd, (struct sockaddr *)&sock,
675 685 (socklen_t *)&socklen) < 0) {
676 686 goto return_err_free;
677 687 }
678 688
679 689 if (peer.sin6_family == AF_INET6) {
680 690 adt_do_ipv6_address(&peer, &sock, p_term);
681 691 } else {
682 692 adt_do_ipv4_address((struct sockaddr_in *)&peer,
683 693 (struct sockaddr_in *)&sock, p_term);
684 694 }
685 695 *termid = (adt_termid_t *)p_term;
686 696
687 697 return (0);
688 698
689 699 return_err_free:
690 700 free(p_term);
691 701 return_err:
692 702 *termid = NULL;
693 703 return (-1);
694 704 }
695 705
696 706 static boolean_t
697 707 adt_have_termid(au_tid_addr_t *dest)
698 708 {
699 709 struct auditinfo_addr audit_data;
700 710
701 711 if (getaudit_addr(&audit_data, sizeof (audit_data)) < 0) {
702 712 adt_write_syslog("getaudit failed", errno);
703 713 return (B_FALSE);
704 714 }
705 715
706 716 if ((audit_data.ai_termid.at_type == 0) ||
707 717 (audit_data.ai_termid.at_addr[0] |
708 718 audit_data.ai_termid.at_addr[1] |
709 719 audit_data.ai_termid.at_addr[2] |
710 720 audit_data.ai_termid.at_addr[3]) == 0)
711 721 return (B_FALSE);
712 722
713 723 (void) memcpy(dest, &(audit_data.ai_termid),
714 724 sizeof (au_tid_addr_t));
715 725
716 726 return (B_TRUE);
717 727 }
718 728
719 729 /*
720 730 * adt_get_hostIP - construct a terminal id from a hostname
721 731 *
722 732 * Returns 0 = success
723 733 * -1 = failure and errno = ENETDOWN with the address
724 734 * defaulted to IPv4 loopback.
725 735 */
726 736
727 737 static int
728 738 adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
729 739 {
730 740 struct addrinfo *ai = NULL;
731 741 int tries = 3;
732 742 char msg[512];
733 743 int eai_err;
734 744
735 745 while ((tries-- > 0) &&
736 746 ((eai_err = getaddrinfo(hostname, NULL, NULL, &ai)) != 0)) {
737 747 /*
738 748 * getaddrinfo returns its own set of errors.
739 749 * Log them here, so any subsequent syslogs will
740 750 * have a context. adt_get_hostIP callers can only
741 751 * return errno, so subsequent syslogs may be lacking
742 752 * that getaddrinfo failed.
743 753 */
744 754 (void) snprintf(msg, sizeof (msg), "getaddrinfo(%s) "
745 755 "failed[%s]", hostname, gai_strerror(eai_err));
746 756 adt_write_syslog(msg, 0);
747 757
748 758 if (eai_err != EAI_AGAIN) {
749 759
750 760 break;
751 761 }
752 762 /* see if resolution becomes available */
753 763 (void) sleep(1);
754 764 }
755 765 if (ai != NULL) {
756 766 if (ai->ai_family == AF_INET) {
757 767 p_term->at_type = AU_IPv4;
758 768 (void) memcpy(p_term->at_addr,
759 769 /* LINTED */
760 770 &((struct sockaddr_in *)ai->ai_addr)->sin_addr,
761 771 AU_IPv4);
762 772 } else {
763 773 p_term->at_type = AU_IPv6;
764 774 (void) memcpy(p_term->at_addr,
765 775 /* LINTED */
766 776 &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr,
767 777 AU_IPv6);
768 778 }
769 779 freeaddrinfo(ai);
770 780 return (0);
771 781 } else if (auditstate & (AUC_AUDITING | AUC_NOSPACE)) {
772 782 auditinfo_addr_t audit_info;
773 783
774 784 /*
775 785 * auditd is running so there should be a
776 786 * kernel audit context
777 787 */
778 788 if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
779 789 sizeof (audit_info)) < 0) {
780 790 adt_write_syslog("unable to get kernel audit context",
781 791 errno);
782 792 goto try_interface;
783 793 }
784 794 adt_write_syslog("setting Audit IP address to kernel", 0);
785 795 *p_term = audit_info.ai_termid;
786 796 return (0);
787 797 }
788 798 try_interface:
789 799 {
790 800 struct ifaddrlist al;
791 801 int family;
792 802 char ntop[INET6_ADDRSTRLEN];
793 803
794 804 /*
795 805 * getaddrinfo has failed to map the hostname
796 806 * to an IP address, try to get an IP address
797 807 * from a local interface. If none up, default
798 808 * to loopback.
799 809 */
800 810 family = AF_INET6;
801 811 if (adt_get_local_address(family, &al) != 0) {
802 812 family = AF_INET;
803 813
804 814 if (adt_get_local_address(family, &al) != 0) {
805 815 adt_write_syslog("adt_get_local_address "
806 816 "failed, no Audit IP address available, "
807 817 "faking loopback and error",
808 818 errno);
809 819 IN_SET_LOOPBACK_ADDR(
810 820 (struct sockaddr_in *)&(al.addr.addr));
811 821 (void) memcpy(p_term->at_addr, &al.addr.addr,
812 822 AU_IPv4);
813 823 p_term->at_type = AU_IPv4;
814 824 return (-1);
815 825 }
816 826 }
817 827 if (family == AF_INET) {
818 828 p_term->at_type = AU_IPv4;
819 829 (void) memcpy(p_term->at_addr, &al.addr.addr, AU_IPv4);
820 830 } else {
821 831 p_term->at_type = AU_IPv6;
822 832 (void) memcpy(p_term->at_addr, &al.addr.addr6, AU_IPv6);
823 833 }
824 834
825 835 (void) snprintf(msg, sizeof (msg), "mapping %s to %s",
826 836 hostname, inet_ntop(family, &(al.addr), ntop,
827 837 sizeof (ntop)));
828 838 adt_write_syslog(msg, 0);
829 839 return (0);
830 840 }
831 841 }
832 842
833 843 /*
834 844 * adt_load_hostname() is called when the caller does not have a file
835 845 * handle that gives access to the socket info or any other way to
836 846 * pass in both port and ip address. The hostname input is ignored if
837 847 * the terminal id has already been set; instead it returns the
838 848 * existing terminal id.
839 849 *
840 850 * If c2audit is excluded, success is returned.
841 851 * If the hostname lookup fails, the loopback address is assumed,
842 852 * errno is set to ENETDOWN, this allows the caller to interpret
843 853 * whether failure is fatal, and if not to have a address for the
844 854 * hostname.
845 855 * Otherwise the caller would need to be aware of the audit state.
846 856 *
847 857 * Other errors are ignored if not auditing.
848 858 */
849 859
850 860 int
851 861 adt_load_hostname(const char *hostname, adt_termid_t **termid)
852 862 {
853 863 char localhost[MAXHOSTNAMELEN + 1];
854 864 au_tid_addr_t *p_term;
855 865
856 866 if (adt_audit_state(AUC_DISABLED)) {
857 867 /* c2audit excluded */
858 868 *termid = NULL;
859 869 return (0);
860 870 }
861 871
862 872 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
863 873 goto return_err;
864 874 }
865 875
866 876 if (adt_have_termid(p_term)) {
867 877 *termid = (adt_termid_t *)p_term;
868 878 return (0);
869 879 }
870 880 p_term->at_port = 0;
871 881
872 882 if (hostname == NULL || *hostname == '\0') {
873 883 (void) sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN);
874 884 hostname = localhost;
875 885 }
876 886 if (adt_get_hostIP(hostname, p_term) == 0) {
877 887 *termid = (adt_termid_t *)p_term;
878 888 return (0);
879 889 } else {
880 890 *termid = (adt_termid_t *)p_term;
881 891 return (-1);
882 892 }
883 893
884 894 return_err:
885 895 *termid = NULL;
886 896 if (auditstate & AUC_NOAUDIT) {
887 897 return (0);
888 898 }
889 899
890 900 return (-1);
891 901 }
892 902
893 903 /*
894 904 * adt_load_ttyname() is called when the caller does not have a file
895 905 * handle that gives access to the local terminal or any other way
896 906 * of determining the device id. The ttyname input is ignored if
897 907 * the terminal id has already been set; instead it returns the
898 908 * existing terminal id.
899 909 *
900 910 * If c2audit is excluded, success is returned.
901 911 * The local hostname is used for the local IP address.
902 912 * If that hostname lookup fails, the loopback address is assumed,
903 913 * errno is set to ENETDOWN, this allows the caller to interpret
904 914 * whether failure is fatal, and if not to have a address for the
905 915 * hostname.
906 916 * Otherwise the caller would need to be aware of the audit state.
907 917 *
908 918 * Other errors are ignored if not auditing.
909 919 */
910 920
911 921 int
912 922 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
913 923 {
914 924 char localhost[MAXHOSTNAMELEN + 1];
915 925 au_tid_addr_t *p_term;
916 926 struct stat stat_buf;
917 927
918 928 if (adt_audit_state(AUC_DISABLED)) {
919 929 /* c2audit excluded */
920 930 *termid = NULL;
921 931 return (0);
922 932 }
923 933
924 934 if ((p_term = calloc(1, sizeof (au_tid_addr_t))) == NULL) {
925 935 goto return_err;
926 936 }
927 937
928 938 if (adt_have_termid(p_term)) {
929 939 *termid = (adt_termid_t *)p_term;
930 940 return (0);
931 941 }
932 942
933 943 p_term->at_port = 0;
934 944
935 945 if (sysinfo(SI_HOSTNAME, localhost, MAXHOSTNAMELEN) < 0) {
936 946 goto return_err_free; /* errno from sysinfo */
937 947 }
938 948
939 949 if (ttyname != NULL && *ttyname != '\0') {
940 950 if (stat(ttyname, &stat_buf) < 0) {
941 951 goto return_err_free;
942 952 }
943 953
944 954 p_term->at_port = stat_buf.st_rdev;
945 955 }
946 956
947 957 if (adt_get_hostIP(localhost, p_term) == 0) {
948 958 *termid = (adt_termid_t *)p_term;
949 959 return (0);
950 960 } else {
951 961 *termid = (adt_termid_t *)p_term;
952 962 return (-1);
953 963 }
954 964
955 965 return_err_free:
956 966 free(p_term);
957 967
958 968 return_err:
959 969 *termid = NULL;
960 970 if (auditstate & AUC_NOAUDIT) {
961 971 return (0);
962 972 }
963 973
964 974 return (-1);
965 975 }
966 976
967 977 /*
968 978 * adt_get_session_id returns a stringified representation of
969 979 * the audit session id. See also adt_get_asid() for how to
970 980 * get the unexpurgated version. No guarantees as to how long
971 981 * the returned string will be or its general form; hex for now.
972 982 *
973 983 * An empty string is returned if auditing is off; length = 1
974 984 * and the pointer is valid.
975 985 *
976 986 * returns strlen + 1 if buffer is valid; else 0 and errno.
977 987 */
978 988
979 989 size_t
980 990 adt_get_session_id(const adt_session_data_t *session_data, char **buff)
981 991 {
982 992 au_asid_t session_id;
983 993 size_t length;
984 994 /*
985 995 * output is 0x followed by
986 996 * two characters per byte
987 997 * plus terminator,
988 998 * except leading 0's are suppressed, so a few bytes may
989 999 * be unused.
990 1000 */
991 1001 length = 2 + (2 * sizeof (session_id)) + 1;
992 1002 *buff = malloc(length);
993 1003
994 1004 if (*buff == NULL) {
995 1005 return (0);
996 1006 }
997 1007 if (session_data == NULL) { /* NULL is not an error */
998 1008 **buff = '\0';
999 1009 return (1);
1000 1010 }
1001 1011 adt_get_asid(session_data, &session_id);
1002 1012
1003 1013 length = snprintf(*buff, length, "0x%X", (int)session_id);
1004 1014
1005 1015 /* length < 1 is a bug: the session data type may have changed */
1006 1016 assert(length > 0);
1007 1017
1008 1018 return (length);
1009 1019 }
1010 1020
1011 1021 /*
1012 1022 * adt_end_session -- close handle, clear context
1013 1023 *
1014 1024 * if as_check is invalid, no harm, no foul, EXCEPT that this could
1015 1025 * be an attempt to free data already free'd, so output to syslog
1016 1026 * to help explain why the process cored dumped.
1017 1027 */
1018 1028
1019 1029 int
1020 1030 adt_end_session(adt_session_data_t *session_data)
1021 1031 {
1022 1032 adt_internal_state_t *state;
1023 1033
1024 1034 if (session_data != NULL) {
1025 1035 state = (adt_internal_state_t *)session_data;
1026 1036 if (state->as_check != ADT_VALID) {
1027 1037 adt_write_syslog("freeing invalid data", EINVAL);
1028 1038 } else {
1029 1039 state->as_check = 0;
1030 1040 m_label_free(state->as_label);
1031 1041 free(session_data);
1032 1042 }
1033 1043 }
1034 1044 /* no errors yet defined */
1035 1045 return (0);
1036 1046 }
1037 1047
1038 1048 /*
1039 1049 * adt_dup_session -- copy the session data
1040 1050 */
1041 1051
1042 1052 int
1043 1053 adt_dup_session(const adt_session_data_t *source, adt_session_data_t **dest)
1044 1054 {
1045 1055 adt_internal_state_t *source_state;
1046 1056 adt_internal_state_t *dest_state = NULL;
1047 1057 int rc = 0;
1048 1058
1049 1059 if (source != NULL) {
1050 1060 source_state = (adt_internal_state_t *)source;
1051 1061 assert(source_state->as_check == ADT_VALID);
1052 1062
1053 1063 dest_state = malloc(sizeof (adt_internal_state_t));
1054 1064 if (dest_state == NULL) {
1055 1065 rc = -1;
1056 1066 goto return_rc;
1057 1067 }
1058 1068 (void) memcpy(dest_state, source,
1059 1069 sizeof (struct adt_internal_state));
1060 1070
1061 1071 if (source_state->as_label != NULL) {
1062 1072 dest_state->as_label = NULL;
1063 1073 if ((rc = m_label_dup(&dest_state->as_label,
1064 1074 source_state->as_label)) != 0) {
1065 1075 free(dest_state);
1066 1076 dest_state = NULL;
1067 1077 }
1068 1078 }
1069 1079 }
1070 1080 return_rc:
1071 1081 *dest = (adt_session_data_t *)dest_state;
1072 1082 return (rc);
1073 1083 }
1074 1084
1075 1085 /*
1076 1086 * from_export_format()
1077 1087 * read from a network order buffer into struct adt_session_data
1078 1088 */
1079 1089
1080 1090 static size_t
1081 1091 adt_from_export_format(adt_internal_state_t *internal,
1082 1092 const adt_export_data_t *external)
1083 1093 {
1084 1094 struct export_header head;
1085 1095 struct export_link link;
1086 1096 adr_t context;
1087 1097 int32_t offset;
1088 1098 int32_t length;
1089 1099 int32_t version;
1090 1100 size_t label_len;
1091 1101 char *p = (char *)external;
1092 1102
1093 1103 adrm_start(&context, (char *)external);
1094 1104 adrm_int32(&context, (int *)&head, 4);
1095 1105
1096 1106 if ((internal->as_check = head.ax_check) != ADT_VALID) {
1097 1107 errno = EINVAL;
1098 1108 return (0);
1099 1109 }
1100 1110 offset = head.ax_link.ax_offset;
1101 1111 version = head.ax_link.ax_version;
1102 1112 length = head.ax_buffer_length;
1103 1113
1104 1114 /*
1105 1115 * Skip newer versions.
1106 1116 */
1107 1117 while (version > PROTOCOL_VERSION_2) {
1108 1118 if (offset < 1) {
1109 1119 return (0); /* failed to match version */
1110 1120 }
1111 1121 p += offset; /* point to next version # */
1112 1122
1113 1123 if (p > (char *)external + length) {
1114 1124 return (0);
1115 1125 }
1116 1126 adrm_start(&context, p);
1117 1127 adrm_int32(&context, (int *)&link, 2);
1118 1128 offset = link.ax_offset;
1119 1129 version = link.ax_version;
1120 1130 assert(version != 0);
1121 1131 }
1122 1132 /*
1123 1133 * Adjust buffer pointer to the first data item (euid).
1124 1134 */
1125 1135 if (p == (char *)external) {
1126 1136 adrm_start(&context, (char *)(p + sizeof (head)));
1127 1137 } else {
1128 1138 adrm_start(&context, (char *)(p + sizeof (link)));
1129 1139 }
1130 1140 /*
1131 1141 * if down rev version, neither pid nor label are included
1132 1142 * in v1 ax_size_of_tsol_data intentionally ignored
1133 1143 */
1134 1144 if (version == PROTOCOL_VERSION_1) {
1135 1145 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1136 1146 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1137 1147 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1138 1148 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1139 1149 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1140 1150 adrm_int32(&context,
1141 1151 (int *)&(internal->as_info.ai_mask.am_success), 2);
1142 1152 adrm_int32(&context,
1143 1153 (int *)&(internal->as_info.ai_termid.at_port), 1);
1144 1154 adrm_int32(&context,
1145 1155 (int *)&(internal->as_info.ai_termid.at_type), 1);
1146 1156 adrm_int32(&context,
1147 1157 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1148 1158 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1149 1159 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1150 1160 internal->as_pid = (pid_t)-1;
1151 1161 internal->as_label = NULL;
1152 1162 } else if (version == PROTOCOL_VERSION_2) {
1153 1163 adrm_int32(&context, (int *)&(internal->as_euid), 1);
1154 1164 adrm_int32(&context, (int *)&(internal->as_ruid), 1);
1155 1165 adrm_int32(&context, (int *)&(internal->as_egid), 1);
1156 1166 adrm_int32(&context, (int *)&(internal->as_rgid), 1);
1157 1167 adrm_int32(&context, (int *)&(internal->as_info.ai_auid), 1);
1158 1168 adrm_int32(&context,
1159 1169 (int *)&(internal->as_info.ai_mask.am_success), 2);
1160 1170 adrm_int32(&context,
1161 1171 (int *)&(internal->as_info.ai_termid.at_port), 1);
1162 1172 adrm_int32(&context,
1163 1173 (int *)&(internal->as_info.ai_termid.at_type), 1);
1164 1174 adrm_int32(&context,
1165 1175 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1166 1176 adrm_int32(&context, (int *)&(internal->as_info.ai_asid), 1);
1167 1177 adrm_int32(&context, (int *)&(internal->as_audit_state), 1);
1168 1178 adrm_int32(&context, (int *)&(internal->as_pid), 1);
1169 1179 adrm_int32(&context, (int *)&label_len, 1);
1170 1180 if (label_len > 0) {
1171 1181 /* read in and deal with different sized labels. */
1172 1182 size32_t my_label_len = blabel_size();
1173 1183
1174 1184 if ((internal->as_label =
1175 1185 m_label_alloc(MAC_LABEL)) == NULL) {
1176 1186 return (0);
1177 1187 }
1178 1188 if (label_len > my_label_len) {
1179 1189 errno = EINVAL;
1180 1190 m_label_free(internal->as_label);
1181 1191 return (0);
1182 1192 }
1183 1193 (void) memset(internal->as_label, 0, my_label_len);
1184 1194 adrm_int32(&context, (int *)(internal->as_label),
1185 1195 label_len / sizeof (int32_t));
1186 1196 } else {
1187 1197 internal->as_label = NULL;
1188 1198 }
1189 1199 }
1190 1200
1191 1201 return (length);
1192 1202 }
1193 1203
1194 1204 /*
1195 1205 * adt_to_export_format
1196 1206 * read from struct adt_session_data into a network order buffer.
1197 1207 *
1198 1208 * (network order 'cause this data may be shared with a remote host.)
1199 1209 */
1200 1210
1201 1211 static size_t
1202 1212 adt_to_export_format(adt_export_data_t *external,
1203 1213 adt_internal_state_t *internal)
1204 1214 {
1205 1215 struct export_header head;
1206 1216 struct export_link tail;
1207 1217 adr_t context;
1208 1218 size32_t label_len = 0;
1209 1219
1210 1220 adrm_start(&context, (char *)external);
1211 1221
1212 1222 if (internal->as_label != NULL) {
1213 1223 label_len = blabel_size();
1214 1224 }
1215 1225
1216 1226 head.ax_check = ADT_VALID;
1217 1227 head.ax_buffer_length = sizeof (struct adt_export_data) + label_len;
1218 1228
1219 1229 /* version 2 first */
1220 1230
1221 1231 head.ax_link.ax_version = PROTOCOL_VERSION_2;
1222 1232 head.ax_link.ax_offset = sizeof (struct export_header) +
1223 1233 sizeof (struct adt_export_v2) + label_len;
1224 1234
1225 1235 adrm_putint32(&context, (int *)&head, 4);
1226 1236
1227 1237 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1228 1238 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1229 1239 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1230 1240 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1231 1241 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1232 1242 adrm_putint32(&context,
1233 1243 (int *)&(internal->as_info.ai_mask.am_success), 2);
1234 1244 adrm_putint32(&context,
1235 1245 (int *)&(internal->as_info.ai_termid.at_port), 1);
1236 1246 adrm_putint32(&context,
1237 1247 (int *)&(internal->as_info.ai_termid.at_type), 1);
1238 1248 adrm_putint32(&context,
1239 1249 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1240 1250 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1241 1251 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1242 1252 adrm_putint32(&context, (int *)&(internal->as_pid), 1);
1243 1253 adrm_putint32(&context, (int *)&label_len, 1);
1244 1254 if (internal->as_label != NULL) {
1245 1255 /* serialize the label */
1246 1256 adrm_putint32(&context, (int *)(internal->as_label),
1247 1257 (label_len / sizeof (int32_t)));
1248 1258 }
1249 1259
1250 1260 /* now version 1 */
1251 1261
1252 1262 tail.ax_version = PROTOCOL_VERSION_1;
1253 1263 tail.ax_offset = 0;
1254 1264
1255 1265 adrm_putint32(&context, (int *)&tail, 2);
1256 1266
1257 1267 adrm_putint32(&context, (int *)&(internal->as_euid), 1);
1258 1268 adrm_putint32(&context, (int *)&(internal->as_ruid), 1);
1259 1269 adrm_putint32(&context, (int *)&(internal->as_egid), 1);
1260 1270 adrm_putint32(&context, (int *)&(internal->as_rgid), 1);
1261 1271 adrm_putint32(&context, (int *)&(internal->as_info.ai_auid), 1);
1262 1272 adrm_putint32(&context,
1263 1273 (int *)&(internal->as_info.ai_mask.am_success), 2);
1264 1274 adrm_putint32(&context,
1265 1275 (int *)&(internal->as_info.ai_termid.at_port), 1);
1266 1276 adrm_putint32(&context,
1267 1277 (int *)&(internal->as_info.ai_termid.at_type), 1);
1268 1278 adrm_putint32(&context,
1269 1279 (int *)&(internal->as_info.ai_termid.at_addr[0]), 4);
1270 1280 adrm_putint32(&context, (int *)&(internal->as_info.ai_asid), 1);
1271 1281 adrm_putint32(&context, (int *)&(internal->as_audit_state), 1);
1272 1282 /* ignored in v1 */
1273 1283 adrm_putint32(&context, (int *)&label_len, 1);
1274 1284
1275 1285 /* finally terminator */
1276 1286
1277 1287 tail.ax_version = 0; /* invalid version number */
1278 1288 tail.ax_offset = 0;
1279 1289
1280 1290 adrm_putint32(&context, (int *)&tail, 2);
1281 1291
1282 1292 return (head.ax_buffer_length);
1283 1293 }
1284 1294
1285 1295 /*
1286 1296 * adt_ucred_label() -- if label is available, duplicate it.
1287 1297 */
1288 1298
1289 1299 static m_label_t *
1290 1300 adt_ucred_label(ucred_t *uc)
1291 1301 {
1292 1302 m_label_t *ul = NULL;
1293 1303
1294 1304 if (ucred_getlabel(uc) != NULL) {
1295 1305 (void) m_label_dup(&ul, ucred_getlabel(uc));
1296 1306 }
1297 1307
1298 1308 return (ul);
1299 1309 }
1300 1310
1301 1311 /*
1302 1312 * adt_import() -- convert from network order to machine-specific order
1303 1313 */
1304 1314
1305 1315 static int
1306 1316 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
1307 1317 {
1308 1318 au_mask_t mask;
1309 1319
1310 1320 /* save local audit state */
1311 1321 int local_audit_state = internal->as_audit_state;
1312 1322
1313 1323 if (adt_from_export_format(internal, external) < 1)
1314 1324 return (-1); /* errno from adt_from_export_format */
1315 1325
1316 1326 /*
1317 1327 * If audit isn't enabled on the remote, they were unable
1318 1328 * to generate the audit mask, so generate it based on
1319 1329 * local configuration. If the user id has changed, the
1320 1330 * resulting mask may miss some subtleties that occurred
1321 1331 * on the remote system.
1322 1332 *
1323 1333 * If the remote failed to generate a terminal id, it is not
1324 1334 * recoverable.
1325 1335 */
1326 1336
1327 1337 if (!(internal->as_audit_state & AUC_DISABLED)) {
1328 1338 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1329 1339 &(internal->as_info.ai_mask)))
1330 1340 return (-1);
1331 1341 if (internal->as_info.ai_auid != internal->as_ruid) {
1332 1342 if (adt_get_mask_from_user(internal->as_info.ai_auid,
1333 1343 &mask))
1334 1344 return (-1);
1335 1345 internal->as_info.ai_mask.am_success |=
1336 1346 mask.am_success;
1337 1347 internal->as_info.ai_mask.am_failure |=
1338 1348 mask.am_failure;
1339 1349 }
1340 1350 }
1341 1351 internal->as_audit_state = local_audit_state;
1342 1352
1343 1353 DPRINTF(("(%lld)imported asid = %X %u\n", (long long) getpid(),
1344 1354 internal->as_info.ai_asid,
1345 1355 internal->as_info.ai_asid));
1346 1356
1347 1357 internal->as_have_user_data = ADT_HAVE_ALL;
1348 1358
1349 1359 return (0);
1350 1360 }
1351 1361
1352 1362 /*
1353 1363 * adt_export_session_data()
1354 1364 * copies a adt_session_data struct into a network order buffer
1355 1365 *
1356 1366 * In a misconfigured network, the local host may have auditing
1357 1367 * off while the destination may have auditing on, so if there
1358 1368 * is sufficient memory, a buffer will be returned even in the
1359 1369 * audit off case.
1360 1370 */
1361 1371
1362 1372 size_t
1363 1373 adt_export_session_data(const adt_session_data_t *internal,
1364 1374 adt_export_data_t **external)
1365 1375 {
1366 1376 size32_t length = 0;
1367 1377
1368 1378 if ((internal != NULL) &&
1369 1379 ((adt_internal_state_t *)internal)->as_label != NULL) {
1370 1380 length = blabel_size();
1371 1381 }
1372 1382
1373 1383 *external = malloc(sizeof (adt_export_data_t) + length);
1374 1384
1375 1385 if (*external == NULL)
1376 1386 return (0);
1377 1387
1378 1388 if (internal == NULL) {
1379 1389 adt_internal_state_t *dummy;
1380 1390
1381 1391 dummy = malloc(sizeof (adt_internal_state_t));
1382 1392 if (dummy == NULL)
1383 1393 goto return_length_free;
1384 1394
1385 1395 if (adt_init(dummy, 0)) { /* 0 == don't copy from proc */
1386 1396 free(dummy);
1387 1397 goto return_length_free;
1388 1398 }
1389 1399 length = adt_to_export_format(*external, dummy);
1390 1400 free(dummy);
1391 1401 } else {
1392 1402 length = adt_to_export_format(*external,
1393 1403 (adt_internal_state_t *)internal);
1394 1404 }
1395 1405 return (length);
1396 1406
1397 1407 return_length_free:
1398 1408 free(*external);
1399 1409 *external = NULL;
1400 1410 return (0);
1401 1411 }
1402 1412
1403 1413 static void
1404 1414 adt_setto_unaudited(adt_internal_state_t *state)
1405 1415 {
1406 1416 if (state->as_audit_state & AUC_DISABLED) {
1407 1417 state->as_ruid = AU_NOAUDITID;
1408 1418 state->as_euid = AU_NOAUDITID;
1409 1419 state->as_rgid = AU_NOAUDITID;
1410 1420 state->as_egid = AU_NOAUDITID;
1411 1421 state->as_pid = (pid_t)-1;
1412 1422 state->as_label = NULL;
1413 1423 } else {
1414 1424 state->as_info.ai_asid = 0;
1415 1425 state->as_info.ai_auid = AU_NOAUDITID;
1416 1426
1417 1427 (void) memset((void *)&(state->as_info.ai_termid), 0,
1418 1428 sizeof (au_tid_addr_t));
1419 1429 state->as_info.ai_termid.at_type = AU_IPv4;
1420 1430
1421 1431 (void) memset((void *)&(state->as_info.ai_mask), 0,
1422 1432 sizeof (au_mask_t));
1423 1433 state->as_have_user_data = 0;
1424 1434 }
1425 1435 }
1426 1436
1427 1437 /*
1428 1438 * adt_init -- set session context by copying the audit characteristics
1429 1439 * from the proc and picking up current uid/tid information.
1430 1440 *
1431 1441 * By default, an audit session is based on the process; the default
1432 1442 * is overriden by adt_set_user()
1433 1443 */
1434 1444
1435 1445 static int
1436 1446 adt_init(adt_internal_state_t *state, int use_proc_data)
1437 1447 {
1438 1448 /* ensure auditstate is set */
1439 1449
1440 1450 (void) adt_audit_state(0);
1441 1451 state->as_audit_state = auditstate;
1442 1452
1443 1453 if (use_proc_data) {
1444 1454 state->as_ruid = getuid();
1445 1455 state->as_euid = geteuid();
1446 1456 state->as_rgid = getgid();
1447 1457 state->as_egid = getegid();
1448 1458 state->as_pid = getpid();
1449 1459
1450 1460 if (!(state->as_audit_state & AUC_DISABLED)) {
1451 1461 const au_tid64_addr_t *tid;
1452 1462 const au_mask_t *mask;
1453 1463 ucred_t *ucred = ucred_get(P_MYID);
1454 1464
1455 1465 /*
1456 1466 * Even if the ucred is NULL, the underlying
1457 1467 * credential may have a valid terminal id; if the
1458 1468 * terminal id is set, then that's good enough. An
1459 1469 * example of where this matters is failed login,
1460 1470 * where rlogin/telnet sets the terminal id before
1461 1471 * calling login; login does not load the credential
1462 1472 * since auth failed.
1463 1473 */
1464 1474 if (ucred == NULL) {
1465 1475 if (!adt_have_termid(
1466 1476 &(state->as_info.ai_termid)))
1467 1477 return (-1);
1468 1478 } else {
1469 1479 mask = ucred_getamask(ucred);
1470 1480 if (mask != NULL) {
1471 1481 state->as_info.ai_mask = *mask;
1472 1482 } else {
1473 1483 ucred_free(ucred);
1474 1484 return (-1);
1475 1485 }
1476 1486 tid = ucred_getatid(ucred);
1477 1487 if (tid != NULL) {
1478 1488 adt_cpy_tid(&(state->as_info.ai_termid),
1479 1489 tid);
1480 1490 } else {
1481 1491 ucred_free(ucred);
1482 1492 return (-1);
1483 1493 }
1484 1494 state->as_info.ai_asid = ucred_getasid(ucred);
1485 1495 state->as_info.ai_auid = ucred_getauid(ucred);
1486 1496 state->as_label = adt_ucred_label(ucred);
1487 1497 ucred_free(ucred);
1488 1498 }
1489 1499 state->as_have_user_data = ADT_HAVE_ALL;
1490 1500 }
1491 1501 } else {
1492 1502 adt_setto_unaudited(state);
1493 1503 }
1494 1504 state->as_session_model = ADT_SESSION_MODEL; /* default */
1495 1505
1496 1506 if ((state->as_audit_state & (AUC_AUDITING | AUC_NOSPACE)) &&
1497 1507 auditon(A_GETPOLICY, (caddr_t)&(state->as_kernel_audit_policy),
1498 1508 sizeof (state->as_kernel_audit_policy))) {
1499 1509 return (-1); /* errno set by auditon */
1500 1510 }
1501 1511 state->as_check = ADT_VALID;
1502 1512 adt_load_table((adt_session_data_t *)state, &adt_xlate_table[0],
1503 1513 &adt_preload);
1504 1514 return (0);
1505 1515 }
1506 1516
1507 1517 /*
1508 1518 * adt_set_proc
1509 1519 *
1510 1520 * Copy the current session state to the process. If this function
1511 1521 * is called, the model becomes a process model rather than a
1512 1522 * session model.
1513 1523 *
1514 1524 * In the current implementation, the value state->as_have_user_data
1515 1525 * must contain all of: ADT_HAVE_{AUID,MASK,TID,ASID}. These are all set
1516 1526 * by adt_set_user() when the ADT_SETTID or ADT_NEW flag is passed in.
1517 1527 *
1518 1528 */
1519 1529
1520 1530 int
1521 1531 adt_set_proc(const adt_session_data_t *session_data)
1522 1532 {
1523 1533 adt_internal_state_t *state;
1524 1534
1525 1535 if (session_data == NULL) {
1526 1536 return (0);
1527 1537 }
1528 1538
1529 1539 state = (adt_internal_state_t *)session_data;
1530 1540
1531 1541 assert(state->as_check == ADT_VALID);
1532 1542
1533 1543 if ((state->as_have_user_data & (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) !=
1534 1544 (ADT_HAVE_ALL & ~ADT_HAVE_IDS)) {
1535 1545 errno = EINVAL;
1536 1546 goto return_err;
1537 1547 }
1538 1548
1539 1549 if (setaudit_addr((auditinfo_addr_t *)&(state->as_info),
1540 1550 sizeof (auditinfo_addr_t)) < 0) {
1541 1551 goto return_err; /* errno set by setaudit_addr() */
1542 1552 }
1543 1553
1544 1554 state->as_session_model = ADT_PROCESS_MODEL;
1545 1555
1546 1556 return (0);
1547 1557
1548 1558 return_err:
1549 1559 adt_write_syslog("failed to set process audit characteristics", errno);
1550 1560 return (-1);
1551 1561 }
1552 1562
1553 1563 static int
1554 1564 adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
1555 1565 {
1556 1566 au_tid_addr_t no_tid = {0, AU_IPv4, 0, 0, 0, 0};
1557 1567 au_mask_t no_mask = {0, 0};
1558 1568
1559 1569 if (ruid == ADT_NO_AUDIT) {
1560 1570 state->as_info.ai_auid = AU_NOAUDITID;
1561 1571 state->as_info.ai_asid = 0;
1562 1572 state->as_info.ai_termid = no_tid;
1563 1573 state->as_info.ai_mask = no_mask;
1564 1574 return (0);
1565 1575 }
1566 1576 state->as_info.ai_auid = ruid;
1567 1577 state->as_info.ai_asid = adt_get_unique_id(ruid);
1568 1578 if (termid != NULL)
1569 1579 state->as_info.ai_termid = *termid;
1570 1580
1571 1581 if (adt_get_mask_from_user(ruid, &(state->as_info.ai_mask)))
1572 1582 return (-1);
1573 1583
1574 1584 /* Assume intending to audit as this process */
1575 1585
1576 1586 if (state->as_pid == (pid_t)-1)
1577 1587 state->as_pid = getpid();
1578 1588
1579 1589 if (is_system_labeled() && state->as_label == NULL) {
1580 1590 ucred_t *ucred = ucred_get(P_MYID);
1581 1591
1582 1592 state->as_label = adt_ucred_label(ucred);
1583 1593 ucred_free(ucred);
1584 1594 }
1585 1595
1586 1596 return (0);
1587 1597 }
1588 1598
1589 1599 static int
1590 1600 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
1591 1601 {
1592 1602 au_mask_t mask;
1593 1603
1594 1604 if (!(state->as_have_user_data & ADT_HAVE_AUID))
1595 1605 state->as_info.ai_auid = ruid;
1596 1606 if (!(state->as_have_user_data & ADT_HAVE_ASID))
1597 1607 state->as_info.ai_asid = adt_get_unique_id(ruid);
1598 1608
1599 1609 if (ruid <= MAXEPHUID) {
1600 1610 if (adt_get_mask_from_user(ruid, &mask))
1601 1611 return (-1);
1602 1612
1603 1613 state->as_info.ai_mask.am_success |= mask.am_success;
1604 1614 state->as_info.ai_mask.am_failure |= mask.am_failure;
1605 1615 }
1606 1616 DPRINTF(("changed mask to %08X/%08X for ruid=%d\n",
1607 1617 state->as_info.ai_mask.am_success,
1608 1618 state->as_info.ai_mask.am_failure,
1609 1619 ruid));
1610 1620 return (0);
1611 1621 }
1612 1622
1613 1623 /*
1614 1624 * adt_set_user -- see also adt_set_from_ucred()
1615 1625 *
1616 1626 * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
1617 1627 * "unattributed." If ruid, change the model to session.
1618 1628 *
1619 1629 * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
1620 1630 * only valid with ADT_UPDATE.
1621 1631 *
1622 1632 * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
1623 1633 * isn't a good reason to call adt_set_user() with it unless you don't
1624 1634 * have a good value yet and intend to replace it later; auid will be
1625 1635 * AU_NOAUDITID.
1626 1636 *
1627 1637 * adt_set_user should be called even if auditing is not enabled
1628 1638 * so that adt_export_session_data() will have useful stuff to
1629 1639 * work with.
1630 1640 *
1631 1641 * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
1632 1642 * and ADT_HAVE_ALL.
1633 1643 */
1634 1644
1635 1645 int
1636 1646 adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
1637 1647 uid_t ruid, gid_t rgid, const adt_termid_t *termid,
1638 1648 enum adt_user_context user_context)
1639 1649 {
1640 1650 adt_internal_state_t *state;
1641 1651 int rc;
1642 1652
1643 1653 if (session_data == NULL) /* no session exists to audit */
1644 1654 return (0);
1645 1655
1646 1656 state = (adt_internal_state_t *)session_data;
1647 1657 assert(state->as_check == ADT_VALID);
1648 1658
1649 1659 switch (user_context) {
1650 1660 case ADT_NEW:
1651 1661 if (ruid == ADT_NO_CHANGE || euid == ADT_NO_CHANGE ||
1652 1662 rgid == ADT_NO_CHANGE || egid == ADT_NO_CHANGE) {
1653 1663 errno = EINVAL;
1654 1664 return (-1);
1655 1665 }
1656 1666 if ((rc = adt_newuser(state, ruid,
1657 1667 (au_tid_addr_t *)termid)) != 0)
1658 1668 return (rc);
1659 1669
1660 1670 state->as_have_user_data = ADT_HAVE_ALL;
1661 1671 break;
1662 1672 case ADT_UPDATE:
1663 1673 if (state->as_have_user_data != ADT_HAVE_ALL) {
1664 1674 errno = EINVAL;
1665 1675 return (-1);
1666 1676 }
1667 1677
1668 1678 if (ruid != ADT_NO_CHANGE)
1669 1679 if ((rc = adt_changeuser(state, ruid)) != 0)
1670 1680 return (rc);
1671 1681 break;
1672 1682 case ADT_USER:
1673 1683 if (state->as_have_user_data != ADT_HAVE_ALL) {
1674 1684 errno = EINVAL;
1675 1685 return (-1);
1676 1686 }
1677 1687 break;
1678 1688 case ADT_SETTID:
1679 1689 assert(termid != NULL);
1680 1690 state->as_info.ai_termid = *((au_tid_addr_t *)termid);
1681 1691 /* avoid fooling pam_setcred()... */
1682 1692 state->as_info.ai_auid = AU_NOAUDITID;
1683 1693 state->as_info.ai_asid = 0;
1684 1694 state->as_info.ai_mask.am_failure = 0;
1685 1695 state->as_info.ai_mask.am_success = 0;
1686 1696 state->as_have_user_data = ADT_HAVE_TID |
1687 1697 ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
1688 1698 return (0);
1689 1699 default:
1690 1700 errno = EINVAL;
1691 1701 return (-1);
1692 1702 }
1693 1703
1694 1704 if (ruid == ADT_NO_AUDIT) {
1695 1705 state->as_ruid = AU_NOAUDITID;
1696 1706 state->as_euid = AU_NOAUDITID;
1697 1707 state->as_rgid = AU_NOAUDITID;
1698 1708 state->as_egid = AU_NOAUDITID;
1699 1709 } else {
1700 1710 if (ruid != ADT_NO_CHANGE)
1701 1711 state->as_ruid = ruid;
1702 1712 if (euid != ADT_NO_CHANGE)
1703 1713 state->as_euid = euid;
1704 1714 if (rgid != ADT_NO_CHANGE)
1705 1715 state->as_rgid = rgid;
1706 1716 if (egid != ADT_NO_CHANGE)
1707 1717 state->as_egid = egid;
1708 1718 }
1709 1719
1710 1720 if (ruid == ADT_NO_ATTRIB) {
1711 1721 state->as_session_model = ADT_SESSION_MODEL;
1712 1722 }
1713 1723
1714 1724 return (0);
1715 1725 }
1716 1726
1717 1727 /*
1718 1728 * adt_set_from_ucred()
1719 1729 *
1720 1730 * an alternate to adt_set_user that fills the same role but uses
1721 1731 * a pointer to a ucred rather than a list of id's. If the ucred
1722 1732 * pointer is NULL, use the credential from the this process.
1723 1733 *
1724 1734 * A key difference is that for ADT_NEW, adt_set_from_ucred() does
1725 1735 * not overwrite the asid and auid unless auid has not been set.
1726 1736 * ADT_NEW differs from ADT_UPDATE in that it does not OR together
1727 1737 * the incoming audit mask with the one that already exists.
1728 1738 *
1729 1739 * adt_set_from_ucred should be called even if auditing is not enabled
1730 1740 * so that adt_export_session_data() will have useful stuff to
1731 1741 * work with.
1732 1742 */
1733 1743
1734 1744 int
1735 1745 adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
1736 1746 enum adt_user_context user_context)
1737 1747 {
1738 1748 adt_internal_state_t *state;
1739 1749 int rc = -1;
1740 1750 const au_tid64_addr_t *tid64;
1741 1751 au_tid_addr_t termid, *tid;
1742 1752 ucred_t *ucred = (ucred_t *)uc;
1743 1753 boolean_t local_uc = B_FALSE;
1744 1754
1745 1755 if (session_data == NULL) /* no session exists to audit */
1746 1756 return (0);
1747 1757
1748 1758 state = (adt_internal_state_t *)session_data;
1749 1759 assert(state->as_check == ADT_VALID);
1750 1760
1751 1761 if (ucred == NULL) {
1752 1762 ucred = ucred_get(P_MYID);
1753 1763
1754 1764 if (ucred == NULL)
1755 1765 goto return_rc;
1756 1766 local_uc = B_TRUE;
1757 1767 }
1758 1768
1759 1769 switch (user_context) {
1760 1770 case ADT_NEW:
1761 1771 tid64 = ucred_getatid(ucred);
1762 1772 if (tid64 != NULL) {
1763 1773 adt_cpy_tid(&termid, tid64);
1764 1774 tid = &termid;
1765 1775 } else {
1766 1776 tid = NULL;
1767 1777 }
1768 1778 if (ucred_getauid(ucred) == AU_NOAUDITID) {
1769 1779 adt_setto_unaudited(state);
1770 1780 state->as_have_user_data = ADT_HAVE_ALL;
1771 1781 rc = 0;
1772 1782 goto return_rc;
1773 1783 } else {
1774 1784 state->as_info.ai_auid = ucred_getauid(ucred);
1775 1785 state->as_info.ai_asid = ucred_getasid(ucred);
1776 1786 state->as_info.ai_mask = *ucred_getamask(ucred);
1777 1787 state->as_info.ai_termid = *tid;
1778 1788 }
1779 1789 state->as_have_user_data = ADT_HAVE_ALL;
1780 1790 break;
1781 1791 case ADT_UPDATE:
1782 1792 if (state->as_have_user_data != ADT_HAVE_ALL) {
1783 1793 errno = EINVAL;
1784 1794 goto return_rc;
1785 1795 }
1786 1796
1787 1797 if ((rc = adt_changeuser(state, ucred_getruid(ucred))) != 0)
1788 1798 goto return_rc;
1789 1799 break;
1790 1800 case ADT_USER:
1791 1801 if (state->as_have_user_data != ADT_HAVE_ALL) {
1792 1802 errno = EINVAL;
1793 1803 goto return_rc;
1794 1804 }
1795 1805 break;
1796 1806 default:
1797 1807 errno = EINVAL;
1798 1808 goto return_rc;
1799 1809 }
1800 1810 rc = 0;
1801 1811
1802 1812 state->as_ruid = ucred_getruid(ucred);
1803 1813 state->as_euid = ucred_geteuid(ucred);
1804 1814 state->as_rgid = ucred_getrgid(ucred);
1805 1815 state->as_egid = ucred_getegid(ucred);
1806 1816 state->as_pid = ucred_getpid(ucred);
1807 1817 state->as_label = adt_ucred_label(ucred);
1808 1818
1809 1819 return_rc:
1810 1820 if (local_uc) {
1811 1821 ucred_free(ucred);
1812 1822 }
1813 1823 return (rc);
1814 1824 }
1815 1825
1816 1826 /*
1817 1827 * adt_alloc_event() returns a pointer to allocated memory
1818 1828 *
1819 1829 */
1820 1830
1821 1831 adt_event_data_t
1822 1832 *adt_alloc_event(const adt_session_data_t *session_data, au_event_t event_id)
1823 1833 {
1824 1834 struct adt_event_state *event_state;
1825 1835 adt_internal_state_t *session_state;
1826 1836 adt_event_data_t *return_event = NULL;
1827 1837 /*
1828 1838 * need to return a valid event pointer even if audit is
1829 1839 * off, else the caller will end up either (1) keeping its
1830 1840 * own flags for on/off or (2) writing to a NULL pointer.
1831 1841 * If auditing is on, the session data must be valid; otherwise
1832 1842 * we don't care.
1833 1843 */
1834 1844 if (session_data != NULL) {
1835 1845 session_state = (adt_internal_state_t *)session_data;
1836 1846 assert(session_state->as_check == ADT_VALID);
1837 1847 }
1838 1848 event_state = calloc(1, sizeof (struct adt_event_state));
1839 1849 if (event_state == NULL)
1840 1850 goto return_ptr;
1841 1851
1842 1852 event_state->ae_check = ADT_VALID;
1843 1853
1844 1854 event_state->ae_event_id = event_id;
1845 1855 event_state->ae_session = (struct adt_internal_state *)session_data;
1846 1856
1847 1857 return_event = (adt_event_data_t *)&(event_state->ae_event_data);
1848 1858
1849 1859 /*
1850 1860 * preload data so the adt_au_*() functions can detect un-supplied
1851 1861 * values (0 and NULL are free via calloc()).
1852 1862 */
1853 1863 if (session_data != NULL) {
1854 1864 session_state->as_preload(event_id, return_event);
1855 1865 }
1856 1866
1857 1867 return_ptr:
1858 1868 return (return_event);
1859 1869 }
1860 1870
1861 1871 /*
1862 1872 * adt_getXlateTable -- look up translation table address for event id
1863 1873 */
1864 1874
1865 1875 static adt_translation_t *
1866 1876 adt_getXlateTable(adt_translation_t **xlate, au_event_t event_id)
1867 1877 {
1868 1878 /* xlate_table is global in adt_xlate.c */
1869 1879 adt_translation_t **p_xlate = xlate;
1870 1880 adt_translation_t *p_event;
1871 1881
1872 1882 while (*p_xlate != NULL) {
1873 1883 p_event = *p_xlate;
1874 1884 if (event_id == p_event->tx_external_event)
1875 1885 return (p_event);
1876 1886 p_xlate++;
1877 1887 }
1878 1888 return (NULL);
1879 1889 }
1880 1890
1881 1891 /*
1882 1892 * adt_calcOffsets
1883 1893 *
1884 1894 * the call to this function is surrounded by a mutex.
1885 1895 *
1886 1896 * i walks down the table picking up next_token. j walks again to
1887 1897 * calculate the offset to the input data. k points to the next
1888 1898 * token's row. Finally, l, is used to sum the values in the
1889 1899 * datadef array.
1890 1900 *
1891 1901 * What's going on? The entry array is in the order of the input
1892 1902 * fields but the processing of array entries is in the order of
1893 1903 * the output (see next_token). Calculating the offset to the
1894 1904 * "next" input can't be done in the outer loop (i) since i doesn't
1895 1905 * point to the current entry and it can't be done with the k index
1896 1906 * because it doesn't represent the order of input fields.
1897 1907 *
1898 1908 * While the resulting algorithm is n**2, it is only done once per
1899 1909 * event type.
1900 1910 */
1901 1911
1902 1912 /*
1903 1913 * adt_calcOffsets is only called once per event type, but it uses
1904 1914 * the address alignment of memory allocated for that event as if it
1905 1915 * were the same for all subsequently allocated memory. This is
1906 1916 * guaranteed by calloc/malloc. Arrays take special handling since
1907 1917 * what matters for figuring out the correct alignment is the size
1908 1918 * of the array element.
1909 1919 */
1910 1920
1911 1921 static void
1912 1922 adt_calcOffsets(struct entry *p_entry, int tablesize, void *p_data)
1913 1923 {
1914 1924 int i, j;
1915 1925 size_t this_size, prev_size;
1916 1926 void *struct_start = p_data;
1917 1927
1918 1928 for (i = 0; i < tablesize; i++) {
1919 1929 if (p_entry[i].en_type_def == NULL) {
1920 1930 p_entry[i].en_offset = 0;
1921 1931 continue;
1922 1932 }
1923 1933 prev_size = 0;
1924 1934 p_entry[i].en_offset = (char *)p_data - (char *)struct_start;
1925 1935
1926 1936 for (j = 0; j < p_entry[i].en_count_types; j++) {
1927 1937 if (p_entry[i].en_type_def[j].dd_datatype == ADT_MSG)
1928 1938 this_size = sizeof (enum adt_generic);
1929 1939 else
1930 1940 this_size =
1931 1941 p_entry[i].en_type_def[j].dd_input_size;
1932 1942
1933 1943 /* adj for first entry */
1934 1944 if (prev_size == 0)
1935 1945 prev_size = this_size;
1936 1946
1937 1947 if (p_entry[i].en_type_def[j].dd_datatype ==
1938 1948 ADT_UINT32ARRAY) {
1939 1949 p_data = (char *)adt_adjust_address(p_data,
1940 1950 prev_size, sizeof (uint32_t)) +
1941 1951 this_size - sizeof (uint32_t);
1942 1952
1943 1953 prev_size = sizeof (uint32_t);
1944 1954 } else {
1945 1955 p_data = adt_adjust_address(p_data, prev_size,
1946 1956 this_size);
1947 1957 prev_size = this_size;
1948 1958 }
1949 1959 }
1950 1960 }
1951 1961 }
1952 1962
1953 1963 /*
1954 1964 * adt_generate_event
1955 1965 * generate event record from external struct. The order is based on
1956 1966 * the output tokens, allowing for the possibility that the input data
1957 1967 * is in a different order.
1958 1968 *
1959 1969 */
1960 1970
1961 1971 static int
1962 1972 adt_generate_event(const adt_event_data_t *p_extdata,
1963 1973 struct adt_event_state *p_event,
1964 1974 adt_translation_t *p_xlate)
1965 1975 {
1966 1976 struct entry *p_entry;
1967 1977 static mutex_t lock = DEFAULTMUTEX;
1968 1978
1969 1979 p_entry = p_xlate->tx_first_entry;
1970 1980 assert(p_entry != NULL);
1971 1981
1972 1982 p_event->ae_internal_id = p_xlate->tx_internal_event;
1973 1983 adt_token_open(p_event);
1974 1984
1975 1985 /*
1976 1986 * offsets are not pre-calculated; the initial offsets are all
1977 1987 * 0; valid offsets are >= 0. Offsets for no-input tokens such
1978 1988 * as subject are set to -1 by adt_calcOffset()
1979 1989 */
1980 1990 if (p_xlate->tx_offsetsCalculated == 0) {
1981 1991 (void) mutex_lock(&lock);
1982 1992 p_xlate->tx_offsetsCalculated = 1;
1983 1993
1984 1994 adt_calcOffsets(p_xlate->tx_top_entry, p_xlate->tx_entries,
1985 1995 (void *)p_extdata);
1986 1996 (void) mutex_unlock(&lock);
1987 1997 }
1988 1998 while (p_entry != NULL) {
1989 1999 adt_generate_token(p_entry, (char *)p_extdata, p_event);
1990 2000
1991 2001 p_entry = p_entry->en_next_token;
1992 2002 }
1993 2003 return (adt_token_close(p_event));
1994 2004 }
1995 2005
1996 2006 /*
1997 2007 * adt_put_event -- main event generation function.
1998 2008 * The input "event" is the address of the struct containing
1999 2009 * event-specific data.
2000 2010 *
2001 2011 * However if auditing is off or the session handle
2002 2012 * is NULL, no attempt to write a record is made.
2003 2013 */
2004 2014
2005 2015 int
2006 2016 adt_put_event(const adt_event_data_t *event, int status, int return_val)
2007 2017 {
2008 2018 struct adt_event_state *event_state;
2009 2019 adt_translation_t *xlate;
2010 2020
2011 2021 if (event == NULL) {
2012 2022 errno = EINVAL;
2013 2023 return (-1);
2014 2024 }
2015 2025 event_state = (struct adt_event_state *)event;
2016 2026
2017 2027 /* if this is a broken session or not auditing, exit */
2018 2028 if ((event_state->ae_session == NULL) ||
2019 2029 !(event_state->ae_session->as_audit_state &
2020 2030 (AUC_AUDITING | AUC_NOSPACE))) {
2021 2031 return (0);
2022 2032 }
2023 2033
2024 2034 assert(event_state->ae_check == ADT_VALID);
2025 2035
2026 2036 event_state->ae_rc = status;
2027 2037 event_state->ae_type = return_val;
2028 2038
2029 2039 /* look up the event */
2030 2040
2031 2041 xlate = adt_getXlateTable(event_state->ae_session->as_xlate,
2032 2042 event_state->ae_event_id);
2033 2043
2034 2044 if (xlate == NULL) {
2035 2045 errno = EINVAL;
2036 2046 return (-1);
2037 2047 }
2038 2048 DPRINTF(("got event %d\n", xlate->tx_internal_event));
2039 2049
2040 2050 if (adt_selected(event_state, xlate->tx_internal_event, status)) {
2041 2051 return (adt_generate_event(event, event_state, xlate));
2042 2052 }
2043 2053
2044 2054 return (0);
2045 2055 }
2046 2056
2047 2057 /*
2048 2058 * adt_free_event -- invalidate and free
2049 2059 */
2050 2060
2051 2061 void
2052 2062 adt_free_event(adt_event_data_t *event)
2053 2063 {
2054 2064 struct adt_event_state *event_state;
2055 2065
2056 2066 if (event == NULL)
2057 2067 return;
2058 2068
2059 2069 event_state = (struct adt_event_state *)event;
2060 2070
2061 2071 assert(event_state->ae_check == ADT_VALID);
2062 2072
2063 2073 event_state->ae_check = 0;
2064 2074
2065 2075 free(event_state);
2066 2076 }
2067 2077
2068 2078 /*
2069 2079 * adt_is_selected -- helper to adt_selected(), below.
2070 2080 *
2071 2081 * "sorf" is "success or fail" status; au_preselect compares
2072 2082 * that with success, fail, or both.
2073 2083 */
2074 2084
2075 2085 static int
2076 2086 adt_is_selected(au_event_t e, au_mask_t *m, int sorf)
2077 2087 {
2078 2088 int prs_sorf;
2079 2089
2080 2090 if (sorf == 0)
2081 2091 prs_sorf = AU_PRS_SUCCESS;
2082 2092 else
2083 2093 prs_sorf = AU_PRS_FAILURE;
2084 2094
2085 2095 return (au_preselect(e, m, prs_sorf, AU_PRS_REREAD));
2086 2096 }
2087 2097
2088 2098 /*
2089 2099 * selected -- see if this event is preselected.
2090 2100 *
2091 2101 * if errors are encountered trying to check a preselection mask
2092 2102 * or look up a user name, the event is selected. Otherwise, the
2093 2103 * preselection mask is used for the job.
2094 2104 */
2095 2105
2096 2106 static int
2097 2107 adt_selected(struct adt_event_state *event, au_event_t actual_id, int status)
2098 2108 {
2099 2109 adt_internal_state_t *sp;
2100 2110 au_mask_t namask;
2101 2111
2102 2112 sp = event->ae_session;
2103 2113
2104 2114 if ((sp->as_have_user_data & ADT_HAVE_IDS) == 0) {
2105 2115 adt_write_syslog("No user data available", EINVAL);
2106 2116 return (1); /* default is "selected" */
2107 2117 }
2108 2118
2109 2119 /* non-attributable? */
2110 2120 if ((sp->as_info.ai_auid == AU_NOAUDITID) ||
2111 2121 (sp->as_info.ai_auid == ADT_NO_AUDIT)) {
2112 2122 if (auditon(A_GETKMASK, (caddr_t)&namask,
2113 2123 sizeof (namask)) != 0) {
2114 2124 adt_write_syslog("auditon failure", errno);
2115 2125 return (1);
2116 2126 }
2117 2127 return (adt_is_selected(actual_id, &namask, status));
2118 2128 } else {
2119 2129 return (adt_is_selected(actual_id, &(sp->as_info.ai_mask),
2120 2130 status));
2121 2131 }
2122 2132 }
2123 2133
2124 2134 /*
2125 2135 * Can't map the host name to an IP address in
2126 2136 * adt_get_hostIP. Get something off an interface
2127 2137 * to act as the hosts IP address for auditing.
2128 2138 */
2129 2139
2130 2140 static int
2131 2141 adt_get_local_address(int family, struct ifaddrlist *al)
2132 2142 {
2133 2143 struct ifaddrlist *ifal;
2134 2144 char errbuf[ERRBUFSIZE] = "empty list";
2135 2145 char msg[ERRBUFSIZE + 512];
2136 2146 int ifal_count;
2137 2147 int i;
2138 2148
2139 2149 if ((ifal_count = ifaddrlist(&ifal, family, 0, errbuf)) < 0) {
2140 2150 int serrno = errno;
2141 2151
2142 2152 (void) snprintf(msg, sizeof (msg), "adt_get_local_address "
2143 2153 "couldn't get %d addrlist %s", family, errbuf);
2144 2154 adt_write_syslog(msg, serrno);
2145 2155 errno = serrno;
2146 2156 return (-1);
2147 2157 }
2148 2158
2149 2159 for (i = 0; i < ifal_count; i++) {
2150 2160 /*
2151 2161 * loopback always defined,
2152 2162 * even if there is no real address
2153 2163 */
2154 2164 if ((ifal[i].flags & (IFF_UP | IFF_LOOPBACK)) == IFF_UP) {
2155 2165 break;
2156 2166 }
2157 2167 }
2158 2168 if (i >= ifal_count) {
2159 2169 free(ifal);
2160 2170 /*
2161 2171 * Callers of adt_get_hostIP() can only return
2162 2172 * errno to their callers and eventually the application.
2163 2173 * Picked one that seemed least worse for saying no
2164 2174 * usable address for Audit terminal ID.
2165 2175 */
2166 2176 errno = ENETDOWN;
2167 2177 return (-1);
2168 2178 }
2169 2179
2170 2180 *al = ifal[i];
2171 2181 free(ifal);
2172 2182 return (0);
2173 2183 }
|
↓ open down ↓ |
1949 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX