audit_inetd.c revision 7c1a057666319a524c052ff0e99e9e26c2695e77
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <bsm/audit_uevents.h>
#include <bsm/audit_private.h>
#include <generic.h>
#include <pwd.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
#ifdef C2_DEBUG
#else
#define dprintf(x)
#endif
static void audit_inetd_session_setup(struct passwd *);
static au_tid_addr_t audit_inetd_tid;
static int auditingisoff;
static au_class_t eventclass;
static int preselected;
int
audit_inetd_config(void)
{
struct au_event_ent *ee;
/*
* If auditing is turned off, then don't do anything.
* Especially don't return an error
*/
if (auditingisoff = cannot_audit(0)) {
return (0);
}
return (1);
return (0);
}
/*
* save terminal ID for user level audit record generation
*/
int
audit_inetd_termid(int fd)
{
struct sockaddr_in6 peer;
struct sockaddr_in6 sock;
if (auditingisoff) {
return (0);
}
(void) aug_save_namask();
/* quick preslection */
/* should generate syslog message here or in inetd.c */
preselected = 0;
return (1);
}
preselected = 1;
} else {
preselected = 0;
return (0);
}
/* get peer name (use local termid if not a socket) */
< 0) {
/* use machine terminal address if unknown ports */
return (1);
}
/* termid unset, make it legal (0.0.0.0) */
return (0);
}
/* get sock name (use local termid if not a socket) */
< 0) {
/* have everything but local port. make it 0 for now */
}
} else {
}
return (0);
}
int
char *service_name, /* name of service */
{
int set_audit = 0; /* flag - set audit characteristics */
dprintf(("audit_inetd_service()\n"));
if (auditingisoff)
return (0);
if (preselected == 0)
return (0);
/*
* set default values. We will overwrite them when appropriate.
*/
perror("inetd");
exit(1);
}
/*
* do the best we can. We have no way to determine if the
* request is from a system service or from the root user.
* We will consider all root requests to be system service
* operations for now. We'll readdress this when we devise a
* better algorithm.
*/
set_audit = 1;
}
aug_save_sorf(0);
(void) aug_audit();
/*
* Note that we will only do this if non-attributable auditing set.
* we might want to change things so this is always called.
*/
if (set_audit)
return (0);
}
/*
* set the audit characteristics for the inetd started process.
* inetd is setting the uid.
*/
void
{
struct auditinfo_addr info;
mask.am_success = 0;
mask.am_failure = 0;
perror("inetd: setaudit_addr");
exit(1);
}
}