bsmaudit.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*
*
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include "includes.h"
#include <sys/systeminfo.h>
#include <sys/systeminfo.h>
#include <netdb.h>
#include <signal.h>
#include <stdarg.h>
#include <pwd.h>
#include <shadow.h>
#include <utmpx.h>
#include <unistd.h>
#include <string.h>
#include <locale.h>
#include "log.h"
#include "packet.h"
#include "canohost.h"
#include "servconf.h"
#include <errno.h>
#include <bsm/adt_event.h>
extern ServerOptions options;
/*
* XXX - Yuck; we should have a
* get_client_name_or_ip that does the
* right thing wrt reverse lookups
*/
void
{
const char *how = "couldn't start adt session";
int saved_errno = 0;
saved_errno = errno;
goto fail;
}
saved_errno = errno;
how = "couldn't set adt user";
goto fail;
}
saved_errno = errno;
how = "couldn't allocate adt event";
goto fail;
}
if (pam_retval == PAM_SUCCESS) {
saved_errno = errno;
how = "couldn't put adt event";
goto fail;
}
ADT_FAIL_PAM + pam_retval) != 0) {
saved_errno = errno;
how = "couldn't put adt event";
goto fail;
}
(void) adt_end_session(ah);
return;
fail:
(void) adt_end_session(ah);
fatal("Auditing of password change failed: %s (%s)",
}
void
{
const char *how = "couldn't start adt session";
int saved_errno = 0;
how = "programmer error";
goto fail;
}
saved_errno = errno;
how = "couldn't start adt session";
goto fail;
}
saved_errno = errno;
how = "couldn't set adt user";
goto fail;
}
saved_errno = errno;
how = "couldn't allocate adt event";
goto fail;
}
saved_errno = errno;
how = "couldn't put adt event";
goto fail;
}
/* Don't end adt session - leave for when logging out */
return;
fail:
(void) adt_end_session(*ah);
fatal("Auditing of login failed: %s (%s)",
}
void
{
const char *how = "couldn't start adt session";
int saved_errno = 0;
how = "programmer error";
goto fail;
}
saved_errno = errno;
how = "couldn't start adt session";
goto fail;
}
saved_errno = errno;
how = "couldn't set adt user";
goto fail;
}
saved_errno = errno;
how = "couldn't allocate adt event";
goto fail;
}
saved_errno = errno;
how = "couldn't put adt event";
goto fail;
}
(void) adt_end_session(*ah);
return;
fail:
(void) adt_end_session(*ah);
fatal("Auditing of login failed: %s (%s)",
}
void
{
const char *how = "programmer error";
int saved_errno = 0;
if (!ah) {
goto fail;
}
saved_errno = errno;
how = "couldn't allocate adt event";
goto fail;
}
saved_errno = errno;
how = "couldn't put adt event";
goto fail;
}
(void) adt_end_session(*ah);
return;
fail:
(void) adt_end_session(*ah);
fatal("Auditing of logout failed: %s (%s)",
}
/*
* audit_sshd_settid stores the terminal id while it is still
* available.
*
* The failure cases are lack of resources or incorrect permissions.
* libbsm generates syslog messages, so there's no value doing more
* here. ADT_NO_AUDIT leaves the auid at AU_NOAUDITID and will be
* replaced when one of the above functions is called.
*/
void
audit_sshd_settid(int sock)
{
ADT_NO_AUDIT, 0, ADT_NO_AUDIT,
termid, ADT_SETTID) == 0)
(void) adt_set_proc(ah);
}
(void) adt_end_session(ah);
}
}