au_usermask.c revision 5707ed5dae2bfdea4300de098ba2fa4d22d86f41
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <sys/types.h>
#include <stdio.h>
#include <bsm/audit.h>
#include <bsm/libbsm.h>
#define AUDITSTRING_LEN 512
/*
* Initialize audit preselection mask. This function should be used
* by applications like login that set the process preselection mask
* when a connection or a session is created.
*
* First, the system wide default audit flags are obtained
* from the audit_control(5) file.
*
* Next, the "always audit" flags, obtained from the audit_user(5) database,
* are added.
*
* Finally, the "never audit" flags, also obtained from the audit_user(5)
* database, are subtracted.
*
* The mask returned can be expressed as:
*
* (default audit flags + alway audit flags) - never audit flags
*
* If the lookup to audit_control(5) fails, then this function returns
* an error. If the lookup to audit_user(5), the function silently
* continues.
*/
int
au_user_mask(char *username, au_mask_t *p_mask)
{
char auditstring[AUDITSTRING_LEN];
au_user_ent_t *p_user = NULL;
int retval = -1;
if (p_mask == NULL)
return (-1);
/*
* Get the system wide default audit flags out of the audit_control(5)
* file.
*/
setac();
if (getacflg(auditstring, AUDITSTRING_LEN) == 0) {
if (getauditflagsbin(auditstring, p_mask) == 0) {
retval = 0;
}
}
endac();
/*
* If you can't get the system wide flags, return an error code
* now and don't bother trying to get the user specific flags.
*/
if (retval != 0) {
return (-1);
}
/*
* Get the always audit flags and the never audit flags from
* the audit_user(5) database.
*/
setauuser();
if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) {
/* Add always audit flags. */
p_mask->as_success |= p_user->au_always.as_success;
p_mask->as_failure |= p_user->au_always.as_failure;
/* Subtract never audit flags. */
p_mask->as_success &= ~(p_user->au_never.as_success);
p_mask->as_failure &= ~(p_user->au_never.as_failure);
}
endauuser();
return (0);
}