audit_mgrs.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <string.h>
#include <stdlib.h>
#include <bsm/audit_record.h>
#include <bsm/audit_uevents.h>
#include "generic.h"
#include <netdb.h>
#include <pwd.h>
#include <unistd.h>
#include <libintl.h>
#include <locale.h>
#include <syslog.h>
#ifdef C2_DEBUG
#else
#define dprintf(x)
#endif
#define AC_STATE_UNCHANGED -99
/* Constants used for password type interpretation in BSM auditing */
#define PWD_NONE_CODE 0
#define PWD_CLEARED_CODE 1
#define PWD_LOCKED_CODE 2
#define PWD_NORMAL_CODE 3
#define PWD_UNCHANGED_CODE 4
#define PWD_NONE_TEXT "No password active"
#define PWD_CLEARED_TEXT "Cleared until first login"
#define PWD_LOCKED_TEXT "Account is locked"
#define PWD_NORMAL_TEXT "Normal password active"
static int save_afunc();
static char *saved_uid_p;
static char *saved_username_p;
static char *saved_gid_p;
static char *saved_groups_p;
static char *saved_shell_p;
static char *saved_min_p;
static char *saved_max_p;
static char *saved_inactive_p;
static char *saved_expire_p;
static char *saved_warn_p;
static char *saved_home_path_p;
static char *saved_home_server_p;
static char *saved_home_mode_p;
static int saved_passwd_type_code;
#define String_max 511
static uint32_t adm_session_id;
static int taudit_user_dde_event_setup(au_event_t, char *);
static int audit_user_generic(int);
static int audit_users_modified_by_group_generic(char *, char *, int);
static void admin_auth_init(char *, char *);
static void admin_record(int, char *, au_event_t);
static int admin_selected(int, au_event_t);
/*
* Save user information to audit log as text tokens
*/
static int
save_afunc(int ad)
{
char *local_passwd_type_string;
/* Work out the password type display string */
switch (saved_passwd_type_code) {
case PWD_CLEARED_CODE:
break;
case PWD_LOCKED_CODE:
break;
case PWD_NORMAL_CODE:
break;
case PWD_NONE_CODE:
break;
case PWD_UNCHANGED_CODE:
break;
default:
/* Never reached, but if it is report as if none */
/* to flag a potential hole in security */
break;
}
if (saved_uid_p != NULL) {
}
if (saved_username_p != NULL) {
}
if (saved_gid_p != NULL) {
}
if (saved_groups_p != NULL) {
}
if (saved_shell_p != NULL) {
}
if (local_passwd_type_string != NULL) {
}
if (saved_min_p != NULL) {
}
if (saved_max_p != NULL) {
}
if (saved_inactive_p != NULL) {
}
if (saved_expire_p != NULL) {
}
if (saved_warn_p != NULL) {
}
if (saved_home_path_p != NULL) {
}
if (saved_home_server_p != NULL) {
}
if (saved_home_mode_p != NULL) {
}
return (0);
}
/*
*/
int
audit_user_dde_event_setup(char *uid_p)
{
}
static int
{
dprintf(("taudit_user_dde_event_setup()\n"));
if (cannot_audit(0)) {
return (0);
}
(void) aug_init();
(void) aug_save_me();
return (0);
}
/*
* Audit successful or failed user create
*/
int
audit_user_create_event(char *uid_p,
char *username_p,
char *gid_p,
char *groups_p,
char *shell_p,
char *min_p,
char *max_p,
char *inactive_p,
char *expire_p,
char *warn_p,
char *home_path_p,
char *home_server_p,
char *home_mode_p,
int passwd_type_code,
int ac_disabled,
int status)
{
dprintf(("audit_user_create_event()\n"));
if (cannot_audit(0)) {
return (0);
}
saved_uid_p = uid_p;
saved_gid_p = gid_p;
saved_min_p = min_p;
saved_max_p = max_p;
(void) aug_init();
(void) aug_save_me();
if (status != 0) {
(void) audit_user_generic(-1);
} else {
(void) audit_user_generic(0);
}
if (ac_disabled != AC_STATE_UNCHANGED) {
if (ac_disabled) {
} else {
}
if (status != 0) {
(void) audit_user_generic(-1);
} else {
(void) audit_user_generic(0);
}
}
return (0);
}
/*
* Audit user modification
*/
int
audit_user_modify_event(char *uid_p,
char *username_p,
char *gid_p,
char *groups_p,
char *shell_p,
char *min_p,
char *max_p,
char *inactive_p,
char *expire_p,
char *warn_p,
char *home_path_p,
char *home_server_p,
int passwd_type_code,
int ac_disabled,
int status)
{
dprintf(("audit_user_modify_event()\n"));
if (cannot_audit(0)) {
return (0);
}
saved_uid_p = uid_p;
saved_gid_p = gid_p;
saved_min_p = min_p;
saved_max_p = max_p;
(void) aug_init();
(void) aug_save_me();
if (status != 0) {
(void) audit_user_generic(-1);
} else {
(void) audit_user_generic(0);
}
if (ac_disabled != AC_STATE_UNCHANGED) {
if (ac_disabled) {
} else {
}
if (status != 0) {
(void) audit_user_generic(-1);
} else {
(void) audit_user_generic(0);
}
}
return (0);
}
int
{
return (audit_user_generic(-1));
}
int
{
return (audit_user_generic(0));
}
static int
audit_user_generic(int sorf)
{
if (cannot_audit(0)) {
return (0);
}
(void) aug_audit();
return (0);
}
int
{
}
int
{
}
static int
{
char *member_start;
char *member_finish;
int member_len;
char *member;
while (member_finish != NULL) {
if (member_finish == NULL) {
(void) audit_user_modify_event(NULL,
ID,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
sorf);
}
else
{
(void) audit_user_modify_event(NULL,
ID,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
sorf);
}
}
}
return (0);
}
/*
* Record result of administrator authentication
*/
int
{
if (cannot_audit(0)) {
return (0);
}
adm_session_id = 0;
if (fail_status == -1) {
} else {
}
return (0);
}
int
{
if (cannot_audit(0)) {
return (0);
}
return (0);
}
static
void
{
adm_name[0] = '\0';
adm_euid = -1;
} else {
}
}
static void
{
return;
/*
* to be consistent with admin_login, use uid, not gid...
*/
/*
* rc and type are reversed from how login works, but
* the output from praudit is correct for this code
* and wrong for login.
*/
#ifdef _LP64
#else
#endif
if (rc < 0) {
closelog();
}
}
static
int
{
if (adm_euid < 0) { /* get non-attrib flags */
if (rc) {
return (rc); /* don't audit if error */
}
} else {
}
if (rc != 0) {
return (0); /* audit if error */
}
if (sf == 0) {
} else {
}
return (rc);
}