]> git.saurik.com Git - apple/system_cmds.git/blob - login.tproj/login_audit.c
projects / apple / system_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
system_cmds-735.tar.gz
[apple/system_cmds.git] / login.tproj / login_audit.c
1 /*
2 * Copyright (c) 2005-2016 Apple Inc. All rights reserved.
3 *
4 * @APPLE_BSD_LICENSE_HEADER_START@
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
16 * its contributors may be used to endorse or promote products derived
17 * from this software without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
20 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
23 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 *
30 * @APPLE_BSD_LICENSE_HEADER_END@
31 */
32
33 #ifdef USE_BSM_AUDIT
34
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD: src/usr.bin/login/login_audit.c,v 1.2 2007/05/07 11:01:36 dwmalone Exp $");
37
38 #include <sys/types.h>
39
40 #include <bsm/libbsm.h>
41 #include <bsm/audit_uevents.h>
42 #include <bsm/audit_session.h>
43
44 #include <err.h>
45 #include <errno.h>
46 #include <pwd.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <strings.h>
50 #include <unistd.h>
51
52 #include "login.h"
53
54 /*
55 * Audit data
56 */
57 au_tid_addr_t tid;
58
59 /*
60 * The following tokens are included in the audit record for a successful
61 * login: header, subject, return.
62 */
63 void
64 au_login_success(int fflag)
65 {
66 token_t *tok;
67 int aufd;
68 auditinfo_addr_t auinfo;
69 uid_t uid = pwd->pw_uid;
70 gid_t gid = pwd->pw_gid;
71 pid_t pid = getpid();
72 long au_cond;
73
74 /* Determine whether auditing is enabled. */
75 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
76 if (errno == ENOSYS)
77 return;
78 errx(1, "login: Could not determine audit condition");
79 }
80
81 /* Initialize with the current audit info. */
82 if (getaudit_addr(&auinfo, sizeof(auinfo)) < 0) {
83 err(1, "getaudit_addr");
84 }
85 auinfo.ai_auid = pwd->pw_uid;
86 memcpy(&auinfo.ai_termid, &tid, sizeof(auinfo.ai_termid));
87
88 /* Do the SessionCreate() equivalent. */
89 if (!fflag) {
90 auinfo.ai_asid = AU_ASSIGN_ASID;
91 auinfo.ai_flags |= AU_SESSION_FLAG_HAS_TTY;
92 auinfo.ai_flags |= AU_SESSION_FLAG_HAS_AUTHENTICATED;
93 }
94
95 if (au_cond != AUC_NOAUDIT) {
96 /* Compute and set the user's preselection mask. */
97 if (au_user_mask(pwd->pw_name, &auinfo.ai_mask) < 0) {
98 errx(1, "login: Could not set audit mask\n");
99 }
100 }
101
102 if (setaudit_addr(&auinfo, sizeof(auinfo)) < 0)
103 err(1, "login: setaudit_addr failed");
104
105 char *session = NULL;
106 asprintf(&session, "%x", auinfo.ai_asid);
107 if (NULL == session) {
108 errx(1, "asprintf failed");
109 }
110 setenv("SECURITYSESSIONID", session, 1);
111 free(session);
112
113 /* If we are not auditing, don't cut an audit record; just return. */
114 if (au_cond == AUC_NOAUDIT)
115 return;
116
117 if ((aufd = au_open()) == -1)
118 errx(1,"login: Audit Error: au_open() failed");
119
120 if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, gid, pid,
121 pid, &tid)) == NULL)
122 errx(1, "login: Audit Error: au_to_subject32() failed");
123 au_write(aufd, tok);
124
125 if ((tok = au_to_return32(0, 0)) == NULL)
126 errx(1, "login: Audit Error: au_to_return32() failed");
127 au_write(aufd, tok);
128
129 if (au_close(aufd, 1, AUE_login) == -1)
130 errx(1, "login: Audit Record was not committed.");
131 }
132
133 /*
134 * The following tokens are included in the audit record for failed
135 * login attempts: header, subject, text, return.
136 */
137 void
138 au_login_fail(const char *errmsg, int na)
139 {
140 token_t *tok;
141 int aufd;
142 long au_cond;
143 uid_t uid;
144 gid_t gid;
145 pid_t pid = getpid();
146
147 /* If we are not auditing, don't cut an audit record; just return. */
148 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
149 if (errno == ENOSYS)
150 return;
151 errx(1, "login: Could not determine audit condition");
152 }
153 if (au_cond == AUC_NOAUDIT)
154 return;
155
156 if ((aufd = au_open()) == -1)
157 errx(1, "login: Audit Error: au_open() failed");
158
159 if (na) {
160 /*
161 * Non attributable event. Assuming that login is not called
162 * within a user's session => auid,asid == -1.
163 */
164 if ((tok = au_to_subject32_ex(-1, geteuid(), getegid(), -1, -1,
165 pid, -1, &tid)) == NULL)
166 errx(1, "login: Audit Error: au_to_subject32() failed");
167 } else {
168 /* We know the subject -- so use its value instead. */
169 uid = pwd->pw_uid;
170 gid = pwd->pw_gid;
171 if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid,
172 gid, pid, pid, &tid)) == NULL)
173 errx(1, "login: Audit Error: au_to_subject32() failed");
174 }
175 au_write(aufd, tok);
176
177 /* Include the error message. */
178 if ((tok = au_to_text(errmsg)) == NULL)
179 errx(1, "login: Audit Error: au_to_text() failed");
180 au_write(aufd, tok);
181
182 if ((tok = au_to_return32(1, errno)) == NULL)
183 errx(1, "login: Audit Error: au_to_return32() failed");
184 au_write(aufd, tok);
185
186 if (au_close(aufd, 1, AUE_login) == -1)
187 errx(1, "login: Audit Error: au_close() was not committed");
188 }
189
190 /*
191 * The following tokens are included in the audit record for a logout:
192 * header, subject, return.
193 */
194 void
195 audit_logout(void)
196 {
197 token_t *tok;
198 int aufd;
199 uid_t uid = pwd->pw_uid;
200 gid_t gid = pwd->pw_gid;
201 pid_t pid = getpid();
202 long au_cond;
203
204 /* If we are not auditing, don't cut an audit record; just return. */
205 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
206 if (errno == ENOSYS)
207 return;
208 errx(1, "login: Could not determine audit condition");
209 }
210 if (au_cond == AUC_NOAUDIT)
211 return;
212
213 if ((aufd = au_open()) == -1)
214 errx(1, "login: Audit Error: au_open() failed");
215
216 /* The subject that is created (euid, egid of the current process). */
217 if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, gid, pid,
218 pid, &tid)) == NULL)
219 errx(1, "login: Audit Error: au_to_subject32() failed");
220 au_write(aufd, tok);
221
222 if ((tok = au_to_return32(0, 0)) == NULL)
223 errx(1, "login: Audit Error: au_to_return32() failed");
224 au_write(aufd, tok);
225
226 if (au_close(aufd, 1, AUE_logout) == -1)
227 errx(1, "login: Audit Record was not committed.");
228 }
229
230 #endif /* USE_BSM_AUDIT */
mirror of system_cmds