illumos/onarm: usr/src/cmd/login/login

author	Koji Uno <koji.uno@sun.com>
date	Tue, 02 Jun 2009 18:56:50 +0900
parents
children	1a15d5aaf794

rev	line source
0 c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	1 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	2 * CDDL HEADER START
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	3 *
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	4 * The contents of this file are subject to the terms of the
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	5 * Common Development and Distribution License (the "License").
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	6 * You may not use this file except in compliance with the License.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	7 *
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	9 * or http://www.opensolaris.org/os/licensing.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	10 * See the License for the specific language governing permissions
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	11 * and limitations under the License.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	12 *
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	13 * When distributing Covered Code, include this CDDL HEADER in each
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	15 * If applicable, add the following below this CDDL HEADER, with the
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	16 * fields enclosed by brackets "[]" replaced with your own identifying
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	17 * information: Portions Copyright [yyyy] [name of copyright owner]
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	18 *
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	19 * CDDL HEADER END
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	20 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	21 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	23 * Use is subject to license terms.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	24 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	25
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	26 #pragma ident "@(#)login_audit.c 1.4 06/11/02 SMI"
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	27
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	28 #include <assert.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	29 #include <priv.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	30 #include <pwd.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	31 #include <signal.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	32 #include <stdlib.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	33 #include <string.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	34 #include <syslog.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	35 #include <unistd.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	36 #include <sys/wait.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	37
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	38 #include <bsm/adt.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	39 #include <bsm/adt_event.h>
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	40 #include "login_audit.h"
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	41
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	42 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	43 * Key assumption: login is single threaded.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	44 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	45 static void audit_logout(adt_session_data_t *);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	46
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	47 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	48 * if audit is not enabled, the adt_*() functions simply return without
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	49 * doing anything. In the success case, the credential has already been
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	50 * setup with audit data by PAM.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	51 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	52
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	53 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	54 * There is no information passed to login.c from rlogin or telnet
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	55 * about the terminal id. They both set the tid before they
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	56 * exec login; the value is picked up by adt_start_session() and is
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	57 * carefully not overwritten by adt_load_hostname().
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	58 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	59
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	60 void
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	61 audit_success(uint_t event_id, struct passwd pwd, char optional_text)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	62 {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	63 adt_session_data_t *ah;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	64 adt_event_data_t *event;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	65 int rc;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	66
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	67 assert(pwd != NULL);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	68
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	69 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	70 syslog(LOG_AUTH \| LOG_ALERT, "login adt_start_session(): %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	71 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	72 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	73 if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	74 pwd->pw_uid, pwd->pw_gid, NULL, ADT_USER)) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	75 syslog(LOG_AUTH \| LOG_ALERT, "login adt_set_user(): %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	76 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	77 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	78 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	79 event = adt_alloc_event(ah, event_id);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	80
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	81 if (event == NULL)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	82 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	83
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	84 switch (event_id) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	85 case ADT_zlogin:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	86 event->adt_zlogin.message = optional_text;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	87 break;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	88 default:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	89 break;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	90 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	91 rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	92
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	93 (void) adt_free_event(event);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	94 if (rc) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	95 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	96 syslog(LOG_AUTH \| LOG_ALERT, "login adt_put_event(): %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	97 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	98 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	99 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	100 * The code above executes whether or not audit is enabled.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	101 * However audit_logout must only execute if audit is
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	102 * enabled so we don't fork unnecessarily.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	103 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	104 if (adt_audit_enabled()) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	105 switch (event_id) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	106 case ADT_login:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	107 case ADT_rlogin:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	108 case ADT_telnet:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	109 case ADT_zlogin:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	110 audit_logout(ah); /* fork to catch logout */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	111 break;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	112 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	113 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	114 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	115 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	116
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	117 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	118 * errors are ignored since there is no action to take on error
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	119 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	120 static void
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	121 audit_logout(adt_session_data_t *ah)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	122 {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	123 adt_event_data_t *logout;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	124 int status; /* wait status */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	125 pid_t pid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	126 priv_set_t priv; / waiting process privs */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	127
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	128 if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	129 syslog(LOG_AUTH \| LOG_ALERT,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	130 "adt_alloc_event(ADT_logout): %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	131 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	132 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	133 if ((priv = priv_allocset()) == NULL) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	134 syslog(LOG_AUTH \| LOG_ALERT,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	135 "login audit_logout: could not alloc privs: %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	136 adt_free_event(logout);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	137 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	138 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	139
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	140 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	141 * The child returns and continues the login processing.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	142 * The parent's sole job is to wait for child exit, write the
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	143 * logout audit record, and replay the child's exit code.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	144 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	145
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	146 if ((pid = fork()) == 0) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	147 /* child */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	148
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	149 adt_free_event(logout);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	150 priv_freeset(priv);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	151 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	152 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	153 if (pid == -1) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	154 /* failure */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	155
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	156 syslog(LOG_AUTH \| LOG_ALERT,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	157 "login audit_logout: could not fork: %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	158 adt_free_event(logout);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	159 priv_freeset(priv);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	160 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	161 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	162
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	163 /* parent process */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	164
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	165 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	166 * When this routine is called, the current working
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	167 * directory is the user's home directory and there are
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	168 * unknown open files. For the waiting process, change the
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	169 * current directory to root and close files so that the
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	170 * user's home directory and anything else can be unmounted
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	171 * if necessary.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	172 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	173 if (chdir("/") != 0) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	174 syslog(LOG_AUTH \| LOG_ALERT,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	175 "login audit_logut: could not chdir /: %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	176 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	177 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	178 * Reduce privileges to just those needed.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	179 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	180 priv_emptyset(priv);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	181 if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) \|\|
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	182 (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	183 syslog(LOG_AUTH \| LOG_ALERT,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	184 "login audit_logout: could not reduce privs: %m");
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	185 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	186 closefrom(0);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	187 priv_freeset(priv);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	188 while (pid != waitpid(pid, &status, 0))
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	189 continue;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	190
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	191 (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	192 adt_free_event(logout);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	193 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	194 exit(WEXITSTATUS(status));
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	195 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	196
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	197 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	198 * errors are ignored since there is no action to take on error.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	199 *
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	200 * If the user id is invalid, pwd is NULL.
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	201 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	202 void
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	203 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	204 const char hostname, const char ttyname, char *optional_text)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	205 {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	206 adt_session_data_t *ah;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	207 adt_event_data_t *event;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	208 uid_t uid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	209 gid_t gid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	210 adt_termid_t *p_tid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	211
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	212 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	213 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	214
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	215 uid = ADT_NO_ATTRIB;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	216 gid = ADT_NO_ATTRIB;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	217 if (pwd != NULL) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	218 uid = pwd->pw_uid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	219 gid = pwd->pw_gid;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	220 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	221 /*
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	222 * If this is a remote login, in.rlogind or in.telnetd has
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	223 * already set the terminal id, in which case
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	224 * adt_load_hostname() will use the preset terminal id and
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	225 * ignore hostname. (If no remote host and ttyname is NULL,
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	226 * let adt_load_ttyname() figure out what to do.)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	227 */
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	228 if (*hostname == '\0')
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	229 (void) adt_load_ttyname(ttyname, &p_tid);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	230 else
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	231 (void) adt_load_hostname(hostname, &p_tid);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	232
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	233 if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	234 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	235 if (p_tid != NULL)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	236 free(p_tid);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	237 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	238 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	239 if (p_tid != NULL)
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	240 free(p_tid);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	241
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	242 event = adt_alloc_event(ah, event_id);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	243 if (event == NULL) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	244 return;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	245 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	246 switch (event_id) {
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	247 case ADT_zlogin:
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	248 event->adt_zlogin.message = optional_text;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	249 break;
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	250 }
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	251 (void) adt_put_event(event, ADT_FAILURE, failure_code);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	252
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	253 adt_free_event(event);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	254 (void) adt_end_session(ah);
c9caec207d52 Initial porting based on b86 Koji Uno <koji.uno@sun.com> parents: diff changeset	255 }

0

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

1 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

2 * CDDL HEADER START

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

3 *

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

4 * The contents of this file are subject to the terms of the

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

5 * Common Development and Distribution License (the "License").

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

6 * You may not use this file except in compliance with the License.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

7 *

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

9 * or http://www.opensolaris.org/os/licensing.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

10 * See the License for the specific language governing permissions

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

11 * and limitations under the License.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

12 *

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

13 * When distributing Covered Code, include this CDDL HEADER in each

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

15 * If applicable, add the following below this CDDL HEADER, with the

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

16 * fields enclosed by brackets "[]" replaced with your own identifying

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

17 * information: Portions Copyright [yyyy] [name of copyright owner]

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

18 *

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

19 * CDDL HEADER END

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

20 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

21 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

23 * Use is subject to license terms.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

24 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

25

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

26 #pragma ident "@(#)login_audit.c 1.4 06/11/02 SMI"

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

27

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

28 #include <assert.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

29 #include <priv.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

30 #include <pwd.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

31 #include <signal.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

32 #include <stdlib.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

33 #include <string.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

34 #include <syslog.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

35 #include <unistd.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

36 #include <sys/wait.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

37

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

38 #include <bsm/adt.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

39 #include <bsm/adt_event.h>

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

40 #include "login_audit.h"

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

41

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

42 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

43 * Key assumption: login is single threaded.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

44 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

45 static void audit_logout(adt_session_data_t *);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

46

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

47 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

48 * if audit is not enabled, the adt_*() functions simply return without

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

49 * doing anything. In the success case, the credential has already been

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

50 * setup with audit data by PAM.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

51 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

52

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

53 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

54 * There is no information passed to login.c from rlogin or telnet

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

55 * about the terminal id. They both set the tid before they

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

56 * exec login; the value is picked up by adt_start_session() and is

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

57 * carefully *not* overwritten by adt_load_hostname().

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

58 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

59

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

60 void

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

61 audit_success(uint_t event_id, struct passwd *pwd, char *optional_text)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

62 {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

63 adt_session_data_t *ah;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

64 adt_event_data_t *event;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

65 int rc;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

66

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

67 assert(pwd != NULL);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

68

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

69 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA)) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

70 syslog(LOG_AUTH | LOG_ALERT, "login adt_start_session(): %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

71 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

72 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

73 if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

74 pwd->pw_uid, pwd->pw_gid, NULL, ADT_USER)) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

75 syslog(LOG_AUTH | LOG_ALERT, "login adt_set_user(): %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

76 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

77 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

78 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

79 event = adt_alloc_event(ah, event_id);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

80

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

81 if (event == NULL)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

82 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

83

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

84 switch (event_id) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

85 case ADT_zlogin:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

86 event->adt_zlogin.message = optional_text;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

87 break;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

88 default:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

89 break;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

90 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

91 rc = adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

92

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

93 (void) adt_free_event(event);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

94 if (rc) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

95 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

96 syslog(LOG_AUTH | LOG_ALERT, "login adt_put_event(): %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

97 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

98 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

99 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

100 * The code above executes whether or not audit is enabled.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

101 * However audit_logout must only execute if audit is

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

102 * enabled so we don't fork unnecessarily.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

103 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

104 if (adt_audit_enabled()) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

105 switch (event_id) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

106 case ADT_login:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

107 case ADT_rlogin:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

108 case ADT_telnet:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

109 case ADT_zlogin:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

110 audit_logout(ah); /* fork to catch logout */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

111 break;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

112 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

113 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

114 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

115 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

116

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

117 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

118 * errors are ignored since there is no action to take on error

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

119 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

120 static void

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

121 audit_logout(adt_session_data_t *ah)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

122 {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

123 adt_event_data_t *logout;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

124 int status; /* wait status */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

125 pid_t pid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

126 priv_set_t *priv; /* waiting process privs */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

127

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

128 if ((logout = adt_alloc_event(ah, ADT_logout)) == NULL) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

129 syslog(LOG_AUTH | LOG_ALERT,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

130 "adt_alloc_event(ADT_logout): %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

131 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

132 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

133 if ((priv = priv_allocset()) == NULL) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

134 syslog(LOG_AUTH | LOG_ALERT,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

135 "login audit_logout: could not alloc privs: %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

136 adt_free_event(logout);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

137 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

138 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

139

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

140 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

141 * The child returns and continues the login processing.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

142 * The parent's sole job is to wait for child exit, write the

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

143 * logout audit record, and replay the child's exit code.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

144 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

145

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

146 if ((pid = fork()) == 0) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

147 /* child */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

148

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

149 adt_free_event(logout);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

150 priv_freeset(priv);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

151 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

152 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

153 if (pid == -1) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

154 /* failure */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

155

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

156 syslog(LOG_AUTH | LOG_ALERT,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

157 "login audit_logout: could not fork: %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

158 adt_free_event(logout);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

159 priv_freeset(priv);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

160 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

161 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

162

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

163 /* parent process */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

164

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

165 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

166 * When this routine is called, the current working

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

167 * directory is the user's home directory and there are

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

168 * unknown open files. For the waiting process, change the

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

169 * current directory to root and close files so that the

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

170 * user's home directory and anything else can be unmounted

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

171 * if necessary.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

172 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

173 if (chdir("/") != 0) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

174 syslog(LOG_AUTH | LOG_ALERT,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

175 "login audit_logut: could not chdir /: %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

176 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

177 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

178 * Reduce privileges to just those needed.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

179 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

180 priv_emptyset(priv);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

181 if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) ||

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

182 (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

183 syslog(LOG_AUTH | LOG_ALERT,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

184 "login audit_logout: could not reduce privs: %m");

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

185 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

186 closefrom(0);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

187 priv_freeset(priv);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

188 while (pid != waitpid(pid, &status, 0))

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

189 continue;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

190

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

191 (void) adt_put_event(logout, ADT_SUCCESS, ADT_SUCCESS);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

192 adt_free_event(logout);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

193 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

194 exit(WEXITSTATUS(status));

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

195 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

196

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

197 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

198 * errors are ignored since there is no action to take on error.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

199 *

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

200 * If the user id is invalid, pwd is NULL.

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

201 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

202 void

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

203 audit_failure(uint_t event_id, int failure_code, struct passwd *pwd,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

204 const char *hostname, const char *ttyname, char *optional_text)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

205 {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

206 adt_session_data_t *ah;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

207 adt_event_data_t *event;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

208 uid_t uid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

209 gid_t gid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

210 adt_termid_t *p_tid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

211

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

212 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA))

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

213 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

214

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

215 uid = ADT_NO_ATTRIB;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

216 gid = ADT_NO_ATTRIB;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

217 if (pwd != NULL) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

218 uid = pwd->pw_uid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

219 gid = pwd->pw_gid;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

220 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

221 /*

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

222 * If this is a remote login, in.rlogind or in.telnetd has

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

223 * already set the terminal id, in which case

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

224 * adt_load_hostname() will use the preset terminal id and

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

225 * ignore hostname. (If no remote host and ttyname is NULL,

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

226 * let adt_load_ttyname() figure out what to do.)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

227 */

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

228 if (*hostname == '\0')

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

229 (void) adt_load_ttyname(ttyname, &p_tid);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

230 else

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

231 (void) adt_load_hostname(hostname, &p_tid);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

232

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

233 if (adt_set_user(ah, uid, gid, uid, gid, p_tid, ADT_NEW)) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

234 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

235 if (p_tid != NULL)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

236 free(p_tid);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

237 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

238 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

239 if (p_tid != NULL)

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

240 free(p_tid);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

241

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

242 event = adt_alloc_event(ah, event_id);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

243 if (event == NULL) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

244 return;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

245 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

246 switch (event_id) {

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

247 case ADT_zlogin:

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

248 event->adt_zlogin.message = optional_text;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

249 break;

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

250 }

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

251 (void) adt_put_event(event, ADT_FAILURE, failure_code);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

252

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

253 adt_free_event(event);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

254 (void) adt_end_session(ah);

c9caec207d52 Initial porting based on b86

Koji Uno <koji.uno@sun.com>

parents:

diff changeset

255 }

Mercurial > illumos > onarm

annotate usr/src/cmd/login/login_audit.c @ 0:c9caec207d52 b86