1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE

--- 5 unchanged lines hidden (view full) ---

14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
26#pragma ident "%Z%%M% %I% %E% SMI"
27
25#include <sys/types.h>
26#include <sys/param.h>
27#include <stdio.h>
28#include <sys/fcntl.h>
29#include <stdlib.h>
30#include <string.h>
31#include <syslog.h>
32#include <unistd.h>

--- 14 unchanged lines hidden (view full) ---

47#include <generic.h>
48
49#define BAD_PASSWD (1)
50#define UNKNOWN_USER (2)
51#define EXCLUDED_USER (3)
52#define NO_ANONYMOUS (4)
53#define MISC_FAILURE (5)
54
58static char luser[16];
55static char luser[LOGNAME_MAX + 1];
56
57static void generate_record(char *, int, char *);
58static int selected(uid_t, char *, au_event_t, int);
59
60void
61audit_ftpd_bad_pw(char *uname)
62{
63 if (cannot_audit(0)) {
64 return;
65 }
69 (void) strncpy(luser, uname, 8);
70 luser[8] = '\0';
71 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom,
72 "bad password"));
66 (void) strncpy(luser, uname, LOGNAME_MAX);
67 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, "bad password"));
68}
69
70
71void
72audit_ftpd_unknown(char *uname)
73{
74 if (cannot_audit(0)) {
75 return;
76 }
82 (void) strncpy(luser, uname, 8);
83 luser[8] = '\0';
84 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom,
85 "unknown user"));
77 (void) strncpy(luser, uname, LOGNAME_MAX);
78 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, "unknown user"));
79}
80
81
82void
83audit_ftpd_excluded(char *uname)
84{
85 if (cannot_audit(0)) {
86 return;
87 }
95 (void) strncpy(luser, uname, 8);
96 luser[8] = '\0';
88 (void) strncpy(luser, uname, LOGNAME_MAX);
89 generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
98 "excluded user"));
90 "excluded user"));
91}
92
93
94void
95audit_ftpd_no_anon(void)
96{
97 if (cannot_audit(0)) {
98 return;
99 }
108 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom,
109 "no anonymous"));
100 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, "no anonymous"));
101}
102
103void
104audit_ftpd_failure(char *uname)
105{
106 if (cannot_audit(0)) {
107 return;
108 }
118 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom,
119 "misc failure"));
109 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, "misc failure"));
110}
111
112void
113audit_ftpd_success(char *uname)
114{
115 if (cannot_audit(0)) {
116 return;
117 }
128 (void) strncpy(luser, uname, 8);
129 luser[8] = '\0';
118 (void) strncpy(luser, uname, LOGNAME_MAX);
119 generate_record(luser, 0, "");
120}
121
122
123
124static void
125generate_record(
126 char *locuser, /* username of local user */

--- 43 unchanged lines hidden (view full) ---

170 if (getaudit_addr(&info, sizeof (info)) < 0) {
171 perror("getaudit");
172 }
173
174 rd = au_open();
175
176 /* add subject token */
177 (void) au_write(rd, au_to_subject_ex(uid, uid, gid,
189 ruid, rgid, pid, pid, &info.ai_termid));
178 ruid, rgid, pid, pid, &info.ai_termid));
179
180 if (is_system_labeled())
181 (void) au_write(rd, au_to_mylabel());
182
183 /* add return token */
184 errno = 0;
185 if (err) {
186 /* add reason for failure */

--- 26 unchanged lines hidden (view full) ---

213
214static int
215selected(
216 uid_t uid,
217 char *locuser,
218 au_event_t event,
219 int err)
220{
232 int rc, sorf;
233 char naflags[512];
234 struct au_mask mask;
221 int sorf;
222 struct au_mask mask;
223
224 mask.am_success = mask.am_failure = 0;
225 if (uid > MAXEPHUID) {
238 rc = getacna(naflags, 256); /* get non-attrib flags */
239 if (rc == 0)
240 (void) getauditflagsbin(naflags, &mask);
226 /* get non-attrib flags */
227 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
228 } else {
242 rc = au_user_mask(locuser, &mask);
229 (void) au_user_mask(locuser, &mask);
230 }
231
245 if (err == 0)
232 if (err == 0) {
233 sorf = AU_PRS_SUCCESS;
247 else if (err >= 1)
234 } else if (err >= 1) {
235 sorf = AU_PRS_FAILURE;
249 else
236 } else {
237 sorf = AU_PRS_BOTH;
251 rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD);
252 return (rc);
238 }
239
240 return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
241}
242
243
244void
245audit_ftpd_logout(void)
246{
247 int rd; /* audit record descriptor */
248 uid_t euid;

--- 11 unchanged lines hidden (view full) ---

260
261 /* see if terminal id already set */
262 if (getaudit_addr(&info, sizeof (info)) < 0) {
263 perror("getaudit");
264 }
265
266 /* determine if we're preselected */
267 if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
280 AU_PRS_USECACHE) == 0) {
268 AU_PRS_USECACHE) == 0) {
269 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
270 NULL);
271 return;
272 }
273
274 euid = geteuid();
275 egid = getegid();
276 uid = getuid();
277 gid = getgid();
278 pid = getpid();
279
280 rd = au_open();
281
282 /* add subject token */
283 (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
296 egid, uid, gid, pid, pid, &info.ai_termid));
284 egid, uid, gid, pid, pid, &info.ai_termid));
285
286 if (is_system_labeled())
287 (void) au_write(rd, au_to_mylabel());
288
289 /* add return token */
290 errno = 0;
291#ifdef _LP64
292 (void) au_write(rd, au_to_return64(0, (int64_t)0));
293#else
294 (void) au_write(rd, au_to_return32(0, (int32_t)0));
295#endif
296
297 /* write audit record */
298 if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
299 (void) au_close(rd, 0, 0);
300 }
301 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
302}