audit_ftpd.c - OpenGrok cross reference for /illumos-gate/usr/src/lib/libbsm/common/audit

Deleted Added

sdiffudifftextold ( f48205be )new ( f8994074 )

audit_ftpd.c (f48205be)	audit_ftpd.c (f8994074)
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 5 unchanged lines hidden (view full) --- 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 / 21/	1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE --- 5 unchanged lines hidden (view full) --- 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 / 21/
22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms.	22 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 */ 25	23 */ 24
26#pragma ident "%Z%%M% %I% %E% SMI" 27
28#include <sys/types.h> 29#include <sys/param.h> 30#include <stdio.h> 31#include <sys/fcntl.h> 32#include <stdlib.h> 33#include <string.h> 34#include <syslog.h> 35#include <unistd.h> --- 14 unchanged lines hidden (view full) --- 50#include <generic.h> 51 52#define BAD_PASSWD (1) 53#define UNKNOWN_USER (2) 54#define EXCLUDED_USER (3) 55#define NO_ANONYMOUS (4) 56#define MISC_FAILURE (5) 57	25#include <sys/types.h> 26#include <sys/param.h> 27#include <stdio.h> 28#include <sys/fcntl.h> 29#include <stdlib.h> 30#include <string.h> 31#include <syslog.h> 32#include <unistd.h> --- 14 unchanged lines hidden (view full) --- 47#include <generic.h> 48 49#define BAD_PASSWD (1) 50#define UNKNOWN_USER (2) 51#define EXCLUDED_USER (3) 52#define NO_ANONYMOUS (4) 53#define MISC_FAILURE (5) 54
58static char luser[16];	55static char luser[LOGNAME_MAX + 1];
59 60static void generate_record(char , int, char ); 61static int selected(uid_t, char , au_event_t, int); 62 63void 64audit_ftpd_bad_pw(char uname) 65{ 66 if (cannot_audit(0)) { 67 return; 68 }	56 57static void generate_record(char , int, char ); 58static int selected(uid_t, char , au_event_t, int); 59 60void 61audit_ftpd_bad_pw(char uname) 62{ 63 if (cannot_audit(0)) { 64 return; 65 }
69 (void) strncpy(luser, uname, 8); 70 luser[8] = '\0'; 71 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, 72 "bad password"));	66 (void) strncpy(luser, uname, LOGNAME_MAX); 67 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, "bad password"));
73} 74 75 76void 77audit_ftpd_unknown(char *uname) 78{ 79 if (cannot_audit(0)) { 80 return; 81 }	68} 69 70 71void 72audit_ftpd_unknown(char *uname) 73{ 74 if (cannot_audit(0)) { 75 return; 76 }
82 (void) strncpy(luser, uname, 8); 83 luser[8] = '\0'; 84 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, 85 "unknown user"));	77 (void) strncpy(luser, uname, LOGNAME_MAX); 78 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, "unknown user"));
86} 87 88 89void 90audit_ftpd_excluded(char *uname) 91{ 92 if (cannot_audit(0)) { 93 return; 94 }	79} 80 81 82void 83audit_ftpd_excluded(char *uname) 84{ 85 if (cannot_audit(0)) { 86 return; 87 }
95 (void) strncpy(luser, uname, 8); 96 luser[8] = '\0';	88 (void) strncpy(luser, uname, LOGNAME_MAX);
97 generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,	89 generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
98 "excluded user"));	90 "excluded user"));
99} 100 101 102void 103audit_ftpd_no_anon(void) 104{ 105 if (cannot_audit(0)) { 106 return; 107 }	91} 92 93 94void 95audit_ftpd_no_anon(void) 96{ 97 if (cannot_audit(0)) { 98 return; 99 }
108 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, 109 "no anonymous"));	100 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, "no anonymous"));
110} 111 112void 113audit_ftpd_failure(char *uname) 114{ 115 if (cannot_audit(0)) { 116 return; 117 }	101} 102 103void 104audit_ftpd_failure(char *uname) 105{ 106 if (cannot_audit(0)) { 107 return; 108 }
118 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, 119 "misc failure"));	109 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, "misc failure"));
120} 121 122void 123audit_ftpd_success(char *uname) 124{ 125 if (cannot_audit(0)) { 126 return; 127 }	110} 111 112void 113audit_ftpd_success(char *uname) 114{ 115 if (cannot_audit(0)) { 116 return; 117 }
128 (void) strncpy(luser, uname, 8); 129 luser[8] = '\0';	118 (void) strncpy(luser, uname, LOGNAME_MAX);
130 generate_record(luser, 0, ""); 131} 132 133 134 135static void 136generate_record( 137 char locuser, / username of local user / --- 43 unchanged lines hidden* (view full) --- 181 if (getaudit_addr(&info, sizeof (info)) < 0) { 182 perror("getaudit"); 183 } 184 185 rd = au_open(); 186 187 /* add subject token */ 188 (void) au_write(rd, au_to_subject_ex(uid, uid, gid,	119 generate_record(luser, 0, ""); 120} 121 122 123 124static void 125generate_record( 126 char locuser, / username of local user / --- 43 unchanged lines hidden* (view full) --- 170 if (getaudit_addr(&info, sizeof (info)) < 0) { 171 perror("getaudit"); 172 } 173 174 rd = au_open(); 175 176 /* add subject token */ 177 (void) au_write(rd, au_to_subject_ex(uid, uid, gid,
189 ruid, rgid, pid, pid, &info.ai_termid));	178 ruid, rgid, pid, pid, &info.ai_termid));
190 191 if (is_system_labeled()) 192 (void) au_write(rd, au_to_mylabel()); 193 194 /* add return token / 195 errno = 0; 196 if (err) { 197 / add reason for failure / --- 26 unchanged lines hidden* (view full) --- 224 225static int 226selected( 227 uid_t uid, 228 char *locuser, 229 au_event_t event, 230 int err) 231{	179 180 if (is_system_labeled()) 181 (void) au_write(rd, au_to_mylabel()); 182 183 /* add return token / 184 errno = 0; 185 if (err) { 186 / add reason for failure / --- 26 unchanged lines hidden* (view full) --- 213 214static int 215selected( 216 uid_t uid, 217 char *locuser, 218 au_event_t event, 219 int err) 220{
232 int rc, sorf; 233 char naflags[512]; 234 struct au_mask mask;	221 int sorf; 222 struct au_mask mask;
235 236 mask.am_success = mask.am_failure = 0; 237 if (uid > MAXEPHUID) {	223 224 mask.am_success = mask.am_failure = 0; 225 if (uid > MAXEPHUID) {
238 rc = getacna(naflags, 256); /* get non-attrib flags */ 239 if (rc == 0) 240 (void) getauditflagsbin(naflags, &mask);	226 /* get non-attrib flags */ 227 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
241 } else {	228 } else {
242 rc = au_user_mask(locuser, &mask);	229 (void) au_user_mask(locuser, &mask);
243 } 244	230 } 231
245 if (err == 0)	232 if (err == 0) {
246 sorf = AU_PRS_SUCCESS;	233 sorf = AU_PRS_SUCCESS;
247 else if (err >= 1)	234 } else if (err >= 1) {
248 sorf = AU_PRS_FAILURE;	235 sorf = AU_PRS_FAILURE;
249 else	236 } else {
250 sorf = AU_PRS_BOTH;	237 sorf = AU_PRS_BOTH;
251 rc = au_preselect(event, &mask, sorf, AU_PRS_REREAD); 252 return (rc);	238 } 239 240 return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
253} 254 255 256void 257audit_ftpd_logout(void) 258{ 259 int rd; /* audit record descriptor / 260 uid_t euid; --- 11 unchanged lines hidden* (view full) --- 272 273 /* see if terminal id already set / 274 if (getaudit_addr(&info, sizeof (info)) < 0) { 275 perror("getaudit"); 276 } 277 278 / determine if we're preselected */ 279 if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,	241} 242 243 244void 245audit_ftpd_logout(void) 246{ 247 int rd; /* audit record descriptor / 248 uid_t euid; --- 11 unchanged lines hidden* (view full) --- 260 261 /* see if terminal id already set / 262 if (getaudit_addr(&info, sizeof (info)) < 0) { 263 perror("getaudit"); 264 } 265 266 / determine if we're preselected */ 267 if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
280 AU_PRS_USECACHE) == 0) {	268 AU_PRS_USECACHE) == 0) {
281 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, 282 NULL); 283 return; 284 } 285 286 euid = geteuid(); 287 egid = getegid(); 288 uid = getuid(); 289 gid = getgid(); 290 pid = getpid(); 291 292 rd = au_open(); 293 294 /* add subject token */ 295 (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,	269 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, 270 NULL); 271 return; 272 } 273 274 euid = geteuid(); 275 egid = getegid(); 276 uid = getuid(); 277 gid = getgid(); 278 pid = getpid(); 279 280 rd = au_open(); 281 282 /* add subject token */ 283 (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
296 egid, uid, gid, pid, pid, &info.ai_termid));	284 egid, uid, gid, pid, pid, &info.ai_termid));
297 298 if (is_system_labeled()) 299 (void) au_write(rd, au_to_mylabel()); 300 301 /* add return token / 302 errno = 0; 303#ifdef _LP64 304 (void) au_write(rd, au_to_return64(0, (int64_t)0)); 305#else 306 (void) au_write(rd, au_to_return32(0, (int32_t)0)); 307#endif 308 309 / write audit record */ 310 if (au_close(rd, 1, AUE_ftpd_logout) < 0) { 311 (void) au_close(rd, 0, 0); 312 } 313 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL); 314}	285 286 if (is_system_labeled()) 287 (void) au_write(rd, au_to_mylabel()); 288 289 /* add return token / 290 errno = 0; 291#ifdef _LP64 292 (void) au_write(rd, au_to_return64(0, (int64_t)0)); 293#else 294 (void) au_write(rd, au_to_return32(0, (int32_t)0)); 295#endif 296 297 / write audit record */ 298 if (au_close(rd, 1, AUE_ftpd_logout) < 0) { 299 (void) au_close(rd, 0, 0); 300 } 301 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL); 302}