freebsd-skq/contrib/openbsm/libbsm/bsm_user.c
Robert Watson 7a0a89d2cb Merge OpenBSM alpha 4 from OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).  Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 alpha 4

- With the addition of BSM error number mapping, we also need to map the
  local error number passed to audit_submit(3) to a BSM error number,
  rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
  more formal allocation scheme, and add some events allocated in Solaris
  that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
  directly, rather than requiring applications to map to the local error
  space, which might not be able to entirely represent the BSM error
  number space.
- Major auditd rewrite for launchd(8) support.  Add libauditd library
  that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
  (re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
  startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
  has been recovered from not being properly terminated.  This event is
  stored in the new audit trail file and includes the path of recovered
  audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
  auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
  calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.

OpenBSM 1.1 alpha 3

- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
  between BSM error numbers (largely the Solaris definitions) and local
  errno(2) values for 32-bit and 64-bit return tokens.  This is required
  as operating systems don't agree on some of the values of more recent
  error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
  total size for the token.  This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.
2008-12-31 11:12:24 +00:00

297 lines
6.7 KiB
C

/*-
* Copyright (c) 2004 Apple Inc.
* Copyright (c) 2006 Robert N. M. Watson
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_user.c#19 $
*/
#include <config/config.h>
#include <bsm/libbsm.h>
#include <string.h>
#ifdef HAVE_PTHREAD_MUTEX_LOCK
#include <pthread.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#ifndef HAVE_STRLCPY
#include <compat/strlcpy.h>
#endif
/*
* Parse the contents of the audit_user file into au_user_ent structures.
*/
static FILE *fp = NULL;
static char linestr[AU_LINE_MAX];
static const char *user_delim = ":";
#ifdef HAVE_PTHREAD_MUTEX_LOCK
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
#endif
/*
* Parse one line from the audit_user file into the au_user_ent structure.
*/
static struct au_user_ent *
userfromstr(char *str, struct au_user_ent *u)
{
char *username, *always, *never;
char *last;
username = strtok_r(str, user_delim, &last);
always = strtok_r(NULL, user_delim, &last);
never = strtok_r(NULL, user_delim, &last);
if ((username == NULL) || (always == NULL) || (never == NULL))
return (NULL);
if (strlen(username) >= AU_USER_NAME_MAX)
return (NULL);
strlcpy(u->au_name, username, AU_USER_NAME_MAX);
if (getauditflagsbin(always, &(u->au_always)) == -1)
return (NULL);
if (getauditflagsbin(never, &(u->au_never)) == -1)
return (NULL);
return (u);
}
/*
* Rewind to beginning of the file
*/
static void
setauuser_locked(void)
{
if (fp != NULL)
fseek(fp, 0, SEEK_SET);
}
void
setauuser(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauuser_locked();
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
* Close the file descriptor
*/
void
endauuser(void)
{
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
if (fp != NULL) {
fclose(fp);
fp = NULL;
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
}
/*
* Enumerate the au_user_ent structures from the file
*/
static struct au_user_ent *
getauuserent_r_locked(struct au_user_ent *u)
{
char *nl;
if ((fp == NULL) && ((fp = fopen(AUDIT_USER_FILE, "r")) == NULL))
return (NULL);
while (1) {
if (fgets(linestr, AU_LINE_MAX, fp) == NULL)
return (NULL);
/* Remove new lines. */
if ((nl = strrchr(linestr, '\n')) != NULL)
*nl = '\0';
/* Skip comments. */
if (linestr[0] == '#')
continue;
/* Get the next structure. */
if (userfromstr(linestr, u) == NULL)
return (NULL);
break;
}
return (u);
}
struct au_user_ent *
getauuserent_r(struct au_user_ent *u)
{
struct au_user_ent *up;
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
up = getauuserent_r_locked(u);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (up);
}
struct au_user_ent *
getauuserent(void)
{
static char user_ent_name[AU_USER_NAME_MAX];
static struct au_user_ent u;
bzero(&u, sizeof(u));
bzero(user_ent_name, sizeof(user_ent_name));
u.au_name = user_ent_name;
return (getauuserent_r(&u));
}
/*
* Find a au_user_ent structure matching the given user name.
*/
struct au_user_ent *
getauusernam_r(struct au_user_ent *u, const char *name)
{
struct au_user_ent *up;
if (name == NULL)
return (NULL);
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_lock(&mutex);
#endif
setauuser_locked();
while ((up = getauuserent_r_locked(u)) != NULL) {
if (strcmp(name, u->au_name) == 0) {
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (u);
}
}
#ifdef HAVE_PTHREAD_MUTEX_LOCK
pthread_mutex_unlock(&mutex);
#endif
return (NULL);
}
struct au_user_ent *
getauusernam(const char *name)
{
static char user_ent_name[AU_USER_NAME_MAX];
static struct au_user_ent u;
bzero(&u, sizeof(u));
bzero(user_ent_name, sizeof(user_ent_name));
u.au_name = user_ent_name;
return (getauusernam_r(&u, name));
}
/*
* Read the default system wide audit classes from audit_control, combine with
* the per-user audit class and update the binary preselection mask.
*/
int
au_user_mask(char *username, au_mask_t *mask_p)
{
char auditstring[MAX_AUDITSTRING_LEN + 1];
char user_ent_name[AU_USER_NAME_MAX];
struct au_user_ent u, *up;
bzero(&u, sizeof(u));
bzero(user_ent_name, sizeof(user_ent_name));
u.au_name = user_ent_name;
/* Get user mask. */
if ((up = getauusernam_r(&u, username)) != NULL) {
if (-1 == getfauditflags(&up->au_always, &up->au_never,
mask_p))
return (-1);
return (0);
}
/* Read the default system mask. */
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
if (-1 == getauditflagsbin(auditstring, mask_p))
return (-1);
return (0);
}
/* No masks defined. */
return (-1);
}
/*
* Generate the process audit state by combining the audit masks passed as
* parameters with the system audit masks.
*/
int
getfauditflags(au_mask_t *usremask, au_mask_t *usrdmask, au_mask_t *lastmask)
{
char auditstring[MAX_AUDITSTRING_LEN + 1];
if ((usremask == NULL) || (usrdmask == NULL) || (lastmask == NULL))
return (-1);
lastmask->am_success = 0;
lastmask->am_failure = 0;
/* Get the system mask. */
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
if (getauditflagsbin(auditstring, lastmask) != 0)
return (-1);
}
ADDMASK(lastmask, usremask);
SUBMASK(lastmask, usrdmask);
return (0);
}