Print this page
2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libbsm/common/audit_ftpd.c
+++ new/usr/src/lib/libbsm/common/audit_ftpd.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 + * Copyright (c) 2013 Gary Mills
23 + *
22 24 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 25 */
24 26
25 27 #include <sys/types.h>
26 28 #include <sys/param.h>
27 29 #include <stdio.h>
28 30 #include <sys/fcntl.h>
29 31 #include <stdlib.h>
30 32 #include <string.h>
31 33 #include <syslog.h>
32 34 #include <unistd.h>
33 35
34 36 #include <sys/socket.h>
35 37 #include <sys/sockio.h>
36 38 #include <netinet/in.h>
37 39 #include <tsol/label.h>
38 40
39 41 #include <bsm/audit.h>
40 42 #include <bsm/audit_record.h>
41 43 #include <bsm/audit_uevents.h>
42 44 #include <bsm/libbsm.h>
43 45 #include <bsm/audit_private.h>
44 46
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
45 47 #include <locale.h>
46 48 #include <pwd.h>
47 49 #include <generic.h>
48 50
49 51 #define BAD_PASSWD (1)
50 52 #define UNKNOWN_USER (2)
51 53 #define EXCLUDED_USER (3)
52 54 #define NO_ANONYMOUS (4)
53 55 #define MISC_FAILURE (5)
54 56
55 -static char luser[LOGNAME_MAX + 1];
57 +#ifdef LOGNAME_MAX_ILLUMOS
58 +#define _LOGNAME_MAX LOGNAME_MAX_ILLUMOS
59 +#else /* LOGNAME_MAX_ILLUMOS */
60 +#define _LOGNAME_MAX LOGNAME_MAX
61 +#endif /* LOGNAME_MAX_ILLUMOS */
56 62
63 +static char luser[_LOGNAME_MAX + 1];
64 +
57 65 static void generate_record(char *, int, char *);
58 66 static int selected(uid_t, char *, au_event_t, int);
59 67
60 68 void
61 69 audit_ftpd_bad_pw(char *uname)
62 70 {
63 71 if (cannot_audit(0)) {
64 72 return;
65 73 }
66 - (void) strncpy(luser, uname, LOGNAME_MAX);
74 + (void) strncpy(luser, uname, _LOGNAME_MAX);
67 75 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, "bad password"));
68 76 }
69 77
70 78
71 79 void
72 80 audit_ftpd_unknown(char *uname)
73 81 {
74 82 if (cannot_audit(0)) {
75 83 return;
76 84 }
77 - (void) strncpy(luser, uname, LOGNAME_MAX);
85 + (void) strncpy(luser, uname, _LOGNAME_MAX);
78 86 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, "unknown user"));
79 87 }
80 88
81 89
82 90 void
83 91 audit_ftpd_excluded(char *uname)
84 92 {
85 93 if (cannot_audit(0)) {
86 94 return;
87 95 }
88 - (void) strncpy(luser, uname, LOGNAME_MAX);
96 + (void) strncpy(luser, uname, _LOGNAME_MAX);
89 97 generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
90 98 "excluded user"));
91 99 }
92 100
93 101
94 102 void
95 103 audit_ftpd_no_anon(void)
96 104 {
97 105 if (cannot_audit(0)) {
98 106 return;
99 107 }
100 108 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, "no anonymous"));
101 109 }
102 110
103 111 void
104 112 audit_ftpd_failure(char *uname)
105 113 {
106 114 if (cannot_audit(0)) {
107 115 return;
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
108 116 }
109 117 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, "misc failure"));
110 118 }
111 119
112 120 void
113 121 audit_ftpd_success(char *uname)
114 122 {
115 123 if (cannot_audit(0)) {
116 124 return;
117 125 }
118 - (void) strncpy(luser, uname, LOGNAME_MAX);
126 + (void) strncpy(luser, uname, _LOGNAME_MAX);
119 127 generate_record(luser, 0, "");
120 128 }
121 129
122 130
123 131
124 132 static void
125 133 generate_record(
126 134 char *locuser, /* username of local user */
127 135 int err, /* error status */
128 136 /* (=0 success, >0 error code) */
129 137 char *msg) /* error message */
130 138 {
131 139 int rd; /* audit record descriptor */
132 140 char buf[256]; /* temporary buffer */
133 141 uid_t uid;
134 142 gid_t gid;
135 143 uid_t ruid; /* real uid */
136 144 gid_t rgid; /* real gid */
137 145 pid_t pid;
138 146 struct passwd *pwd;
139 147 uid_t ceuid; /* current effective uid */
140 148 struct auditinfo_addr info;
141 149
142 150 if (cannot_audit(0)) {
143 151 return;
144 152 }
145 153
146 154 pwd = getpwnam(locuser);
147 155 if (pwd == NULL) {
148 156 uid = (uid_t)-1;
149 157 gid = (gid_t)-1;
150 158 } else {
151 159 uid = pwd->pw_uid;
152 160 gid = pwd->pw_gid;
153 161 }
154 162
155 163 ceuid = geteuid(); /* save current euid */
156 164 (void) seteuid(0); /* change to root so you can audit */
157 165
158 166 /* determine if we're preselected */
159 167 if (!selected(uid, locuser, AUE_ftpd, err)) {
160 168 (void) seteuid(ceuid);
161 169 return;
162 170 }
163 171
164 172 ruid = getuid(); /* get real uid */
165 173 rgid = getgid(); /* get real gid */
166 174
167 175 pid = getpid();
168 176
169 177 /* see if terminal id already set */
170 178 if (getaudit_addr(&info, sizeof (info)) < 0) {
171 179 perror("getaudit");
172 180 }
173 181
174 182 rd = au_open();
175 183
176 184 /* add subject token */
177 185 (void) au_write(rd, au_to_subject_ex(uid, uid, gid,
178 186 ruid, rgid, pid, pid, &info.ai_termid));
179 187
180 188 if (is_system_labeled())
181 189 (void) au_write(rd, au_to_mylabel());
182 190
183 191 /* add return token */
184 192 errno = 0;
185 193 if (err) {
186 194 /* add reason for failure */
187 195 if (err == UNKNOWN_USER)
188 196 (void) snprintf(buf, sizeof (buf),
189 197 "%s %s", msg, locuser);
190 198 else
191 199 (void) snprintf(buf, sizeof (buf), "%s", msg);
192 200 (void) au_write(rd, au_to_text(buf));
193 201 #ifdef _LP64
194 202 (void) au_write(rd, au_to_return64(-1, (int64_t)err));
195 203 #else
196 204 (void) au_write(rd, au_to_return32(-1, (int32_t)err));
197 205 #endif
198 206 } else {
199 207 #ifdef _LP64
200 208 (void) au_write(rd, au_to_return64(0, (int64_t)0));
201 209 #else
202 210 (void) au_write(rd, au_to_return32(0, (int32_t)0));
203 211 #endif
204 212 }
205 213
206 214 /* write audit record */
207 215 if (au_close(rd, 1, AUE_ftpd) < 0) {
208 216 (void) au_close(rd, 0, 0);
209 217 }
210 218 (void) seteuid(ceuid);
211 219 }
212 220
213 221
214 222 static int
215 223 selected(
216 224 uid_t uid,
217 225 char *locuser,
218 226 au_event_t event,
219 227 int err)
220 228 {
221 229 int sorf;
222 230 struct au_mask mask;
223 231
224 232 mask.am_success = mask.am_failure = 0;
225 233 if (uid > MAXEPHUID) {
226 234 /* get non-attrib flags */
227 235 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
228 236 } else {
229 237 (void) au_user_mask(locuser, &mask);
230 238 }
231 239
232 240 if (err == 0) {
233 241 sorf = AU_PRS_SUCCESS;
234 242 } else if (err >= 1) {
235 243 sorf = AU_PRS_FAILURE;
236 244 } else {
237 245 sorf = AU_PRS_BOTH;
238 246 }
239 247
240 248 return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
241 249 }
242 250
243 251
244 252 void
245 253 audit_ftpd_logout(void)
246 254 {
247 255 int rd; /* audit record descriptor */
248 256 uid_t euid;
249 257 gid_t egid;
250 258 uid_t uid;
251 259 gid_t gid;
252 260 pid_t pid;
253 261 struct auditinfo_addr info;
254 262
255 263 if (cannot_audit(0)) {
256 264 return;
257 265 }
258 266
259 267 (void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
260 268
261 269 /* see if terminal id already set */
262 270 if (getaudit_addr(&info, sizeof (info)) < 0) {
263 271 perror("getaudit");
264 272 }
265 273
266 274 /* determine if we're preselected */
267 275 if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
268 276 AU_PRS_USECACHE) == 0) {
269 277 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
270 278 NULL);
271 279 return;
272 280 }
273 281
274 282 euid = geteuid();
275 283 egid = getegid();
276 284 uid = getuid();
277 285 gid = getgid();
278 286 pid = getpid();
279 287
280 288 rd = au_open();
281 289
282 290 /* add subject token */
283 291 (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
284 292 egid, uid, gid, pid, pid, &info.ai_termid));
285 293
286 294 if (is_system_labeled())
287 295 (void) au_write(rd, au_to_mylabel());
288 296
289 297 /* add return token */
290 298 errno = 0;
291 299 #ifdef _LP64
292 300 (void) au_write(rd, au_to_return64(0, (int64_t)0));
293 301 #else
294 302 (void) au_write(rd, au_to_return32(0, (int32_t)0));
295 303 #endif
296 304
297 305 /* write audit record */
298 306 if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
299 307 (void) au_close(rd, 0, 0);
300 308 }
301 309 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
302 310 }
|
↓ open down ↓ |
174 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX