Print this page
2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libbsm/common/audit_ftpd.c
+++ new/usr/src/lib/libbsm/common/audit_ftpd.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 + * Copyright (c) 2013 Gary Mills
23 + *
22 24 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
23 25 */
24 26
25 27 #include <sys/types.h>
26 28 #include <sys/param.h>
27 29 #include <stdio.h>
28 30 #include <sys/fcntl.h>
29 31 #include <stdlib.h>
30 32 #include <string.h>
31 33 #include <syslog.h>
32 34 #include <unistd.h>
33 35
34 36 #include <sys/socket.h>
35 37 #include <sys/sockio.h>
36 38 #include <netinet/in.h>
37 39 #include <tsol/label.h>
38 40
39 41 #include <bsm/audit.h>
40 42 #include <bsm/audit_record.h>
41 43 #include <bsm/audit_uevents.h>
42 44 #include <bsm/libbsm.h>
43 45 #include <bsm/audit_private.h>
44 46
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
45 47 #include <locale.h>
46 48 #include <pwd.h>
47 49 #include <generic.h>
48 50
49 51 #define BAD_PASSWD (1)
50 52 #define UNKNOWN_USER (2)
51 53 #define EXCLUDED_USER (3)
52 54 #define NO_ANONYMOUS (4)
53 55 #define MISC_FAILURE (5)
54 56
55 -static char luser[LOGNAME_MAX + 1];
57 +static char luser[LOGNAME_MAX_ILLUMOS + 1];
56 58
57 59 static void generate_record(char *, int, char *);
58 60 static int selected(uid_t, char *, au_event_t, int);
59 61
60 62 void
61 63 audit_ftpd_bad_pw(char *uname)
62 64 {
63 65 if (cannot_audit(0)) {
64 66 return;
65 67 }
66 - (void) strncpy(luser, uname, LOGNAME_MAX);
68 + (void) strncpy(luser, uname, LOGNAME_MAX_ILLUMOS);
67 69 generate_record(luser, BAD_PASSWD, dgettext(bsm_dom, "bad password"));
68 70 }
69 71
70 72
71 73 void
72 74 audit_ftpd_unknown(char *uname)
73 75 {
74 76 if (cannot_audit(0)) {
75 77 return;
76 78 }
77 - (void) strncpy(luser, uname, LOGNAME_MAX);
79 + (void) strncpy(luser, uname, LOGNAME_MAX_ILLUMOS);
78 80 generate_record(luser, UNKNOWN_USER, dgettext(bsm_dom, "unknown user"));
79 81 }
80 82
81 83
82 84 void
83 85 audit_ftpd_excluded(char *uname)
84 86 {
85 87 if (cannot_audit(0)) {
86 88 return;
87 89 }
88 - (void) strncpy(luser, uname, LOGNAME_MAX);
90 + (void) strncpy(luser, uname, LOGNAME_MAX_ILLUMOS);
89 91 generate_record(luser, EXCLUDED_USER, dgettext(bsm_dom,
90 92 "excluded user"));
91 93 }
92 94
93 95
94 96 void
95 97 audit_ftpd_no_anon(void)
96 98 {
97 99 if (cannot_audit(0)) {
98 100 return;
99 101 }
100 102 generate_record("", NO_ANONYMOUS, dgettext(bsm_dom, "no anonymous"));
101 103 }
102 104
103 105 void
104 106 audit_ftpd_failure(char *uname)
105 107 {
106 108 if (cannot_audit(0)) {
107 109 return;
|
↓ open down ↓ |
9 lines elided |
↑ open up ↑ |
108 110 }
109 111 generate_record(uname, MISC_FAILURE, dgettext(bsm_dom, "misc failure"));
110 112 }
111 113
112 114 void
113 115 audit_ftpd_success(char *uname)
114 116 {
115 117 if (cannot_audit(0)) {
116 118 return;
117 119 }
118 - (void) strncpy(luser, uname, LOGNAME_MAX);
120 + (void) strncpy(luser, uname, LOGNAME_MAX_ILLUMOS);
119 121 generate_record(luser, 0, "");
120 122 }
121 123
122 124
123 125
124 126 static void
125 127 generate_record(
126 128 char *locuser, /* username of local user */
127 129 int err, /* error status */
128 130 /* (=0 success, >0 error code) */
129 131 char *msg) /* error message */
130 132 {
131 133 int rd; /* audit record descriptor */
132 134 char buf[256]; /* temporary buffer */
133 135 uid_t uid;
134 136 gid_t gid;
135 137 uid_t ruid; /* real uid */
136 138 gid_t rgid; /* real gid */
137 139 pid_t pid;
138 140 struct passwd *pwd;
139 141 uid_t ceuid; /* current effective uid */
140 142 struct auditinfo_addr info;
141 143
142 144 if (cannot_audit(0)) {
143 145 return;
144 146 }
145 147
146 148 pwd = getpwnam(locuser);
147 149 if (pwd == NULL) {
148 150 uid = (uid_t)-1;
149 151 gid = (gid_t)-1;
150 152 } else {
151 153 uid = pwd->pw_uid;
152 154 gid = pwd->pw_gid;
153 155 }
154 156
155 157 ceuid = geteuid(); /* save current euid */
156 158 (void) seteuid(0); /* change to root so you can audit */
157 159
158 160 /* determine if we're preselected */
159 161 if (!selected(uid, locuser, AUE_ftpd, err)) {
160 162 (void) seteuid(ceuid);
161 163 return;
162 164 }
163 165
164 166 ruid = getuid(); /* get real uid */
165 167 rgid = getgid(); /* get real gid */
166 168
167 169 pid = getpid();
168 170
169 171 /* see if terminal id already set */
170 172 if (getaudit_addr(&info, sizeof (info)) < 0) {
171 173 perror("getaudit");
172 174 }
173 175
174 176 rd = au_open();
175 177
176 178 /* add subject token */
177 179 (void) au_write(rd, au_to_subject_ex(uid, uid, gid,
178 180 ruid, rgid, pid, pid, &info.ai_termid));
179 181
180 182 if (is_system_labeled())
181 183 (void) au_write(rd, au_to_mylabel());
182 184
183 185 /* add return token */
184 186 errno = 0;
185 187 if (err) {
186 188 /* add reason for failure */
187 189 if (err == UNKNOWN_USER)
188 190 (void) snprintf(buf, sizeof (buf),
189 191 "%s %s", msg, locuser);
190 192 else
191 193 (void) snprintf(buf, sizeof (buf), "%s", msg);
192 194 (void) au_write(rd, au_to_text(buf));
193 195 #ifdef _LP64
194 196 (void) au_write(rd, au_to_return64(-1, (int64_t)err));
195 197 #else
196 198 (void) au_write(rd, au_to_return32(-1, (int32_t)err));
197 199 #endif
198 200 } else {
199 201 #ifdef _LP64
200 202 (void) au_write(rd, au_to_return64(0, (int64_t)0));
201 203 #else
202 204 (void) au_write(rd, au_to_return32(0, (int32_t)0));
203 205 #endif
204 206 }
205 207
206 208 /* write audit record */
207 209 if (au_close(rd, 1, AUE_ftpd) < 0) {
208 210 (void) au_close(rd, 0, 0);
209 211 }
210 212 (void) seteuid(ceuid);
211 213 }
212 214
213 215
214 216 static int
215 217 selected(
216 218 uid_t uid,
217 219 char *locuser,
218 220 au_event_t event,
219 221 int err)
220 222 {
221 223 int sorf;
222 224 struct au_mask mask;
223 225
224 226 mask.am_success = mask.am_failure = 0;
225 227 if (uid > MAXEPHUID) {
226 228 /* get non-attrib flags */
227 229 (void) auditon(A_GETKMASK, (caddr_t)&mask, sizeof (mask));
228 230 } else {
229 231 (void) au_user_mask(locuser, &mask);
230 232 }
231 233
232 234 if (err == 0) {
233 235 sorf = AU_PRS_SUCCESS;
234 236 } else if (err >= 1) {
235 237 sorf = AU_PRS_FAILURE;
236 238 } else {
237 239 sorf = AU_PRS_BOTH;
238 240 }
239 241
240 242 return (au_preselect(event, &mask, sorf, AU_PRS_REREAD));
241 243 }
242 244
243 245
244 246 void
245 247 audit_ftpd_logout(void)
246 248 {
247 249 int rd; /* audit record descriptor */
248 250 uid_t euid;
249 251 gid_t egid;
250 252 uid_t uid;
251 253 gid_t gid;
252 254 pid_t pid;
253 255 struct auditinfo_addr info;
254 256
255 257 if (cannot_audit(0)) {
256 258 return;
257 259 }
258 260
259 261 (void) priv_set(PRIV_ON, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
260 262
261 263 /* see if terminal id already set */
262 264 if (getaudit_addr(&info, sizeof (info)) < 0) {
263 265 perror("getaudit");
264 266 }
265 267
266 268 /* determine if we're preselected */
267 269 if (au_preselect(AUE_ftpd_logout, &info.ai_mask, AU_PRS_SUCCESS,
268 270 AU_PRS_USECACHE) == 0) {
269 271 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT,
270 272 NULL);
271 273 return;
272 274 }
273 275
274 276 euid = geteuid();
275 277 egid = getegid();
276 278 uid = getuid();
277 279 gid = getgid();
278 280 pid = getpid();
279 281
280 282 rd = au_open();
281 283
282 284 /* add subject token */
283 285 (void) au_write(rd, au_to_subject_ex(info.ai_auid, euid,
284 286 egid, uid, gid, pid, pid, &info.ai_termid));
285 287
286 288 if (is_system_labeled())
287 289 (void) au_write(rd, au_to_mylabel());
288 290
289 291 /* add return token */
290 292 errno = 0;
291 293 #ifdef _LP64
292 294 (void) au_write(rd, au_to_return64(0, (int64_t)0));
293 295 #else
294 296 (void) au_write(rd, au_to_return32(0, (int32_t)0));
295 297 #endif
296 298
297 299 /* write audit record */
298 300 if (au_close(rd, 1, AUE_ftpd_logout) < 0) {
299 301 (void) au_close(rd, 0, 0);
300 302 }
301 303 (void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_PROC_AUDIT, NULL);
302 304 }
|
↓ open down ↓ |
174 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX