6450749 The +group audit policy is ignored by most userland audit records

4 files changed, 66 insertions, 44 deletions

diff --git a/usr/src/cmd/ssh/sshd/sshd.c b/usr/src/cmd/ssh/sshd/sshd.c
index 46ea74b3cc..321871fe7b 100644
--- a/usr/src/cmd/ssh/sshd/sshd.c
+++ b/usr/src/cmd/ssh/sshd/sshd.c
@@ -1800,6 +1800,12 @@ authenticated:
 			(void (*)(void *))audit_failed_login_cleanup,
 			(void *)authctxt);
 
+		/* Initialize the group list, audit sometimes needs it. */
+		if (initgroups(authctxt->pw->pw_name,
+		    authctxt->pw->pw_gid) < 0) {
+			perror("initgroups");
+			exit (1);
+		}
 		audit_sshd_login(&ah, authctxt->pw->pw_uid,
 			authctxt->pw->pw_gid);
 
@@ -1900,6 +1906,11 @@ authenticated:
 		(void (*)(void *))audit_failed_login_cleanup,
 		(void *)authctxt);
 
+	/* Initialize the group list, audit sometimes needs it. */
+	if (initgroups(authctxt->pw->pw_name, authctxt->pw->pw_gid) < 0) {
+		perror("initgroups");
+		exit (1);
+	}
 	audit_sshd_login(&ah, authctxt->pw->pw_uid,
 		authctxt->pw->pw_gid);
 
diff --git a/usr/src/lib/libbsm/common/adt.c b/usr/src/lib/libbsm/common/adt.c
index e83f8a36f4..880bb06f3a 100644
--- a/usr/src/lib/libbsm/common/adt.c
+++ b/usr/src/lib/libbsm/common/adt.c
@@ -288,9 +288,9 @@ adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
  * a continued session; its values obviate the need for a subsequent
  * call to adt_set_user().
  *
- * The flag ADT_USE_PROC_DATA is used to decide how to set the initial
- * state of the session.  If 0, the session is "no audit" until a call
- * to adt_set_user; if 1, the session is built from the process audit
+ * The flag is used to decide how to set the initial state of the session.
+ * If 0, the session is "no audit" until a call to adt_set_user; if
+ * ADT_USE_PROC_DATA, the session is built from the process audit
  * characteristics obtained from the kernel.  If imported_state is
  * not NULL, the resulting audit mask is an OR of the current process
  * audit mask and that passed in.
@@ -304,8 +304,7 @@ adt_cpy_tid(au_tid_addr_t *dest, const au_tid64_addr_t *src)
 
 int
 adt_start_session(adt_session_data_t **new_session,
-    const adt_export_data_t *imported_state,
-    adt_session_flags_t flags)
+    const adt_export_data_t *imported_state, adt_session_flags_t flags)
 {
 	adt_internal_state_t	*state;
 	adt_session_flags_t	flgmask = ADT_FLAGS_ALL;
@@ -335,6 +334,8 @@ adt_start_session(adt_session_data_t **new_session,
 	if (imported_state != NULL) {
 		if (adt_import(state, imported_state) != 0)
 			goto return_err_free;
+	} else if (flags & ADT_USE_PROC_DATA) {
+		state->as_session_model = ADT_PROCESS_MODEL;
 	}
 	state->as_flags = flags;
 	DPRINTF(("(%d) Starting session id = %08X\n",
@@ -369,6 +370,7 @@ return_err:
  * These are "volatile" (more changable than "evolving") and will
  * probably change in the S10 period.
  */
+
 void
 adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
 {
@@ -384,8 +386,7 @@ adt_get_asid(const adt_session_data_t *session_data, au_asid_t *asid)
 }
 
 void
-adt_set_asid(const adt_session_data_t *session_data,
-    const au_asid_t session_id)
+adt_set_asid(const adt_session_data_t *session_data, const au_asid_t session_id)
 {
 
 	if (session_data != NULL) {
@@ -408,6 +409,7 @@ adt_set_asid(const adt_session_data_t *session_data,
  * very good reason for setting your own audit id.  The process
  * audit characteristics are not changed by put, use adt_set_proc().
  */
+
 void
 adt_get_auid(const adt_session_data_t *session_data, au_id_t *auid)
 {
@@ -447,6 +449,7 @@ adt_set_auid(const adt_session_data_t *session_data, const au_id_t audit_id)
  * The process  audit characteristics are not changed by put, use
  * adt_set_proc().
  */
+
 void
 adt_get_termid(const adt_session_data_t *session_data, au_tid_addr_t *termid)
 {
@@ -490,6 +493,7 @@ adt_set_termid(const adt_session_data_t *session_data,
  * The process  audit characteristics are not changed by put, use
  * adt_set_proc().
  */
+
 void
 adt_get_mask(const adt_session_data_t *session_data, au_mask_t *mask)
 {
@@ -523,6 +527,7 @@ adt_set_mask(const adt_session_data_t *session_data, const au_mask_t *mask)
 /*
  * helpers for adt_load_termid
  */
+
 static void
 adt_do_ipv6_address(struct sockaddr_in6 *peer, struct sockaddr_in6 *sock,
     au_tid_addr_t *termid)
@@ -665,6 +670,7 @@ adt_get_hostIP(const char *hostname, au_tid_addr_t *p_term)
  * as grounds for denying a login.  Otherwise the caller would
  * need to be aware of the audit state.
  */
+
 int
 adt_load_hostname(const char *hostname, adt_termid_t **termid)
 {
@@ -718,6 +724,7 @@ return_err:
  * as grounds for denying a login.  Otherwise the caller would
  * need to be aware of the audit state.
  */
+
 int
 adt_load_ttyname(const char *ttyname, adt_termid_t **termid)
 {
@@ -872,6 +879,7 @@ return_rc:
  * from_export_format()
  * read from a network order buffer into struct adt_session_data
  */
+
 static size_t
 adt_from_export_format(adt_internal_state_t *internal,
     const adt_export_data_t *external)
@@ -995,9 +1003,10 @@ adt_to_export_format(adt_export_data_t *external,
  * value is always the 64 bit version.  What is stored depends
  * on how libbsm is compiled.
  */
+
 size_t
-adt_import_proc(pid_t pid, uid_t euid, gid_t egid, uid_t ruid,
-    gid_t rgid, adt_export_data_t **external)
+adt_import_proc(pid_t pid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
+    adt_export_data_t **external)
 {
 	size_t			length = 0;
 	adt_internal_state_t	*state;
@@ -1084,6 +1093,7 @@ return_length:
 /*
  * adt_import() -- convert from network order to machine-specific order
  */
+
 static int
 adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
 {
@@ -1140,9 +1150,10 @@ adt_import(adt_internal_state_t *internal, const adt_export_data_t *external)
  * is sufficient memory, a buffer will be returned even in the
  * audit off case.
  */
+
 size_t
 adt_export_session_data(const adt_session_data_t *internal,
-			adt_export_data_t **external)
+    adt_export_data_t **external)
 {
 	adt_internal_state_t	*dummy;
 	size_t			length = 0;
@@ -1206,6 +1217,7 @@ adt_setto_unaudited(adt_internal_state_t *state)
  * By default, an audit session is based on the process; the default
  * is overriden by adt_set_user()
  */
+
 static int
 adt_init(adt_internal_state_t *state, int use_proc_data)
 {
@@ -1221,7 +1233,7 @@ adt_init(adt_internal_state_t *state, int use_proc_data)
 		if (state->as_audit_enabled) {
 			const au_tid64_addr_t	*tid;
 			const au_mask_t		*mask;
-			ucred_t			*ucred = ucred_get(getpid());
+			ucred_t			*ucred = ucred_get(P_MYID);
 
 			/*
 			 * Even if the ucred is NULL, the underlying
@@ -1342,6 +1354,7 @@ adt_newuser(adt_internal_state_t *state, uid_t ruid, au_tid_addr_t *termid)
 
 	return (0);
 }
+
 static int
 adt_changeuser(adt_internal_state_t *state, uid_t ruid)
 {
@@ -1365,16 +1378,17 @@ adt_changeuser(adt_internal_state_t *state, uid_t ruid)
 		ruid));
 	return (0);
 }
+
 /*
  * adt_set_user -- see also adt_set_from_ucred()
  *
  * ADT_NO_ATTRIB is a valid uid/gid meaning "not known" or
- * "unattributed."
+ * "unattributed."  If ruid, change the model to session.
  *
  * ADT_NO_CHANGE is a valid uid/gid meaning "do not change this value"
  * only valid with ADT_UPDATE.
  *
- * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITIT -- there
+ * ADT_NO_AUDIT is the external equivalent to AU_NOAUDITID -- there
  * isn't a good reason to call adt_set_user() with it unless you don't
  * have a good value yet and intend to replace it later; auid will be
  * AU_NOAUDITID.
@@ -1386,13 +1400,10 @@ adt_changeuser(adt_internal_state_t *state, uid_t ruid)
  * See the note preceding adt_set_proc() about the use of ADT_HAVE_TID
  * and ADT_HAVE_ALL.
  */
+
 int
-adt_set_user(const adt_session_data_t *session_data,
-    uid_t euid,
-    gid_t egid,
-    uid_t ruid,
-    gid_t rgid,
-    const adt_termid_t *termid,
+adt_set_user(const adt_session_data_t *session_data, uid_t euid, gid_t egid,
+    uid_t ruid, gid_t rgid, const adt_termid_t *termid,
     enum adt_user_context user_context)
 {
 	adt_internal_state_t	*state;
@@ -1444,8 +1455,6 @@ adt_set_user(const adt_session_data_t *session_data,
 		state->as_have_user_data = ADT_HAVE_TID |
 		    ADT_HAVE_AUID | ADT_HAVE_ASID | ADT_HAVE_MASK;
 		return (0);
-		break;
-
 	default:
 		errno = EINVAL;
 		return (-1);
@@ -1467,8 +1476,13 @@ adt_set_user(const adt_session_data_t *session_data,
 			state->as_egid = egid;
 	}
 
+	if (ruid == ADT_NO_ATTRIB) {
+		state->as_session_model = ADT_SESSION_MODEL;
+	}
+
 	return (0);
 }
+
 /*
  * adt_set_from_ucred()
  *
@@ -1485,9 +1499,10 @@ adt_set_user(const adt_session_data_t *session_data,
  * so that adt_export_session_data() will have useful stuff to
  * work with.
  */
+
 int
-adt_set_from_ucred(const adt_session_data_t *session_data,
-    const ucred_t *uc, enum adt_user_context user_context)
+adt_set_from_ucred(const adt_session_data_t *session_data, const ucred_t *uc,
+    enum adt_user_context user_context)
 {
 	adt_internal_state_t	*state;
 	int			rc = -1;
@@ -1754,8 +1769,7 @@ adt_generate_event(const adt_event_data_t *p_extdata,
  */
 
 int
-adt_put_event(const adt_event_data_t *event, int status,
-    int return_val)
+adt_put_event(const adt_event_data_t *event, int status, int return_val)
 {
 	struct adt_event_state	*event_state;
 	struct translation	*xlate;
diff --git a/usr/src/lib/libbsm/common/adt.h b/usr/src/lib/libbsm/common/adt.h
index f9534b30b1..2efff4c475 100644
--- a/usr/src/lib/libbsm/common/adt.h
+++ b/usr/src/lib/libbsm/common/adt.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -22,7 +21,7 @@
 /*
  * adt.h
  *
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * This is a contract private interface and is subject to change
@@ -76,7 +75,7 @@ typedef struct adt_termid	adt_termid_t;
  * flag defs for the flags argument of adt_start_session()
  */
 
-#define	ADT_BUFFER_RECORDS	0x2	/* TSOL buffering */
+#define	ADT_BUFFER_RECORDS	0x2	/* server buffering */
 #define	ADT_USE_PROC_DATA	0x1	/* copy audit char's from proc */
 	/* | all of above = ADT_FLAGS_ALL  */
 #define	ADT_FLAGS_ALL		ADT_BUFFER_RECORDS | \
diff --git a/usr/src/lib/libbsm/common/adt_token.c b/usr/src/lib/libbsm/common/adt_token.c
index 1cc6a48cc3..8901a35f80 100644
--- a/usr/src/lib/libbsm/common/adt_token.c
+++ b/usr/src/lib/libbsm/common/adt_token.c
@@ -532,27 +532,25 @@ adt_to_subject(datadef *def, void *p_data, int required,
 		sp->as_euid, sp->as_egid, sp->as_ruid, sp->as_rgid,
 		getpid(), sp->as_info.ai_asid,
 		&(sp->as_info.ai_termid)));
-	if (is_system_labeled())
-		(void) au_write(event->ae_event_handle, au_to_mylabel());
 	/*
-	 * If AUDIT_GROUP is set, a groups token must be output.
-	 * In a session model, the groups list is undefined, so output an
-	 * empty list.  In a process model, ship it!
+	 * Add optional tokens if in the process model.
+	 * In a session model, the groups list is undefined and label
+	 * is wrong, so don't do anything.
 	 */
-	if (sp->as_kernel_audit_policy & AUDIT_GROUP) {
-		int group_count;
-		gid_t grouplist[NGROUPS_MAX];
+	if (sp->as_session_model == ADT_PROCESS_MODEL) {
+		if (is_system_labeled())
+			(void) au_write(event->ae_event_handle,
+			    au_to_mylabel());
+
+		if (sp->as_kernel_audit_policy & AUDIT_GROUP) {
+			int group_count;
+			gid_t grouplist[NGROUPS_MAX];
 
-		(void) memset(grouplist, 0, sizeof (grouplist));
-		if (sp->as_session_model == ADT_PROCESS_MODEL) {
 			if ((group_count = getgroups(NGROUPS_UMAX,
-			    grouplist))) {
+			    grouplist)) > 0) {
 				(void) au_write(event->ae_event_handle,
 				    au_to_newgroups(group_count, grouplist));
 			}
-		} else { /* consider deleting this null output */
-			(void) au_write(event->ae_event_handle,
-			    au_to_newgroups(0, grouplist));
 		}
 	}
 }