diff options
Diffstat (limited to 'usr/src/lib')
| -rw-r--r-- | usr/src/lib/libbsm/Makefile | 3 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/Makefile.com | 3 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/audit_su.c | 192 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/spec/private.spec | 42 |
4 files changed, 2 insertions, 238 deletions
diff --git a/usr/src/lib/libbsm/Makefile b/usr/src/lib/libbsm/Makefile index 4bcfe29bc4..1170a18bb2 100644 --- a/usr/src/lib/libbsm/Makefile +++ b/usr/src/lib/libbsm/Makefile @@ -20,7 +20,7 @@ # CDDL HEADER END # # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2005 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -79,7 +79,6 @@ OBJECTS= adr.o \ audit_rshd.o \ audit_settid.o \ audit_shutdown.o \ - audit_su.o \ audit_uadmin.o \ audit_user.o \ bsm.o \ diff --git a/usr/src/lib/libbsm/Makefile.com b/usr/src/lib/libbsm/Makefile.com index 595755e6ec..fcbf87cc73 100644 --- a/usr/src/lib/libbsm/Makefile.com +++ b/usr/src/lib/libbsm/Makefile.com @@ -20,7 +20,7 @@ # CDDL HEADER END # # -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. +# Copyright 2005 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # ident "%Z%%M% %I% %E% SMI" @@ -62,7 +62,6 @@ OBJECTS= adr.o \ audit_rshd.o \ audit_settid.o \ audit_shutdown.o \ - audit_su.o \ audit_uadmin.o \ audit_user.o \ bsm.o \ diff --git a/usr/src/lib/libbsm/common/audit_su.c b/usr/src/lib/libbsm/common/audit_su.c deleted file mode 100644 index 5584e0fa65..0000000000 --- a/usr/src/lib/libbsm/common/audit_su.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * BSM hooks for the su command - */ - -#include <sys/types.h> -#include <bsm/audit.h> -#include <bsm/libbsm.h> -#include <bsm/audit_uevents.h> -#include <bsm/audit_private.h> -#include <limits.h> -#include <pwd.h> -#include <shadow.h> -#include <locale.h> -#include <unistd.h> -#include <string.h> -#include <generic.h> - -#define SU_IS_EXPIRED 1 -#define SU_NOT_EXPIRED 0 - -static auditinfo_addr_t su_ai; -static int su_expired; /* boolean, are we su-ing to an expired account? */ -static char *su_user; -static char *invalid_user = "invalid user"; - -static void audit_su_init_expired(); -static void audit_su(); - -extern int cannot_audit(); - -/* - * Hooks that set private variables. - */ - -/* ARGSUSED */ -void -audit_su_init_info(char *username, char *ttyn) -{ - if (cannot_audit(0)) { - return; - } - if (username != NULL) { - su_user = strdup(username); - } else { - su_user = invalid_user; - } - audit_su_init_expired(username); - (void) getaudit_addr(&su_ai, sizeof (su_ai)); - (void) aug_save_me(); -} - -static void -audit_su_init_expired(username) - char *username; -{ - struct spwd *p_spwd; - - if (cannot_audit(0)) { - return; - } - - su_expired = SU_NOT_EXPIRED; - - if ((p_spwd = getspnam(username)) == NULL) { - return; - } - - if (p_spwd->sp_expire > 0 && p_spwd->sp_expire < DAY_NOW) { - su_expired = SU_IS_EXPIRED; - } -} - -void -audit_su_reset_ai(void) -{ - au_mask_t new_users_mask; - - if (cannot_audit(0)) { - return; - } - - new_users_mask.am_success = 0; - new_users_mask.am_failure = 0; - - (void) au_user_mask(su_user, &new_users_mask); - su_ai.ai_mask.am_success |= new_users_mask.am_success; - su_ai.ai_mask.am_failure |= new_users_mask.am_failure; - - (void) setaudit_addr(&su_ai, sizeof (su_ai)); -} - -void -audit_su_success() -{ - if (cannot_audit(0)) { - return; - } - audit_su(dgettext(bsm_dom, "success"), 0); -} - -void -audit_su_bad_username() -{ - if (cannot_audit(0)) { - return; - } - audit_su(dgettext(bsm_dom, "bad username"), 1); -} - -void -audit_su_bad_authentication() -{ - if (cannot_audit(0)) { - return; - } - audit_su(dgettext(bsm_dom, "bad auth."), 2); -} - -void -audit_su_bad_uid(uid) -uid_t uid; -{ - char textbuf[BSM_TEXTBUFSZ]; - - if (cannot_audit(0)) { - return; - } - (void) snprintf(textbuf, sizeof (textbuf), - dgettext(bsm_dom, "bad uid %ld"), uid); - audit_su(textbuf, 3); -} - -void -audit_su_unknown_failure() -{ - if (cannot_audit(0)) { - return; - } - audit_su(dgettext(bsm_dom, "unknown failure"), 4); -} - -/* - * audit_su: The master hook for su. It writes records to the audit trail. - */ - -static void -audit_su(s, r) -char *s; /* string indication success, failure message */ -int r; /* return code for return token */ -{ - char textbuf[BSM_TEXTBUFSZ]; - char *exp; - - aug_save_event(AUE_su); - aug_save_sorf(r); - if (su_expired == SU_IS_EXPIRED) { - exp = dgettext(bsm_dom, " (expired)"); - } else { - exp = ""; - } - (void) snprintf(textbuf, sizeof (textbuf), - dgettext(bsm_dom, "%s for user %s%s"), s, su_user, exp); - aug_save_text(textbuf); - (void) aug_audit(); -} diff --git a/usr/src/lib/libbsm/spec/private.spec b/usr/src/lib/libbsm/spec/private.spec index 96b315a940..cdafa7c582 100644 --- a/usr/src/lib/libbsm/spec/private.spec +++ b/usr/src/lib/libbsm/spec/private.spec @@ -549,48 +549,6 @@ declaration int audit_shutdown_success(void) version SUNWprivate_1.1 end -function audit_su_bad_authentication -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_bad_authentication(void) -version SUNWprivate_1.1 -end - -function audit_su_bad_uid -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_bad_uid(uid_t) -version SUNWprivate_1.1 -end - -function audit_su_bad_username -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_bad_username(void) -version SUNWprivate_1.1 -end - -function audit_su_init_info -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_init_info(char *username, char *ttyn) -version SUNWprivate_1.1 -end - -function audit_su_reset_ai -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_reset_ai(void) -version SUNWprivate_1.1 -end - -function audit_su_success -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_success(void) -version SUNWprivate_1.1 -end - -function audit_su_unknown_failure -include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> -declaration void audit_su_unknown_failure(void) -version SUNWprivate_1.1 -end - function aug_audit include <sys/types.h>, <bsm/audit.h>, <bsm/libbsm.h>, <bsm/audit_record.h>, <bsm/devices.h>, <pwd.h> declaration int aug_audit(void) |