upstream/oracle/userland-gate: components/openssh/sources/audit-solaris.c@7d52b0c22474 (annotated)

3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	1	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	2	* CDDL HEADER START
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	3	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	4	* The contents of this file are subject to the terms of the
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	5	* Common Development and Distribution License (the "License").
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	6	* You may not use this file except in compliance with the License.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	7	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	10	* See the License for the specific language governing permissions
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	11	* and limitations under the License.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	12	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	18	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	19	* CDDL HEADER END
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	20	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	21
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	22	/*
3834 f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	23	* Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	24	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	25
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	26	#include "includes.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	27	#if defined(USE_SOLARIS_AUDIT)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	28
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	29	#include "audit.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	30	#include "buffer.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	31	#include "key.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	32	#include "hostfile.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	33	#include "auth.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	34	#include "log.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	35	#include "packet.h"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	36
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	37	#include <errno.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	38	#include <pwd.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	39	#include <string.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	40
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	41	#include <bsm/adt.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	42	#include <bsm/adt_event.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	43
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	44	#ifdef ADT_DEBUG
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	45	#include <bsm/audit.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	46	#include <arpa/inet.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	47	#include <netinet/in.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	48	#include <values.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	49	#include <errno.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	50	#include <pwd.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	51	#include <stdio.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	52	#include <stdarg.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	53	#include <string.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	54	#include <ucred.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	55	#include <values.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	56
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	57	#include <bsm/adt.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	58	#include <bsm/audit.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	59
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	60	#include <sys/types.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	61	#include <sys/stat.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	62
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	63	/* semi private adt functions to extract information */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	64
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	65	extern void adt_get_asid(const adt_session_data_t , au_asid_t );
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	66	extern void adt_get_auid(const adt_session_data_t , au_id_t );
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	67	extern void adt_get_mask(const adt_session_data_t , au_mask_t );
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	68	extern void adt_get_termid(const adt_session_data_t , au_tid_addr_t );
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	69
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	70	extern void __auditd_debug(char *, ...);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	71
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	72	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	73	__audit_pidinfo(void)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	74	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	75	adt_session_data_t *ah = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	76	au_id_t auid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	77	char *auid_name = "badname";
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	78	struct passwd *pwd;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	79	au_asid_t asid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	80	au_mask_t mask;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	81	char flags[512];
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	82	au_tid_addr_t tid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	83	char pbuf[INET6_ADDRSTRLEN];
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	84	int af = AF_INET;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	85	int remote;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	86	int local;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	87
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	88	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	89	__auditd_debug("cannot start session %s\n", strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	90	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	91	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	92	if (ah == NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	93	__auditd_debug("ah is NULL\n");
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	94	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	95	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	96	adt_get_auid(ah, &auid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	97	if ((pwd = getpwuid((uid_t)auid)) != NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	98	auid_name = pwd->pw_name;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	99	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	100	__auditd_debug("audit id = %s(%d)\n", auid_name, auid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	101
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	102	adt_get_mask(ah, &mask);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	103	if (getauditflagschar(flags, &mask, NULL) < 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	104	(void) strlcpy(flags, "badflags", sizeof (flags));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	105	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	106	#ifdef _LP64
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	107	__auditd_debug("preselection mask = %s(0x%lx,0x%lx)\n", flags,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	108	mask.am_success, mask.am_failure);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	109	#else /* _ILP32 */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	110	__auditd_debug("preselection mask = %s(0x%llx,0x%llx)\n", flags,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	111	mask.am_success, mask.am_failure);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	112	#endif /* _LP64 */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	113
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	114	adt_get_termid(ah, &tid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	115	__auditd_debug("tid type=%d, maj=%u, min=%u, addr=%x:%x:%x:%x\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	116	tid.at_type,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	117	(uint16_t)((tid.at_port) >> BITS(uint16_t)),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	118	(uint16_t)(tid.at_port & UINT16_MAX),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	119	tid.at_addr[0],
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	120	tid.at_addr[1],
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	121	tid.at_addr[2],
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	122	tid.at_addr[3]);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	123	if (tid.at_type == AU_IPv6) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	124	af = AF_INET6;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	125	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	126	(void) inet_ntop(af, (void *)(tid.at_addr), pbuf,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	127	sizeof (pbuf));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	128	remote = (tid.at_port >> BITS(uint16_t));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	129	local = (tid.at_port & UINT16_MAX);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	130	__auditd_debug("tid type-%d (remote,local,host)= %u,%u,%s\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	131	tid.at_type, remote, local, pbuf);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	132	adt_get_asid(ah, &asid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	133	__auditd_debug("audit session id = %u\n", asid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	134	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	135	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	136	#else /* !ADT_DEBUG */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	137	/ARGSUSED/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	138	/PRINTFLIKE1/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	139	static void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	140	__auditd_debug(char *fmt, ...)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	141	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	142	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	143	static void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	144	__audit_pidinfo()
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	145	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	146	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	147	#endif /* ADT_DEBUG */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	148
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	149	#include <security/pam_appl.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	150
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	151	#include <sys/types.h>
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	152
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	153	extern Authctxt *the_authctxt;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	154
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	155	extern const char *audit_username(void);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	156	extern const char *audit_event_lookup(ssh_audit_event_t);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	157
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	158	static adt_session_data_t ah = NULL; / audit session handle */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	159	static adt_termid_t tid = NULL; / peer terminal id */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	160
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	161	static void audit_login(void);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	162	static void audit_logout(void);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	163	static void audit_fail(int);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	164
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	165	/* Below is the sshd audit API Solaris adt interpretation */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	166
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	167	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	168	* Called after a connection has been accepted but before any authentication
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	169	* has been attempted.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	170	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	171	/* ARGSUSED */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	172	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	173	audit_connection_from(const char *host, int port)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	174	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	175	int peer = packet_get_connection_in();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	176	adt_session_data_t *ah;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	177
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	178	if (adt_load_termid(peer, &tid) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	179	error("adt audit_connection_from: unable to load tid for %d:%s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	180	peer, strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	181	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	182	if (adt_start_session(&ah, NULL, 0) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	183	error("adt audit_connection_from: unable to start session "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	184	"for %s:%d:%s", host, port, strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	185	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	186	if (adt_set_user(ah, ADT_NO_AUDIT, ADT_NO_AUDIT, 0,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	187	ADT_NO_AUDIT, tid, ADT_SETTID) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	188	error("adt audit_connection_from: unable to set user "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	189	"for %s:%d:%s", host, port, strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	190	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	191	ah = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	192	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	193	if (adt_set_proc(ah) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	194	error("adt audit_connection_from: unable to set proc "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	195	"for %s:%d:%s", host, port, strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	196	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	197	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	198	debug("adt audit_connection_from(%s, %d): peerfd=%d", host, port,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	199	peer);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	200	__auditd_debug("%d/%d:%d-adt audit_connection_from(%s, %d)ctxt=%p: "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	201	"peerfd=%d\n", getpid(), getuid(), geteuid(), host, port,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	202	(void *)the_authctxt, peer);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	203	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	204	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	205
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	206	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	207	* Called when various events occur (see audit.h for a list of possible
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	208	* events and what they mean).
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	209	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	210	* Entry the_authcntxt
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	211	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	212	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	213	audit_event(ssh_audit_event_t event)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	214	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	215	static boolean_t logged_in = B_FALSE; /* if user did login */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	216	int fail = PAM_IGNORE; /* default unset */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	217	static boolean_t did_maxtries = B_FALSE; /* if interactive and abort */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	218
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	219	debug("adt audit_event(%s)", audit_event_lookup(event));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	220	__auditd_debug("%d/%d:%d-adt audit_event(%s/%s)ctxt=%p\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	221	getpid(), getuid(), geteuid(), audit_event_lookup(event),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	222	audit_username(), (void *)the_authctxt);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	223	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	224
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	225	switch (event) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	226	case SSH_AUTH_SUCCESS: /* authentication success */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	227	logged_in = B_TRUE;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	228	audit_login(); /* ADT_ssh; */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	229	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	230
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	231	case SSH_CONNECTION_CLOSE: /* connection closed, all done */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	232	if (logged_in) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	233	audit_logout(); /* ADT_logout; */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	234	logged_in = B_FALSE;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	235	} else {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	236	error("adt audit_event logout without login");
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	237	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	238	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	239
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	240	/* Translate fail events to Solaris PAM errors */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	241
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	242	/* auth2.c: userauth_finish as audit_event(SSH_LOGIN_EXCEED_MAXTRIES) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	243	/* auth1.c:do_authloop audit_event(SSH_LOGIN_EXCEED_MAXTRIES) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	244	case SSH_LOGIN_EXCEED_MAXTRIES:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	245	fail = PAM_MAXTRIES;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	246	did_maxtries = B_TRUE;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	247	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	248
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	249	/* auth2.c: userauth_finish as audit_event(SSH_LOGIN_ROOT_DENIED) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	250	/* auth1.c:do_authloop audit_event(SSH_LOGIN_ROOT_DENIED) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	251	case SSH_LOGIN_ROOT_DENIED:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	252	fail = PAM_PERM_DENIED;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	253	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	254
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	255	/* auth2.c: input_userauth_request as audit_event(SSH_INVALID_USER) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	256	/* auth.c: getpwnamallow as audit_event(SSH_INVALID_USER) */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	257	case SSH_INVALID_USER:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	258	fail = PAM_USER_UNKNOWN;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	259	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	260
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	261	/* seems unused, but translate to the Solaris PAM error */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	262	case SSH_NOLOGIN:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	263	fail = PAM_LOGINS_DISABLED;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	264	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	265
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	266	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	267	* auth.c in auth_log as it's walking through methods calls
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	268	* audit_classify_method(method) which maps
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	269	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	270	* none -> SSH_AUTH_FAIL_NONE
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	271	* password -> SSH_AUTH_FAIL_PASSWD
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	272	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	273	* publickey -> SSH_AUTH_FAIL_PUBKEY
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	274	* rsa -> SSH_AUTH_FAIL_PUBKEY
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	275	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	276	* keyboard-interactive -> SSH_AUTH_FAIL_KBDINT
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	277	* challenge-response -> SSH_AUTH_FAIL_KBDINT
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	278	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	279	* hostbased -> SSH_AUTH_FAIL_HOSTBASED
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	280	* rhosts-rsa -> SSH_AUTH_FAIL_HOSTBASED
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	281	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	282	* gssapi-with-mic -> SSH_AUTH_FAIL_GSSAPI
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	283	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	284	* unknown method -> SSH_AUDIT_UNKNOWN
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	285	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	286	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	287	* see mon_table mon_dispatch_proto20[], mon_dispatch_postauth20[],
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	288	* mon_dispatch_proto15[], mon_dispatch_postauth15[]:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	289	* MONITOR_REQ_AUDIT_EVENT
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	290	* called from monitor.c:mm_answer_audit_event()
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	291	* SSH_AUTH_FAIL_PUBKEY, SSH_AUTH_FAIL_HOSTBASED,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	292	* SSH_AUTH_FAIL_GSSAPI, SSH_LOGIN_EXCEED_MAXTRIES,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	293	* SSH_LOGIN_ROOT_DENIED, SSH_CONNECTION_CLOSE SSH_INVALID_USER
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	294	* monitor_wrap.c: mm_audit_event()
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	295	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	296	case SSH_AUTH_FAIL_NONE: /* auth type none */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	297	case SSH_AUTH_FAIL_PUBKEY: /* authtype publickey */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	298	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	299
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	300	case SSH_AUTH_FAIL_PASSWD: /* auth type password */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	301	case SSH_AUTH_FAIL_KBDINT: /* authtype keyboard-interactive */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	302	case SSH_AUTH_FAIL_HOSTBASED: /* auth type hostbased */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	303	case SSH_AUTH_FAIL_GSSAPI: /* auth type gssapi-with-mic */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	304	case SSH_AUDIT_UNKNOWN: /* auth type unknown */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	305	fail = PAM_AUTH_ERR;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	306	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	307
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	308	/* sshd.c: cleanup_exit: server specific fatal cleanup */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	309	case SSH_CONNECTION_ABANDON: /* bailing with fatal error */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	310	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	311	* This seems to occur with OpenSSH client when
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	312	* the user login shell exits.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	313	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	314	if (logged_in) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	315	audit_logout(); /* ADT_logout; */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	316	logged_in = B_FALSE;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	317	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	318	} else if (!did_maxtries) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	319	fail = PAM_AUTHINFO_UNAVAIL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	320	} else {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	321	/* reset saw max tries */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	322	did_maxtries = FALSE;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	323	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	324	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	325
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	326	default:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	327	error("adt audit_event: unknown event %d", event);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	328	__auditd_debug("%d/%d:%d-unknown event %d",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	329	getpid(), getuid(), geteuid(), event);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	330	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	331	break;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	332	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	333	audit_fail(fail);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	334	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	335
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	336	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	337	* Called when a user session is started. Argument is the tty allocated to
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	338	* the session, or NULL if no tty was allocated.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	339	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	340	* Note that this may be called multiple times if multiple sessions are used
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	341	* within a single connection.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	342	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	343	/* ARGSUSED */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	344	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	345	audit_session_open(struct logininfo *li)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	346	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	347	const char *t = li->line ? li->line : "(no tty)";
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	348
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	349	debug("adt audit_session_open: user=%s:tty=%s", audit_username(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	350	t);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	351	__auditd_debug("%d/%d:%d-adt audit_session_open:ctxt=%p "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	352	"user=%s:tty=%s\n", getpid(), getuid(), geteuid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	353	(void *)the_authctxt, audit_username(), t);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	354	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	355	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	356
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	357	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	358	* Called when a user session is closed. Argument is the tty allocated to
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	359	* the session, or NULL if no tty was allocated.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	360	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	361	* Note that this may be called multiple times if multiple sessions are used
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	362	* within a single connection.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	363	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	364	/* ARGSUSED */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	365	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	366	audit_session_close(struct logininfo *li)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	367	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	368	const char *t = li->line ? li->line : "(no tty)";
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	369
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	370	debug("adt audit_session_close: user=%s:tty=%s", audit_username(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	371	t);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	372	__auditd_debug("%d/%d:%d-adt audit_session_close:ctxt=%p "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	373	"user=%s:tty=%s\n", getpid(), getuid(), geteuid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	374	(void *)the_authctxt, audit_username(), t);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	375	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	376	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	377
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	378	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	379	* This will be called when a user runs a non-interactive command. Note that
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	380	* it may be called multiple times for a single connection since SSH2 allows
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	381	* multiple sessions within a single connection.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	382	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	383	/* ARGSUSED */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	384	void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	385	audit_run_command(const char *command)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	386	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	387	debug("adt audit_run_command: \"%s\"", command);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	388	__auditd_debug("%d/%d:%d-adt audit_run_command:ctxt=%p \"%s\"\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	389	getpid(), getuid(), geteuid(), (void *)the_authctxt, command);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	390	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	391	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	392
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	393	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	394	* audit_login - audit successful login
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	395	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	396	* Entry the_authctxt should be valid ;-)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	397	* and pam_setcred called.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	398	* adt_info & ADT_INFO_PW_SUCCESS if successful
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	399	* password change.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	400	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	401	* Exit ah = audit session established for audit_logout();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	402	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	403	static void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	404	audit_login(void)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	405	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	406	adt_event_data_t *event;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	407	uid_t uid = ADT_NO_ATTRIB;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	408	gid_t gid = (gid_t)ADT_NO_ATTRIB;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	409	au_id_t auid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	410
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	411	if ((the_authctxt != NULL) && (the_authctxt->valid != 0)) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	412	uid = the_authctxt->pw->pw_uid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	413	gid = the_authctxt->pw->pw_gid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	414	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	415
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	416	if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	417	error("adt_start_session: %s", strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	418	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	419	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	420
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	421	adt_get_auid(ah, &auid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	422
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	423	if (adt_set_user(ah, uid, gid, uid, gid, NULL,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	424	auid == AU_NOAUDITID ? ADT_NEW : ADT_USER)) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	425	error("adt_set_user auid=%d, uid=%d", auid, uid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	426	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	427	ah = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	428	free(tid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	429	tid = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	430	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	431	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	432	if ((event = adt_alloc_event(ah, ADT_ssh)) == NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	433	error("adt_alloc_event(ADT_ssh): %s", strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	434	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	435	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	436	if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	437	error("adt_put_event(ADT_ssh, ADT_SUCCESS): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	438	strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	439	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	440	/* should audit successful password change here */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	441	adt_free_event(event);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	442	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	443
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	444	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	445	* audit_logout - audit the logout
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	446	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	447	* Entry ah = audit session.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	448	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	449	static void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	450	audit_logout(void)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	451	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	452	adt_event_data_t *event;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	453
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	454	if ((event = adt_alloc_event(ah, ADT_logout)) == NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	455	error("adt_alloc_event(ADT_logout): %s", strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	456	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	457	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	458	if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	459	error("adt_put_event(ADT_logout, ADT_SUCCESS): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	460	strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	461	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	462	adt_free_event(event);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	463	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	464	ah = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	465	free(tid);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	466	tid = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	467	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	468
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	469	/*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	470	* audit_fail - audit login failure.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	471	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	472	* Entry the_authctxt assumed to have some info.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	473	* user = user who asked to be authenticated.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	474	* tid = connection audit TID set by audit_connect_from();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	475	*
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	476	* N.B. pam_strerror() prototype takes a pam handle and error number.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	477	* At least on Solaris, pam_strerror never uses the pam handle.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	478	* Since there doesn't seem to be a pam handle available, this
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	479	* code just uses NULL.
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	480	*/
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	481	static void
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	482	audit_fail(int pamerr)
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	483	{
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	484	adt_session_data_t *ah = NULL;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	485	adt_event_data_t *event;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	486	uid_t uid = ADT_NO_ATTRIB;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	487	gid_t gid = (gid_t)ADT_NO_ATTRIB;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	488
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	489	__auditd_debug("%d/%d:%d-audit_fail(%s) ctxt=%p\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	490	getpid(), getuid(), geteuid(), pam_strerror(NULL, pamerr),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	491	(void *)the_authctxt);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	492	if (the_authctxt != NULL) {
3834 f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	493	uid_t pwuid = ADT_NO_ATTRIB;
f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	494
f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	495	if (the_authctxt->pw != NULL) {
f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	496	pwuid = the_authctxt->pw->pw_uid;
f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	497	}
3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	498	__auditd_debug("valid=%d, user=%s, uid=%d\n",
3834 f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	499	the_authctxt->valid, audit_username(), pwuid);
3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	500	} else {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	501	__auditd_debug("\tNo autxctxt\n");
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	502	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	503	__audit_pidinfo();
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	504	if (pamerr == PAM_IGNORE) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	505	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	506	}
3834 f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	507	if ((the_authctxt != NULL) && (the_authctxt->valid != 0)) {
3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	508	uid = the_authctxt->pw->pw_uid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	509	gid = the_authctxt->pw->pw_gid;
3834 f1e440f0d185 20549448 OpenSSH X86 server core dump at audit_event gww <gary.winiger@oracle.com> parents: 3513 diff changeset	510	} else if ((the_authctxt != NULL) && (the_authctxt->user != NULL)) {
3513 37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	511	struct passwd *pw;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	512
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	513	if ((pw = getpwnam(the_authctxt->user)) != NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	514	uid = pw->pw_uid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	515	gid = pw->pw_gid;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	516	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	517	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	518	if (adt_start_session(&ah, NULL, 0) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	519	error("adt_start_session(ADT_ssh, 0, fail=%s):"
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	520	" %s", pam_strerror(NULL, pamerr), strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	521	__auditd_debug("%d/%d:%d-adt_start_session(ADT_ssh, "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	522	"PROC_DATA, fail=%s): %s", getpid(), getuid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	523	geteuid(), pam_strerror(NULL, pamerr),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	524	strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	525	return;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	526	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	527	__auditd_debug("%d/%d:%d-audit_fail+start_session() ah=%p\n",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	528	getpid(), getuid(), geteuid(), (void *)ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	529	if (adt_set_user(ah, uid, gid, uid, gid, tid, ADT_NEW) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	530	error("adt_set_user(ADT_ssh, PROC_DATA, fail=%s): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	531	pam_strerror(NULL, pamerr), strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	532	__auditd_debug("%d/%d:%d-adt_set_user(ADT_ssh, "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	533	"PROC_DATA, fail=%s): %s", getpid(), getuid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	534	geteuid(), pam_strerror(NULL, pamerr),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	535	strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	536	goto done;
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	537	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	538	__auditd_debug("%d/%d:%d-audit_fail+set_user() ah=%p\n", getpid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	539	getuid(), geteuid(), (void *)ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	540	if ((event = adt_alloc_event(ah, ADT_ssh)) == NULL) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	541	error("adt_alloc_event(ADT_ssh, fail=%s): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	542	pam_strerror(NULL, pamerr), strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	543	__auditd_debug("%d/%d:%d-adt_set_user(ADT_ssh, 0, "
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	544	"fail=%s): %s", getpid(), getuid(), geteuid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	545	pam_strerror(NULL, pamerr), strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	546	} else if (adt_put_event(event, ADT_FAILURE,
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	547	ADT_FAIL_PAM + pamerr) != 0) {
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	548	error("adt_put_event(ADT_ssh, fail=%s): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	549	pam_strerror(NULL, pamerr), strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	550	__auditd_debug("%d/%d:%d-adt_put_event(ADT_ssh, fail=%s): %s",
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	551	getpid(), getuid(), geteuid(), pam_strerror(NULL, pamerr),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	552	strerror(errno));
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	553	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	554	__auditd_debug("%d/%d:%d-audit_fail+put_event() ah=%p\n", getpid(),
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	555	getuid(), geteuid(), (void *)ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	556	/* should audit authentication with failed password change here. */
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	557	adt_free_event(event);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	558	done:
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	559	(void) adt_end_session(ah);
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	560	}
37c4496b7ed3 19629847 OpenSSH does not support Solaris Audit for login/logout. gww <gary.winiger@oracle.com> parents: diff changeset	561	#endif /* USE_SOLARIS_AUDIT */

author	saurabh.vyas@oracle.com
	Fri, 08 May 2015 11:22:54 -0700
changeset 4264	7d52b0c22474
parent 3834	f1e440f0d185
permissions	-rw-r--r--