1 /* |
|
2 * CDDL HEADER START |
|
3 * |
|
4 * The contents of this file are subject to the terms of the |
|
5 * Common Development and Distribution License (the "License"). |
|
6 * You may not use this file except in compliance with the License. |
|
7 * |
|
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 * or http://www.opensolaris.org/os/licensing. |
|
10 * See the License for the specific language governing permissions |
|
11 * and limitations under the License. |
|
12 * |
|
13 * When distributing Covered Code, include this CDDL HEADER in each |
|
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 * If applicable, add the following below this CDDL HEADER, with the |
|
16 * fields enclosed by brackets "[]" replaced with your own identifying |
|
17 * information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 * |
|
19 * CDDL HEADER END |
|
20 */ |
|
21 |
|
22 /* |
|
23 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. |
|
24 */ |
|
25 |
|
26 /* |
|
27 * Ruby binding for libbsm used by Puppet to record audit events |
|
28 */ |
|
29 |
|
30 #include <ruby.h> |
|
31 #include <pwd.h> |
|
32 #include <nss_dbdefs.h> |
|
33 #include <bsm/adt.h> |
|
34 #include <bsm/adt_event.h> |
|
35 |
|
36 VALUE cPuppetAudit; |
|
37 |
|
38 VALUE |
|
39 audit_new(VALUE class) |
|
40 { |
|
41 adt_session_data_t *ah; |
|
42 VALUE data; |
|
43 |
|
44 if (adt_start_session(&ah, NULL, 0) != 0) { |
|
45 perror("puppet adt_start_session"); |
|
46 exit(1); |
|
47 } |
|
48 data = Data_Wrap_Struct(class, 0, 0, ah); |
|
49 rb_obj_call_init(data, 0, 0); |
|
50 return (data); |
|
51 } |
|
52 |
|
53 static VALUE |
|
54 audit_init(VALUE self) |
|
55 { |
|
56 adt_session_data_t *ah; |
|
57 adt_termid_t *tid; |
|
58 struct passwd pwd, *result; |
|
59 char *buffer; |
|
60 size_t size = NSS_BUFLEN_PASSWD; |
|
61 |
|
62 Data_Get_Struct(self, adt_session_data_t, ah); |
|
63 |
|
64 if (adt_load_hostname(NULL, &tid) != 0) { |
|
65 perror("puppet adt_load_hostname"); |
|
66 (void) adt_end_session(ah); |
|
67 exit(1); |
|
68 } |
|
69 |
|
70 if ((buffer = malloc(size)) == NULL) |
|
71 exit(1); |
|
72 |
|
73 /* set "puppet" as user name and preselection */ |
|
74 if (getpwnam_r("puppet", &pwd, buffer, size, &result) != 0) { |
|
75 perror("puppet getpwnam_r(puppet)"); |
|
76 (void) adt_end_session(ah); |
|
77 free(buffer); |
|
78 exit(1); |
|
79 } |
|
80 |
|
81 if (result == NULL) { |
|
82 perror("puppet getpwnam_r(puppet)"); |
|
83 (void) adt_end_session(ah); |
|
84 free(buffer); |
|
85 exit(1); |
|
86 } |
|
87 |
|
88 if (adt_set_user(ah, result->pw_uid, result->pw_gid, result->pw_uid, |
|
89 result->pw_gid, tid, ADT_NEW) != 0) { |
|
90 perror("puppet adt_set_user"); |
|
91 free(tid); |
|
92 (void) adt_end_session(ah); |
|
93 free(buffer); |
|
94 exit(1); |
|
95 } |
|
96 free(tid); |
|
97 |
|
98 /* set audit context on this process */ |
|
99 if (adt_set_proc(ah) != 0) { |
|
100 perror("puppet adt_set_proc"); |
|
101 (void) adt_end_session(ah); |
|
102 free(buffer); |
|
103 exit(1); |
|
104 } |
|
105 free(buffer); |
|
106 return (self); |
|
107 } |
|
108 |
|
109 static VALUE |
|
110 audit_start(VALUE self) |
|
111 { |
|
112 adt_event_data_t *event; |
|
113 adt_session_data_t *ah; |
|
114 |
|
115 Data_Get_Struct(self, adt_session_data_t, ah); |
|
116 |
|
117 if ((event = adt_alloc_event(ah, ADT_puppet_session_start)) == NULL) { |
|
118 perror("adt_alloc_event(ADT_puppet_session_start)"); |
|
119 (void) adt_end_session(ah); |
|
120 ah = NULL; |
|
121 } else { |
|
122 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
|
123 perror("adt_put_event(ADT_puppet_session_start)"); |
|
124 } |
|
125 adt_free_event(event); |
|
126 } |
|
127 return (self); |
|
128 } |
|
129 |
|
130 static VALUE |
|
131 audit_stop(VALUE self) |
|
132 { |
|
133 adt_event_data_t *event; |
|
134 adt_session_data_t *ah; |
|
135 |
|
136 Data_Get_Struct(self, adt_session_data_t, ah); |
|
137 |
|
138 if ((event = adt_alloc_event(ah, ADT_puppet_session_end)) == NULL) { |
|
139 perror("adt_alloc_event(ADT_puppet_session_end)"); |
|
140 } else { |
|
141 if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { |
|
142 perror("adt_put_event(ADT_puppet_session_end)"); |
|
143 } |
|
144 adt_free_event(event); |
|
145 } |
|
146 return (self); |
|
147 } |
|
148 |
|
149 static VALUE |
|
150 audit_teardown(VALUE self) |
|
151 { |
|
152 adt_session_data_t *ah; |
|
153 |
|
154 Data_Get_Struct(self, adt_session_data_t, ah); |
|
155 |
|
156 (void) adt_end_session(ah); |
|
157 return (self); |
|
158 } |
|
159 |
|
160 void |
|
161 Init_PuppetAudit() |
|
162 { |
|
163 cPuppetAudit = rb_define_class("PuppetAudit", rb_cObject); |
|
164 rb_define_singleton_method(cPuppetAudit, "new", audit_new, 0); |
|
165 rb_define_method(cPuppetAudit, "initialize", audit_init, 0); |
|
166 rb_define_method(cPuppetAudit, "audit_start", audit_start, 0); |
|
167 rb_define_method(cPuppetAudit, "audit_stop", audit_stop, 0); |
|
168 rb_define_method(cPuppetAudit, "audit_teardown", audit_teardown, 0); |
|
169 } |
|