mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-18 10:35:55 +00:00
Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within login_audit.c. Document the auditing behavior in the man page. Obtained from: TrustedBSD Project, Apple Computer, Inc. Approved by: rwatson (mentor)
This commit is contained in:
parent
55ad415824
commit
a1c73d21bf
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=155312
@ -2,10 +2,10 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PROG= login
|
||||
SRCS= login.c login_fbtab.c
|
||||
SRCS= login.c login_audit.c login_fbtab.c
|
||||
CFLAGS+=-DLOGALL
|
||||
DPADD= ${LIBUTIL} ${LIBPAM}
|
||||
LDADD= -lutil ${MINUSLPAM}
|
||||
LDADD= -lutil ${MINUSLPAM} -lbsm
|
||||
MAN= login.1 login.access.5
|
||||
.if !defined(NO_SETUID_LOGIN)
|
||||
BINOWN= root
|
||||
|
@ -124,6 +124,13 @@ command which is similar or identical to this utility.
|
||||
Consult the
|
||||
.Xr builtin 1
|
||||
manual page.
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
utility will submit an audit record when login succeeds or fails.
|
||||
Failure to determine the current auditing state will
|
||||
result in an error exit from
|
||||
.Nm .
|
||||
.Sh FILES
|
||||
.Bl -tag -width ".Pa /etc/login.access" -compact
|
||||
.It Pa /etc/fbtab
|
||||
@ -143,6 +150,10 @@ configure authentication services
|
||||
.It Pa /etc/pam.d/login
|
||||
.Xr pam 8
|
||||
configuration file
|
||||
.It Pa /etc/security/audit_user
|
||||
user flags for auditing
|
||||
.It Pa /etc/security/audit_control
|
||||
global flags for auditing
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr builtin 1 ,
|
||||
|
@ -173,6 +173,7 @@ main(int argc, char *argv[])
|
||||
login_cap_t *lc = NULL;
|
||||
login_cap_t *lc_user = NULL;
|
||||
pid_t pid;
|
||||
char auditsuccess = 1;
|
||||
|
||||
(void)signal(SIGQUIT, SIG_IGN);
|
||||
(void)signal(SIGINT, SIG_IGN);
|
||||
@ -291,16 +292,19 @@ main(int argc, char *argv[])
|
||||
pam_err = pam_start("login", username, &pamc, &pamh);
|
||||
if (pam_err != PAM_SUCCESS) {
|
||||
pam_syslog("pam_start()");
|
||||
au_login_fail("PAM Error", 1);
|
||||
bail(NO_SLEEP_EXIT, 1);
|
||||
}
|
||||
pam_err = pam_set_item(pamh, PAM_TTY, tty);
|
||||
if (pam_err != PAM_SUCCESS) {
|
||||
pam_syslog("pam_set_item(PAM_TTY)");
|
||||
au_login_fail("PAM Error", 1);
|
||||
bail(NO_SLEEP_EXIT, 1);
|
||||
}
|
||||
pam_err = pam_set_item(pamh, PAM_RHOST, hostname);
|
||||
if (pam_err != PAM_SUCCESS) {
|
||||
pam_syslog("pam_set_item(PAM_RHOST)");
|
||||
au_login_fail("PAM Error", 1);
|
||||
bail(NO_SLEEP_EXIT, 1);
|
||||
}
|
||||
|
||||
@ -317,6 +321,7 @@ main(int argc, char *argv[])
|
||||
(uid == (uid_t)0 || uid == (uid_t)pwd->pw_uid)) {
|
||||
/* already authenticated */
|
||||
rval = 0;
|
||||
auditsuccess = 0; /* opened a terminal window only */
|
||||
} else {
|
||||
fflag = 0;
|
||||
(void)setpriority(PRIO_PROCESS, 0, -4);
|
||||
@ -329,6 +334,12 @@ main(int argc, char *argv[])
|
||||
|
||||
pam_cleanup();
|
||||
|
||||
/*
|
||||
* We are not exiting here, but this corresponds to a failed
|
||||
* login event, so set exitstatus to 1.
|
||||
*/
|
||||
au_login_fail("Login incorrect", 1);
|
||||
|
||||
(void)printf("Login incorrect\n");
|
||||
failures++;
|
||||
|
||||
@ -351,6 +362,10 @@ main(int argc, char *argv[])
|
||||
|
||||
endpwent();
|
||||
|
||||
/* Audit successful login. */
|
||||
if (auditsuccess)
|
||||
au_login_success();
|
||||
|
||||
/*
|
||||
* Establish the login class.
|
||||
*/
|
||||
@ -936,6 +951,7 @@ bail(int sec, int eval)
|
||||
{
|
||||
|
||||
pam_cleanup();
|
||||
audit_logout();
|
||||
(void)sleep(sec);
|
||||
exit(eval);
|
||||
}
|
||||
|
@ -27,4 +27,8 @@
|
||||
|
||||
void login_fbtab(char *, uid_t, gid_t);
|
||||
|
||||
extern char **environ;
|
||||
void au_login_success(void);
|
||||
void au_login_fail(char *errmsg, int na);
|
||||
|
||||
extern char **environ;
|
||||
extern struct passwd *pwd;
|
||||
|
204
usr.bin/login/login_audit.c
Normal file
204
usr.bin/login/login_audit.c
Normal file
@ -0,0 +1,204 @@
|
||||
/*
|
||||
* Copyright (c) 2005 Apple Computer, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_START@
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
|
||||
* its contributors may be used to endorse or promote products derived
|
||||
* from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* @APPLE_BSD_LICENSE_HEADER_END@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <bsm/libbsm.h>
|
||||
#include <bsm/audit_uevents.h>
|
||||
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "login.h"
|
||||
|
||||
/*
|
||||
* Audit data
|
||||
*/
|
||||
static au_tid_t tid;
|
||||
|
||||
/*
|
||||
* The following tokens are included in the audit record for a successful
|
||||
* login: header, subject, return.
|
||||
*/
|
||||
void
|
||||
au_login_success(void)
|
||||
{
|
||||
token_t *tok;
|
||||
int aufd;
|
||||
au_mask_t aumask;
|
||||
auditinfo_t auinfo;
|
||||
uid_t uid = pwd->pw_uid;
|
||||
gid_t gid = pwd->pw_gid;
|
||||
pid_t pid = getpid();
|
||||
long au_cond;
|
||||
|
||||
/* If we are not auditing, don't cut an audit record; just return. */
|
||||
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
|
||||
if (errno == ENOSYS)
|
||||
return;
|
||||
errx(1, "login: Could not determine audit condition");
|
||||
}
|
||||
if (au_cond == AUC_NOAUDIT)
|
||||
return;
|
||||
|
||||
/* Compute and set the user's preselection mask. */
|
||||
if (au_user_mask(pwd->pw_name, &aumask) == -1)
|
||||
errx(1, "login: Could not set audit mask\n");
|
||||
|
||||
/* Set the audit info for the user. */
|
||||
auinfo.ai_auid = uid;
|
||||
auinfo.ai_asid = pid;
|
||||
bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid));
|
||||
bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask));
|
||||
if (setaudit(&auinfo) != 0)
|
||||
err(1, "login: setaudit failed");
|
||||
|
||||
if ((aufd = au_open()) == -1)
|
||||
errx(1,"login: Audit Error: au_open() failed");
|
||||
|
||||
if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
|
||||
pid, &tid)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_subject32() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if ((tok = au_to_return32(0, 0)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_return32() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if (au_close(aufd, 1, AUE_login) == -1)
|
||||
errx(1, "login: Audit Record was not committed.");
|
||||
}
|
||||
|
||||
/*
|
||||
* The following tokens are included in the audit record for failed
|
||||
* login attempts: header, subject, text, return.
|
||||
*/
|
||||
void
|
||||
au_login_fail(char *errmsg, int na)
|
||||
{
|
||||
token_t *tok;
|
||||
int aufd;
|
||||
long au_cond;
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
pid_t pid = getpid();
|
||||
|
||||
/* If we are not auditing, don't cut an audit record; just return. */
|
||||
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
|
||||
if (errno == ENOSYS)
|
||||
return;
|
||||
errx(1, "login: Could not determine audit condition");
|
||||
}
|
||||
if (au_cond == AUC_NOAUDIT)
|
||||
return;
|
||||
|
||||
if ((aufd = au_open()) == -1)
|
||||
errx(1, "login: Audit Error: au_open() failed");
|
||||
|
||||
if (na) {
|
||||
/*
|
||||
* Non attributable event. Assuming that login is not called
|
||||
* within a user's session => auid,asid == -1.
|
||||
*/
|
||||
if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,
|
||||
pid, -1, &tid)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_subject32() failed");
|
||||
} else {
|
||||
/* We know the subject -- so use its value instead. */
|
||||
uid = pwd->pw_uid;
|
||||
gid = pwd->pw_gid;
|
||||
if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,
|
||||
gid, pid, pid, &tid)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_subject32() failed");
|
||||
}
|
||||
au_write(aufd, tok);
|
||||
|
||||
/* Include the error message. */
|
||||
if ((tok = au_to_text(errmsg)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_text() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if ((tok = au_to_return32(1, errno)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_return32() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if (au_close(aufd, 1, AUE_login) == -1)
|
||||
errx(1, "login: Audit Error: au_close() was not committed");
|
||||
}
|
||||
|
||||
/*
|
||||
* The following tokens are included in the audit record for a logout:
|
||||
* header, subject, return.
|
||||
*/
|
||||
void
|
||||
audit_logout(void)
|
||||
{
|
||||
token_t *tok;
|
||||
int aufd;
|
||||
au_mask_t aumask;
|
||||
auditinfo_t auinfo;
|
||||
uid_t uid = pwd->pw_uid;
|
||||
gid_t gid = pwd->pw_gid;
|
||||
pid_t pid = getpid();
|
||||
long au_cond;
|
||||
|
||||
/* If we are not auditing, don't cut an audit record; just return. */
|
||||
if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
|
||||
if (errno == ENOSYS)
|
||||
return;
|
||||
errx(1, "login: Could not determine audit condition");
|
||||
}
|
||||
if (au_cond == AUC_NOAUDIT)
|
||||
return;
|
||||
|
||||
if ((aufd = au_open()) == -1)
|
||||
errx(1, "login: Audit Error: au_open() failed");
|
||||
|
||||
/* The subject that is created (euid, egid of the current process). */
|
||||
if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
|
||||
pid, &tid)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_subject32() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if ((tok = au_to_return32(0, 0)) == NULL)
|
||||
errx(1, "login: Audit Error: au_to_return32() failed");
|
||||
au_write(aufd, tok);
|
||||
|
||||
if (au_close(aufd, 1, AUE_logout) == -1)
|
||||
errx(1, "login: Audit Record was not committed.");
|
||||
}
|
Loading…
Reference in New Issue
Block a user