2 * Copyright (c) 2005 Apple Computer, Inc.
5 * @APPLE_BSD_LICENSE_HEADER_START@
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 * @APPLE_BSD_LICENSE_HEADER_END@
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/types.h>
39 #include <bsm/libbsm.h>
40 #include <bsm/audit_uevents.h>
57 * The following tokens are included in the audit record for a successful
58 * login: header, subject, return.
61 au_login_success(void)
67 uid_t uid = pwd->pw_uid;
68 gid_t gid = pwd->pw_gid;
72 /* If we are not auditing, don't cut an audit record; just return. */
73 if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
76 errx(1, "login: Could not determine audit condition");
78 if (au_cond == AUC_NOAUDIT)
81 /* Compute and set the user's preselection mask. */
82 if (au_user_mask(pwd->pw_name, &aumask) == -1)
83 errx(1, "login: Could not set audit mask\n");
85 /* Set the audit info for the user. */
88 bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid));
89 bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask));
90 if (setaudit(&auinfo) != 0)
91 err(1, "login: setaudit failed");
93 if ((aufd = au_open()) == -1)
94 errx(1,"login: Audit Error: au_open() failed");
96 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
98 errx(1, "login: Audit Error: au_to_subject32() failed");
101 if ((tok = au_to_return32(0, 0)) == NULL)
102 errx(1, "login: Audit Error: au_to_return32() failed");
105 if (au_close(aufd, 1, AUE_login) == -1)
106 errx(1, "login: Audit Record was not committed.");
110 * The following tokens are included in the audit record for failed
111 * login attempts: header, subject, text, return.
114 au_login_fail(const char *errmsg, int na)
121 pid_t pid = getpid();
123 /* If we are not auditing, don't cut an audit record; just return. */
124 if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
127 errx(1, "login: Could not determine audit condition");
129 if (au_cond == AUC_NOAUDIT)
132 if ((aufd = au_open()) == -1)
133 errx(1, "login: Audit Error: au_open() failed");
137 * Non attributable event. Assuming that login is not called
138 * within a user's session => auid,asid == -1.
140 if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,
141 pid, -1, &tid)) == NULL)
142 errx(1, "login: Audit Error: au_to_subject32() failed");
144 /* We know the subject -- so use its value instead. */
147 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,
148 gid, pid, pid, &tid)) == NULL)
149 errx(1, "login: Audit Error: au_to_subject32() failed");
153 /* Include the error message. */
154 if ((tok = au_to_text(errmsg)) == NULL)
155 errx(1, "login: Audit Error: au_to_text() failed");
158 if ((tok = au_to_return32(1, errno)) == NULL)
159 errx(1, "login: Audit Error: au_to_return32() failed");
162 if (au_close(aufd, 1, AUE_login) == -1)
163 errx(1, "login: Audit Error: au_close() was not committed");
167 * The following tokens are included in the audit record for a logout:
168 * header, subject, return.
175 uid_t uid = pwd->pw_uid;
176 gid_t gid = pwd->pw_gid;
177 pid_t pid = getpid();
180 /* If we are not auditing, don't cut an audit record; just return. */
181 if (auditon(A_GETCOND, &au_cond, sizeof(int)) < 0) {
184 errx(1, "login: Could not determine audit condition");
186 if (au_cond == AUC_NOAUDIT)
189 if ((aufd = au_open()) == -1)
190 errx(1, "login: Audit Error: au_open() failed");
192 /* The subject that is created (euid, egid of the current process). */
193 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
195 errx(1, "login: Audit Error: au_to_subject32() failed");
198 if ((tok = au_to_return32(0, 0)) == NULL)
199 errx(1, "login: Audit Error: au_to_return32() failed");
202 if (au_close(aufd, 1, AUE_logout) == -1)
203 errx(1, "login: Audit Record was not committed.");