2 * Copyright (c) 2005 Apple Computer, Inc.
5 * @APPLE_BSD_LICENSE_HEADER_START@
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
17 * its contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
21 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
24 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 * @APPLE_BSD_LICENSE_HEADER_END@
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
37 #include <sys/types.h>
39 #include <bsm/libbsm.h>
40 #include <bsm/audit_uevents.h>
55 * The following tokens are included in the audit record for a successful
56 * login: header, subject, return.
59 au_login_success(void)
65 uid_t uid = pwd->pw_uid;
66 gid_t gid = pwd->pw_gid;
70 /* If we are not auditing, don't cut an audit record; just return. */
71 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
74 errx(1, "login: Could not determine audit condition");
76 if (au_cond == AUC_NOAUDIT)
79 /* Compute and set the user's preselection mask. */
80 if (au_user_mask(pwd->pw_name, &aumask) == -1)
81 errx(1, "login: Could not set audit mask\n");
83 /* Set the audit info for the user. */
86 bcopy(&tid, &auinfo.ai_termid, sizeof(auinfo.ai_termid));
87 bcopy(&aumask, &auinfo.ai_mask, sizeof(auinfo.ai_mask));
88 if (setaudit(&auinfo) != 0)
89 err(1, "login: setaudit failed");
91 if ((aufd = au_open()) == -1)
92 errx(1,"login: Audit Error: au_open() failed");
94 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
96 errx(1, "login: Audit Error: au_to_subject32() failed");
99 if ((tok = au_to_return32(0, 0)) == NULL)
100 errx(1, "login: Audit Error: au_to_return32() failed");
103 if (au_close(aufd, 1, AUE_login) == -1)
104 errx(1, "login: Audit Record was not committed.");
108 * The following tokens are included in the audit record for failed
109 * login attempts: header, subject, text, return.
112 au_login_fail(char *errmsg, int na)
119 pid_t pid = getpid();
121 /* If we are not auditing, don't cut an audit record; just return. */
122 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
125 errx(1, "login: Could not determine audit condition");
127 if (au_cond == AUC_NOAUDIT)
130 if ((aufd = au_open()) == -1)
131 errx(1, "login: Audit Error: au_open() failed");
135 * Non attributable event. Assuming that login is not called
136 * within a user's session => auid,asid == -1.
138 if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,
139 pid, -1, &tid)) == NULL)
140 errx(1, "login: Audit Error: au_to_subject32() failed");
142 /* We know the subject -- so use its value instead. */
145 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,
146 gid, pid, pid, &tid)) == NULL)
147 errx(1, "login: Audit Error: au_to_subject32() failed");
151 /* Include the error message. */
152 if ((tok = au_to_text(errmsg)) == NULL)
153 errx(1, "login: Audit Error: au_to_text() failed");
156 if ((tok = au_to_return32(1, errno)) == NULL)
157 errx(1, "login: Audit Error: au_to_return32() failed");
160 if (au_close(aufd, 1, AUE_login) == -1)
161 errx(1, "login: Audit Error: au_close() was not committed");
165 * The following tokens are included in the audit record for a logout:
166 * header, subject, return.
175 uid_t uid = pwd->pw_uid;
176 gid_t gid = pwd->pw_gid;
177 pid_t pid = getpid();
180 /* If we are not auditing, don't cut an audit record; just return. */
181 if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
184 errx(1, "login: Could not determine audit condition");
186 if (au_cond == AUC_NOAUDIT)
189 if ((aufd = au_open()) == -1)
190 errx(1, "login: Audit Error: au_open() failed");
192 /* The subject that is created (euid, egid of the current process). */
193 if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,
195 errx(1, "login: Audit Error: au_to_subject32() failed");
198 if ((tok = au_to_return32(0, 0)) == NULL)
199 errx(1, "login: Audit Error: au_to_return32() failed");
202 if (au_close(aufd, 1, AUE_logout) == -1)
203 errx(1, "login: Audit Record was not committed.");