xref: /illumos-gate/usr/src/lib/libbsm/common/au_usermask.c (revision 581cede61ac9c14d8d4ea452562a567189eead78) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <sys/types.h>
28 #include <stdio.h>
29 #include <bsm/audit.h>
30 #include <bsm/libbsm.h>
31 
32 #define	AUDITSTRING_LEN 512
33 
34 /*
35  * Initialize audit preselection mask. This function should be used
36  * by applications like login that set the process preselection mask
37  * when a connection or a session is created.
38  *
39  * First, the system wide default audit flags are obtained
40  *	from the audit_control(5) file.
41  *
42  * Next, the "always audit" flags, obtained from the audit_user(5) database,
43  *	are added.
44  *
45  * Finally, the "never audit" flags, also obtained from the audit_user(5)
46  *	database, are subtracted.
47  *
48  * The mask returned can be expressed as:
49  *
50  * (default audit flags + alway audit flags) - never audit flags
51  *
52  * If the lookup to audit_control(5) fails, then this function returns
53  * an error.  If the lookup to audit_user(5), the function silently
54  * continues.
55  */
56 int
57 au_user_mask(char *username, au_mask_t *p_mask)
58 {
59 	char auditstring[AUDITSTRING_LEN];
60 	au_user_ent_t *p_user = NULL;
61 	int retval = -1;
62 
63 	if (p_mask == NULL)
64 		return (-1);
65 
66 	/*
67 	 * Get the system wide default audit flags out of the audit_control(5)
68 	 * file.
69 	 */
70 	setac();
71 	if (getacflg(auditstring, AUDITSTRING_LEN) == 0) {
72 		if (getauditflagsbin(auditstring, p_mask) == 0) {
73 			retval = 0;
74 		}
75 	}
76 	endac();
77 
78 	/*
79 	 * If you can't get the system wide flags, return an error code
80 	 * now and don't bother trying to get the user specific flags.
81 	 */
82 	if (retval != 0) {
83 		return (-1);
84 	}
85 
86 	/*
87 	 * Get the always audit flags and the never audit flags from
88 	 * the audit_user(5) database.
89 	 */
90 	setauuser();
91 	if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) {
92 		/* Add always audit flags. */
93 		p_mask->as_success |= p_user->au_always.as_success;
94 		p_mask->as_failure |= p_user->au_always.as_failure;
95 		/* Subtract never audit flags.  */
96 		p_mask->as_success &= ~(p_user->au_never.as_success);
97 		p_mask->as_failure &= ~(p_user->au_never.as_failure);
98 	}
99 	endauuser();
100 
101 	return (0);
102 }
103