/modules/pam_tty_audit/pam_tty_audit.c

https://github.com/wichert/linux-pam · C · 374 lines · 303 code · 31 blank · 40 comment · 92 complexity · 1ab93ebc7ef32e08a48700f5baaeb337 MD5 · raw file 

    

  1. /* Copyright © 2007, 2008 Red Hat, Inc. All rights reserved.
    2. 

  2.    Red Hat author: Miloslav Trmač <mitr@redhat.com>
    3. 

    4. 

  4.    Redistribution and use in source and binary forms of Linux-PAM, with
    5. 

  5.    or without modification, are permitted provided that the following
    6. 

  6.    conditions are met:
    7. 

    8. 

  8.    1. Redistributions of source code must retain any existing copyright
    9. 

  9.       notice, and this entire permission notice in its entirety,
    10. 

  10.       including the disclaimer of warranties.
    11. 

    12. 

  12.    2. Redistributions in binary form must reproduce all prior and current
    13. 

  13.       copyright notices, this list of conditions, and the following
    14. 

  14.       disclaimer in the documentation and/or other materials provided
    15. 

  15.       with the distribution.
    16. 

    17. 

  17.    3. The name of any author may not be used to endorse or promote
    18. 

  18.       products derived from this software without their specific prior
    19. 

  19.       written permission.
    20. 

    21. 

  21.    ALTERNATIVELY, this product may be distributed under the terms of the
    22. 

  22.    GNU General Public License, in which case the provisions of the GNU
    23. 

  23.    GPL are required INSTEAD OF the above restrictions.  (This clause is
    24. 

  24.    necessary due to a potential conflict between the GNU GPL and the
    25. 

  25.    restrictions contained in a BSD-style copyright.)
    26. 

    27. 

  27.    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
    28. 

  28.    WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
    29. 

  29.    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    30. 

  30.    IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
    31. 

  31.    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
    32. 

  32.    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
    33. 

  33.    OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
    34. 

  34.    ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
    35. 

  35.    TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
    36. 

  36.    USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
    37. 

  37.    DAMAGE. */
    38. 

  38. 

  39. #include "config.h"
    40. 

  40. #include <errno.h>
    41. 

  41. #include <fnmatch.h>
    42. 

  42. #include <stdlib.h>
    43. 

  43. #include <string.h>
    44. 

  44. #include <syslog.h>
    45. 

  45. #include <sys/socket.h>
    46. 

  46. #include <unistd.h>
    47. 

  47. 

  48. #include <libaudit.h>
    49. 

  49. #include <linux/netlink.h>
    50. 

  50. 

  51. #define PAM_SM_SESSION
    52. 

  52. 

  53. #include <security/pam_ext.h>
    54. 

  54. #include <security/pam_modules.h>
    55. 

  55. #include <security/pam_modutil.h>
    56. 

  56. 

  57. #define DATANAME "pam_tty_audit_last_state"
    58. 

  58. 

  59. /* Open an audit netlink socket */
    60. 

  60. static int
    61. 

  61. nl_open (void)
    62. 

  62. {
    63. 

  63.   return socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
    64. 

  64. }
    65. 

  65. 

  66. static int
    67. 

  67. nl_send (int fd, unsigned type, unsigned flags, const void *data, size_t size)
    68. 

  68. {
    69. 

  69.   struct sockaddr_nl addr;
    70. 

  70.   struct msghdr msg;
    71. 

  71.   struct nlmsghdr nlm;
    72. 

  72.   struct iovec iov[2];
    73. 

  73.   ssize_t res;
    74. 

  74. 

  75.   nlm.nlmsg_len = NLMSG_LENGTH (size);
    76. 

  76.   nlm.nlmsg_type = type;
    77. 

  77.   nlm.nlmsg_flags = NLM_F_REQUEST | flags;
    78. 

  78.   nlm.nlmsg_seq = 0;
    79. 

  79.   nlm.nlmsg_pid = 0;
    80. 

  80.   iov[0].iov_base = &nlm;
    81. 

  81.   iov[0].iov_len = sizeof (nlm);
    82. 

  82.   iov[1].iov_base = (void *)data;
    83. 

  83.   iov[1].iov_len = size;
    84. 

  84.   addr.nl_family = AF_NETLINK;
    85. 

  85.   addr.nl_pid = 0;
    86. 

  86.   addr.nl_groups = 0;
    87. 

  87.   msg.msg_name = &addr;
    88. 

  88.   msg.msg_namelen = sizeof (addr);
    89. 

  89.   msg.msg_iov = iov;
    90. 

  90.   msg.msg_iovlen = 2;
    91. 

  91.   msg.msg_control = NULL;
    92. 

  92.   msg.msg_controllen = 0;
    93. 

  93.   msg.msg_flags = 0;
    94. 

  94.   res = sendmsg (fd, &msg, 0);
    95. 

  95.   if (res == -1)
    96. 

  96.     return -1;
    97. 

  97.   if ((size_t)res != nlm.nlmsg_len)
    98. 

  98.     {
    99. 

  99.       errno = EIO;
    100. 

  100.       return -1;
    101. 

  101.     }
    102. 

  102.   return 0;
    103. 

  103. }
    104. 

  104. 

  105. static int
    106. 

  106. nl_recv (int fd, unsigned type, void *buf, size_t size)
    107. 

  107. {
    108. 

  108.   struct sockaddr_nl addr;
    109. 

  109.   struct msghdr msg;
    110. 

  110.   struct nlmsghdr nlm;
    111. 

  111.   struct iovec iov[2];
    112. 

  112.   ssize_t res, resdiff;
    113. 

  113. 

  114.  again:
    115. 

  115.   iov[0].iov_base = &nlm;
    116. 

  116.   iov[0].iov_len = sizeof (nlm);
    117. 

  117.   msg.msg_name = &addr;
    118. 

  118.   msg.msg_namelen = sizeof (addr);
    119. 

  119.   msg.msg_iov = iov;
    120. 

  120.   msg.msg_iovlen = 1;
    121. 

  121.   msg.msg_control = NULL;
    122. 

  122.   msg.msg_controllen = 0;
    123. 

  123.   if (type != NLMSG_ERROR)
    124. 

  124.     {
    125. 

  125.       res = recvmsg (fd, &msg, MSG_PEEK);
    126. 

  126.       if (res == -1)
    127. 

  127. 	return -1;
    128. 

  128.       if (res != NLMSG_LENGTH (0))
    129. 

  129. 	{
    130. 

  130. 	  errno = EIO;
    131. 

  131. 	  return -1;
    132. 

  132. 	}
    133. 

  133.       if (nlm.nlmsg_type == NLMSG_ERROR)
    134. 

  134. 	{
    135. 

  135. 	  struct nlmsgerr err;
    136. 

  136. 

  137. 	  iov[1].iov_base = &err;
    138. 

  138. 	  iov[1].iov_len = sizeof (err);
    139. 

  139. 	  msg.msg_iovlen = 2;
    140. 

  140. 	  res = recvmsg (fd, &msg, 0);
    141. 

  141. 	  if (res == -1)
    142. 

  142. 	    return -1;
    143. 

  143. 	  if ((size_t)res != NLMSG_LENGTH (sizeof (err))
    144. 

  144. 	      || nlm.nlmsg_type != NLMSG_ERROR)
    145. 

  145. 	    {
    146. 

  146. 	      errno = EIO;
    147. 

  147. 	      return -1;
    148. 

  148. 	    }
    149. 

  149. 	  if (err.error == 0)
    150. 

  150. 	    goto again;
    151. 

  151. 	  errno = -err.error;
    152. 

  152. 	  return -1;
    153. 

  153. 	}
    154. 

  154.     }
    155. 

  155.   if (size != 0)
    156. 

  156.     {
    157. 

  157.       iov[1].iov_base = buf;
    158. 

  158.       iov[1].iov_len = size;
    159. 

  159.       msg.msg_iovlen = 2;
    160. 

  160.     }
    161. 

  161.   res = recvmsg (fd, &msg, 0);
    162. 

  162.   if (res == -1)
    163. 

  163.     return -1;
    164. 

  164.   resdiff = NLMSG_LENGTH(size) - (size_t)res;
    165. 

  165.   if (resdiff < 0
    166. 

  166.       || nlm.nlmsg_type != type)
    167. 

  167.     {
    168. 

  168.       errno = EIO;
    169. 

  169.       return -1;
    170. 

  170.     }
    171. 

  171.   else if (resdiff > 0)
    172. 

  172.     {
    173. 

  173.       memset((char *)buf + size - resdiff, 0, resdiff);
    174. 

  174.     }
    175. 

  175.   return 0;
    176. 

  176. }
    177. 

  177. 

  178. static int
    179. 

  179. nl_recv_ack (int fd)
    180. 

  180. {
    181. 

  181.   struct nlmsgerr err;
    182. 

  182. 

  183.   if (nl_recv (fd, NLMSG_ERROR, &err, sizeof (err)) != 0)
    184. 

  184.     return -1;
    185. 

  185.   if (err.error != 0)
    186. 

  186.     {
    187. 

  187.       errno = -err.error;
    188. 

  188.       return -1;
    189. 

  189.     }
    190. 

  190.   return 0;
    191. 

  191. }
    192. 

  192. 

  193. static void
    194. 

  194. cleanup_old_status (pam_handle_t *pamh, void *data, int error_status)
    195. 

  195. {
    196. 

  196.   (void)pamh;
    197. 

  197.   (void)error_status;
    198. 

  198.   free (data);
    199. 

  199. }
    200. 

  200. 

  201. int
    202. 

  202. pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv)
    203. 

  203. {
    204. 

  204.   enum command { CMD_NONE, CMD_ENABLE, CMD_DISABLE };
    205. 

  205. 

  206.   enum command command;
    207. 

  207.   struct audit_tty_status *old_status, new_status;
    208. 

  208.   const char *user;
    209. 

  209.   int i, fd, open_only;
    210. 

  210. #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
    211. 

  211.   int log_passwd;
    212. 

  212. #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    213. 

  213. 

  214.   (void)flags;
    215. 

  215. 

  216.   if (pam_get_user (pamh, &user, NULL) != PAM_SUCCESS)
    217. 

  217.     {
    218. 

  218.       pam_syslog (pamh, LOG_ERR, "error determining target user's name");
    219. 

  219.       return PAM_SESSION_ERR;
    220. 

  220.     }
    221. 

  221. 

  222.   command = CMD_NONE;
    223. 

  223.   open_only = 0;
    224. 

  224. #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
    225. 

  225.   log_passwd = 0;
    226. 

  226. #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    227. 

  227.   for (i = 0; i < argc; i++)
    228. 

  228.     {
    229. 

  229.       if (strncmp (argv[i], "enable=", 7) == 0
    230. 

  230. 	  || strncmp (argv[i], "disable=", 8) == 0)
    231. 

  231. 	{
    232. 

  232. 	  enum command this_command;
    233. 

  233. 	  char *copy, *tok_data, *tok;
    234. 

  234. 

  235. 	  this_command = *argv[i] == 'e' ? CMD_ENABLE : CMD_DISABLE;
    236. 

  236. 	  copy = strdup (strchr (argv[i], '=') + 1);
    237. 

  237. 	  if (copy == NULL)
    238. 

  238. 	    return PAM_SESSION_ERR;
    239. 

  239. 	  for (tok = strtok_r (copy, ",", &tok_data); tok != NULL;
    240. 

  240. 	       tok = strtok_r (NULL, ",", &tok_data))
    241. 

  241. 	    {
    242. 

  242. 	      if (fnmatch (tok, user, 0) == 0)
    243. 

  243. 		{
    244. 

  244. 		  command = this_command;
    245. 

  245. 		  break;
    246. 

  246. 		}
    247. 

  247. 	    }
    248. 

  248. 	  free (copy);
    249. 

  249. 	}
    250. 

  250.       else if (strcmp (argv[i], "open_only") == 0)
    251. 

  251. 	open_only = 1;
    252. 

  252.       else if (strcmp (argv[i], "log_passwd") == 0)
    253. 

  253. #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
    254. 

  254.         log_passwd = 1;
    255. 

  255. #else /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    256. 

  256.         pam_syslog (pamh, LOG_WARNING,
    257. 

  257.                     "The log_passwd option was not available at compile time.");
    258. 

  258. #warning "pam_tty_audit: The log_passwd option is not available.  Please upgrade your headers/kernel."
    259. 

  259. #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    260. 

  260.       else
    261. 

  261. 	{
    262. 

  262. 	  pam_syslog (pamh, LOG_ERR, "unknown option `%s'", argv[i]);
    263. 

  263. 	}
    264. 

  264.     }
    265. 

  265.   if (command == CMD_NONE)
    266. 

  266.     return PAM_SUCCESS;
    267. 

  267. 

  268.   old_status = malloc (sizeof (*old_status));
    269. 

  269.   if (old_status == NULL)
    270. 

  270.     return PAM_SESSION_ERR;
    271. 

  271. 

  272.   fd = nl_open ();
    273. 

  273.   if (fd == -1
    274. 

  274.       || nl_send (fd, AUDIT_TTY_GET, 0, NULL, 0) != 0
    275. 

  275.       || nl_recv (fd, AUDIT_TTY_GET, old_status, sizeof (*old_status)) != 0)
    276. 

  276.     {
    277. 

  277.       pam_syslog (pamh, LOG_ERR, "error reading current audit status: %m");
    278. 

  278.       if (fd != -1)
    279. 

  279. 	close (fd);
    280. 

  280.       free (old_status);
    281. 

  281.       return PAM_SESSION_ERR;
    282. 

  282.     }
    283. 

  283. 

  284.   memcpy(&new_status, old_status, sizeof(new_status));
    285. 

  285. 

  286.   new_status.enabled = (command == CMD_ENABLE ? 1 : 0);
    287. 

  287. #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
    288. 

  288.   new_status.log_passwd = log_passwd;
    289. 

  289. #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    290. 

  290.   if (old_status->enabled == new_status.enabled
    291. 

  291. #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
    292. 

  292.       && old_status->log_passwd == new_status.log_passwd
    293. 

  293. #endif /* HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD */
    294. 

  294.      )
    295. 

  295.     {
    296. 

  296.       open_only = 1; /* to clean up old_status */
    297. 

  297.       goto ok_fd;
    298. 

  298.     }
    299. 

  299. 

  300.   if (open_only == 0
    301. 

  301.       && pam_set_data (pamh, DATANAME, old_status, cleanup_old_status)
    302. 

  302.       != PAM_SUCCESS)
    303. 

  303.     {
    304. 

  304.       pam_syslog (pamh, LOG_ERR, "error saving old audit status");
    305. 

  305.       close (fd);
    306. 

  306.       free (old_status);
    307. 

  307.       return PAM_SESSION_ERR;
    308. 

  308.     }
    309. 

  309. 

  310.   if (nl_send (fd, AUDIT_TTY_SET, NLM_F_ACK, &new_status,
    311. 

  311. 	       sizeof (new_status)) != 0
    312. 

  312.       || nl_recv_ack (fd) != 0)
    313. 

  313.     {
    314. 

  314.       pam_syslog (pamh, LOG_ERR, "error setting current audit status: %m");
    315. 

  315.       close (fd);
    316. 

  316.       if (open_only != 0)
    317. 

  317. 	free (old_status);
    318. 

  318.       return PAM_SESSION_ERR;
    319. 

  319.     }
    320. 

  320.   /* Fall through */
    321. 

  321.  ok_fd:
    322. 

  322.   close (fd);
    323. 

  323.   pam_syslog (pamh, LOG_DEBUG, "changed status from %d to %d",
    324. 

  324. 	      old_status->enabled, new_status.enabled);
    325. 

  325.   if (open_only != 0)
    326. 

  326.     free (old_status);
    327. 

  327.   return PAM_SUCCESS;
    328. 

  328. }
    329. 

  329. 

  330. int
    331. 

  331. pam_sm_close_session (pam_handle_t *pamh, int flags, int argc,
    332. 

  332. 		      const char **argv)
    333. 

  333. {
    334. 

  334.   const void *status_;
    335. 

  335. 

  336.   (void)flags;
    337. 

  337.   (void)argc;
    338. 

  338.   (void)argv;
    339. 

  339.   if (pam_get_data (pamh, DATANAME, &status_) == PAM_SUCCESS)
    340. 

  340.     {
    341. 

  341.       const struct audit_tty_status *status;
    342. 

  342.       int fd;
    343. 

  343. 

  344.       status = status_;
    345. 

  345. 

  346.       fd = nl_open ();
    347. 

  347.       if (fd == -1
    348. 

  348. 	  || nl_send (fd, AUDIT_TTY_SET, NLM_F_ACK, status,
    349. 

  349. 		      sizeof (*status)) != 0
    350. 

  350. 	  || nl_recv_ack (fd) != 0)
    351. 

  351. 	{
    352. 

  352. 	  pam_syslog (pamh, LOG_ERR, "error restoring audit status: %m");
    353. 

  353. 	  if (fd != -1)
    354. 

  354. 	    close (fd);
    355. 

  355. 	  return PAM_SESSION_ERR;
    356. 

  356. 	}
    357. 

  357.       close (fd);
    358. 

  358.       pam_syslog (pamh, LOG_DEBUG, "restored status to %d", status->enabled);
    359. 

  359.     }
    360. 

  360.   return PAM_SUCCESS;
    361. 

  361. }
    362. 

  362. 

  363. /* static module data */
    364. 

  364. #ifdef PAM_STATIC
    365. 

  365. struct pam_module _pam_tty_audit_modstruct = {
    366. 

  366.   "pam_tty_audit",
    367. 

  367.   NULL,
    368. 

  368.   NULL,
    369. 

  369.   NULL,
    370. 

  370.   pam_sm_open_session,
    371. 

  371.   pam_sm_close_session,
    372. 

  372.   NULL
    373. 

  373. };
    374. 

  374. #endif
    375.