upstream/illumos/illumos-gate: usr/src/uts/common/c2/audit.c@64b2a371a6bd (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	5	* Common Development and Distribution License, Version 1.0 only
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	6	* (the "License"). You may not use this file except in compliance
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	* with the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	/*
898 64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	23	* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	* Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	* This file contains the audit hook support code for auditing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	#pragma ident "%Z%%M% %I% %E% SMI"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#include <sys/types.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	#include <sys/proc.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	#include <sys/vnode.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	#include <sys/vfs.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	#include <sys/file.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	#include <sys/user.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	#include <sys/stropts.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	#include <sys/systm.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	#include <sys/pathname.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	#include <sys/syscall.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	#include <sys/fcntl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44	#include <sys/ipc_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	#include <sys/msg_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	#include <sys/sem_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47	#include <sys/shm_impl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48	#include <sys/kmem.h> /* for KM_SLEEP */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	#include <sys/socket.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50	#include <sys/cmn_err.h> /* snprintf... */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	#include <sys/debug.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	#include <sys/thread.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	#include <netinet/in.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	#include <c2/audit.h> /* needs to be included before user.h */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	#include <c2/audit_kernel.h> /* for M_DONTWAIT */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	#include <c2/audit_kevents.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	#include <c2/audit_record.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	#include <sys/strsubr.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	#include <sys/tihdr.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	#include <sys/tiuser.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	#include <sys/timod.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	#include <sys/model.h> /* for model_t */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	#include <sys/disp.h> /* for servicing_interrupt() */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64	#include <sys/devpolicy.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	#include <sys/crypto/ioctladmin.h>
898 64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	66	#include <inet/kssl/kssl.h>
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	static void add_return_token(caddr_t *, unsigned int scid, int err, int rval);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	static void audit_pathbuild(struct pathname *pnp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	* ROUTINE: AUDIT_NEWPROC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	* PURPOSE: initialize the child p_audit_data structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	* CALLBY: GETPROC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	* NOTE: All threads for the parent process are locked at this point.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	* We are essentially running singled threaded for this reason.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* GETPROC is called when system creates a new process.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	* By the time AUDIT_NEWPROC is called, the child proc
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	* structure has already been initialized. What we need
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* to do is to allocate the child p_audit_data and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	* initialize it with the content of current parent process.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	audit_newproc(struct proc cp) / initialized child proc structure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	p_audit_data_t pad; / child process audit data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	p_audit_data_t opad; / parent process audit data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	pad = kmem_cache_alloc(au_pad_cache, KM_SLEEP);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	P2A(cp) = pad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	opad = P2A(curproc);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98	* copy the audit data. Note that all threads of current
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	* process have been "held". Thus there is no race condition
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	* here with mutiple threads trying to alter the cwrd
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	* structure (such as releasing it).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	* The audit context in the cred is "duplicated" for the new
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104	* proc by elsewhere crhold'ing the parent's cred which it shares.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106	* We still want to hold things since auditon() [A_SETUMASK,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	* A_SETSMASK] could be walking through the processes to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	* update things.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	mutex_enter(&opad->pad_lock); /* lock opad structure during copy */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111	pad->pad_data = opad->pad_data; /* copy parent's process audit data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	au_pathhold(pad->pad_root);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	au_pathhold(pad->pad_cwd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114	mutex_exit(&opad->pad_lock); /* current proc will keep cwrd open */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	* finish auditing of parent here so that it will be done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	* before child has a chance to run. We include the child
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	* pid since the return value in the return token is a dummy
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	* one and contains no useful information (it is included to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	* make the audit record structure consistant).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	* tad_flag is set if auditing is on
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	if (((t_audit_data_t *)T2A(curthread))->tad_flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	au_uwrite(au_to_arg32(0, "child PID", (uint32_t)cp->p_pid));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	* finish up audit record generation here because child process
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	* is set to run before parent process. We distinguish here
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	* between FORK, FORK1, or VFORK by the saved system call ID.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	audit_finish(0, ((t_audit_data_t *)T2A(curthread))->tad_scid, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	* ROUTINE: AUDIT_PFREE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	* PURPOSE: deallocate the per-process udit data structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	* CALLBY: EXIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	* FORK_FAIL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	* NOTE: all lwp except current one have stopped in SEXITLWPS
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	* why we are single threaded?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	* . all lwp except current one have stopped in SEXITLWPS.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	audit_pfree(struct proc p) / proc structure to be freed */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148	{ /* AUDIT_PFREE */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150	p_audit_data_t *pad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	pad = P2A(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154	/* better be a per process audit data structure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	ASSERT(pad != (p_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157	if (pad == pad0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	/* deallocate all auditing resources for this process */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	162	au_pathrele(pad->pad_root);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	163	au_pathrele(pad->pad_cwd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	164
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	165	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	166	* Since the pad structure is completely overwritten after alloc,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	167	* we don't bother to clear it.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	169
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	170	kmem_cache_free(au_pad_cache, pad);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	* ROUTINE: AUDIT_THREAD_CREATE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	* PURPOSE: allocate per-process thread audit data structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	* CALLBY: THREAD_CREATE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	* NOTE: This is called just after *t was bzero'd.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	* We are single threaded in this routine.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	audit_thread_create(kthread_id_t t)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	t_audit_data_t tad; / per-thread audit data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188	tad = kmem_zalloc(sizeof (struct t_audit_data), KM_SLEEP);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190	T2A(t) = tad; /* set up thread audit data ptr */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	tad->tad_thread = t; /* back ptr to thread: DEBUG */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	* ROUTINE: AUDIT_THREAD_FREE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	* PURPOSE: free the per-thread audit data structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	* CALLBY: THREAD_FREE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198	* NOTE: most thread data is clear after return
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201	audit_thread_free(kthread_t *t)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204	au_defer_info_t *attr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206	tad = T2A(t);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208	/* thread audit data must still be set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	if (tad == tad0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	if (tad == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	t->t_audit_data = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	/* must not have any audit record residual */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	ASSERT(tad->tad_ad == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	/* saved path must be empty */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	ASSERT(tad->tad_aupath == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	if (tad->tad_atpath)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227	au_pathrele(tad->tad_atpath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229	attr = tad->tad_defer_head;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	while (attr != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	231	au_defer_info_t *tmp_attr = attr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	233	au_free_rec(attr->audi_ad);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	attr = attr->audi_next;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	236	kmem_free(tmp_attr, sizeof (au_defer_info_t));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	237	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	238
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239	kmem_free(tad, sizeof (*tad));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	240	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	* ROUTINE: AUDIT_SAVEPATH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	* CALLBY: LOOKUPPN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	* NOTE: We have reached the end of a path in fs/lookup.c.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	* We get two pieces of information here:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	* the vnode of the last component (vp) and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	* the status of the last access (flag).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257	audit_savepath(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258	struct pathname pnp, / pathname to lookup */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259	struct vnode vp, / vnode of the last component */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260	int flag, /* status of the last access */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	cred_t cr) / cred of requestor */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264	t_audit_data_t tad; / current thread */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	p_audit_data_t pad; / current process */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	pad = P2A(curproc);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	ASSERT(pad != (p_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	* this event being audited or do we need path information
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281	* later? This might be for a chdir/chroot or open (add path
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	* to file pointer. If the path has already been found for an
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283	* open/creat then we don't need to process the path.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	* S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	* chroot, chdir, open, creat system call processing. It determines
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287	* if audit_savepath() will discard the path or we need it later.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288	* PAD_PATHFND means path already included in this audit record. It
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	* is used in cases where multiple path lookups are done per
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	* system call. The policy flag, AUDIT_PATH, controls if multiple
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	* paths are allowed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292	* S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	* exit processing to inhibit any paths that may be added due to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	* closes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297	((tad->tad_ctrl & PAD_PATHFND) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	!(kctx->auk_policy & AUDIT_PATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	(tad->tad_ctrl & PAD_NOPATH)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303	audit_pathbuild(pnp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	tad->tad_vn = vp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307	* are we auditing only if error, or if it is not open or create
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308	* otherwise audit_setf will do it
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311	if (tad->tad_flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	if (flag && (tad->tad_scid == SYS_open \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313	tad->tad_scid == SYS_open64 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	314	tad->tad_scid == SYS_creat \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	tad->tad_scid == SYS_creat64 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316	tad->tad_scid == SYS_fsat)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317	tad->tad_ctrl \|= PAD_TRUE_CREATE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320	/* add token to audit record for this name */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321	au_uwrite(au_to_path(tad->tad_aupath));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	322
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	323	/* add the attributes of the object */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	324	if (vp) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	325	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	326	* only capture attributes when there is no error
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	327	* lookup will not return the vnode of the failing
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	328	* component.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	329	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	330	* if there was a lookup error, then don't add
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331	* attribute. if lookup in vn_create(),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	332	* then don't add attribute,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	333	* it will be added at end of vn_create().
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	334	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	335	if (!flag && !(tad->tad_ctrl & PAD_NOATTRB))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	336	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	337	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	339
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	340	/* free up space if we're not going to save path (open, crate) */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	341	if ((tad->tad_ctrl & PAD_SAVPATH) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	342	if (tad->tad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343	au_pathrele(tad->tad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	344	tad->tad_aupath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	345	tad->tad_vn = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	346	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	347	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348	if (tad->tad_ctrl & PAD_MLD)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	349	tad->tad_ctrl \|= PAD_PATHFND;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	350
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	351	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	352	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	353
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	354	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	355	audit_pathbuild(struct pathname *pnp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	356	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	357	char pp; / pointer to path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	358	int len; /* length of incoming segment */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	359	int newsect; /* path requires a new section */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	360	struct audit_path pfxapp; / prefix for path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	struct audit_path newapp; / new audit_path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	362	t_audit_data_t tad; / current thread */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	363	p_audit_data_t pad; / current process */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	364
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	365	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	366	ASSERT(tad != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	pad = P2A(curproc);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	368	ASSERT(pad != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	370	len = (pnp->pn_path - pnp->pn_buf) + 1; /* +1 for terminator */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	ASSERT(len > 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373	/* adjust for path prefix: tad_aupath, ATPATH, CRD, or CWD */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374	mutex_enter(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	375	if (tad->tad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	376	pfxapp = tad->tad_aupath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	} else if (tad->tad_scid == SYS_fsat && pnp->pn_buf[0] != '/') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378	ASSERT(tad->tad_atpath != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379	pfxapp = tad->tad_atpath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380	} else if (tad->tad_ctrl & PAD_ABSPATH) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	pfxapp = pad->pad_root;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	pfxapp = pad->pad_cwd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	au_pathhold(pfxapp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	mutex_exit(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	388	/* get an expanded buffer to hold the anchored path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389	newsect = tad->tad_ctrl & PAD_ATPATH;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	newapp = au_pathdup(pfxapp, newsect, len);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	au_pathrele(pfxapp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393	pp = newapp->audp_sect[newapp->audp_cnt] - len;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394	if (!newsect) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	395	/* overlay previous NUL terminator */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	396	*(pp - 1) = '/';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	397	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	399	/* now add string of processed path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	400	bcopy(pnp->pn_buf, pp, len);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	401	pp[len - 1] = '\0';
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	/* perform path simplification as necessary */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	audit_fixpath(newapp, len);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	405
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	406	if (tad->tad_aupath)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407	au_pathrele(tad->tad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	tad->tad_aupath = newapp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	/* for case where multiple lookups in one syscall (rename) */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411	tad->tad_ctrl &= ~(PAD_ABSPATH \| PAD_ATPATH);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	416	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	417
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	418	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	419	* ROUTINE: AUDIT_ADDCOMPONENT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	420	* PURPOSE: extend the path by the component accepted
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	421	* CALLBY: LOOKUPPN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	422	* NOTE: This function is called only when there is an error in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	423	* parsing a path component
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	424	* TODO: Add the error component to audit record
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	425	* QUESTION: what is this for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	426	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	427
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	428	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	429	audit_addcomponent(struct pathname *pnp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	430	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	431	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	432	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	433
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	434	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	435	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	436	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	437	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	438	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	439
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	440	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	441	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	442	* S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	443	* chroot, chdir, open, creat system call processing. It determines
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	444	* if audit_savepath() will discard the path or we need it later.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	445	* PAD_PATHFND means path already included in this audit record. It
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	446	* is used in cases where multiple path lookups are done per
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	447	* system call. The policy flag, AUDIT_PATH, controls if multiple
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	448	* paths are allowed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	449	* S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	450	* exit processing to inhibit any paths that may be added due to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	451	* closes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	452	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	453	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	454	((tad->tad_ctrl & PAD_PATHFND) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	455	!(kctx->auk_policy & AUDIT_PATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	456	(tad->tad_ctrl & PAD_NOPATH)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	457	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	458	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	459
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	460	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	461
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	462	} /* AUDIT_ADDCOMPONENT */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	463
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	464
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	465
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	466
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	467
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	468
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	469
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	470
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	471	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	472	* ROUTINE: AUDIT_ANCHORPATH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	473	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	474	* CALLBY: LOOKUPPN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	475	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	476	* anchor path at "/". We have seen a symbolic link or entering for the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	477	* first time we will throw away any saved path if path is anchored.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	478	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	479	* flag = 0, path is relative.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	480	* flag = 1, path is absolute. Free any saved path and set flag to PAD_ABSPATH.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	481	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	482	* If the (new) path is absolute, then we have to throw away whatever we have
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	483	* already accumulated since it is being superceeded by new path which is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	484	* anchored at the root.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	485	* Note that if the path is relative, this function does nothing
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	486	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	487	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	488	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	489	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	490	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	491	audit_anchorpath(struct pathname *pnp, int flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	492	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	493	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	494	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	495
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	496	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	497	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	498	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	499	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	500	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	501
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	502	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	503
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	504	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	505	* this event being audited or do we need path information
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	506	* later? This might be for a chdir/chroot or open (add path
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	507	* to file pointer. If the path has already been found for an
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	508	* open/creat then we don't need to process the path.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	509	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	510	* S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	511	* chroot, chdir, open, creat system call processing. It determines
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	512	* if audit_savepath() will discard the path or we need it later.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	513	* PAD_PATHFND means path already included in this audit record. It
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	514	* is used in cases where multiple path lookups are done per
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	515	* system call. The policy flag, AUDIT_PATH, controls if multiple
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	516	* paths are allowed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	517	* S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	518	* exit processing to inhibit any paths that may be added due to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	519	* closes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	520	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	521	if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	522	((tad->tad_ctrl & PAD_PATHFND) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	523	!(kctx->auk_policy & AUDIT_PATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	524	(tad->tad_ctrl & PAD_NOPATH)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	525	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	526	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	527
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	528	if (flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	529	tad->tad_ctrl \|= PAD_ABSPATH;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	530	if (tad->tad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	531	au_pathrele(tad->tad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	532	tad->tad_aupath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	533	tad->tad_vn = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	534	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	535	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	536	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	537
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	538
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	539	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	540	* symbolic link. Save previous components.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	541	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	542	* the path seen so far looks like this
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	543	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	544	* +-----------------------+----------------+
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	545	* \| path processed so far \| remaining path \|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	546	* +-----------------------+----------------+
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	547	* \-----------------------/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	548	* save this string if
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	549	* symbolic link relative
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	550	* (but don't include symlink component)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	551	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	552
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	553	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	554
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	555
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	556	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	557	* ROUTINE: AUDIT_SYMLINK
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559	* CALLBY: LOOKUPPN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565	audit_symlink(struct pathname pnp, struct pathname sympath)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	567	char sp; / saved initial pp */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	568	char cp; / start of symlink path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	569	uint_t len_path; /* processed path before symlink */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	572
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	574	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	575	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	576	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	577	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	578
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	579	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	580
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	581	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	582	* this event being audited or do we need path information
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	583	* later? This might be for a chdir/chroot or open (add path
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	584	* to file pointer. If the path has already been found for an
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	585	* open/creat then we don't need to process the path.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	586	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	587	* S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	588	* chroot, chdir, open, creat system call processing. It determines
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	589	* if audit_savepath() will discard the path or we need it later.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	590	* PAD_PATHFND means path already included in this audit record. It
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	591	* is used in cases where multiple path lookups are done per
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	592	* system call. The policy flag, AUDIT_PATH, controls if multiple
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	593	* paths are allowed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	594	* S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	595	* exit processing to inhibit any paths that may be added due to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	596	* closes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	597	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	598	if ((tad->tad_flag == 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	599	!(tad->tad_ctrl & PAD_SAVPATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	600	((tad->tad_ctrl & PAD_PATHFND) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	601	!(kctx->auk_policy & AUDIT_PATH)) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	602	(tad->tad_ctrl & PAD_NOPATH)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	603	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	604	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	605
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	606	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	607	* if symbolic link is anchored at / then do nothing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	608	* When we cycle back to begin: in lookuppn() we will
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	609	* call audit_anchorpath() with a flag indicating if the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	610	* path is anchored at / or is relative. We will release
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	611	* any saved path at that point.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	612	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	613	* Note In the event that an error occurs in pn_combine then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	614	* we want to remain pointing at the component that caused the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	615	* path to overflow the pnp structure.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	616	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	617	if (sympath->pn_buf[0] == '/')
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	618	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	619
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	620	/* backup over last component */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	621	sp = cp = pnp->pn_path;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	622	while (*--cp != '/' && cp > pnp->pn_buf)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	623	;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	624
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	625	len_path = cp - pnp->pn_buf;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	626
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	627	/* is there anything to save? */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	628	if (len_path) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	629	pnp->pn_path = cp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	630	audit_pathbuild(pnp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	631	pnp->pn_path = sp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	632	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	633	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	634
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	635	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	636	* file_is_public : determine whether events for the file (corresponding to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	637	* the specified file attr) should be audited or ignored.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	638	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	639	* returns: 1 - if audit policy and file attributes indicate that
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	640	* file is effectively public. read events for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	641	* the file should not be audited.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	642	* 0 - otherwise
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	643	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	644	* The required attributes to be considered a public object are:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	645	* - owned by root, AND
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	646	* - world-readable (permissions for other include read), AND
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	647	* - NOT world-writeable (permissions for other don't
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	648	* include write)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	649	* (mode doesn't need to be checked for symlinks)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	650	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	651	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	652	file_is_public(struct vattr *attr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	653	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	654	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	655
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	656	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	657	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	658	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	659	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	660	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	661
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	662	if (!(kctx->auk_policy & AUDIT_PUBLIC) && (attr->va_uid == 0) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	663	((attr->va_type == VLNK) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	664	((attr->va_mode & (VREAD>>6)) != 0) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	665	((attr->va_mode & (VWRITE>>6)) == 0))) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	666	return (1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	667	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	668	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	669	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	670
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	671
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	672	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	673	* ROUTINE: AUDIT_ATTRIBUTES
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	674	* PURPOSE: Audit the attributes so we can tell why the error occured
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	675	* CALLBY: AUDIT_SAVEPATH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	676	* AUDIT_VNCREATE_FINISH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	677	* AUS_FCHOWN...audit_event.c...audit_path.c
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	678	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	679	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	680	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	681	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	682	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	683	audit_attributes(struct vnode *vp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	684	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	685	struct vattr attr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	686	struct t_audit_data *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	687
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	688	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	689
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	690	if (vp) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	691	attr.va_mask = AT_ALL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	692	if (VOP_GETATTR(vp, &attr, 0, CRED()) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	693	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	694
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	695	if (file_is_public(&attr) && (tad->tad_ctrl & PAD_PUBLIC_EV)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	696	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	697	* This is a public object and a "public" event
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	698	* (i.e., read only) -- either by definition
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	699	* (e.g., stat, access...) or by virtue of write access
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	700	* not being requested (e.g. mmap).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	701	* Flag it in the tad to prevent this audit at the end.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	702	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	703	tad->tad_ctrl \|= PAD_NOAUDIT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	704	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	705	au_uwrite(au_to_attr(&attr));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	706	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	707	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	708	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	709
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	710
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	711	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	712	* ROUTINE: AUDIT_FALLOC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	713	* PURPOSE: allocating a new file structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	714	* CALLBY: FALLOC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	715	* NOTE: file structure already initialized
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	716	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	717	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	718	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	719
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	720	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	721	audit_falloc(struct file *fp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	722	{ /* AUDIT_FALLOC */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	723
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	724	f_audit_data_t *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	725
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	726	/* allocate per file audit structure if there a'int any */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	727	ASSERT(F2A(fp) == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	728
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	729	fad = kmem_zalloc(sizeof (struct f_audit_data), KM_SLEEP);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	730
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	731	F2A(fp) = fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	732
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	733	fad->fad_thread = curthread; /* file audit data back ptr; DEBUG */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	734	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	735
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	736	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	737	* ROUTINE: AUDIT_UNFALLOC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	738	* PURPOSE: deallocate file audit data structure
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	739	* CALLBY: CLOSEF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	740	* UNFALLOC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	741	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	742	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	743	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	744	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	745
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	746	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	747	audit_unfalloc(struct file *fp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	748	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	749	f_audit_data_t *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	750
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	751	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	752
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	753	if (!fad) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	754	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	755	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	756	if (fad->fad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	757	au_pathrele(fad->fad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	758	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	759	fp->f_audit_data = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	760	kmem_free(fad, sizeof (struct f_audit_data));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	761	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	762
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	763	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	764	* ROUTINE: AUDIT_EXIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	765	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	766	* CALLBY: EXIT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	767	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	768	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	769	* QUESTION: why cmw code as offset by 2 but not here
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	770	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	771	/* ARGSUSED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	772	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	773	audit_exit(int code, int what)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	774	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	775	struct t_audit_data *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	776	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	777
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	778	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	779	* tad_scid will be set by audit_start even if we are not auditing
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	780	* the event.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	781	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	782	if (tad->tad_scid == SYS_exit) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	783	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	784	* if we are auditing the exit system call, then complete
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	785	* audit record generation (no return from system call).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	786	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	787	if (tad->tad_flag && tad->tad_event == AUE_EXIT)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	788	audit_finish(0, SYS_exit, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	789	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	790	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	791
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	792	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	793	* Anyone auditing the system call that was aborted?
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	794	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	795	if (tad->tad_flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	796	au_uwrite(au_to_text("event aborted"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	797	audit_finish(0, tad->tad_scid, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	798	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	799
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	800	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	801	* Generate an audit record for process exit if preselected.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	802	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	803	(void) audit_start(0, SYS_exit, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	804	audit_finish(0, SYS_exit, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	805	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	806
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	807	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	808	* ROUTINE: AUDIT_CORE_START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	809	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	810	* CALLBY: PSIG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	811	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	812	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	813	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	814	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	815	audit_core_start(int sig)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	816	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	817	au_event_t event;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	818	au_state_t estate;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	819	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	820	au_kcontext_t *kctx;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	821
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	822	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	823
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	824	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	825
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	826	ASSERT(tad->tad_scid == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	827	ASSERT(tad->tad_event == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	828	ASSERT(tad->tad_evmod == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	829	ASSERT(tad->tad_ctrl == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	830	ASSERT(tad->tad_flag == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	831	ASSERT(tad->tad_aupath == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	832
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	833	kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	834
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	835	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	836	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	837	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	838	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	839	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	840
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	841	/* get basic event for system call */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	842	event = AUE_CORE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	843	estate = kctx->auk_ets[event];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	844
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	845	if ((tad->tad_flag = auditme(kctx, tad, estate)) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	846	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	847
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	848	/* reset the flags for non-user attributable events */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	849	tad->tad_ctrl = PAD_CORE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	850	tad->tad_scid = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	851
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	852	/* if auditing not enabled, then don't generate an audit record */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	853
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	854	if (!((kctx->auk_auditstate == AUC_AUDITING \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	855	kctx->auk_auditstate == AUC_INIT_AUDIT) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	856	kctx->auk_auditstate == AUC_NOSPACE)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	857	tad->tad_flag = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	858	tad->tad_ctrl = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	859	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	860	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	861
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	862	tad->tad_event = event;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	863	tad->tad_evmod = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	864
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	865	ASSERT(tad->tad_ad == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	866
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	867	au_write(&(u_ad), au_to_arg32(1, "signal", (uint32_t)sig));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	868	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	869
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	870	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	871	* ROUTINE: AUDIT_CORE_FINISH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	872	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	873	* CALLBY: PSIG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	874	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	875	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	876	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	877	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	878
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	879	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	880	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	881	audit_core_finish(int code)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	882	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	883	int flag;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	884	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	885	au_kcontext_t *kctx;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	886
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	887	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	888
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	889	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	890
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	891	if ((flag = tad->tad_flag) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	892	tad->tad_event = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	893	tad->tad_evmod = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	894	tad->tad_ctrl = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	895	ASSERT(tad->tad_aupath == NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	896	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	897	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	898	tad->tad_flag = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	899
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	900	kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	901	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	902	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	903	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	904	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	905	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	906
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	907	/* kludge for error 0, should use `code==CLD_DUMPED' instead */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	908	if (flag = audit_success(kctx, tad, 0)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	909	cred_t *cr = CRED();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	910	const auditinfo_addr_t *ainfo = crgetauinfo(cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	911
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	912	ASSERT(ainfo != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	913
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	914	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	915	* Add a subject token (no locks since our private copy of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	916	* credential
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	917	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	918	AUDIT_SETSUBJ(&(u_ad), cr, ainfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	919
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	920	/* Add an optional group token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	921	AUDIT_SETGROUP(&(u_ad), cr, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	922
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	923	/* Add a return token (should use f argument) */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	924	add_return_token((caddr_t *)&(u_ad), tad->tad_scid, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	925
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	926	AS_INC(as_generated, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	927	AS_INC(as_kernel, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	928	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	929
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	930	/* Close up everything */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	931	au_close(kctx, &(u_ad), flag, tad->tad_event, tad->tad_evmod);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	932
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	933	/* free up any space remaining with the path's */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	934	if (tad->tad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	935	au_pathrele(tad->tad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	936	tad->tad_aupath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	937	tad->tad_vn = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	938	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	939	tad->tad_event = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	940	tad->tad_evmod = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	941	tad->tad_ctrl = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	942	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	943
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	944	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	945	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	946	audit_stropen(struct vnode vp, dev_t devp, int flag, cred_t *crp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	947	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	948	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	949
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	950	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	951	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	952	audit_strclose(struct vnode vp, int flag, cred_t crp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	953	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	954	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	955
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	956	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	957	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	958	audit_strioctl(struct vnode *vp, int cmd, intptr_t arg, int flag,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	959	int copyflag, cred_t crp, int rvalp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	960	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	961	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	962
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	963
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	964	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	965	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	966	audit_strgetmsg(struct vnode vp, struct strbuf mctl, struct strbuf *mdata,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	967	unsigned char pri, int flag, int fmode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	968	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	969	struct stdata *stp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	970	t_audit_data_t *tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	971
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	972	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	973
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	974	stp = vp->v_stream;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	975
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	976	/* lock stdata from audit_sock */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	977	mutex_enter(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	978
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	979	/* proceed ONLY if user is being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	980	if (!tad->tad_flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	981	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	982	* this is so we will not add audit data onto
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	983	* a thread that is not being audited.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	984	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	985	stp->sd_t_audit_data = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	986	mutex_exit(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	987	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	988	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	989
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	990	stp->sd_t_audit_data = (caddr_t)curthread;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	991	mutex_exit(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	992	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	993
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	994	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	995	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	996	audit_strputmsg(struct vnode vp, struct strbuf mctl, struct strbuf *mdata,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	997	unsigned char pri, int flag, int fmode)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	998	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	999	struct stdata *stp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1000	t_audit_data_t *tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1001
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1002	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1003
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1004	stp = vp->v_stream;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1005
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1006	/* lock stdata from audit_sock */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1007	mutex_enter(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1008
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1009	/* proceed ONLY if user is being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1010	if (!tad->tad_flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1011	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1012	* this is so we will not add audit data onto
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1013	* a thread that is not being audited.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1014	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1015	stp->sd_t_audit_data = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1016	mutex_exit(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1017	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1018	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1019
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1020	stp->sd_t_audit_data = (caddr_t)curthread;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1021	mutex_exit(&stp->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1022	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1023
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1024	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1025	* ROUTINE: AUDIT_CLOSEF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1026	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1027	* CALLBY: CLOSEF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1028	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1029	* release per file audit resources when file structure is being released.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1030	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1031	* IMPORTANT NOTE: Since we generate an audit record here, we may sleep
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1032	* on the audit queue if it becomes full. This means
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1033	* audit_closef can not be called when f_count == 0. Since
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1034	* f_count == 0 indicates the file structure is free, another
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1035	* process could attempt to use the file while we were still
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1036	* asleep waiting on the audit queue. This would cause the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1037	* per file audit data to be corrupted when we finally do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1038	* wakeup.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1039	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1040	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1041	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1042
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1043	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1044	audit_closef(struct file *fp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1045	{ /* AUDIT_CLOSEF */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1046	f_audit_data_t *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1047	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1048	int success;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1049	au_state_t estate;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1050	struct vnode *vp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1051	token_t *ad = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1052	struct vattr attr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1053	short evmod = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1054	const auditinfo_addr_t *ainfo;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1055	int getattr_ret;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1056	cred_t *cr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1057	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1058
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1059	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1060	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1061	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1062	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1063	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1064
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1065	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1066	estate = kctx->auk_ets[AUE_CLOSE];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1067	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1068	cr = CRED();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1069
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1070	/* audit record already generated by system call envelope */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1071	if (tad->tad_event == AUE_CLOSE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1072	/* so close audit event will have bits set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1073	tad->tad_evmod \|= (short)fad->fad_flags;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1074	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1075	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1076
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1077	/* if auditing not enabled, then don't generate an audit record */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1078	if (!((kctx->auk_auditstate == AUC_AUDITING \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1079	kctx->auk_auditstate == AUC_INIT_AUDIT) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1080	kctx->auk_auditstate == AUC_NOSPACE))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1081	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1082
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1083	ainfo = crgetauinfo(cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1084	if (ainfo == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1085	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1086
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1087	success = ainfo->ai_mask.as_success & estate;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1088
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1089	/* not selected for this event */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1090	if (success == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1091	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1092
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1093	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1094	* can't use audit_attributes here since we use a private audit area
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1095	* to build the audit record instead of the one off the thread.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1096	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1097	if ((vp = fp->f_vnode) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1098	attr.va_mask = AT_ALL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1099	getattr_ret = VOP_GETATTR(vp, &attr, 0, CRED());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1100	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1101
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1102	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1103	* When write was not used and the file can be considered public,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1104	* then skip the audit.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1105	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1106	if ((getattr_ret == 0) && ((fp->f_flag & FWRITE) == 0)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1107	if (file_is_public(&attr)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1108	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1109	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1110	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1111
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1112	evmod = (short)fad->fad_flags;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1113	if (fad->fad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1114	au_write((caddr_t *)&(ad), au_to_path(fad->fad_aupath));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1115	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1116	#ifdef _LP64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1117	au_write((caddr_t *)&(ad), au_to_arg64(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1118	1, "no path: fp", (uint64_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1119	#else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1120	au_write((caddr_t *)&(ad), au_to_arg32(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1121	1, "no path: fp", (uint32_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1122	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1123	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1124
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1125	if (getattr_ret == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1126	au_write((caddr_t *)&(ad), au_to_attr(&attr));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1127	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1128
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1129	/* Add a subject token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1130	AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1131
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1132	/* add an optional group token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1133	AUDIT_SETGROUP((caddr_t *)&(ad), cr, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1134
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1135	/* add a return token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1136	add_return_token((caddr_t *)&(ad), tad->tad_scid, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1137
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1138	AS_INC(as_generated, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1139	AS_INC(as_kernel, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1140
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1141	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1142	* Close up everything
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1143	* Note: path space recovery handled by normal system
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1144	* call envelope if not at last close.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1145	* Note there is no failure at this point since
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1146	* this represents closes due to exit of process,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1147	* thus we always indicate successful closes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1148	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1149	au_close(kctx, (caddr_t *)&(ad), AU_OK \| AU_DEFER,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1150	AUE_CLOSE, evmod);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1151	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1152
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1153	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1154	* ROUTINE: AUDIT_SET
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1155	* PURPOSE: Audit the file path and file attributes.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1156	* CALLBY: SETF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1157	* NOTE: SETF associate a file pointer with user area's open files.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1158	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1159	* call audit_finish directly ???
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1160	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1161	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1162
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1163	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1164	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1165	audit_setf(file_t *fp, int fd)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1166	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1167	f_audit_data_t *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1168	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1169
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1170	if (fp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1171	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1172
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1173	tad = T2A(curthread);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1174	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1175
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1176	if (!(tad->tad_scid == SYS_open \|\| tad->tad_scid == SYS_creat \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1177	tad->tad_scid == SYS_open64 \|\| tad->tad_scid == SYS_creat64 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1178	tad->tad_scid == SYS_fsat))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1179	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1180
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1181	/* no path */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1182	if (tad->tad_aupath == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1183	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1184
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1185	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1186	* assign path information associated with file audit data
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1187	* use tad hold
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1188	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1189	fad->fad_aupath = tad->tad_aupath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1190	tad->tad_aupath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1191	tad->tad_vn = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1192
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1193	if (!(tad->tad_ctrl & PAD_TRUE_CREATE)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1194	/* adjust event type */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1195	switch (tad->tad_event) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1196	case AUE_OPEN_RC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1197	tad->tad_event = AUE_OPEN_R;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1198	tad->tad_ctrl \|= PAD_PUBLIC_EV;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1199	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1200	case AUE_OPEN_RTC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1201	tad->tad_event = AUE_OPEN_RT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1202	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1203	case AUE_OPEN_WC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1204	tad->tad_event = AUE_OPEN_W;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1205	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1206	case AUE_OPEN_WTC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1207	tad->tad_event = AUE_OPEN_WT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1208	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1209	case AUE_OPEN_RWC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1210	tad->tad_event = AUE_OPEN_RW;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1211	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1212	case AUE_OPEN_RWTC:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1213	tad->tad_event = AUE_OPEN_RWT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1214	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1215	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1216	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1217	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1218	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1219	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1220
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1221
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1222	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1223	* ROUTINE: AUDIT_COPEN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1224	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1225	* CALLBY: COPEN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1226	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1227	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1228	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1229	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1230	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1231	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1232	audit_copen(int fd, file_t fp, vnode_t vp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1233	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1234	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1235
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1236	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1237	audit_ipc(int type, int id, void *vp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1238	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1239	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1240	if (ad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1241	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1242
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1243	switch (type) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1244	case AT_IPC_MSG:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1245	au_uwrite(au_to_ipc(AT_IPC_MSG, id));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1246	au_uwrite(au_to_ipc_perm(&(((kmsqid_t *)vp)->msg_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1247	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1248	case AT_IPC_SEM:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1249	au_uwrite(au_to_ipc(AT_IPC_SEM, id));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1250	au_uwrite(au_to_ipc_perm(&(((ksemid_t *)vp)->sem_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1251	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1252	case AT_IPC_SHM:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1253	au_uwrite(au_to_ipc(AT_IPC_SHM, id));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1254	au_uwrite(au_to_ipc_perm(&(((kshmid_t *)vp)->shm_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1255	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1256	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1257	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1258
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1259	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1260	audit_ipcget(int type, void *vp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1261	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1262	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1263	if (ad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1264	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1265
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1266	switch (type) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1267	case NULL:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1268	au_uwrite(au_to_ipc_perm((struct kipc_perm *)vp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1269	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1270	case AT_IPC_MSG:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1271	au_uwrite(au_to_ipc_perm(&(((kmsqid_t *)vp)->msg_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1272	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1273	case AT_IPC_SEM:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1274	au_uwrite(au_to_ipc_perm(&(((ksemid_t *)vp)->sem_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1275	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1276	case AT_IPC_SHM:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1277	au_uwrite(au_to_ipc_perm(&(((kshmid_t *)vp)->shm_perm)));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1278	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1279	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1280	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1281
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1282	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1283	* ROUTINE: AUDIT_REBOOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1284	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1285	* CALLBY:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1286	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1287	* At this point we know that the system call reboot will not return. We thus
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1288	* have to complete the audit record generation and put it onto the queue.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1289	* This might be fairly useless if the auditing daemon is already dead....
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1290	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1291	* QUESTION: who calls audit_reboot
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1292	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1293
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1294	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1295	audit_reboot(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1296	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1297	int flag;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1298	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1299	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1300
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1301	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1302	zone_status_t zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1303	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1304	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1305	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1306
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1307	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1308
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1309	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1310	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1311	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1312
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1313	/* do preselection on success/failure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1314	if (flag = audit_success(kctx, tad, 0)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1315	/* add a process token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1316
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1317	cred_t *cr = CRED();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1318	const auditinfo_addr_t *ainfo = crgetauinfo(cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1319
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1320	if (ainfo == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1321	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1322
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1323	AUDIT_SETSUBJ(&(u_ad), cr, ainfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1324
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1325	/* add an optional group token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1326	AUDIT_SETGROUP(&(u_ad), cr, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1327
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1328	/* add a return token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1329	add_return_token((caddr_t *)&(u_ad), tad->tad_scid, 0, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1330
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1331	AS_INC(as_generated, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1332	AS_INC(as_kernel, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1333	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1334
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1335	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1336	* Flow control useless here since we're going
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1337	* to drop everything in the queue anyway. Why
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1338	* block and wait. There aint anyone left alive to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1339	* read the records remaining anyway.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1340	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1341
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1342	/* Close up everything */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1343	au_close(kctx, &(u_ad), flag \| AU_DONTBLOCK,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1344	tad->tad_event, tad->tad_evmod);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1345	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1346
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1347	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1348	audit_setfsat_path(int argnum)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1349	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1350	klwp_id_t clwp = ttolwp(curthread);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1351	struct file *fp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1352	uint32_t fd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1353	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1354	struct f_audit_data *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1355	p_audit_data_t pad; / current process */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1356
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1357	struct b {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1358	long arg1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1359	long arg2;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1360	long arg3;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1361	long arg4;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1362	long arg5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1363	} *uap1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1364
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1365	if (clwp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1366	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1367	uap1 = (struct b *)&clwp->lwp_ap[1];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1368
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1369	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1370
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1371	ASSERT(tad != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1372
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1373	if (tad->tad_scid != SYS_fsat)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1374	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1375
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1376	switch (argnum) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1377	case 1:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1378	fd = (uint32_t)uap1->arg1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1379	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1380	case 2:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1381	fd = (uint32_t)uap1->arg2;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1382	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1383	case 3:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1384	fd = (uint32_t)uap1->arg3;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1385	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1386	case 4:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1387	fd = (uint32_t)uap1->arg4;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1388	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1389	case 5:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1390	fd = (uint32_t)uap1->arg5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1391	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1392	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1393	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1394	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1395
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1396	if (tad->tad_atpath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1397	au_pathrele(tad->tad_atpath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1398	tad->tad_atpath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1399	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1400	if (fd != AT_FDCWD) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1401	if ((fp = getf(fd)) == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1402	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1403
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1404	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1405	ASSERT(fad);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1406	au_pathhold(fad->fad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1407	tad->tad_atpath = fad->fad_aupath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1408	releasef(fd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1409	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1410	pad = P2A(curproc);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1411	mutex_enter(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1412	au_pathhold(pad->pad_cwd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1413	tad->tad_atpath = pad->pad_cwd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1414	mutex_exit(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1415	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1416	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1417
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1418	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1419	audit_symlink_create(vnode_t dvp, char sname, char *target, int error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1420	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1421	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1422	vnode_t *vp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1423
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1424	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1425
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1426	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1427	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1428	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1429
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1430	au_uwrite(au_to_text(target));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1431
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1432	if (error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1433	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1434
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1435	error = VOP_LOOKUP(dvp, sname, &vp, NULL, NO_FOLLOW, NULL, CRED());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1436	if (error == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1437	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1438	VN_RELE(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1439	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1440	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1441
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1442	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1443	* ROUTINE: AUDIT_VNCREATE_START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1444	* PURPOSE: set flag so path name lookup in create will not add attribute
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1445	* CALLBY: VN_CREATE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1446	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1447	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1448	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1449	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1450
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1451	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1452	audit_vncreate_start()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1453	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1454	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1455
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1456	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1457	tad->tad_ctrl \|= PAD_NOATTRB;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1458	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1459
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1460	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1461	* ROUTINE: AUDIT_VNCREATE_FINISH
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1462	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1463	* CALLBY: VN_CREATE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1464	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1465	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1466	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1467	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1468	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1469	audit_vncreate_finish(struct vnode *vp, int error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1470	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1471	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1472
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1473	if (error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1474	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1475
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1476	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1477
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1478	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1479	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1480	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1481
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1482	if (tad->tad_ctrl & PAD_TRUE_CREATE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1483	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1484	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1485
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1486	if (tad->tad_ctrl & PAD_CORE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1487	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1488	tad->tad_ctrl &= ~PAD_CORE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1489	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1490
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1491	if (!error && ((tad->tad_event == AUE_MKNOD) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1492	(tad->tad_event == AUE_MKDIR))) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1493	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1494	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1495
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1496	/* for case where multiple lookups in one syscall (rename) */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1497	tad->tad_ctrl &= ~PAD_NOATTRB;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1498	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1499
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1500
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1501
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1502
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1503
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1504
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1505
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1506
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1507	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1508	* ROUTINE: AUDIT_EXEC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1509	* PURPOSE: Records the function arguments and environment variables
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1510	* CALLBY: EXEC_ARGS
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1511	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1512	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1513	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1514	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1515
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1516	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1517	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1518	audit_exec(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1519	const char argstr, / argument strings */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1520	const char envstr, / environment strings */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1521	ssize_t argc, /* total # arguments */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1522	ssize_t envc) /* total # environment variables */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1523	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1524	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1525	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1526
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1527	ASSERT(kctx != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1528
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1529	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1530
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1531	/* if not auditing this event, then do nothing */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1532	if (!tad->tad_flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1533	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1534
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1535	/* return if not interested in argv or environment variables */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1536	if (!(kctx->auk_policy & (AUDIT_ARGV\|AUDIT_ARGE)))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1537	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1538
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1539	if (kctx->auk_policy & AUDIT_ARGV) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1540	au_uwrite(au_to_exec_args(argstr, argc));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1541	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1542
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1543	if (kctx->auk_policy & AUDIT_ARGE) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1544	au_uwrite(au_to_exec_env(envstr, envc));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1545	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1546	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1547
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1548	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1549	* ROUTINE: AUDIT_ENTERPROM
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1550	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1551	* CALLBY: KBDINPUT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1552	* ZSA_XSINT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1553	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1554	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1555	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1556	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1557	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1558	audit_enterprom(int flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1559	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1560	token_t *rp = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1561	int sorf;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1562
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1563	if (flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1564	sorf = AUM_SUCC;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1565	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1566	sorf = AUM_FAIL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1567
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1568	AUDIT_ASYNC_START(rp, AUE_ENTERPROM, sorf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1569
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1570	au_write((caddr_t *)&(rp), au_to_text("kmdb"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1571
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1572	if (flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1573	au_write((caddr_t *)&(rp), au_to_return32(0, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1574	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1575	au_write((caddr_t *)&(rp), au_to_return32(ECANCELED, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1576
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1577	AUDIT_ASYNC_FINISH(rp, AUE_ENTERPROM, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1578	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1579
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1580
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1581	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1582	* ROUTINE: AUDIT_EXITPROM
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1583	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1584	* CALLBY: KBDINPUT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1585	* ZSA_XSINT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1586	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1587	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1588	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1589	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1590	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1591	audit_exitprom(int flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1592	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1593	int sorf;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1594	token_t *rp = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1595
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1596	if (flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1597	sorf = AUM_SUCC;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1598	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1599	sorf = AUM_FAIL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1600
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1601	AUDIT_ASYNC_START(rp, AUE_EXITPROM, sorf);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1602
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1603	au_write((caddr_t *)&(rp), au_to_text("kmdb"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1604
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1605	if (flg)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1606	au_write((caddr_t *)&(rp), au_to_return32(0, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1607	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1608	au_write((caddr_t *)&(rp), au_to_return32(ECANCELED, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1609
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1610	AUDIT_ASYNC_FINISH(rp, AUE_EXITPROM, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1611	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1612
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1613	struct fcntla {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1614	int fdes;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1615	int cmd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1616	intptr_t arg;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1617	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1618
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1619	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1620	* ROUTINE: AUDIT_C2_REVOKE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1621	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1622	* CALLBY: FCNTL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1623	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1624	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1625	* QUESTION: are we keeping this func
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1626	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1627
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1628	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1629	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1630	audit_c2_revoke(struct fcntla uap, rval_t rvp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1631	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1632	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1633	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1634
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1635
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1636	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1637	* ROUTINE: AUDIT_CHDIREC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1638	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1639	* CALLBY: CHDIREC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1640	* NOTE: The main function of CHDIREC
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1641	* TODO: Move the audit_chdirec hook above the VN_RELE in vncalls.c
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1642	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1643	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1644
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1645	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1646	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1647	audit_chdirec(vnode_t vp, vnode_t *vpp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1648	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1649	int chdir;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1650	int fchdir;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1651	struct audit_path **appp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1652	struct file *fp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1653	f_audit_data_t *fad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1654	p_audit_data_t *pad = P2A(curproc);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1655	t_audit_data_t *tad = T2A(curthread);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1656
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1657	struct a {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1658	long fd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1659	} uap = (struct a )ttolwp(curthread)->lwp_ap;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1660
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1661	if ((tad->tad_scid == SYS_chdir) \|\| (tad->tad_scid == SYS_chroot)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1662	chdir = tad->tad_scid == SYS_chdir;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1663	if (tad->tad_aupath) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1664	mutex_enter(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1665	if (chdir)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1666	appp = &(pad->pad_cwd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1667	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1668	appp = &(pad->pad_root);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1669	au_pathrele(*appp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1670	/* use tad hold */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1671	*appp = tad->tad_aupath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1672	tad->tad_aupath = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1673	mutex_exit(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1674	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1675	} else if ((tad->tad_scid == SYS_fchdir) \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1676	(tad->tad_scid == SYS_fchroot)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1677	fchdir = tad->tad_scid == SYS_fchdir;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1678	if ((fp = getf(uap->fd)) == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1679	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1680	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1681	if (fad->fad_aupath) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1682	au_pathhold(fad->fad_aupath);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1683	mutex_enter(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1684	if (fchdir)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1685	appp = &(pad->pad_cwd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1686	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1687	appp = &(pad->pad_root);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1688	au_pathrele(*appp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1689	*appp = fad->fad_aupath;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1690	mutex_exit(&pad->pad_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1691	if (tad->tad_flag) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1692	au_uwrite(au_to_path(fad->fad_aupath));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1693	audit_attributes(fp->f_vnode);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1694	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1695	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1696	releasef(uap->fd);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1697	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1698	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1699
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1700	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1701	* ROUTINE: AUDIT_GETF
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1702	* PURPOSE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1703	* CALLBY: GETF_INTERNAL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1704	* NOTE: The main function of GETF_INTERNAL is to associate a given
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1705	* file descriptor with a file structure and increment the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1706	* file pointer reference count.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1707	* TODO: remove pass in of fpp.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1708	* increment a reference count so that even if a thread with same process delete
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1709	* the same object, it will not panic our system
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1710	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1711	* where to decrement the f_count?????????????????
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1712	* seems like I need to set a flag if f_count incrmented through audit_getf
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1713	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1714
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1715	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1716	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1717	audit_getf(int fd)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1718	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1719	#ifdef NOTYET
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1720	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1721
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1722	tad = T2A(curthread);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1723
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1724	if (!(tad->tad_scid == SYS_open \|\| tad->tad_scid == SYS_creat))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1725	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1726	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1727	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1728	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1729
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1730	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1731	* Audit hook for stream based socket and tli request.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1732	* Note that we do not have user context while executing
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1733	* this code so we had to record them earlier during the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1734	* putmsg/getmsg to figure out which user we are dealing with.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1735	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1736
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1737	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1738	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1739	audit_sock(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1740	int type, /* type of tihdr.h header requests */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1741	queue_t q, / contains the process and thread audit data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1742	mblk_t mp, / contains the tihdr.h header structures */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1743	int from) /* timod or sockmod request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1744	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1745	int32_t len;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1746	int32_t offset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1747	struct sockaddr_in *sock_data;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1748	struct T_conn_req *conn_req;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1749	struct T_conn_ind *conn_ind;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1750	struct T_unitdata_req *unitdata_req;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1751	struct T_unitdata_ind *unitdata_ind;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1752	au_state_t estate;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1753	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1754	caddr_t saved_thread_ptr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1755	au_mask_t amask;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1756	const auditinfo_addr_t *ainfo;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1757	au_kcontext_t *kctx;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1758	zone_status_t zstate;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1759
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1760	if (q->q_stream == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1761	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1762	mutex_enter(&q->q_stream->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1763	/* are we being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1764	saved_thread_ptr = q->q_stream->sd_t_audit_data;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1765	/* no pointer to thread, nothing to do */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1766	if (saved_thread_ptr == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1767	mutex_exit(&q->q_stream->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1768	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1769	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1770	/* only allow one addition of a record token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1771	q->q_stream->sd_t_audit_data = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1772	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1773	* thread is not the one being audited, then nothing to do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1774	* This could be the stream thread handling the module
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1775	* service routine. In this case, the context for the audit
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1776	* record can no longer be assumed. Simplest to just drop
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1777	* the operation.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1778	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1779	if (curthread != (kthread_id_t)saved_thread_ptr) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1780	mutex_exit(&q->q_stream->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1781	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1782	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1783	if (curthread->t_sysnum >= SYS_so_socket &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1784	curthread->t_sysnum <= SYS_sockconfig) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1785	mutex_exit(&q->q_stream->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1786	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1787	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1788	mutex_exit(&q->q_stream->sd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1789	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1790	* we know that the thread that did the put/getmsg is the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1791	* one running. Now we can get the TAD and see if we should
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1792	* add an audit token.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1793	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1794	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1795
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1796	kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1797	if (kctx == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1798	zstate = zone_status_get(curproc->p_zone);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1799	ASSERT(zstate != ZONE_IS_READY);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1800	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1801	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1802
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1803	/* proceed ONLY if user is being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1804	if (!tad->tad_flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1805	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1806
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1807	ainfo = crgetauinfo(CRED());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1808	if (ainfo == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1809	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1810	amask = ainfo->ai_mask;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1811
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1812	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1813	* Figure out the type of stream networking request here.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1814	* Note that getmsg and putmsg are always preselected
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1815	* because during the beginning of the system call we have
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1816	* not yet figure out which of the socket or tli request
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1817	* we are looking at until we are here. So we need to check
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1818	* against that specific request and reset the type of event.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1819	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1820	switch (type) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1821	case T_CONN_REQ: /* connection request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1822	conn_req = (struct T_conn_req *)mp->b_rptr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1823	if (conn_req->DEST_offset < sizeof (struct T_conn_req))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1824	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1825	offset = conn_req->DEST_offset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1826	len = conn_req->DEST_length;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1827	estate = kctx->auk_ets[AUE_SOCKCONNECT];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1828	if (amask.as_success & estate \|\| amask.as_failure & estate) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1829	tad->tad_event = AUE_SOCKCONNECT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1830	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1831	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1832	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1833	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1834	case T_CONN_IND: /* connectionless receive request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1835	conn_ind = (struct T_conn_ind *)mp->b_rptr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1836	if (conn_ind->SRC_offset < sizeof (struct T_conn_ind))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1837	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1838	offset = conn_ind->SRC_offset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1839	len = conn_ind->SRC_length;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1840	estate = kctx->auk_ets[AUE_SOCKACCEPT];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1841	if (amask.as_success & estate \|\| amask.as_failure & estate) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1842	tad->tad_event = AUE_SOCKACCEPT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1843	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1844	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1845	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1846	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1847	case T_UNITDATA_REQ: /* connectionless send request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1848	unitdata_req = (struct T_unitdata_req *)mp->b_rptr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1849	if (unitdata_req->DEST_offset < sizeof (struct T_unitdata_req))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1850	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1851	offset = unitdata_req->DEST_offset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1852	len = unitdata_req->DEST_length;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1853	estate = kctx->auk_ets[AUE_SOCKSEND];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1854	if (amask.as_success & estate \|\| amask.as_failure & estate) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1855	tad->tad_event = AUE_SOCKSEND;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1856	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1857	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1858	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1859	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1860	case T_UNITDATA_IND: /* connectionless receive request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1861	unitdata_ind = (struct T_unitdata_ind *)mp->b_rptr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1862	if (unitdata_ind->SRC_offset < sizeof (struct T_unitdata_ind))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1863	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1864	offset = unitdata_ind->SRC_offset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1865	len = unitdata_ind->SRC_length;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1866	estate = kctx->auk_ets[AUE_SOCKRECEIVE];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1867	if (amask.as_success & estate \|\| amask.as_failure & estate) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1868	tad->tad_event = AUE_SOCKRECEIVE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1869	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1870	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1871	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1872	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1873	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1874	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1875	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1876
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1877	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1878	* we are only interested in tcp stream connections,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1879	* not unix domain stuff
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1880	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1881	if ((len < 0) \|\| (len > sizeof (struct sockaddr_in))) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1882	tad->tad_event = AUE_GETMSG;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1883	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1884	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1885	/* skip over TPI header and point to the ip address */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1886	sock_data = (struct sockaddr_in )((char )mp->b_rptr + offset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1887
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1888	switch (sock_data->sin_family) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1889	case AF_INET:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1890	au_write(&(tad->tad_ad), au_to_sock_inet(sock_data));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1891	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1892	default: /* reset to AUE_PUTMSG if not a inet request */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1893	tad->tad_event = AUE_GETMSG;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1894	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1895	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1896	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1897
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1898	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1899	audit_lookupname()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1900	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1901	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1902
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1903	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1904	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1905	audit_pathcomp(struct pathname pnp, vnode_t cvp, cred_t *cr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1906	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1907	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1908	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1909
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1910	static void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1911	add_return_token(caddr_t *ad, unsigned int scid, int err, int rval)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1912	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1913	unsigned int sy_flags;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1914
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1915	#ifdef _SYSCALL32_IMPL
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1916	if (lwp_getdatamodel(
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1917	ttolwp(curthread)) == DATAMODEL_NATIVE)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1918	sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1919	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1920	sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1921	#else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1922	sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1923	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1924
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1925	if (sy_flags == SE_64RVAL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1926	au_write(ad, au_to_return64(err, rval));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1927	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1928	au_write(ad, au_to_return32(err, rval));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1929
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1930	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1931
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1932	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1933	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1934	audit_fdsend(fd, fp, error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1935	int fd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1936	struct file *fp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1937	int error; /* ignore for now */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1938	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1939	t_audit_data_t tad; / current thread */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1940	f_audit_data_t fad; / per file audit structure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1941	struct vnode vp; / for file attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1942
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1943	/* is this system call being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1944	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1945	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1946	if (!tad->tad_flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1947	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1948
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1949	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1950
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1951	/* add path and file attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1952	if (fad != NULL && fad->fad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1953	au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1954	au_uwrite(au_to_path(fad->fad_aupath));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1955	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1956	au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1957	#ifdef _LP64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1958	au_uwrite(au_to_arg64(0, "no path", (uint64_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1959	#else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1960	au_uwrite(au_to_arg32(0, "no path", (uint32_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1961	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1962	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1963	vp = fp->f_vnode; /* include vnode attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1964	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1965	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1966
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1967	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1968	* Record privileges sucessfully used and we attempted to use but
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1969	* didn't have.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1970	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1971	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1972	audit_priv(int priv, const priv_set_t *set, int flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1973	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1974	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1975	int sbit;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1976	priv_set_t *target;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1977
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1978	/* Make sure this isn't being called in an interrupt context */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1979	ASSERT(servicing_interrupt() == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1980
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1981	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1982
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1983	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1984	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1985
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1986	target = flag ? &tad->tad_sprivs : &tad->tad_fprivs;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1987	sbit = flag ? PAD_SPRIVUSE : PAD_FPRIVUSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1988
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1989	/* Tell audit_success() and audit_finish() that we saw this case */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1990	if (!(tad->tad_evmod & sbit)) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1991	/* Clear set first time around */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1992	priv_emptyset(target);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1993	tad->tad_evmod \|= sbit;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1994	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1995
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1996	/* Save the privileges in the tad */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1997	if (priv == PRIV_ALL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1998	priv_fillset(target);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1999	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2000	ASSERT(set != NULL \|\| priv != PRIV_NONE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2001	if (set != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2002	priv_union(set, target);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2003	if (priv != PRIV_NONE)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2004	priv_addset(target, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2005	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2006	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2007
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2008	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2009	* Audit the setpriv() system call; the operation, the set name and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2010	* the current value as well as the set argument are put in the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2011	* audit trail.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2012	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2013	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2014	audit_setppriv(int op, int set, const priv_set_t newpriv, const cred_t ocr)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2015	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2016	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2017	const priv_set_t *oldpriv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2018	priv_set_t report;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2019	const char *setname;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2020
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2021	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2022
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2023	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2024	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2025
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2026	oldpriv = priv_getset(ocr, set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2027
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2028	/* Generate the actual record, include the before and after */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2029	au_uwrite(au_to_arg32(2, "op", op));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2030	setname = priv_getsetbynum(set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2031
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2032	switch (op) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2033	case PRIV_OFF:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2034	/* Report privileges actually switched off */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2035	report = *oldpriv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2036	priv_intersect(newpriv, &report);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2037	au_uwrite(au_to_privset(setname, &report, AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2038	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2039	case PRIV_ON:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2040	/* Report privileges actually switched on */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2041	report = *oldpriv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2042	priv_inverse(&report);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2043	priv_intersect(newpriv, &report);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2044	au_uwrite(au_to_privset(setname, &report, AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2045	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2046	case PRIV_SET:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2047	/* Report before and after */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2048	au_uwrite(au_to_privset(setname, oldpriv, AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2049	au_uwrite(au_to_privset(setname, newpriv, AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2050	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2051	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2052	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2053
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2054	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2055	* Dump the full device policy setting in the audit trail.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2056	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2057	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2058	audit_devpolicy(int nitems, const devplcysys_t *items)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2059	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2060	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2061	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2062
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2063	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2064
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2065	if (tad->tad_flag == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2066	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2067
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2068	for (i = 0; i < nitems; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2069	au_uwrite(au_to_arg32(2, "major", items[i].dps_maj));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2070	if (items[i].dps_minornm[0] == '\0') {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2071	au_uwrite(au_to_arg32(2, "lomin", items[i].dps_lomin));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2072	au_uwrite(au_to_arg32(2, "himin", items[i].dps_himin));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2073	} else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2074	au_uwrite(au_to_text(items[i].dps_minornm));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2075
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2076	au_uwrite(au_to_privset("read", &items[i].dps_rdp,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2077	AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2078	au_uwrite(au_to_privset("write", &items[i].dps_wrp,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2079	AUT_PRIV, 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2080	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2081	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2082
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2083	/ARGSUSED/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2084	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2085	audit_fdrecv(fd, fp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2086	int fd;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2087	struct file *fp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2088	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2089	t_audit_data_t tad; / current thread */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2090	f_audit_data_t fad; / per file audit structure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2091	struct vnode vp; / for file attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2092
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2093	/* is this system call being audited */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2094	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2095	ASSERT(tad != (t_audit_data_t *)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2096	if (!tad->tad_flag)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2097	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2098
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2099	fad = F2A(fp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2100
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2101	/* add path and file attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2102	if (fad != NULL && fad->fad_aupath != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2103	au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2104	au_uwrite(au_to_path(fad->fad_aupath));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2105	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2106	au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2107	#ifdef _LP64
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2108	au_uwrite(au_to_arg64(0, "no path", (uint64_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2109	#else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2110	au_uwrite(au_to_arg32(0, "no path", (uint32_t)fp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2111	#endif
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2112	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2113	vp = fp->f_vnode; /* include vnode attributes */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2114	audit_attributes(vp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2115	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2116
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2117	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2118	* ROUTINE: AUDIT_CRYPTOADM
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2119	* PURPOSE: Records arguments to administrative ioctls on /dev/cryptoadm
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2120	* CALLBY: CRYPTO_LOAD_DEV_DISABLED, CRYPTO_LOAD_SOFT_DISABLED,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2121	* CRYPTO_UNLOAD_SOFT_MODULE, CRYPTO_LOAD_SOFT_CONFIG,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2122	* CRYPTO_POOL_CREATE, CRYPTO_POOL_WAIT, CRYPTO_POOL_RUN,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2123	* CRYPTO_LOAD_DOOR
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2124	* NOTE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2125	* TODO:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2126	* QUESTION:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2127	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2128
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2129	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2130	audit_cryptoadm(int cmd, char module_name, crypto_mech_name_t mech_names,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2131	uint_t mech_count, uint_t device_instance, uint32_t rv, int error)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2132	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2133	boolean_t mech_list_required = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2134	cred_t *cr = CRED();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2135	t_audit_data_t *tad;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2136	token_t *ad = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2137	const auditinfo_addr_t *ainfo = crgetauinfo(cr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2138	char buffer[MAXNAMELEN * 2];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2139	au_kcontext_t *kctx = SET_KCTX_PZ;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2140
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2141	ASSERT(kctx != NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2142
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2143	tad = U2A(u);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2144	if (tad == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2145	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2146
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2147	if (ainfo == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2148	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2149
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2150	tad->tad_event = AUE_CRYPTOADM;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2151
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2152	if (audit_success(kctx, tad, error) != AU_OK)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2153	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2154
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2155	/* Add a subject token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2156	AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2157
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2158	/* add an optional group token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2159	AUDIT_SETGROUP((caddr_t *)&(ad), cr, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2160
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2161	switch (cmd) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2162	case CRYPTO_LOAD_DEV_DISABLED:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2163	if (error == 0 && rv == CRYPTO_SUCCESS) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2164	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2165	"op=CRYPTO_LOAD_DEV_DISABLED, module=%s,"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2166	" dev_instance=%d",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2167	module_name, device_instance);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2168	mech_list_required = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2169	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2170	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2171	"op=CRYPTO_LOAD_DEV_DISABLED, return_val=%d", rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2172	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2173	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2174
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2175	case CRYPTO_LOAD_SOFT_DISABLED:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2176	if (error == 0 && rv == CRYPTO_SUCCESS) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2177	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2178	"op=CRYPTO_LOAD_SOFT_DISABLED, module=%s",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2179	module_name);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2180	mech_list_required = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2181	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2182	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2183	"op=CRYPTO_LOAD_SOFT_DISABLED, return_val=%d", rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2184	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2185	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2186
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2187	case CRYPTO_UNLOAD_SOFT_MODULE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2188	if (error == 0 && rv == CRYPTO_SUCCESS) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2189	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2190	"op=CRYPTO_UNLOAD_SOFT_MODULE, module=%s",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2191	module_name);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2192	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2193	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2194	"op=CRYPTO_UNLOAD_SOFT_MODULE, return_val=%d", rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2195	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2196	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2197
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2198	case CRYPTO_LOAD_SOFT_CONFIG:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2199	if (error == 0 && rv == CRYPTO_SUCCESS) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2200	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2201	"op=CRYPTO_LOAD_SOFT_CONFIG, module=%s",
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2202	module_name);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2203	mech_list_required = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2204	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2205	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2206	"op=CRYPTO_LOAD_SOFT_CONFIG, return_val=%d", rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2207	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2208	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2209
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2210	case CRYPTO_POOL_CREATE:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2211	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2212	"op=CRYPTO_POOL_CREATE");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2213	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2214
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2215	case CRYPTO_POOL_WAIT:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2216	(void) snprintf(buffer, sizeof (buffer), "op=CRYPTO_POOL_WAIT");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2217	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2218
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2219	case CRYPTO_POOL_RUN:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2220	(void) snprintf(buffer, sizeof (buffer), "op=CRYPTO_POOL_RUN");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2221	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2222
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2223	case CRYPTO_LOAD_DOOR:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2224	if (error == 0 && rv == CRYPTO_SUCCESS)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2225	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2226	"op=CRYPTO_LOAD_DOOR");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2227	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2228	(void) snprintf(buffer, sizeof (buffer),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2229	"op=CRYPTO_LOAD_DOOR, return_val=%d", rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2230	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2231
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2232	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2233	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2234	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2235
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2236	au_write((caddr_t *)&ad, au_to_text(buffer));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2237
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2238	if (mech_list_required) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2239	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2240
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2241	if (mech_count == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2242	au_write((caddr_t *)&ad, au_to_text("mech=list empty"));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2243	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2244	char *pb = buffer;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2245	size_t l = sizeof (buffer);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2246	size_t n;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2247	char space[2] = ":";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2248
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2249	n = snprintf(pb, l, "mech=");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2250
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2251	for (i = 0; i < mech_count; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2252	pb += n;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2253	l -= n;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2254	if (l < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2255	l = 0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2256
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2257	if (i == mech_count - 1)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2258	(void) strcpy(space, "");
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2259
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2260	n = snprintf(pb, l, "%s%s", mech_names[i],
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2261	space);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2262	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2263	au_write((caddr_t *)&ad, au_to_text(buffer));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2264	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2265	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2266
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2267	/* add a return token */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2268	if (error \|\| (rv != CRYPTO_SUCCESS))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2269	add_return_token((caddr_t *)&ad, tad->tad_scid, -1, error);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2270	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2271	add_return_token((caddr_t *)&ad, tad->tad_scid, 0, rv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2272
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2273	AS_INC(as_generated, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2274	AS_INC(as_kernel, 1, kctx);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2275
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2276	au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CRYPTOADM, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2277	}
898 64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2278
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2279	/*
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2280	* Audit the kernel SSL administration command. The address and the
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2281	* port number for the SSL instance, and the proxy port are put in the
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2282	* audit trail.
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2283	*/
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2284	void
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2285	audit_kssl(int cmd, void *params, int error)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2286	{
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2287	cred_t *cr = CRED();
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2288	t_audit_data_t *tad;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2289	token_t *ad = NULL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2290	const auditinfo_addr_t *ainfo = crgetauinfo(cr);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2291	au_kcontext_t *kctx = SET_KCTX_PZ;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2292
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2293	ASSERT(kctx != NULL);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2294	tad = U2A(u);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2295
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2296	if (ainfo == NULL)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2297	return;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2298
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2299	tad->tad_event = AUE_CONFIGKSSL;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2300
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2301	if (audit_success(kctx, tad, error) != AU_OK)
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2302	return;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2303
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2304	/* Add a subject token */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2305	AUDIT_SETSUBJ((caddr_t *)&ad, cr, ainfo);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2306
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2307	/* add an optional group token */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2308	AUDIT_SETGROUP((caddr_t *)&ad, cr, kctx);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2309
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2310	switch (cmd) {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2311	case KSSL_ADD_ENTRY: {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2312	char buf[32];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2313	kssl_params_t kp = (kssl_params_t )params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2314	struct sockaddr_in *saddr = &(kp->kssl_addr);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2315
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2316	au_write((caddr_t *)&ad, au_to_text("op=KSSL_ADD_ENTRY"));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2317	au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr)));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2318	(void) snprintf(buf, sizeof (buf), "SSL port=%d",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2319	saddr->sin_port);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2320	au_write((caddr_t *)&ad, au_to_text(buf));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2321
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2322	(void) snprintf(buf, sizeof (buf), "proxy port=%d",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2323	kp->kssl_proxy_port);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2324	au_write((caddr_t *)&ad, au_to_text(buf));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2325	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2326	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2327
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2328	case KSSL_DELETE_ENTRY: {
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2329	char buf[32];
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2330	struct sockaddr_in saddr = (struct sockaddr_in )params;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2331
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2332	au_write((caddr_t *)&ad, au_to_text("op=KSSL_DELETE_ENTRY"));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2333	au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr)));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2334	(void) snprintf(buf, sizeof (buf), "SSL port=%d",
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2335	saddr->sin_port);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2336	au_write((caddr_t *)&ad, au_to_text(buf));
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2337	break;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2338	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2339
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2340	default:
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2341	return;
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2342	}
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2343
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2344	/* add a return token */
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2345	add_return_token((caddr_t *)&ad, tad->tad_scid, error, 0);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2346
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2347	AS_INC(as_generated, 1, kctx);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2348	AS_INC(as_kernel, 1, kctx);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2349
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2350	au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CONFIGKSSL, 0);
64b2a371a6bd PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy kais parents: 0 diff changeset	2351	}

author	kais
	Sat, 12 Nov 2005 18:58:05 -0800
changeset 898	64b2a371a6bd
parent 0	68f95e015346
child 1676	37f4a3e2bd99
permissions	-rw-r--r--