58 #include <sys/timod.h> |
57 #include <sys/timod.h> |
59 #include <sys/model.h> /* for model_t */ |
58 #include <sys/model.h> /* for model_t */ |
60 #include <sys/disp.h> /* for servicing_interrupt() */ |
59 #include <sys/disp.h> /* for servicing_interrupt() */ |
61 #include <sys/devpolicy.h> |
60 #include <sys/devpolicy.h> |
62 #include <sys/crypto/ioctladmin.h> |
61 #include <sys/crypto/ioctladmin.h> |
63 #include <sys/cred.h> |
62 #include <sys/cred_impl.h> |
64 #include <inet/kssl/kssl.h> |
63 #include <inet/kssl/kssl.h> |
65 #include <net/pfpolicy.h> |
64 #include <net/pfpolicy.h> |
66 |
65 |
67 static void add_return_token(caddr_t *, unsigned int scid, int err, int rval); |
66 static void add_return_token(caddr_t *, unsigned int scid, int err, int rval); |
68 |
67 |
1230 * NOTE: |
1229 * NOTE: |
1231 * TODO: |
1230 * TODO: |
1232 * QUESTION: |
1231 * QUESTION: |
1233 */ |
1232 */ |
1234 |
1233 |
1235 /*ARGSUSED*/ |
|
1236 void |
1234 void |
1237 audit_exec( |
1235 audit_exec( |
1238 const char *argstr, /* argument strings */ |
1236 const char *argstr, /* argument strings */ |
1239 const char *envstr, /* environment strings */ |
1237 const char *envstr, /* environment strings */ |
1240 ssize_t argc, /* total # arguments */ |
1238 ssize_t argc, /* total # arguments */ |
1241 ssize_t envc) /* total # environment variables */ |
1239 ssize_t envc, /* total # environment variables */ |
|
1240 cred_t *pfcred) /* the additional privileges in a profile */ |
1242 { |
1241 { |
1243 t_audit_data_t *tad; |
1242 t_audit_data_t *tad; |
1244 au_kcontext_t *kctx = GET_KCTX_PZ; |
1243 au_kcontext_t *kctx = GET_KCTX_PZ; |
1245 |
1244 |
1246 tad = U2A(u); |
1245 tad = U2A(u); |
1247 |
1246 |
1248 /* if not auditing this event, then do nothing */ |
1247 /* if not auditing this event, then do nothing */ |
1249 if (!tad->tad_flag) |
1248 if (!tad->tad_flag) |
1250 return; |
1249 return; |
1251 |
1250 |
1252 /* return if not interested in argv or environment variables */ |
1251 if (pfcred != NULL) { |
1253 if (!(kctx->auk_policy & (AUDIT_ARGV|AUDIT_ARGE))) |
1252 p_audit_data_t *pad; |
1254 return; |
1253 cred_t *cr = CRED(); |
1255 |
1254 priv_set_t pset = CR_IPRIV(cr); |
1256 if (kctx->auk_policy & AUDIT_ARGV) { |
1255 |
|
1256 pad = P2A(curproc); |
|
1257 |
|
1258 /* It's a different event. */ |
|
1259 tad->tad_event = AUE_PFEXEC; |
|
1260 |
|
1261 /* Add the current working directory to the audit trail. */ |
|
1262 if (pad->pad_cwd != NULL) |
|
1263 au_uwrite(au_to_path(pad->pad_cwd)); |
|
1264 |
|
1265 /* |
|
1266 * The new credential is not yet in place when audit_exec |
|
1267 * is called. |
|
1268 * Compute the additional bits available in the new credential |
|
1269 * and the limit set. |
|
1270 */ |
|
1271 priv_inverse(&pset); |
|
1272 priv_intersect(&CR_IPRIV(pfcred), &pset); |
|
1273 if (!priv_isemptyset(&pset) || |
|
1274 !priv_isequalset(&CR_LPRIV(pfcred), &CR_LPRIV(cr))) { |
|
1275 au_uwrite(au_to_privset( |
|
1276 priv_getsetbynum(PRIV_INHERITABLE), &pset, AUT_PRIV, |
|
1277 0)); |
|
1278 au_uwrite(au_to_privset(priv_getsetbynum(PRIV_LIMIT), |
|
1279 &CR_LPRIV(pfcred), AUT_PRIV, 0)); |
|
1280 } |
|
1281 /* |
|
1282 * Compare the uids & gids: create a process token if changed. |
|
1283 */ |
|
1284 if (crgetuid(cr) != crgetuid(pfcred) || |
|
1285 crgetruid(cr) != crgetruid(pfcred) || |
|
1286 crgetgid(cr) != crgetgid(pfcred) || |
|
1287 crgetrgid(cr) != crgetrgid(pfcred)) { |
|
1288 AUDIT_SETPROC(&(u_ad), cr, crgetauinfo(cr)); |
|
1289 } |
|
1290 } |
|
1291 |
|
1292 if (pfcred != NULL || (kctx->auk_policy & AUDIT_ARGV) != 0) |
1257 au_uwrite(au_to_exec_args(argstr, argc)); |
1293 au_uwrite(au_to_exec_args(argstr, argc)); |
1258 } |
1294 |
1259 |
1295 if (kctx->auk_policy & AUDIT_ARGE) |
1260 if (kctx->auk_policy & AUDIT_ARGE) { |
|
1261 au_uwrite(au_to_exec_env(envstr, envc)); |
1296 au_uwrite(au_to_exec_env(envstr, envc)); |
1262 } |
|
1263 } |
1297 } |
1264 |
1298 |
1265 /* |
1299 /* |
1266 * ROUTINE: AUDIT_ENTERPROM |
1300 * ROUTINE: AUDIT_ENTERPROM |
1267 * PURPOSE: |
1301 * PURPOSE: |