PSARC 2009/377 In-kernel pfexec implementation.
PSARC 2009/378 Basic File Privileges
PSARC 2010/072 RBAC update: user attrs from profiles
4912090 pfzsh(1) should exist
4912093 pfbash(1) should exist
4912096 pftcsh(1) should exist
6440298 Expand the basic privilege set in order to restrict file access
6859862 Move pfexec into the kernel
6919171 cred_t sidesteps kmem_debug; we need to be able to detect bad hold/free when they occur
6923721 The new SYS_SMB privilege is not backward compatible
6937562 autofs doesn't remove its door when the zone shuts down
6937727 Zones stuck on deathrow; netstack_zone keeps a credential reference to the zone
6940159 Implement PSARC 2010/072
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <sys/systm.h>
#include <sys/errno.h>
#include <sys/policy.h>
#include <c2/audit.h>
#include <c2/audit_kernel.h>
#include <c2/audit_record.h>
#define CLEAR_VAL -1
extern kmutex_t pidlock;
uint32_t audit_policy; /* global audit policies in force */
/*ARGSUSED1*/
int
auditsys(struct auditcalls *uap, rval_t *rvp)
{
int err;
int result = 0;
if (audit_active == C2AUDIT_DISABLED)
return (ENOTSUP);
switch (uap->code) {
case BSM_GETAUID:
result = getauid((caddr_t)uap->a1);
break;
case BSM_SETAUID:
result = setauid((caddr_t)uap->a1);
break;
case BSM_GETAUDIT:
result = getaudit((caddr_t)uap->a1);
break;
case BSM_GETAUDIT_ADDR:
result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_SETAUDIT:
result = setaudit((caddr_t)uap->a1);
break;
case BSM_SETAUDIT_ADDR:
result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITCTL:
result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3);
break;
case BSM_AUDIT:
if (audit_active == C2AUDIT_UNLOADED)
return (0);
result = audit((caddr_t)uap->a1, (int)uap->a2);
break;
case BSM_AUDITDOOR:
if (audit_active == C2AUDIT_LOADED) {
result = auditdoor((int)uap->a1);
break;
}
default:
if (audit_active == C2AUDIT_LOADED) {
result = EINVAL;
break;
}
/* Return a different error when not privileged */
err = secpolicy_audit_config(CRED());
if (err == 0)
return (EINVAL);
else
return (err);
}
rvp->r_vals = result;
return (result);
}
/*
* Return the audit user ID for the current process. Currently only
* the privileged processes may see the audit id. That may change.
* If copyout is unsucessful return EFAULT.
*/
int
getauid(caddr_t auid_p)
{
const auditinfo_addr_t *ainfo;
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
if (copyout(&ainfo->ai_auid, auid_p, sizeof (au_id_t)))
return (EFAULT);
return (0);
}
/*
* Set the audit userid, for a process. This can only be changed by
* privileged processes. The audit userid is inherited across forks & execs.
* Passed in is a pointer to the au_id_t; if copyin unsuccessful return EFAULT.
*/
int
setauid(caddr_t auid_p)
{
proc_t *p;
au_id_t auid;
cred_t *newcred;
auditinfo_addr_t *auinfo;
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
if (copyin(auid_p, &auid, sizeof (au_id_t))) {
return (EFAULT);
}
newcred = cralloc();
if ((auinfo = crgetauinfo_modifiable(newcred)) == NULL) {
crfree(newcred);
return (EINVAL);
}
/* grab p_crlock and switch to new cred */
p = curproc;
mutex_enter(&p->p_crlock);
crcopy_to(p->p_cred, newcred);
p->p_cred = newcred;
auinfo->ai_auid = auid; /* update the auid */
/* unlock and broadcast the cred changes */
mutex_exit(&p->p_crlock);
crset(p, newcred);
return (0);
}
/*
* Get the audit state information from the current process.
* Return EFAULT if copyout fails.
*/
int
getaudit(caddr_t info_p)
{
STRUCT_DECL(auditinfo, info);
const auditinfo_addr_t *ainfo;
model_t model;
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
/* trying to read a process with an IPv6 address? */
if (ainfo->ai_termid.at_type == AU_IPv6)
return (EOVERFLOW);
STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
return (EOVERFLOW);
}
STRUCT_FSET(info, ai_termid.port, dev);
} else
STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
#else
STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(info, ai_termid.machine, ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
return (EFAULT);
return (0);
}
/*
* Get the audit state information from the current process.
* Return EFAULT if copyout fails.
*/
int
getaudit_addr(caddr_t info_p, int len)
{
STRUCT_DECL(auditinfo_addr, info);
const auditinfo_addr_t *ainfo;
model_t model;
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
if (len < STRUCT_SIZE(info))
return (EOVERFLOW);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
return (EOVERFLOW);
}
STRUCT_FSET(info, ai_termid.at_port, dev);
} else
STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
#else
STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(info, ai_termid.at_type, ainfo->ai_termid.at_type);
STRUCT_FSET(info, ai_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(info, ai_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
STRUCT_FSET(info, ai_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
STRUCT_FSET(info, ai_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
return (EFAULT);
return (0);
}
/*
* Set the audit state information for the current process.
* Return EFAULT if copyout fails.
*/
int
setaudit(caddr_t info_p)
{
STRUCT_DECL(auditinfo, info);
proc_t *p;
cred_t *newcred;
model_t model;
auditinfo_addr_t *ainfo;
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
return (EFAULT);
newcred = cralloc();
if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
crfree(newcred);
return (EINVAL);
}
/* grab p_crlock and switch to new cred */
p = curproc;
mutex_enter(&p->p_crlock);
crcopy_to(p->p_cred, newcred);
p->p_cred = newcred;
/* Set audit mask, id, termid and session id as specified */
ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
#ifdef _LP64
/* only convert to 64 bit if coming from a 32 bit binary */
if (model == DATAMODEL_ILP32)
ainfo->ai_termid.at_port =
DEVEXPL(STRUCT_FGET(info, ai_termid.port));
else
ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
#else
ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port);
#endif
ainfo->ai_termid.at_type = AU_IPv4;
ainfo->ai_termid.at_addr[0] = STRUCT_FGET(info, ai_termid.machine);
ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
/* unlock and broadcast the cred changes */
mutex_exit(&p->p_crlock);
crset(p, newcred);
return (0);
}
/*
* Set the audit state information for the current process.
* Return EFAULT if copyin fails.
*/
int
setaudit_addr(caddr_t info_p, int len)
{
STRUCT_DECL(auditinfo_addr, info);
proc_t *p;
cred_t *newcred;
model_t model;
int i;
int type;
auditinfo_addr_t *ainfo;
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
if (len < STRUCT_SIZE(info))
return (EOVERFLOW);
if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
return (EFAULT);
type = STRUCT_FGET(info, ai_termid.at_type);
if ((type != AU_IPv4) && (type != AU_IPv6))
return (EINVAL);
newcred = cralloc();
if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
crfree(newcred);
return (EINVAL);
}
/* grab p_crlock and switch to new cred */
p = curproc;
mutex_enter(&p->p_crlock);
crcopy_to(p->p_cred, newcred);
p->p_cred = newcred;
/* Set audit mask, id, termid and session id as specified */
ainfo->ai_auid = STRUCT_FGET(info, ai_auid);
ainfo->ai_mask = STRUCT_FGET(info, ai_mask);
#ifdef _LP64
/* only convert to 64 bit if coming from a 32 bit binary */
if (model == DATAMODEL_ILP32)
ainfo->ai_termid.at_port =
DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
else
ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
#else
ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
#endif
ainfo->ai_termid.at_type = type;
bzero(&ainfo->ai_termid.at_addr[0], sizeof (ainfo->ai_termid.at_addr));
for (i = 0; i < (type/sizeof (int)); i++)
ainfo->ai_termid.at_addr[i] =
STRUCT_FGET(info, ai_termid.at_addr[i]);
if (ainfo->ai_termid.at_type == AU_IPv6 &&
IN6_IS_ADDR_V4MAPPED(((in6_addr_t *)ainfo->ai_termid.at_addr))) {
ainfo->ai_termid.at_type = AU_IPv4;
ainfo->ai_termid.at_addr[0] = ainfo->ai_termid.at_addr[3];
ainfo->ai_termid.at_addr[1] = 0;
ainfo->ai_termid.at_addr[2] = 0;
ainfo->ai_termid.at_addr[3] = 0;
}
ainfo->ai_asid = STRUCT_FGET(info, ai_asid);
/* unlock and broadcast the cred changes */
mutex_exit(&p->p_crlock);
crset(p, newcred);
return (0);
}
/*
* Get the global policy flag
*/
static int
getpolicy(caddr_t data)
{
uint32_t policy;
au_kcontext_t *kctx = GET_KCTX_PZ;
policy = audit_policy | kctx->auk_policy;
if (copyout(&policy, data, sizeof (policy)))
return (EFAULT);
return (0);
}
/*
* Set the global and local policy flags
*
* The global flags only make sense from the global zone;
* the local flags depend on the AUDIT_PERZONE policy:
* if the perzone policy is set, then policy is set separately
* per zone, else held only in the global zone.
*
* The initial value of a local zone's policy flag is determined
* by the value of the global zone's flags at the time the
* local zone is created.
*
* While auditconfig(1M) allows setting and unsetting policies one bit
* at a time, the mask passed in from auditconfig() is created by a
* syscall to getpolicy and then modified based on the auditconfig()
* cmd line, so the input policy value is used to replace the existing
* policy.
*/
static int
setpolicy(caddr_t data)
{
uint32_t policy;
au_kcontext_t *kctx;
if (copyin(data, &policy, sizeof (policy)))
return (EFAULT);
kctx = GET_KCTX_NGZ;
if (INGLOBALZONE(curproc)) {
if (policy & ~(AUDIT_GLOBAL | AUDIT_LOCAL))
return (EINVAL);
audit_policy = policy & AUDIT_GLOBAL;
} else {
if (!(audit_policy & AUDIT_PERZONE))
return (EINVAL);
if (policy & ~AUDIT_LOCAL) /* global bits are a no-no */
return (EINVAL);
}
kctx->auk_policy = policy & AUDIT_LOCAL;
/*
* auk_current_vp is NULL before auditd starts (or during early
* auditd starup) or if auditd is halted; in either case,
* notification of a policy change is not needed, since auditd
* reads policy as it comes up. The error return from au_doormsg()
* is ignored to avoid a race condition -- for example if auditd
* segv's, the audit state may be "auditing" but the door may
* be closed. Returning an error if the door is open makes it
* impossible for Greenline to restart auditd.
*/
if (kctx->auk_current_vp != NULL)
(void) au_doormsg(kctx, AU_DBUF_POLICY, &policy);
/*
* Wake up anyone who might have blocked on full audit
* partitions. audit daemons need to set AUDIT_FULL when no
* space so we can tell if we should start dropping records.
*/
mutex_enter(&(kctx->auk_queue.lock));
if ((policy & (AUDIT_CNT | AUDIT_SCNT) &&
(kctx->auk_queue.cnt >= kctx->auk_queue.hiwater)))
cv_broadcast(&(kctx->auk_queue.write_cv));
mutex_exit(&(kctx->auk_queue.lock));
return (0);
}
static int
getkmask(caddr_t data)
{
au_kcontext_t *kctx;
kctx = GET_KCTX_PZ;
if (copyout(&kctx->auk_info.ai_mask, data, sizeof (au_mask_t)))
return (EFAULT);
return (0);
}
static int
setkmask(caddr_t data)
{
au_mask_t mask;
au_kcontext_t *kctx;
if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
return (EINVAL);
kctx = GET_KCTX_NGZ;
if (copyin(data, &mask, sizeof (au_mask_t)))
return (EFAULT);
kctx->auk_info.ai_mask = mask;
return (0);
}
static int
getkaudit(caddr_t info_p, int len)
{
STRUCT_DECL(auditinfo_addr, info);
model_t model;
au_kcontext_t *kctx = GET_KCTX_PZ;
model = get_udatamodel();
STRUCT_INIT(info, model);
if (len < STRUCT_SIZE(info))
return (EOVERFLOW);
STRUCT_FSET(info, ai_auid, kctx->auk_info.ai_auid);
STRUCT_FSET(info, ai_mask, kctx->auk_info.ai_mask);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, kctx->auk_info.ai_termid.at_port) == 0) {
return (EOVERFLOW);
}
STRUCT_FSET(info, ai_termid.at_port, dev);
} else {
STRUCT_FSET(info, ai_termid.at_port,
kctx->auk_info.ai_termid.at_port);
}
#else
STRUCT_FSET(info, ai_termid.at_port,
kctx->auk_info.ai_termid.at_port);
#endif
STRUCT_FSET(info, ai_termid.at_type,
kctx->auk_info.ai_termid.at_type);
STRUCT_FSET(info, ai_termid.at_addr[0],
kctx->auk_info.ai_termid.at_addr[0]);
STRUCT_FSET(info, ai_termid.at_addr[1],
kctx->auk_info.ai_termid.at_addr[1]);
STRUCT_FSET(info, ai_termid.at_addr[2],
kctx->auk_info.ai_termid.at_addr[2]);
STRUCT_FSET(info, ai_termid.at_addr[3],
kctx->auk_info.ai_termid.at_addr[3]);
STRUCT_FSET(info, ai_asid, kctx->auk_info.ai_asid);
if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
return (EFAULT);
return (0);
}
/*
* the host address for AUDIT_PERZONE == 0 is that of the global
* zone and for local zones it is of the current zone.
*/
static int
setkaudit(caddr_t info_p, int len)
{
STRUCT_DECL(auditinfo_addr, info);
model_t model;
au_kcontext_t *kctx;
if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
return (EINVAL);
kctx = GET_KCTX_NGZ;
model = get_udatamodel();
STRUCT_INIT(info, model);
if (len < STRUCT_SIZE(info))
return (EOVERFLOW);
if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info)))
return (EFAULT);
if ((STRUCT_FGET(info, ai_termid.at_type) != AU_IPv4) &&
(STRUCT_FGET(info, ai_termid.at_type) != AU_IPv6))
return (EINVAL);
/* Set audit mask, termid and session id as specified */
kctx->auk_info.ai_auid = STRUCT_FGET(info, ai_auid);
kctx->auk_info.ai_mask = STRUCT_FGET(info, ai_mask);
#ifdef _LP64
/* only convert to 64 bit if coming from a 32 bit binary */
if (model == DATAMODEL_ILP32)
kctx->auk_info.ai_termid.at_port =
DEVEXPL(STRUCT_FGET(info, ai_termid.at_port));
else
kctx->auk_info.ai_termid.at_port =
STRUCT_FGET(info, ai_termid.at_port);
#else
kctx->auk_info.ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port);
#endif
kctx->auk_info.ai_termid.at_type = STRUCT_FGET(info, ai_termid.at_type);
bzero(&kctx->auk_info.ai_termid.at_addr[0],
sizeof (kctx->auk_info.ai_termid.at_addr));
kctx->auk_info.ai_termid.at_addr[0] =
STRUCT_FGET(info, ai_termid.at_addr[0]);
kctx->auk_info.ai_termid.at_addr[1] =
STRUCT_FGET(info, ai_termid.at_addr[1]);
kctx->auk_info.ai_termid.at_addr[2] =
STRUCT_FGET(info, ai_termid.at_addr[2]);
kctx->auk_info.ai_termid.at_addr[3] =
STRUCT_FGET(info, ai_termid.at_addr[3]);
kctx->auk_info.ai_asid = STRUCT_FGET(info, ai_asid);
if (kctx->auk_info.ai_termid.at_type == AU_IPv6 &&
IN6_IS_ADDR_V4MAPPED(
((in6_addr_t *)kctx->auk_info.ai_termid.at_addr))) {
kctx->auk_info.ai_termid.at_type = AU_IPv4;
kctx->auk_info.ai_termid.at_addr[0] =
kctx->auk_info.ai_termid.at_addr[3];
kctx->auk_info.ai_termid.at_addr[1] = 0;
kctx->auk_info.ai_termid.at_addr[2] = 0;
kctx->auk_info.ai_termid.at_addr[3] = 0;
}
if (kctx->auk_info.ai_termid.at_type == AU_IPv6)
kctx->auk_hostaddr_valid = IN6_IS_ADDR_UNSPECIFIED(
(in6_addr_t *)kctx->auk_info.ai_termid.at_addr) ? 0 : 1;
else
kctx->auk_hostaddr_valid =
(kctx->auk_info.ai_termid.at_addr[0] ==
htonl(INADDR_ANY)) ? 0 : 1;
return (0);
}
static int
getqctrl(caddr_t data)
{
au_kcontext_t *kctx = GET_KCTX_PZ;
STRUCT_DECL(au_qctrl, qctrl);
STRUCT_INIT(qctrl, get_udatamodel());
mutex_enter(&(kctx->auk_queue.lock));
STRUCT_FSET(qctrl, aq_hiwater, kctx->auk_queue.hiwater);
STRUCT_FSET(qctrl, aq_lowater, kctx->auk_queue.lowater);
STRUCT_FSET(qctrl, aq_bufsz, kctx->auk_queue.bufsz);
STRUCT_FSET(qctrl, aq_delay, kctx->auk_queue.delay);
mutex_exit(&(kctx->auk_queue.lock));
if (copyout(STRUCT_BUF(qctrl), data, STRUCT_SIZE(qctrl)))
return (EFAULT);
return (0);
}
static int
setqctrl(caddr_t data)
{
au_kcontext_t *kctx;
struct au_qctrl qctrl_tmp;
STRUCT_DECL(au_qctrl, qctrl);
STRUCT_INIT(qctrl, get_udatamodel());
if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
return (EINVAL);
kctx = GET_KCTX_NGZ;
if (copyin(data, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
return (EFAULT);
qctrl_tmp.aq_hiwater = (size_t)STRUCT_FGET(qctrl, aq_hiwater);
qctrl_tmp.aq_lowater = (size_t)STRUCT_FGET(qctrl, aq_lowater);
qctrl_tmp.aq_bufsz = (size_t)STRUCT_FGET(qctrl, aq_bufsz);
qctrl_tmp.aq_delay = (clock_t)STRUCT_FGET(qctrl, aq_delay);
/* enforce sane values */
if (qctrl_tmp.aq_hiwater <= qctrl_tmp.aq_lowater)
return (EINVAL);
if (qctrl_tmp.aq_hiwater < AQ_LOWATER)
return (EINVAL);
if (qctrl_tmp.aq_hiwater > AQ_MAXHIGH)
return (EINVAL);
if (qctrl_tmp.aq_bufsz < AQ_BUFSZ)
return (EINVAL);
if (qctrl_tmp.aq_bufsz > AQ_MAXBUFSZ)
return (EINVAL);
if (qctrl_tmp.aq_delay == 0)
return (EINVAL);
if (qctrl_tmp.aq_delay > AQ_MAXDELAY)
return (EINVAL);
/* update everything at once so things are consistant */
mutex_enter(&(kctx->auk_queue.lock));
kctx->auk_queue.hiwater = qctrl_tmp.aq_hiwater;
kctx->auk_queue.lowater = qctrl_tmp.aq_lowater;
kctx->auk_queue.bufsz = qctrl_tmp.aq_bufsz;
kctx->auk_queue.delay = qctrl_tmp.aq_delay;
if (kctx->auk_queue.rd_block &&
kctx->auk_queue.cnt > kctx->auk_queue.lowater)
cv_broadcast(&(kctx->auk_queue.read_cv));
if (kctx->auk_queue.wt_block &&
kctx->auk_queue.cnt < kctx->auk_queue.hiwater)
cv_broadcast(&(kctx->auk_queue.write_cv));
mutex_exit(&(kctx->auk_queue.lock));
return (0);
}
static int
getcwd(caddr_t data, int length)
{
struct p_audit_data *pad;
struct audit_path *app;
int pathlen;
pad = P2A(curproc);
ASSERT(pad != NULL);
mutex_enter(&(pad->pad_lock));
app = pad->pad_cwd;
au_pathhold(app);
mutex_exit(&(pad->pad_lock));
pathlen = app->audp_sect[1] - app->audp_sect[0];
if (pathlen > length) {
au_pathrele(app);
return (E2BIG);
}
if (copyout(app->audp_sect[0], data, pathlen)) {
au_pathrele(app);
return (EFAULT);
}
au_pathrele(app);
return (0);
}
static int
getcar(caddr_t data, int length)
{
struct p_audit_data *pad;
struct audit_path *app;
int pathlen;
pad = P2A(curproc);
ASSERT(pad != NULL);
mutex_enter(&(pad->pad_lock));
app = pad->pad_root;
au_pathhold(app);
mutex_exit(&(pad->pad_lock));
pathlen = app->audp_sect[1] - app->audp_sect[0];
if (pathlen > length) {
au_pathrele(app);
return (E2BIG);
}
if (copyout(app->audp_sect[0], data, pathlen)) {
au_pathrele(app);
return (EFAULT);
}
au_pathrele(app);
return (0);
}
static int
getstat(caddr_t data)
{
au_kcontext_t *kctx = GET_KCTX_PZ;
membar_consumer();
if (copyout((caddr_t)&(kctx->auk_statistics), data, sizeof (au_stat_t)))
return (EFAULT);
return (0);
}
static int
setstat(caddr_t data)
{
au_kcontext_t *kctx = GET_KCTX_PZ;
au_stat_t au_stat;
if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
return (EINVAL);
if (copyin(data, &au_stat, sizeof (au_stat_t)))
return (EFAULT);
if (au_stat.as_generated == CLEAR_VAL)
kctx->auk_statistics.as_generated = 0;
if (au_stat.as_nonattrib == CLEAR_VAL)
kctx->auk_statistics.as_nonattrib = 0;
if (au_stat.as_kernel == CLEAR_VAL)
kctx->auk_statistics.as_kernel = 0;
if (au_stat.as_audit == CLEAR_VAL)
kctx->auk_statistics.as_audit = 0;
if (au_stat.as_auditctl == CLEAR_VAL)
kctx->auk_statistics.as_auditctl = 0;
if (au_stat.as_enqueue == CLEAR_VAL)
kctx->auk_statistics.as_enqueue = 0;
if (au_stat.as_written == CLEAR_VAL)
kctx->auk_statistics.as_written = 0;
if (au_stat.as_wblocked == CLEAR_VAL)
kctx->auk_statistics.as_wblocked = 0;
if (au_stat.as_rblocked == CLEAR_VAL)
kctx->auk_statistics.as_rblocked = 0;
if (au_stat.as_dropped == CLEAR_VAL)
kctx->auk_statistics.as_dropped = 0;
if (au_stat.as_totalsize == CLEAR_VAL)
kctx->auk_statistics.as_totalsize = 0;
membar_producer();
return (0);
}
static int
setumask(caddr_t data)
{
STRUCT_DECL(auditinfo, user_info);
struct proc *p;
const auditinfo_addr_t *ainfo;
model_t model;
/* setumask not applicable in non-global zones without perzone policy */
if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc)))
return (EINVAL);
model = get_udatamodel();
STRUCT_INIT(user_info, model);
if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
return (EFAULT);
mutex_enter(&pidlock); /* lock the process queue against updates */
for (p = practive; p != NULL; p = p->p_next) {
cred_t *cr;
/* if in non-global zone only modify processes in same zone */
if (!HASZONEACCESS(curproc, p->p_zone->zone_id))
continue;
mutex_enter(&p->p_lock); /* so process doesn't go away */
/* skip system processes and ones being created or going away */
if (p->p_stat == SIDL || p->p_stat == SZOMB ||
(p->p_flag & (SSYS | SEXITING | SEXITLWPS))) {
mutex_exit(&p->p_lock);
continue;
}
mutex_enter(&p->p_crlock);
crhold(cr = p->p_cred);
mutex_exit(&p->p_crlock);
ainfo = crgetauinfo(cr);
if (ainfo == NULL) {
mutex_exit(&p->p_lock);
crfree(cr);
continue;
}
if (ainfo->ai_auid == STRUCT_FGET(user_info, ai_auid)) {
au_mask_t mask;
int err;
/*
* Here's a process which matches the specified auid.
* If its mask doesn't already match the new mask,
* save the new mask in the pad, to be picked up
* next syscall.
*/
mask = STRUCT_FGET(user_info, ai_mask);
err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
crfree(cr);
if (err != 0) {
struct p_audit_data *pad = P2A(p);
ASSERT(pad != NULL);
mutex_enter(&(pad->pad_lock));
pad->pad_flags |= PAD_SETMASK;
pad->pad_newmask = mask;
mutex_exit(&(pad->pad_lock));
/*
* No need to call set_proc_pre_sys(), since
* t_pre_sys is ALWAYS on when audit is
* enabled...due to syscall auditing.
*/
}
} else {
crfree(cr);
}
mutex_exit(&p->p_lock);
}
mutex_exit(&pidlock);
return (0);
}
static int
setsmask(caddr_t data)
{
STRUCT_DECL(auditinfo, user_info);
struct proc *p;
const auditinfo_addr_t *ainfo;
model_t model;
/* setsmask not applicable in non-global zones without perzone policy */
if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc)))
return (EINVAL);
model = get_udatamodel();
STRUCT_INIT(user_info, model);
if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info)))
return (EFAULT);
mutex_enter(&pidlock); /* lock the process queue against updates */
for (p = practive; p != NULL; p = p->p_next) {
cred_t *cr;
/* if in non-global zone only modify processes in same zone */
if (!HASZONEACCESS(curproc, p->p_zone->zone_id))
continue;
mutex_enter(&p->p_lock); /* so process doesn't go away */
/* skip system processes and ones being created or going away */
if (p->p_stat == SIDL || p->p_stat == SZOMB ||
(p->p_flag & (SSYS | SEXITING | SEXITLWPS))) {
mutex_exit(&p->p_lock);
continue;
}
mutex_enter(&p->p_crlock);
crhold(cr = p->p_cred);
mutex_exit(&p->p_crlock);
ainfo = crgetauinfo(cr);
if (ainfo == NULL) {
mutex_exit(&p->p_lock);
crfree(cr);
continue;
}
if (ainfo->ai_asid == STRUCT_FGET(user_info, ai_asid)) {
au_mask_t mask;
int err;
/*
* Here's a process which matches the specified asid.
* If its mask doesn't already match the new mask,
* save the new mask in the pad, to be picked up
* next syscall.
*/
mask = STRUCT_FGET(user_info, ai_mask);
err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t));
crfree(cr);
if (err != 0) {
struct p_audit_data *pad = P2A(p);
ASSERT(pad != NULL);
mutex_enter(&(pad->pad_lock));
pad->pad_flags |= PAD_SETMASK;
pad->pad_newmask = mask;
mutex_exit(&(pad->pad_lock));
/*
* No need to call set_proc_pre_sys(), since
* t_pre_sys is ALWAYS on when audit is
* enabled...due to syscall auditing.
*/
}
} else {
crfree(cr);
}
mutex_exit(&p->p_lock);
}
mutex_exit(&pidlock);
return (0);
}
/*
* Get the current audit state of the system
*/
static int
getcond(caddr_t data)
{
au_kcontext_t *kctx = GET_KCTX_PZ;
if (copyout(&(kctx->auk_auditstate), data, sizeof (int)))
return (EFAULT);
return (0);
}
/*
* Set the current audit state of the system to on (AUC_AUDITING) or
* off (AUC_NOAUDIT).
*/
/* ARGSUSED */
static int
setcond(caddr_t data)
{
int auditstate;
au_kcontext_t *kctx;
if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc)))
return (EINVAL);
kctx = GET_KCTX_NGZ;
if (copyin(data, &auditstate, sizeof (int)))
return (EFAULT);
switch (auditstate) {
case AUC_AUDITING: /* Turn auditing on */
if (audit_active == C2AUDIT_UNLOADED)
audit_init_module();
kctx->auk_auditstate = AUC_AUDITING;
if (!(audit_policy & AUDIT_PERZONE) && INGLOBALZONE(curproc))
set_all_zone_usr_proc_sys(ALL_ZONES);
else
set_all_zone_usr_proc_sys(curproc->p_zone->zone_id);
break;
case AUC_NOAUDIT: /* Turn auditing off */
if (kctx->auk_auditstate == AUC_NOAUDIT)
break;
kctx->auk_auditstate = AUC_NOAUDIT;
/* clear out the audit queue */
mutex_enter(&(kctx->auk_queue.lock));
if (kctx->auk_queue.wt_block)
cv_broadcast(&(kctx->auk_queue.write_cv));
/* unblock au_output_thread */
cv_broadcast(&(kctx->auk_queue.read_cv));
mutex_exit(&(kctx->auk_queue.lock));
break;
default:
return (EINVAL);
}
return (0);
}
static int
getclass(caddr_t data)
{
au_evclass_map_t event;
au_kcontext_t *kctx = GET_KCTX_PZ;
if (copyin(data, &event, sizeof (au_evclass_map_t)))
return (EFAULT);
if (event.ec_number > MAX_KEVENTS)
return (EINVAL);
event.ec_class = kctx->auk_ets[event.ec_number];
if (copyout(&event, data, sizeof (au_evclass_map_t)))
return (EFAULT);
return (0);
}
static int
setclass(caddr_t data)
{
au_evclass_map_t event;
au_kcontext_t *kctx;
if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc))
return (EINVAL);
kctx = GET_KCTX_NGZ;
if (copyin(data, &event, sizeof (au_evclass_map_t)))
return (EFAULT);
if (event.ec_number > MAX_KEVENTS)
return (EINVAL);
kctx->auk_ets[event.ec_number] = event.ec_class;
return (0);
}
static int
getpinfo(caddr_t data)
{
STRUCT_DECL(auditpinfo, apinfo);
proc_t *proc;
const auditinfo_addr_t *ainfo;
model_t model;
cred_t *cr, *newcred;
model = get_udatamodel();
STRUCT_INIT(apinfo, model);
if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
return (EFAULT);
newcred = cralloc();
mutex_enter(&pidlock);
if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
mutex_exit(&pidlock);
crfree(newcred);
return (ESRCH); /* no such process */
}
mutex_enter(&proc->p_lock); /* so process doesn't go away */
mutex_exit(&pidlock);
audit_update_context(proc, newcred); /* make sure it's up-to-date */
mutex_enter(&proc->p_crlock);
crhold(cr = proc->p_cred);
mutex_exit(&proc->p_crlock);
mutex_exit(&proc->p_lock);
ainfo = crgetauinfo(cr);
if (ainfo == NULL) {
crfree(cr);
return (EINVAL);
}
/* designated process has an ipv6 address? */
if (ainfo->ai_termid.at_type == AU_IPv6) {
crfree(cr);
return (EOVERFLOW);
}
STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
crfree(cr);
return (EOVERFLOW);
}
STRUCT_FSET(apinfo, ap_termid.port, dev);
} else
STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
#else
STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(apinfo, ap_termid.machine, ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
crfree(cr);
if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
return (EFAULT);
return (0);
}
static int
getpinfo_addr(caddr_t data, int len)
{
STRUCT_DECL(auditpinfo_addr, apinfo);
proc_t *proc;
const auditinfo_addr_t *ainfo;
model_t model;
cred_t *cr, *newcred;
model = get_udatamodel();
STRUCT_INIT(apinfo, model);
if (len < STRUCT_SIZE(apinfo))
return (EOVERFLOW);
if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
return (EFAULT);
newcred = cralloc();
mutex_enter(&pidlock);
if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
mutex_exit(&pidlock);
crfree(newcred);
return (ESRCH);
}
mutex_enter(&proc->p_lock); /* so process doesn't go away */
mutex_exit(&pidlock);
audit_update_context(proc, newcred); /* make sure it's up-to-date */
mutex_enter(&proc->p_crlock);
crhold(cr = proc->p_cred);
mutex_exit(&proc->p_crlock);
mutex_exit(&proc->p_lock);
ainfo = crgetauinfo(cr);
if (ainfo == NULL) {
crfree(cr);
return (EINVAL);
}
STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid);
STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
crfree(cr);
return (EOVERFLOW);
}
STRUCT_FSET(apinfo, ap_termid.at_port, dev);
} else
STRUCT_FSET(apinfo, ap_termid.at_port,
ainfo->ai_termid.at_port);
#else
STRUCT_FSET(apinfo, ap_termid.at_port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(apinfo, ap_termid.at_type, ainfo->ai_termid.at_type);
STRUCT_FSET(apinfo, ap_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(apinfo, ap_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
STRUCT_FSET(apinfo, ap_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
STRUCT_FSET(apinfo, ap_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask);
crfree(cr);
if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo)))
return (EFAULT);
return (0);
}
static int
setpmask(caddr_t data)
{
STRUCT_DECL(auditpinfo, apinfo);
proc_t *proc;
cred_t *newcred;
auditinfo_addr_t *ainfo;
struct p_audit_data *pad;
model_t model;
model = get_udatamodel();
STRUCT_INIT(apinfo, model);
if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo)))
return (EFAULT);
mutex_enter(&pidlock);
if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) {
mutex_exit(&pidlock);
return (ESRCH);
}
mutex_enter(&proc->p_lock); /* so process doesn't go away */
mutex_exit(&pidlock);
newcred = cralloc();
if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) {
mutex_exit(&proc->p_lock);
crfree(newcred);
return (EINVAL);
}
mutex_enter(&proc->p_crlock);
crcopy_to(proc->p_cred, newcred);
proc->p_cred = newcred;
ainfo->ai_mask = STRUCT_FGET(apinfo, ap_mask);
/*
* Unlock. No need to broadcast changes via set_proc_pre_sys(),
* since t_pre_sys is ALWAYS on when audit is enabled... due to
* syscall auditing.
*/
crfree(newcred);
mutex_exit(&proc->p_crlock);
/* Reset flag for any previous pending mask change; this supercedes */
pad = P2A(proc);
ASSERT(pad != NULL);
mutex_enter(&(pad->pad_lock));
pad->pad_flags &= ~PAD_SETMASK;
mutex_exit(&(pad->pad_lock));
mutex_exit(&proc->p_lock);
return (0);
}
/*
* The out of control system call
* This is audit kitchen sink aka auditadm, aka auditon
*/
int
auditctl(
int cmd,
caddr_t data,
int length)
{
int result;
switch (cmd) {
case A_GETCOND:
case A_GETCAR:
case A_GETCLASS:
case A_GETCWD:
case A_GETKAUDIT:
case A_GETKMASK:
case A_GETPINFO:
case A_GETPINFO_ADDR:
case A_GETPOLICY:
case A_GETQCTRL:
case A_GETSTAT:
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
break;
default:
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
break;
}
switch (cmd) {
case A_GETPOLICY:
result = getpolicy(data);
break;
case A_SETPOLICY:
result = setpolicy(data);
break;
case A_GETKMASK:
result = getkmask(data);
break;
case A_SETKMASK:
result = setkmask(data);
break;
case A_GETKAUDIT:
result = getkaudit(data, length);
break;
case A_SETKAUDIT:
result = setkaudit(data, length);
break;
case A_GETQCTRL:
result = getqctrl(data);
break;
case A_SETQCTRL:
result = setqctrl(data);
break;
case A_GETCWD:
result = getcwd(data, length);
break;
case A_GETCAR:
result = getcar(data, length);
break;
case A_GETSTAT:
result = getstat(data);
break;
case A_SETSTAT:
result = setstat(data);
break;
case A_SETUMASK:
result = setumask(data);
break;
case A_SETSMASK:
result = setsmask(data);
break;
case A_GETCOND:
result = getcond(data);
break;
case A_SETCOND:
result = setcond(data);
break;
case A_GETCLASS:
result = getclass(data);
break;
case A_SETCLASS:
result = setclass(data);
break;
case A_GETPINFO:
result = getpinfo(data);
break;
case A_GETPINFO_ADDR:
result = getpinfo_addr(data, length);
break;
case A_SETPMASK:
result = setpmask(data);
break;
default:
result = EINVAL;
break;
}
return (result);
}