1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
23 */
24
25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 /* All Rights Reserved */
27
28
29
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <strings.h>
36 #include <signal.h>
37 #include <unistd.h>
38 #ifdef __i386
39 #include <libscf_priv.h>
40 #endif /* __i386 */
41
42 #include <bsm/adt.h>
43 #include <bsm/adt_event.h>
44
45 #include <sys/types.h>
46 #include <sys/uadmin.h>
47 #include <sys/wait.h>
48
49 #define SMF_RST "/etc/svc/volatile/resetting"
50 #define RETRY_COUNT 15 /* number of 1 sec retries for audit(1M) to complete */
51
52 static const char *Usage = "Usage: %s cmd fcn [mdep]\n";
53
54 static int closeout_audit(int, int);
55 static int turnoff_auditd(void);
56 static void wait_for_auqueue();
57 static int change_audit_file(void);
58
59 int
60 main(int argc, char *argv[])
61 {
62 int cmd, fcn;
63 uintptr_t mdep = NULL;
64 sigset_t set;
65 adt_session_data_t *ah; /* audit session handle */
66 adt_event_data_t *event = NULL; /* event to be generated */
67 au_event_t event_id;
68 enum adt_uadmin_fcn fcn_id;
69
70 if (argc < 3 || argc > 4) {
71 (void) fprintf(stderr, Usage, argv[0]);
72 return (1);
73 }
74
75 (void) sigfillset(&set);
76 (void) sigprocmask(SIG_BLOCK, &set, NULL);
77
78 cmd = atoi(argv[1]);
79 fcn = atoi(argv[2]);
80 if (argc == 4) { /* mdep argument given */
81 if (cmd != A_REBOOT && cmd != A_SHUTDOWN && cmd != A_DUMP &&
82 cmd != A_FREEZE) {
83 (void) fprintf(stderr, "%s: mdep argument not "
84 "allowed for this cmd value\n", argv[0]);
85 (void) fprintf(stderr, Usage, argv[0]);
86 return (1);
87 } else {
88 mdep = (uintptr_t)argv[3];
89 }
90 }
91
92 /* set up audit session and event */
93 if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) {
94 (void) fprintf(stderr, "%s: can't start audit session\n",
95 argv[0]);
96 }
97 switch (cmd) {
98 case A_SHUTDOWN:
99 event_id = ADT_uadmin_shutdown;
100 break;
101 case A_REBOOT:
102 event_id = ADT_uadmin_reboot;
103 break;
104 case A_DUMP:
105 event_id = ADT_uadmin_dump;
106 break;
107 case A_REMOUNT:
108 event_id = ADT_uadmin_remount;
109 break;
110 case A_FREEZE:
111 event_id = ADT_uadmin_freeze;
112 break;
113 case A_FTRACE:
114 event_id = ADT_uadmin_ftrace;
115 break;
116 case A_CONFIG:
117 event_id = ADT_uadmin_config;
118 break;
119 case A_SWAPCTL:
120 event_id = ADT_uadmin_swapctl;
121 break;
122 default:
123 event_id = 0;
124 }
125 if ((event_id != 0) &&
126 (event = adt_alloc_event(ah, event_id)) == NULL) {
127 (void) fprintf(stderr, "%s: can't allocate audit event\n",
128 argv[0]);
129 }
130 switch (fcn) {
131 case AD_HALT:
132 fcn_id = ADT_UADMIN_FCN_AD_HALT;
133 break;
134 case AD_POWEROFF:
135 fcn_id = ADT_UADMIN_FCN_AD_POWEROFF;
136 break;
137 case AD_BOOT:
138 fcn_id = ADT_UADMIN_FCN_AD_BOOT;
139 break;
140 case AD_IBOOT:
141 fcn_id = ADT_UADMIN_FCN_AD_IBOOT;
142 break;
143 case AD_SBOOT:
144 fcn_id = ADT_UADMIN_FCN_AD_SBOOT;
145 break;
146 case AD_SIBOOT:
147 fcn_id = ADT_UADMIN_FCN_AD_SIBOOT;
148 break;
149 case AD_NOSYNC:
150 fcn_id = ADT_UADMIN_FCN_AD_NOSYNC;
151 break;
152 case AD_FASTREBOOT:
153 #ifdef __i386
154 fcn_id = ADT_UADMIN_FCN_AD_FASTREBOOT;
155 mdep = NULL; /* Ignore all arguments */
156 #else /* __i386 */
157 fcn = AD_BOOT;
158 fcn_id = ADT_UADMIN_FCN_AD_BOOT;
159 #endif /* __i386 */
160 break;
161 case AD_FASTREBOOT_DRYRUN:
162 fcn_id = ADT_UADMIN_FCN_AD_FASTREBOOT_DRYRUN;
163 mdep = NULL; /* Ignore all arguments */
164 break;
165 default:
166 fcn_id = 0;
167 }
168 if (cmd == A_FREEZE) {
169 switch (fcn) {
170 case AD_SUSPEND_TO_DISK:
171 fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_DISK;
172 break;
173 case AD_CHECK_SUSPEND_TO_DISK:
174 fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_DISK;
175 break;
176 case AD_FORCE:
177 fcn_id = ADT_UADMIN_FCN_AD_FORCE;
178 break;
179 case AD_SUSPEND_TO_RAM:
180 fcn_id = ADT_UADMIN_FCN_AD_SUSPEND_TO_RAM;
181 break;
182 case AD_CHECK_SUSPEND_TO_RAM:
183 fcn_id = ADT_UADMIN_FCN_AD_CHECK_SUSPEND_TO_RAM;
184 break;
185 case AD_REUSEINIT:
186 fcn_id = ADT_UADMIN_FCN_AD_REUSEINIT;
187 break;
188 case AD_REUSABLE:
189 fcn_id = ADT_UADMIN_FCN_AD_REUSABLE;
190 break;
191 case AD_REUSEFINI:
192 fcn_id = ADT_UADMIN_FCN_AD_REUSEFINI;
193 break;
194 }
195 } else if (cmd == A_FTRACE) {
196 switch (fcn) {
197 case AD_FTRACE_START:
198 fcn_id = ADT_UADMIN_FCN_AD_FTRACE_START;
199 break;
200 case AD_FTRACE_STOP:
201 fcn_id = ADT_UADMIN_FCN_AD_FTRACE_STOP;
202 break;
203 }
204 #ifdef __i386
205 } else if (cmd == A_CONFIG) {
206 uint8_t boot_config = 0;
207 uint8_t boot_config_ovr = 0;
208
209 switch (fcn) {
210 case AD_UPDATE_BOOT_CONFIG:
211 fcn_id = ADT_UADMIN_FCN_AD_UPDATE_BOOT_CONFIG;
212 scf_get_boot_config(&boot_config);
213 boot_config_ovr = boot_config;
214 scf_get_boot_config_ovr(&boot_config_ovr);
215 boot_config &= boot_config_ovr;
216 mdep = (uintptr_t)(&boot_config);
217 break;
218 }
219 #endif /* __i386 */
220 }
221
222 if (geteuid() == 0) {
223 if (event != NULL) {
224 switch (cmd) {
225 case A_SHUTDOWN:
226 event->adt_uadmin_shutdown.fcn = fcn_id;
227 event->adt_uadmin_shutdown.mdep = (char *)mdep;
228 break;
229 case A_REBOOT:
230 event->adt_uadmin_reboot.fcn = fcn_id;
231 event->adt_uadmin_reboot.mdep = (char *)mdep;
232 break;
233 case A_DUMP:
234 event->adt_uadmin_dump.fcn = fcn_id;
235 event->adt_uadmin_dump.mdep = (char *)mdep;
236 break;
237 case A_REMOUNT:
238 /* no parameters */
239 break;
240 case A_FREEZE:
241 event->adt_uadmin_freeze.fcn = fcn_id;
242 event->adt_uadmin_freeze.mdep = (char *)mdep;
243 break;
244 case A_FTRACE:
245 event->adt_uadmin_ftrace.fcn = fcn_id;
246 event->adt_uadmin_ftrace.mdep = (char *)mdep;
247 break;
248 case A_CONFIG:
249 event->adt_uadmin_config.fcn = fcn_id;
250 event->adt_uadmin_config.mdep = (char *)mdep;
251 break;
252 case A_SWAPCTL:
253 event->adt_uadmin_swapctl.fcn = fcn_id;
254 break;
255 }
256
257 if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
258 (void) fprintf(stderr,
259 "%s: can't put audit event\n", argv[0]);
260 }
261 /*
262 * allow audit record to be processed in the kernel
263 * audit queue
264 */
265 wait_for_auqueue();
266 }
267
268 if (closeout_audit(cmd, fcn) == -1)
269 (void) fprintf(stderr, "%s: can't turn off auditd\n",
270 argv[0]);
271
272 if (cmd == A_SHUTDOWN || cmd == A_REBOOT)
273 (void) creat(SMF_RST, 0777);
274 }
275
276 (void) adt_free_event(event);
277 if (uadmin(cmd, fcn, mdep) < 0) {
278 perror("uadmin");
279
280 (void) unlink(SMF_RST);
281
282 return (1);
283 }
284
285 /* If returning from a suspend, audit thaw */
286 if ((cmd == A_FREEZE) &&
287 ((fcn == AD_FORCE) ||
288 (fcn == AD_REUSABLE) ||
289 (fcn == AD_SUSPEND_TO_DISK) ||
290 (fcn == AD_SUSPEND_TO_RAM))) {
291 if ((event = adt_alloc_event(ah, ADT_uadmin_thaw)) == NULL) {
292 (void) fprintf(stderr, "%s: can't allocate thaw audit "
293 "event\n", argv[0]);
294 }
295 event->adt_uadmin_thaw.fcn = fcn_id;
296 if (adt_put_event(event, ADT_SUCCESS, 0) != 0) {
297 (void) fprintf(stderr, "%s: can't put thaw audit "
298 "event\n", argv[0]);
299 }
300 (void) adt_free_event(event);
301 }
302 (void) adt_end_session(ah);
303
304 return (0);
305 }
306
307 static int
308 closeout_audit(int cmd, int fcn)
309 {
310 if (!adt_audit_state(AUC_AUDITING)) {
311 /* auditd not running, just return */
312 return (0);
313 }
314 switch (cmd) {
315 case A_SHUTDOWN:
316 switch (fcn) {
317 case AD_FASTREBOOT_DRYRUN:
318 /* No system discontinuity, don't turn off auditd */
319 return (0);
320 default:
321 break; /* For all the other shutdown functions */
322 }
323 /* FALLTHROUGH */
324 case A_REBOOT:
325 case A_DUMP:
326 /* system shutting down, turn off auditd */
327 return (turnoff_auditd());
328 case A_REMOUNT:
329 case A_SWAPCTL:
330 case A_FTRACE:
331 case A_CONFIG:
332 /* No system discontinuity, don't turn off auditd */
333 return (0);
334 case A_FREEZE:
335 switch (fcn) {
336 case AD_CHECK_SUSPEND_TO_DISK: /* AD_CHECK */
337 case AD_CHECK_SUSPEND_TO_RAM:
338 case AD_REUSEINIT:
339 case AD_REUSEFINI:
340 /* No system discontinuity, don't turn off auditd */
341 return (0);
342 case AD_REUSABLE:
343 case AD_SUSPEND_TO_DISK: /* AD_COMPRESS */
344 case AD_SUSPEND_TO_RAM:
345 case AD_FORCE:
346 /* suspend the system, change audit files */
347 return (change_audit_file());
348 default:
349 return (0); /* not an audit error */
350 }
351 default:
352 return (0); /* not an audit error */
353 }
354 }
355
356 static int
357 turnoff_auditd(void)
358 {
359 int rc;
360 int retries = RETRY_COUNT;
361
362 if ((rc = (int)fork()) == 0) {
363 (void) execl("/usr/sbin/audit", "audit", "-T", NULL);
364 (void) fprintf(stderr, "error disabling auditd: %s\n",
365 strerror(errno));
366 _exit(-1);
367 } else if (rc == -1) {
368 (void) fprintf(stderr, "error disabling auditd: %s\n",
369 strerror(errno));
370 return (-1);
371 }
372
373 /*
374 * wait for auditd to finish its work. auditd will change the
375 * auditstart from AUC_AUDITING (auditd up and running) to
376 * AUC_NOAUDIT. Other states are errors, so we're done as well.
377 */
378 do {
379 int auditstate;
380
381 rc = -1;
382 if ((auditon(A_GETCOND, (caddr_t)&auditstate,
383 sizeof (auditstate)) == 0) &&
384 (auditstate == AUC_AUDITING)) {
385 retries--;
386 (void) sleep(1);
387 } else {
388 rc = 0;
389 }
390 } while ((rc != 0) && (retries != 0));
391
392 return (rc);
393 }
394
395 static int
396 change_audit_file(void)
397 {
398 pid_t pid;
399
400 if ((pid = fork()) == 0) {
401 (void) execl("/usr/sbin/audit", "audit", "-n", NULL);
402 (void) fprintf(stderr, "error changing audit files: %s\n",
403 strerror(errno));
404 _exit(-1);
405 } else if (pid == -1) {
406 (void) fprintf(stderr, "error changing audit files: %s\n",
407 strerror(errno));
408 return (-1);
409 } else {
410 pid_t rc;
411 int retries = RETRY_COUNT;
412
413 /*
414 * Wait for audit(1M) -n process to complete
415 *
416 */
417 do {
418 if ((rc = waitpid(pid, NULL, WNOHANG)) == pid) {
419 return (0);
420 } else if (rc == -1) {
421 return (-1);
422 } else {
423 (void) sleep(1);
424 retries--;
425 }
426
427 } while (retries != 0);
428 }
429 return (-1);
430 }
431
432 static void
433 wait_for_auqueue()
434 {
435 au_stat_t au_stat;
436 int retries = 10;
437
438 while (retries-- && auditon(A_GETSTAT, (caddr_t)&au_stat, NULL) == 0) {
439 if (au_stat.as_enqueue == au_stat.as_written) {
440 break;
441 }
442 (void) sleep(1);
443 }
444 }