3022 e = AUE_AUDITON_SETSTAT;
3023 break;
3024 case A_SETUMASK:
3025 e = AUE_AUDITON_SETUMASK;
3026 break;
3027 case A_SETSMASK:
3028 e = AUE_AUDITON_SETSMASK;
3029 break;
3030 case A_GETCOND:
3031 e = AUE_AUDITON_GETCOND;
3032 break;
3033 case A_SETCOND:
3034 e = AUE_AUDITON_SETCOND;
3035 break;
3036 case A_GETCLASS:
3037 e = AUE_AUDITON_GETCLASS;
3038 break;
3039 case A_SETCLASS:
3040 e = AUE_AUDITON_SETCLASS;
3041 break;
3042 default:
3043 e = AUE_NULL;
3044 break;
3045 }
3046 break;
3047 default:
3048 e = AUE_NULL;
3049 break;
3050 }
3051
3052 return (e);
3053
3054 } /* AUI_AUDITSYS */
3055
3056
3057 static void
3058 aus_auditsys(struct t_audit_data *tad)
3059 {
3060 klwp_t *clwp = ttolwp(curthread);
3061 uintptr_t a1, a2;
3062 STRUCT_DECL(auditinfo, ainfo);
3063 STRUCT_DECL(auditinfo_addr, ainfo_addr);
3064 au_evclass_map_t event;
3065 au_mask_t mask;
3066 int auditstate, policy;
3067 au_id_t auid;
3068
3069
3070 struct a {
3071 long code;
3072 long a1;
3073 long a2;
3074 long a3;
3075 long a4;
3076 long a5;
3077 long a6;
3078 long a7;
3079 } *uap = (struct a *)clwp->lwp_ap;
3080
3081 a1 = (uintptr_t)uap->a1;
3082 a2 = (uintptr_t)uap->a2;
3083
3221 return;
3222 }
3223 au_uwrite(au_to_arg32(3, "setsmask:as_success",
3224 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3225 au_uwrite(au_to_arg32(3, "setsmask:as_failure",
3226 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3227 break;
3228 case AUE_AUDITON_SETCOND:
3229 if (copyin((caddr_t)a2, &auditstate, sizeof (int)))
3230 return;
3231 au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3232 break;
3233 case AUE_AUDITON_SETCLASS:
3234 if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3235 return;
3236 au_uwrite(au_to_arg32(
3237 2, "setclass:ec_event", (uint32_t)event.ec_number));
3238 au_uwrite(au_to_arg32(
3239 3, "setclass:ec_class", (uint32_t)event.ec_class));
3240 break;
3241 case AUE_GETAUID:
3242 case AUE_GETAUDIT:
3243 case AUE_GETAUDIT_ADDR:
3244 case AUE_AUDIT:
3245 case AUE_AUDITON_GPOLICY:
3246 case AUE_AUDITON_GQCTRL:
3247 case AUE_AUDITON_GETAMASK:
3248 case AUE_AUDITON_GETKMASK:
3249 case AUE_AUDITON_GETCWD:
3250 case AUE_AUDITON_GETCAR:
3251 case AUE_AUDITON_GETSTAT:
3252 case AUE_AUDITON_SETSTAT:
3253 case AUE_AUDITON_GETCOND:
3254 case AUE_AUDITON_GETCLASS:
3255 break;
3256 default:
3257 break;
3258 }
3259
3260 } /* AUS_AUDITSYS */
3261
3262
3263 /* only audit privileged operations for systeminfo(2) system call */
3264 static au_event_t
3265 aui_sysinfo(au_event_t e)
3266 {
3267 klwp_t *clwp = ttolwp(curthread);
3268 uint32_t command;
3269
3270 struct a {
3271 long command;
3272 long buf; /* char * */
3273 long count;
3274 } *uap = (struct a *)clwp->lwp_ap;
|
3022 e = AUE_AUDITON_SETSTAT;
3023 break;
3024 case A_SETUMASK:
3025 e = AUE_AUDITON_SETUMASK;
3026 break;
3027 case A_SETSMASK:
3028 e = AUE_AUDITON_SETSMASK;
3029 break;
3030 case A_GETCOND:
3031 e = AUE_AUDITON_GETCOND;
3032 break;
3033 case A_SETCOND:
3034 e = AUE_AUDITON_SETCOND;
3035 break;
3036 case A_GETCLASS:
3037 e = AUE_AUDITON_GETCLASS;
3038 break;
3039 case A_SETCLASS:
3040 e = AUE_AUDITON_SETCLASS;
3041 break;
3042 case A_GETPINFO:
3043 case A_GETPINFO_ADDR:
3044 e = AUE_AUDITON_GETPINFO;
3045 break;
3046 case A_SETPMASK:
3047 e = AUE_AUDITON_SETPMASK;
3048 break;
3049 case A_GETKAUDIT:
3050 e = AUE_AUDITON_GETKAUDIT;
3051 break;
3052 case A_SETKAUDIT:
3053 e = AUE_AUDITON_SETKAUDIT;
3054 break;
3055 default:
3056 e = AUE_AUDITON_OTHER;
3057 break;
3058 }
3059 break;
3060 default:
3061 e = AUE_NULL;
3062 break;
3063 }
3064
3065 return (e);
3066
3067 } /* AUI_AUDITSYS */
3068
3069
3070 static void
3071 aus_auditsys(struct t_audit_data *tad)
3072 {
3073 klwp_t *clwp = ttolwp(curthread);
3074 uintptr_t a1, a2;
3075 STRUCT_DECL(auditinfo, ainfo);
3076 STRUCT_DECL(auditinfo_addr, ainfo_addr);
3077 STRUCT_DECL(auditpinfo, apinfo);
3078 au_evclass_map_t event;
3079 au_mask_t mask;
3080 int auditstate, policy;
3081 au_id_t auid;
3082
3083
3084 struct a {
3085 long code;
3086 long a1;
3087 long a2;
3088 long a3;
3089 long a4;
3090 long a5;
3091 long a6;
3092 long a7;
3093 } *uap = (struct a *)clwp->lwp_ap;
3094
3095 a1 = (uintptr_t)uap->a1;
3096 a2 = (uintptr_t)uap->a2;
3097
3235 return;
3236 }
3237 au_uwrite(au_to_arg32(3, "setsmask:as_success",
3238 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3239 au_uwrite(au_to_arg32(3, "setsmask:as_failure",
3240 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3241 break;
3242 case AUE_AUDITON_SETCOND:
3243 if (copyin((caddr_t)a2, &auditstate, sizeof (int)))
3244 return;
3245 au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3246 break;
3247 case AUE_AUDITON_SETCLASS:
3248 if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3249 return;
3250 au_uwrite(au_to_arg32(
3251 2, "setclass:ec_event", (uint32_t)event.ec_number));
3252 au_uwrite(au_to_arg32(
3253 3, "setclass:ec_class", (uint32_t)event.ec_class));
3254 break;
3255 case AUE_AUDITON_SETPMASK:
3256 STRUCT_INIT(apinfo, get_udatamodel());
3257 if (copyin((caddr_t)uap->a2, STRUCT_BUF(apinfo),
3258 STRUCT_SIZE(apinfo))) {
3259 return;
3260 }
3261 au_uwrite(au_to_arg32(3, "setpmask:pid",
3262 (uint32_t)STRUCT_FGET(apinfo, ap_pid)));
3263 au_uwrite(au_to_arg32(3, "setpmask:as_success",
3264 (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_success)));
3265 au_uwrite(au_to_arg32(3, "setpmask:as_failure",
3266 (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_failure)));
3267 break;
3268 case AUE_AUDITON_SETKAUDIT:
3269 STRUCT_INIT(ainfo_addr, get_udatamodel());
3270 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
3271 STRUCT_SIZE(ainfo_addr))) {
3272 return;
3273 }
3274 au_uwrite(au_to_arg32((char)1, "auid",
3275 (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
3276 #ifdef _LP64
3277 au_uwrite(au_to_arg64((char)1, "port",
3278 (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3279 #else
3280 au_uwrite(au_to_arg32((char)1, "port",
3281 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3282 #endif
3283 au_uwrite(au_to_arg32((char)1, "type",
3284 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
3285 if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
3286 AU_IPv4) {
3287 au_uwrite(au_to_in_addr(
3288 (struct in_addr *)STRUCT_FGETP(ainfo_addr,
3289 ai_termid.at_addr)));
3290 } else {
3291 au_uwrite(au_to_in_addr_ex(
3292 (int32_t *)STRUCT_FGETP(ainfo_addr,
3293 ai_termid.at_addr)));
3294 }
3295 au_uwrite(au_to_arg32((char)1, "as_success",
3296 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
3297 au_uwrite(au_to_arg32((char)1, "as_failure",
3298 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
3299 au_uwrite(au_to_arg32((char)1, "asid",
3300 (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
3301 break;
3302 case AUE_GETAUID:
3303 case AUE_GETAUDIT:
3304 case AUE_GETAUDIT_ADDR:
3305 case AUE_AUDIT:
3306 case AUE_AUDITON_GPOLICY:
3307 case AUE_AUDITON_GQCTRL:
3308 case AUE_AUDITON_GETAMASK:
3309 case AUE_AUDITON_GETKMASK:
3310 case AUE_AUDITON_GETCWD:
3311 case AUE_AUDITON_GETCAR:
3312 case AUE_AUDITON_GETSTAT:
3313 case AUE_AUDITON_SETSTAT:
3314 case AUE_AUDITON_GETCOND:
3315 case AUE_AUDITON_GETCLASS:
3316 case AUE_AUDITON_GETPINFO:
3317 case AUE_AUDITON_GETKAUDIT:
3318 case AUE_AUDITON_OTHER:
3319 break;
3320 default:
3321 break;
3322 }
3323
3324 } /* AUS_AUDITSYS */
3325
3326
3327 /* only audit privileged operations for systeminfo(2) system call */
3328 static au_event_t
3329 aui_sysinfo(au_event_t e)
3330 {
3331 klwp_t *clwp = ttolwp(curthread);
3332 uint32_t command;
3333
3334 struct a {
3335 long command;
3336 long buf; /* char * */
3337 long count;
3338 } *uap = (struct a *)clwp->lwp_ap;
|