Print this page
11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/c2/audit_event.c
          +++ new/usr/src/uts/common/c2/audit_event.c
↓ open down ↓ 3031 lines elided ↑ open up ↑
3032 3032                          break;
3033 3033                  case A_SETCOND:
3034 3034                          e = AUE_AUDITON_SETCOND;
3035 3035                          break;
3036 3036                  case A_GETCLASS:
3037 3037                          e = AUE_AUDITON_GETCLASS;
3038 3038                          break;
3039 3039                  case A_SETCLASS:
3040 3040                          e = AUE_AUDITON_SETCLASS;
3041 3041                          break;
     3042 +                case A_GETPINFO:
     3043 +                case A_GETPINFO_ADDR:
     3044 +                        e = AUE_AUDITON_GETPINFO;
     3045 +                        break;
     3046 +                case A_SETPMASK:
     3047 +                        e = AUE_AUDITON_SETPMASK;
     3048 +                        break;
     3049 +                case A_GETKAUDIT:
     3050 +                        e = AUE_AUDITON_GETKAUDIT;
     3051 +                        break;
     3052 +                case A_SETKAUDIT:
     3053 +                        e = AUE_AUDITON_SETKAUDIT;
     3054 +                        break;
3042 3055                  default:
3043      -                        e = AUE_NULL;
     3056 +                        e = AUE_AUDITON_OTHER;
3044 3057                          break;
3045 3058                  }
3046 3059                  break;
3047 3060          default:
3048 3061                  e = AUE_NULL;
3049 3062                  break;
3050 3063          }
3051 3064  
3052 3065          return (e);
3053 3066  
3054 3067  }       /* AUI_AUDITSYS */
3055 3068  
3056 3069  
3057 3070  static void
3058 3071  aus_auditsys(struct t_audit_data *tad)
3059 3072  {
3060 3073          klwp_t *clwp = ttolwp(curthread);
3061 3074          uintptr_t a1, a2;
3062 3075          STRUCT_DECL(auditinfo, ainfo);
3063 3076          STRUCT_DECL(auditinfo_addr, ainfo_addr);
     3077 +        STRUCT_DECL(auditpinfo, apinfo);
3064 3078          au_evclass_map_t event;
3065 3079          au_mask_t mask;
3066 3080          int auditstate, policy;
3067 3081          au_id_t auid;
3068 3082  
3069 3083  
3070 3084          struct a {
3071 3085                  long    code;
3072 3086                  long    a1;
3073 3087                  long    a2;
↓ open down ↓ 157 lines elided ↑ open up ↑
3231 3245                  au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3232 3246                  break;
3233 3247          case AUE_AUDITON_SETCLASS:
3234 3248                  if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3235 3249                          return;
3236 3250                  au_uwrite(au_to_arg32(
3237 3251                      2, "setclass:ec_event", (uint32_t)event.ec_number));
3238 3252                  au_uwrite(au_to_arg32(
3239 3253                      3, "setclass:ec_class", (uint32_t)event.ec_class));
3240 3254                  break;
     3255 +        case AUE_AUDITON_SETPMASK:
     3256 +                STRUCT_INIT(apinfo, get_udatamodel());
     3257 +                if (copyin((caddr_t)uap->a2, STRUCT_BUF(apinfo),
     3258 +                    STRUCT_SIZE(apinfo))) {
     3259 +                        return;
     3260 +                }
     3261 +                au_uwrite(au_to_arg32(3, "setpmask:pid",
     3262 +                    (uint32_t)STRUCT_FGET(apinfo, ap_pid)));
     3263 +                au_uwrite(au_to_arg32(3, "setpmask:as_success",
     3264 +                    (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_success)));
     3265 +                au_uwrite(au_to_arg32(3, "setpmask:as_failure",
     3266 +                    (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_failure)));
     3267 +                break;
     3268 +        case AUE_AUDITON_SETKAUDIT:
     3269 +                STRUCT_INIT(ainfo_addr, get_udatamodel());
     3270 +                if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
     3271 +                    STRUCT_SIZE(ainfo_addr))) {
     3272 +                                return;
     3273 +                }
     3274 +                au_uwrite(au_to_arg32((char)1, "auid",
     3275 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
     3276 +#ifdef _LP64
     3277 +                au_uwrite(au_to_arg64((char)1, "port",
     3278 +                    (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
     3279 +#else
     3280 +                au_uwrite(au_to_arg32((char)1, "port",
     3281 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
     3282 +#endif
     3283 +                au_uwrite(au_to_arg32((char)1, "type",
     3284 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
     3285 +                if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
     3286 +                    AU_IPv4) {
     3287 +                        au_uwrite(au_to_in_addr(
     3288 +                            (struct in_addr *)STRUCT_FGETP(ainfo_addr,
     3289 +                            ai_termid.at_addr)));
     3290 +                } else {
     3291 +                        au_uwrite(au_to_in_addr_ex(
     3292 +                            (int32_t *)STRUCT_FGETP(ainfo_addr,
     3293 +                            ai_termid.at_addr)));
     3294 +                }
     3295 +                au_uwrite(au_to_arg32((char)1, "as_success",
     3296 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
     3297 +                au_uwrite(au_to_arg32((char)1, "as_failure",
     3298 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
     3299 +                au_uwrite(au_to_arg32((char)1, "asid",
     3300 +                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
     3301 +                break;
3241 3302          case AUE_GETAUID:
3242 3303          case AUE_GETAUDIT:
3243 3304          case AUE_GETAUDIT_ADDR:
3244 3305          case AUE_AUDIT:
3245 3306          case AUE_AUDITON_GPOLICY:
3246 3307          case AUE_AUDITON_GQCTRL:
3247 3308          case AUE_AUDITON_GETAMASK:
3248 3309          case AUE_AUDITON_GETKMASK:
3249 3310          case AUE_AUDITON_GETCWD:
3250 3311          case AUE_AUDITON_GETCAR:
3251 3312          case AUE_AUDITON_GETSTAT:
3252 3313          case AUE_AUDITON_SETSTAT:
3253 3314          case AUE_AUDITON_GETCOND:
3254 3315          case AUE_AUDITON_GETCLASS:
     3316 +        case AUE_AUDITON_GETPINFO:
     3317 +        case AUE_AUDITON_GETKAUDIT:
     3318 +        case AUE_AUDITON_OTHER:
3255 3319                  break;
3256 3320          default:
3257 3321                  break;
3258 3322          }
3259 3323  
3260 3324  }       /* AUS_AUDITSYS */
3261 3325  
3262 3326  
3263 3327  /* only audit privileged operations for systeminfo(2) system call */
3264 3328  static au_event_t
↓ open down ↓ 2594 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX