Print this page
uts: Allow for address space randomisation.
Randomise the base addresses of shared objects, non-fixed mappings, the
stack and the heap. Introduce a service, svc:/system/process-security,
and a tool psecflags(1) to control and observe it
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit_event.c
+++ new/usr/src/uts/common/c2/audit_event.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright (c) 2011 Bayard G. Bell. All rights reserved.
25 25 */
26 26
27 27 /*
28 28 * This file contains the audit event table used to control the production
29 29 * of audit records for each system call.
30 30 */
31 31
32 32 #include <sys/policy.h>
33 33 #include <sys/cred.h>
34 34 #include <sys/types.h>
35 35 #include <sys/systm.h>
36 36 #include <sys/systeminfo.h> /* for sysinfo auditing */
37 37 #include <sys/utsname.h> /* for sysinfo auditing */
38 38 #include <sys/proc.h>
39 39 #include <sys/vnode.h>
40 40 #include <sys/mman.h> /* for mmap(2) auditing etc. */
41 41 #include <sys/fcntl.h>
42 42 #include <sys/modctl.h> /* for modctl auditing */
43 43 #include <sys/vnode.h>
44 44 #include <sys/user.h>
45 45 #include <sys/types.h>
46 46 #include <sys/processor.h>
47 47 #include <sys/procset.h>
48 48 #include <sys/acl.h>
49 49 #include <sys/ipc.h>
50 50 #include <sys/door.h>
51 51 #include <sys/sem.h>
52 52 #include <sys/msg.h>
53 53 #include <sys/shm.h>
54 54 #include <sys/kmem.h>
55 55 #include <sys/file.h> /* for accept */
56 56 #include <sys/utssys.h> /* for fuser */
57 57 #include <sys/tsol/label.h>
58 58 #include <sys/tsol/tndb.h>
59 59 #include <sys/tsol/tsyscall.h>
60 60 #include <c2/audit.h>
61 61 #include <c2/audit_kernel.h>
62 62 #include <c2/audit_kevents.h>
63 63 #include <c2/audit_record.h>
64 64 #include <sys/procset.h>
65 65 #include <nfs/mount.h>
66 66 #include <sys/param.h>
67 67 #include <sys/debug.h>
68 68 #include <sys/sysmacros.h>
69 69 #include <sys/stream.h>
70 70 #include <sys/strsubr.h>
71 71 #include <sys/stropts.h>
72 72 #include <sys/tihdr.h>
73 73 #include <sys/socket.h>
74 74 #include <sys/socketvar.h>
75 75 #include <sys/vfs_opreg.h>
76 76 #include <fs/sockfs/sockcommon.h>
77 77 #include <netinet/in.h>
78 78 #include <sys/ddi.h>
79 79 #include <sys/port_impl.h>
80 80
81 81 static au_event_t aui_fchownat(au_event_t);
82 82 static au_event_t aui_fchmodat(au_event_t);
83 83 static au_event_t aui_open(au_event_t);
84 84 static au_event_t aui_openat(au_event_t);
85 85 static au_event_t aui_unlinkat(au_event_t);
86 86 static au_event_t aui_fstatat(au_event_t);
87 87 static au_event_t aui_msgsys(au_event_t);
88 88 static au_event_t aui_shmsys(au_event_t);
89 89 static au_event_t aui_semsys(au_event_t);
90 90 static au_event_t aui_utssys(au_event_t);
91 91 static au_event_t aui_fcntl(au_event_t);
92 92 static au_event_t aui_execve(au_event_t);
93 93 static au_event_t aui_memcntl(au_event_t);
94 94 static au_event_t aui_sysinfo(au_event_t);
95 95 static au_event_t aui_portfs(au_event_t);
96 96 static au_event_t aui_auditsys(au_event_t);
97 97 static au_event_t aui_modctl(au_event_t);
98 98 static au_event_t aui_acl(au_event_t);
99 99 static au_event_t aui_doorfs(au_event_t);
100 100 static au_event_t aui_privsys(au_event_t);
101 101 static au_event_t aui_forksys(au_event_t);
102 102 static au_event_t aui_labelsys(au_event_t);
103 103 static au_event_t aui_setpgrp(au_event_t);
104 104
105 105 static void aus_exit(struct t_audit_data *);
106 106 static void aus_open(struct t_audit_data *);
107 107 static void aus_openat(struct t_audit_data *);
108 108 static void aus_acl(struct t_audit_data *);
109 109 static void aus_acct(struct t_audit_data *);
110 110 static void aus_chown(struct t_audit_data *);
111 111 static void aus_fchown(struct t_audit_data *);
112 112 static void aus_lchown(struct t_audit_data *);
113 113 static void aus_fchownat(struct t_audit_data *);
114 114 static void aus_chmod(struct t_audit_data *);
115 115 static void aus_facl(struct t_audit_data *);
116 116 static void aus_fchmod(struct t_audit_data *);
117 117 static void aus_fchmodat(struct t_audit_data *);
118 118 static void aus_fcntl(struct t_audit_data *);
119 119 static void aus_mkdir(struct t_audit_data *);
120 120 static void aus_mkdirat(struct t_audit_data *);
121 121 static void aus_mknod(struct t_audit_data *);
122 122 static void aus_mknodat(struct t_audit_data *);
123 123 static void aus_mount(struct t_audit_data *);
124 124 static void aus_umount2(struct t_audit_data *);
125 125 static void aus_msgsys(struct t_audit_data *);
126 126 static void aus_semsys(struct t_audit_data *);
127 127 static void aus_close(struct t_audit_data *);
128 128 static void aus_fstatfs(struct t_audit_data *);
|
↓ open down ↓ |
128 lines elided |
↑ open up ↑ |
129 129 static void aus_setgid(struct t_audit_data *);
130 130 static void aus_setpgrp(struct t_audit_data *);
131 131 static void aus_setuid(struct t_audit_data *);
132 132 static void aus_shmsys(struct t_audit_data *);
133 133 static void aus_doorfs(struct t_audit_data *);
134 134 static void aus_ioctl(struct t_audit_data *);
135 135 static void aus_memcntl(struct t_audit_data *);
136 136 static void aus_mmap(struct t_audit_data *);
137 137 static void aus_munmap(struct t_audit_data *);
138 138 static void aus_priocntlsys(struct t_audit_data *);
139 +static void aus_psecflags(struct t_audit_data *);
139 140 static void aus_setegid(struct t_audit_data *);
140 141 static void aus_setgroups(struct t_audit_data *);
141 142 static void aus_seteuid(struct t_audit_data *);
142 143 static void aus_putmsg(struct t_audit_data *);
143 144 static void aus_putpmsg(struct t_audit_data *);
144 145 static void aus_getmsg(struct t_audit_data *);
145 146 static void aus_getpmsg(struct t_audit_data *);
146 147 static void aus_auditsys(struct t_audit_data *);
147 148 static void aus_sysinfo(struct t_audit_data *);
148 149 static void aus_modctl(struct t_audit_data *);
149 150 static void aus_kill(struct t_audit_data *);
150 151 static void aus_setregid(struct t_audit_data *);
151 152 static void aus_setreuid(struct t_audit_data *);
152 153 static void aus_labelsys(struct t_audit_data *);
153 154
154 155 static void auf_mknod(struct t_audit_data *, int, rval_t *);
155 156 static void auf_mknodat(struct t_audit_data *, int, rval_t *);
156 157 static void auf_msgsys(struct t_audit_data *, int, rval_t *);
157 158 static void auf_semsys(struct t_audit_data *, int, rval_t *);
158 159 static void auf_shmsys(struct t_audit_data *, int, rval_t *);
159 160 static void auf_read(struct t_audit_data *, int, rval_t *);
160 161 static void auf_write(struct t_audit_data *, int, rval_t *);
161 162
162 163 static void aus_sigqueue(struct t_audit_data *);
163 164 static void aus_p_online(struct t_audit_data *);
164 165 static void aus_processor_bind(struct t_audit_data *);
165 166 static void aus_inst_sync(struct t_audit_data *);
166 167 static void aus_brandsys(struct t_audit_data *);
167 168
168 169 static void auf_accept(struct t_audit_data *, int, rval_t *);
169 170
170 171 static void auf_bind(struct t_audit_data *, int, rval_t *);
171 172 static void auf_connect(struct t_audit_data *, int, rval_t *);
172 173 static void aus_shutdown(struct t_audit_data *);
173 174 static void auf_setsockopt(struct t_audit_data *, int, rval_t *);
174 175 static void aus_sockconfig(struct t_audit_data *);
175 176 static void auf_recv(struct t_audit_data *, int, rval_t *);
176 177 static void auf_recvmsg(struct t_audit_data *, int, rval_t *);
177 178 static void auf_send(struct t_audit_data *, int, rval_t *);
178 179 static void auf_sendmsg(struct t_audit_data *, int, rval_t *);
179 180 static void auf_recvfrom(struct t_audit_data *, int, rval_t *);
180 181 static void auf_sendto(struct t_audit_data *, int, rval_t *);
181 182 static void aus_socket(struct t_audit_data *);
182 183 /*
183 184 * This table contains mapping information for converting system call numbers
184 185 * to audit event IDs. In several cases it is necessary to map a single system
185 186 * call to several events.
186 187 */
187 188
188 189 #define aui_null NULL /* NULL initialize function */
189 190 #define aus_null NULL /* NULL start function */
190 191 #define auf_null NULL /* NULL finish function */
191 192
192 193 struct audit_s2e audit_s2e[] =
193 194 {
194 195 /*
195 196 * ---------- ---------- ---------- ----------
196 197 * INITIAL AUDIT START SYSTEM
|
↓ open down ↓ |
48 lines elided |
↑ open up ↑ |
197 198 * PROCESSING EVENT PROCESSING CALL
198 199 * ---------- ---------- ---------- -----------
199 200 * FINISH EVENT
200 201 * PROCESSING CONTROL
201 202 * ----------------------------------------------------------
202 203 */
203 204 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
204 205 auf_null, 0,
205 206 aui_null, AUE_EXIT, aus_exit, /* 1 exit */
206 207 auf_null, S2E_NPT,
207 -aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
208 +aui_null, AUE_PSECFLAGS, aus_psecflags, /* 2 psecflags */
208 209 auf_null, 0,
209 210 aui_null, AUE_READ, aus_null, /* 3 read */
210 211 auf_read, S2E_PUB,
211 212 aui_null, AUE_WRITE, aus_null, /* 4 write */
212 213 auf_write, 0,
213 214 aui_open, AUE_OPEN, aus_open, /* 5 open */
214 215 auf_null, S2E_SP,
215 216 aui_null, AUE_CLOSE, aus_close, /* 6 close */
216 217 auf_null, 0,
217 218 aui_null, AUE_LINK, aus_null, /* 7 linkat */
218 219 auf_null, 0,
219 220 aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
220 221 auf_null, 0,
221 222 aui_null, AUE_LINK, aus_null, /* 9 link */
222 223 auf_null, 0,
223 224 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
224 225 auf_null, 0,
225 226 aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
226 227 auf_null, 0,
227 228 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
228 229 auf_null, S2E_SP,
229 230 aui_null, AUE_NULL, aus_null, /* 13 time */
230 231 auf_null, 0,
231 232 aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */
232 233 auf_mknod, S2E_MLD,
233 234 aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */
234 235 auf_null, 0,
235 236 aui_null, AUE_CHOWN, aus_chown, /* 16 chown */
236 237 auf_null, 0,
237 238 aui_null, AUE_NULL, aus_null, /* 17 brk */
238 239 auf_null, 0,
239 240 aui_null, AUE_STAT, aus_null, /* 18 stat */
240 241 auf_null, S2E_PUB,
241 242 aui_null, AUE_NULL, aus_null, /* 19 lseek */
242 243 auf_null, 0,
243 244 aui_null, AUE_NULL, aus_null, /* 20 getpid */
244 245 auf_null, 0,
245 246 aui_null, AUE_MOUNT, aus_mount, /* 21 mount */
246 247 auf_null, S2E_MLD,
247 248 aui_null, AUE_READLINK, aus_null, /* 22 readlinkat */
248 249 auf_null, S2E_PUB,
249 250 aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */
250 251 auf_null, 0,
251 252 aui_null, AUE_NULL, aus_null, /* 24 getuid */
252 253 auf_null, 0,
253 254 aui_null, AUE_STIME, aus_null, /* 25 stime */
254 255 auf_null, 0,
255 256 aui_null, AUE_NULL, aus_null, /* 26 pcsample */
256 257 auf_null, 0,
257 258 aui_null, AUE_NULL, aus_null, /* 27 alarm */
258 259 auf_null, 0,
259 260 aui_null, AUE_NULL, aus_null, /* 28 fstat */
260 261 auf_null, 0,
261 262 aui_null, AUE_NULL, aus_null, /* 29 pause */
262 263 auf_null, 0,
263 264 aui_null, AUE_NULL, aus_null, /* 30 (loadable) was utime */
264 265 auf_null, 0,
265 266 aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */
266 267 auf_null, 0,
267 268 aui_null, AUE_NULL, aus_null, /* 32 gtty */
268 269 auf_null, 0,
269 270 aui_null, AUE_ACCESS, aus_null, /* 33 access */
270 271 auf_null, S2E_PUB,
271 272 aui_null, AUE_NICE, aus_null, /* 34 nice */
272 273 auf_null, 0,
273 274 aui_null, AUE_STATFS, aus_null, /* 35 statfs */
274 275 auf_null, S2E_PUB,
275 276 aui_null, AUE_NULL, aus_null, /* 36 sync */
276 277 auf_null, 0,
277 278 aui_null, AUE_KILL, aus_kill, /* 37 kill */
278 279 auf_null, 0,
279 280 aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */
280 281 auf_null, S2E_PUB,
281 282 aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */
282 283 auf_null, 0,
283 284 aui_null, AUE_NULL, aus_null, /* 40 uucopystr */
284 285 auf_null, 0,
285 286 aui_null, AUE_NULL, aus_null, /* 41 (loadable) was dup */
286 287 auf_null, 0,
287 288 aui_null, AUE_PIPE, aus_null, /* 42 (loadable) pipe */
288 289 auf_null, 0,
289 290 aui_null, AUE_NULL, aus_null, /* 43 times */
290 291 auf_null, 0,
291 292 aui_null, AUE_NULL, aus_null, /* 44 profil */
292 293 auf_null, 0,
293 294 aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */
294 295 auf_null, S2E_PUB,
295 296 aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */
296 297 auf_null, 0,
297 298 aui_null, AUE_NULL, aus_null, /* 47 getgid */
298 299 auf_null, 0,
299 300 aui_null, AUE_MKNOD, aus_mknodat, /* 48 mknodat */
300 301 auf_mknodat, S2E_MLD,
301 302 aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) msgsys */
302 303 auf_msgsys, 0,
303 304 #if defined(__x86)
304 305 aui_null, AUE_NULL, aus_null, /* 50 sysi86 */
305 306 auf_null, 0,
306 307 #else
307 308 aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */
308 309 auf_null, 0,
309 310 #endif /* __x86 */
310 311 aui_null, AUE_ACCT, aus_acct, /* 51 (loadable) sysacct */
311 312 auf_null, 0,
312 313 aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 (loadable) shmsys */
313 314 auf_shmsys, 0,
314 315 aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 (loadable) semsys */
315 316 auf_semsys, 0,
316 317 aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */
317 318 auf_null, 0,
318 319 aui_null, AUE_NULL, aus_null, /* 55 uadmin */
319 320 auf_null, 0,
320 321 aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */
321 322 auf_null, 0,
322 323 aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */
323 324 auf_null, 0,
324 325 aui_null, AUE_NULL, aus_null, /* 58 fsync */
325 326 auf_null, 0,
326 327 aui_execve, AUE_EXECVE, aus_null, /* 59 exece */
327 328 auf_null, S2E_MLD,
328 329 aui_null, AUE_NULL, aus_null, /* 60 umask */
329 330 auf_null, 0,
330 331 aui_null, AUE_CHROOT, aus_null, /* 61 chroot */
331 332 auf_null, S2E_SP,
332 333 aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */
333 334 auf_null, 0,
334 335 aui_null, AUE_NULL, aus_null, /* 63 ulimit */
335 336 auf_null, 0,
336 337 aui_null, AUE_RENAME, aus_null, /* 64 renameat */
337 338 auf_null, 0,
338 339 aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */
339 340 auf_null, 0,
340 341 aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */
341 342 auf_null, S2E_PUB,
342 343 aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */
343 344 auf_null, S2E_PUB,
344 345 aui_openat, AUE_OPEN, aus_openat, /* 68 openat */
345 346 auf_null, S2E_SP,
346 347 aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */
347 348 auf_null, S2E_SP,
348 349 aui_null, AUE_NULL, aus_null, /* 70 tasksys */
349 350 auf_null, 0,
350 351 aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */
351 352 auf_null, 0,
352 353 aui_null, AUE_NULL, aus_null, /* 72 (loadable) exacct */
353 354 auf_null, 0,
354 355 aui_null, AUE_NULL, aus_null, /* 73 getpagesizes */
355 356 auf_null, 0,
356 357 aui_null, AUE_NULL, aus_null, /* 74 rctlsys */
357 358 auf_null, 0,
358 359 aui_null, AUE_NULL, aus_null, /* 75 sidsys */
359 360 auf_null, 0,
360 361 aui_null, AUE_NULL, aus_null, /* 76 (loadable) was fsat */
361 362 auf_null, 0,
362 363 aui_null, AUE_NULL, aus_null, /* 77 syslwp_park */
363 364 auf_null, 0,
364 365 aui_null, AUE_NULL, aus_null, /* 78 sendfilev */
365 366 auf_null, 0,
366 367 aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */
367 368 auf_null, 0,
368 369 aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */
369 370 auf_null, 0,
370 371 aui_null, AUE_NULL, aus_null, /* 81 getdents */
371 372 auf_null, 0,
372 373 aui_privsys, AUE_NULL, aus_null, /* 82 privsys */
373 374 auf_null, 0,
374 375 aui_null, AUE_NULL, aus_null, /* 83 ucredsys */
375 376 auf_null, 0,
376 377 aui_null, AUE_NULL, aus_null, /* 84 sysfs */
377 378 auf_null, 0,
378 379 aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */
379 380 auf_null, 0,
380 381 aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */
381 382 auf_null, 0,
382 383 aui_null, AUE_NULL, aus_null, /* 87 (loadable) was poll */
383 384 auf_null, 0,
384 385 aui_null, AUE_LSTAT, aus_null, /* 88 lstat */
385 386 auf_null, S2E_PUB,
386 387 aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */
387 388 auf_null, 0,
388 389 aui_null, AUE_READLINK, aus_null, /* 90 readlink */
389 390 auf_null, S2E_PUB,
390 391 aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */
391 392 auf_null, 0,
392 393 aui_null, AUE_NULL, aus_null, /* 92 getgroups */
393 394 auf_null, 0,
394 395 aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */
395 396 auf_null, 0,
396 397 aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */
397 398 auf_null, 0,
398 399 aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */
399 400 auf_null, 0,
400 401 aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */
401 402 auf_null, 0,
402 403 aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */
403 404 auf_null, 0,
404 405 aui_null, AUE_NULL, aus_null, /* 98 sigaction */
405 406 auf_null, 0,
406 407 aui_null, AUE_NULL, aus_null, /* 99 sigpending */
407 408 auf_null, 0,
408 409 aui_null, AUE_NULL, aus_null, /* 100 setcontext */
409 410 auf_null, 0,
410 411 aui_fchmodat, AUE_NULL, aus_fchmodat, /* 101 fchmodat */
411 412 auf_null, 0,
412 413 aui_null, AUE_MKDIR, aus_mkdirat, /* 102 mkdirat */
413 414 auf_null, 0,
414 415 aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */
415 416 auf_null, S2E_PUB,
416 417 aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */
417 418 auf_null, 0,
418 419 aui_null, AUE_NULL, aus_null, /* 105 getloadavg */
419 420 auf_null, 0,
420 421 aui_null, AUE_NULL, aus_null, /* 106 nfssys */
421 422 auf_null, 0,
422 423 aui_null, AUE_NULL, aus_null, /* 107 waitsys */
423 424 auf_null, 0,
424 425 aui_null, AUE_NULL, aus_null, /* 108 sigsendsys */
425 426 auf_null, 0,
426 427 #if defined(__x86)
427 428 aui_null, AUE_NULL, aus_null, /* 109 hrtsys */
428 429 auf_null, 0,
429 430 #else
430 431 aui_null, AUE_NULL, aus_null, /* 109 (loadable) */
431 432 auf_null, 0,
432 433 #endif /* __x86 */
433 434 aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */
434 435 auf_null, 0,
435 436 aui_null, AUE_NULL, aus_null, /* 111 sigresend */
436 437 auf_null, 0,
437 438 aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */
438 439 auf_null, 0,
439 440 aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */
440 441 auf_null, S2E_PUB,
441 442 aui_null, AUE_NULL, aus_null, /* 114 mincore */
442 443 auf_null, 0,
443 444 aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */
444 445 auf_null, 0,
445 446 aui_null, AUE_NULL, aus_null, /* 116 mprotect */
446 447 auf_null, 0,
447 448 aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */
448 449 auf_null, 0,
449 450 aui_null, AUE_NULL, aus_null, /* 118 fpathconf */
450 451 auf_null, 0,
451 452 aui_null, AUE_VFORK, aus_null, /* 119 vfork */
452 453 auf_null, 0,
453 454 aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */
454 455 auf_null, 0,
455 456 aui_null, AUE_READ, aus_null, /* 121 readv */
456 457 auf_read, S2E_PUB,
457 458 aui_null, AUE_WRITE, aus_null, /* 122 writev */
458 459 auf_write, 0,
459 460 aui_null, AUE_NULL, aus_null, /* 123 (loadable) was xstat */
460 461 auf_null, 0,
461 462 aui_null, AUE_NULL, aus_null, /* 124 (loadable) was lxstat */
462 463 auf_null, 0,
463 464 aui_null, AUE_NULL, aus_null, /* 125 (loadable) was fxstat */
464 465 auf_null, 0,
465 466 aui_null, AUE_NULL, aus_null, /* 126 (loadable) was xmknod */
466 467 auf_null, 0,
467 468 aui_null, AUE_NULL, aus_null, /* 127 mmapobj */
468 469 auf_null, 0,
469 470 aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */
470 471 auf_null, 0,
471 472 aui_null, AUE_NULL, aus_null, /* 129 getrlimit */
472 473 auf_null, 0,
473 474 aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */
474 475 auf_null, 0,
475 476 aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */
476 477 auf_null, 0,
477 478 aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */
478 479 auf_null, 0,
479 480 aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */
480 481 auf_null, 0,
481 482 aui_null, AUE_RENAME, aus_null, /* 134 rename */
482 483 auf_null, 0,
483 484 aui_null, AUE_NULL, aus_null, /* 135 uname */
484 485 auf_null, 0,
485 486 aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */
486 487 auf_null, 0,
487 488 aui_null, AUE_NULL, aus_null, /* 137 sysconfig */
488 489 auf_null, 0,
489 490 aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */
490 491 auf_null, 0,
491 492 aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */
492 493 auf_null, 0,
493 494 aui_null, AUE_NULL, aus_null, /* 140 (loadable) sharefs */
494 495 auf_null, 0,
495 496 aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */
496 497 auf_null, 0,
497 498 aui_forksys, AUE_NULL, aus_null, /* 142 forksys */
498 499 auf_null, 0,
499 500 aui_null, AUE_NULL, aus_null, /* 143 (loadable) was fork1 */
500 501 auf_null, 0,
501 502 aui_null, AUE_NULL, aus_null, /* 144 sigwait */
502 503 auf_null, 0,
503 504 aui_null, AUE_NULL, aus_null, /* 145 lwp_info */
504 505 auf_null, 0,
505 506 aui_null, AUE_NULL, aus_null, /* 146 yield */
506 507 auf_null, 0,
507 508 aui_null, AUE_NULL, aus_null, /* 147 (loadable) */
508 509 /* was lwp_sema_wait */
509 510 auf_null, 0,
510 511 aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */
511 512 auf_null, 0,
512 513 aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */
513 514 auf_null, 0,
514 515 aui_null, AUE_NULL, aus_null, /* 150 lwp_detach */
515 516 auf_null, 0,
516 517 aui_null, AUE_NULL, aus_null, /* 151 corectl */
517 518 auf_null, 0,
518 519 aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */
519 520 auf_null, 0,
520 521 aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */
521 522 auf_null, 0,
522 523 aui_null, AUE_NULL, aus_null, /* 154 (loadable) was utimes */
523 524 auf_null, 0,
524 525 aui_null, AUE_NULL, aus_null, /* 155 vhangup */
525 526 auf_null, 0,
526 527 aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */
527 528 auf_null, 0,
528 529 aui_null, AUE_NULL, aus_null, /* 157 getitimer */
529 530 auf_null, 0,
530 531 aui_null, AUE_NULL, aus_null, /* 158 setitimer */
531 532 auf_null, 0,
532 533 aui_null, AUE_NULL, aus_null, /* 159 lwp_create */
533 534 auf_null, 0,
534 535 aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */
535 536 auf_null, 0,
536 537 aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */
537 538 auf_null, 0,
538 539 aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */
539 540 auf_null, 0,
540 541 aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */
541 542 auf_null, 0,
542 543 aui_null, AUE_NULL, aus_null, /* 164 lwp_self */
543 544 auf_null, 0,
544 545 aui_null, AUE_NULL, aus_null, /* 165 lwp_sigmask */
545 546 auf_null, 0,
546 547 aui_null, AUE_NULL, aus_null, /* 166 lwp_private */
547 548 auf_null, 0,
548 549 aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */
549 550 auf_null, 0,
550 551 aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */
551 552 auf_null, 0,
552 553 aui_null, AUE_NULL, aus_null, /* 169 (loadable) */
553 554 /* was lwp_mutex_lock */
554 555 auf_null, 0,
555 556 aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */
556 557 auf_null, 0,
557 558 aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */
558 559 auf_null, 0,
559 560 aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */
560 561 auf_null, 0,
561 562 aui_null, AUE_READ, aus_null, /* 173 pread */
562 563 auf_read, S2E_PUB,
563 564 aui_null, AUE_WRITE, aus_null, /* 174 pwrite */
564 565 auf_write, 0,
565 566 aui_null, AUE_NULL, aus_null, /* 175 llseek */
566 567 auf_null, 0,
567 568 aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) inst_sync */
568 569 auf_null, 0,
569 570 aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */
570 571 auf_null, 0,
571 572 aui_null, AUE_NULL, aus_null, /* 178 (loadable) kaio */
572 573 auf_null, 0,
573 574 aui_null, AUE_NULL, aus_null, /* 179 (loadable) cpc */
574 575 auf_null, 0,
575 576 aui_null, AUE_NULL, aus_null, /* 180 lgrpsys */
576 577 auf_null, 0,
577 578 aui_null, AUE_NULL, aus_null, /* 181 rusagesys */
578 579 auf_null, 0,
579 580 aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */
580 581 auf_null, S2E_MLD,
581 582 aui_null, AUE_NULL, aus_null, /* 183 pollsys */
582 583 auf_null, 0,
583 584 aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */
584 585 auf_null, 0,
585 586 aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */
586 587 auf_null, 0,
587 588 aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */
588 589 auf_null, 0,
589 590 aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, /* 187 processor_bind */
590 591 auf_null, 0,
591 592 aui_null, AUE_NULL, aus_null, /* 188 processor_info */
592 593 auf_null, 0,
593 594 aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */
594 595 auf_null, 0,
595 596 aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */
596 597 auf_null, 0,
597 598 aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */
598 599 auf_null, 0,
599 600 aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */
600 601 auf_null, 0,
601 602 aui_null, AUE_NULL, aus_null, /* 193 clock_getres */
602 603 auf_null, 0,
603 604 aui_null, AUE_NULL, aus_null, /* 194 timer_create */
604 605 auf_null, 0,
605 606 aui_null, AUE_NULL, aus_null, /* 195 timer_delete */
606 607 auf_null, 0,
607 608 aui_null, AUE_NULL, aus_null, /* 196 timer_settime */
608 609 auf_null, 0,
609 610 aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */
610 611 auf_null, 0,
611 612 aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */
612 613 auf_null, 0,
613 614 aui_null, AUE_NULL, aus_null, /* 199 nanosleep */
614 615 auf_null, 0,
615 616 aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */
616 617 auf_null, 0,
617 618 aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */
618 619 auf_null, 0,
619 620 aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */
620 621 auf_null, 0,
621 622 aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */
622 623 auf_null, 0,
623 624 aui_null, AUE_NULL, aus_null, /* 204 install_utrap */
624 625 auf_null, 0,
625 626 aui_null, AUE_NULL, aus_null, /* 205 signotify */
626 627 auf_null, 0,
627 628 aui_null, AUE_NULL, aus_null, /* 206 schedctl */
628 629 auf_null, 0,
629 630 aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */
630 631 auf_null, 0,
631 632 aui_null, AUE_NULL, aus_null, /* 208 sparc_utrap_install */
632 633 auf_null, 0,
633 634 aui_null, AUE_NULL, aus_null, /* 209 resolvepath */
634 635 auf_null, 0,
635 636 aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */
636 637 auf_null, 0,
637 638 aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */
638 639 auf_null, 0,
639 640 aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */
640 641 auf_null, 0,
641 642 aui_null, AUE_NULL, aus_null, /* 213 getdents64 */
642 643 auf_null, 0,
643 644 aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */
644 645 auf_null, 0,
645 646 aui_null, AUE_STAT, aus_null, /* 215 stat64 */
646 647 auf_null, S2E_PUB,
647 648 aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */
648 649 auf_null, S2E_PUB,
649 650 aui_null, AUE_NULL, aus_null, /* 217 fstat64 */
650 651 auf_null, 0,
651 652 aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */
652 653 auf_null, S2E_PUB,
653 654 aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */
654 655 auf_null, 0,
655 656 aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */
656 657 auf_null, 0,
657 658 aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */
658 659 auf_null, 0,
659 660 aui_null, AUE_READ, aus_null, /* 222 pread64 */
660 661 auf_read, S2E_PUB,
661 662 aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */
662 663 auf_write, 0,
663 664 aui_null, AUE_NULL, aus_null, /* 224 (loadable) was creat64 */
664 665 auf_null, 0,
665 666 aui_open, AUE_OPEN, aus_open, /* 225 open64 */
666 667 auf_null, S2E_SP,
667 668 aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */
668 669 auf_null, 0,
669 670 aui_null, AUE_NULL, aus_null, /* 227 zone */
670 671 auf_null, 0,
671 672 aui_null, AUE_NULL, aus_null, /* 228 (loadable) autofssys */
672 673 auf_null, 0,
673 674 aui_null, AUE_NULL, aus_null, /* 229 getcwd */
674 675 auf_null, 0,
675 676 aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */
676 677 auf_null, 0,
677 678 aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */
678 679 auf_null, 0,
679 680 aui_null, AUE_BIND, aus_null, /* 232 bind */
680 681 auf_bind, 0,
681 682 aui_null, AUE_NULL, aus_null, /* 233 listen */
682 683 auf_null, 0,
683 684 aui_null, AUE_ACCEPT, aus_null, /* 234 accept */
684 685 auf_accept, 0,
685 686 aui_null, AUE_CONNECT, aus_null, /* 235 connect */
686 687 auf_connect, 0,
687 688 aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */
688 689 auf_null, 0,
689 690 aui_null, AUE_READ, aus_null, /* 237 recv */
690 691 auf_recv, 0,
691 692 aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */
692 693 auf_recvfrom, 0,
693 694 aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */
694 695 auf_recvmsg, 0,
695 696 aui_null, AUE_WRITE, aus_null, /* 240 send */
696 697 auf_send, 0,
697 698 aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */
698 699 auf_sendmsg, 0,
699 700 aui_null, AUE_SENDTO, aus_null, /* 242 sendto */
700 701 auf_sendto, 0,
701 702 aui_null, AUE_NULL, aus_null, /* 243 getpeername */
702 703 auf_null, 0,
703 704 aui_null, AUE_NULL, aus_null, /* 244 getsockname */
704 705 auf_null, 0,
705 706 aui_null, AUE_NULL, aus_null, /* 245 getsockopt */
706 707 auf_null, 0,
707 708 aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */
708 709 auf_setsockopt, 0,
709 710 aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */
710 711 auf_null, 0,
711 712 aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */
712 713 auf_null, 0,
713 714 aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */
714 715 auf_null, 0,
715 716 aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */
716 717 auf_null, 0,
717 718 aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */
718 719 auf_null, 0,
719 720 aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */
720 721 auf_null, 0,
721 722 aui_null, AUE_NULL, aus_null, /* 253 cladm */
722 723 auf_null, 0,
723 724 aui_null, AUE_NULL, aus_null, /* 254 uucopy */
724 725 auf_null, 0,
725 726 aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */
726 727 auf_null, 0
727 728 };
728 729
729 730 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
730 731
731 732
732 733 /* exit start function */
733 734 /*ARGSUSED*/
734 735 static void
735 736 aus_exit(struct t_audit_data *tad)
|
↓ open down ↓ |
518 lines elided |
↑ open up ↑ |
736 737 {
737 738 uint32_t rval;
738 739 struct a {
739 740 long rval;
740 741 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
741 742
742 743 rval = (uint32_t)uap->rval;
743 744 au_uwrite(au_to_arg32(1, "exit status", rval));
744 745 }
745 746
747 +/*ARGSUSED*/
748 +static void
749 +aus_psecflags(struct t_audit_data *tad)
750 +{
751 + struct a {
752 + uintptr_t psp; /* procset_t */
753 + uint_t cmd; /* psecflags_cmd_t */
754 + uint_t arg;
755 + } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
756 +
757 + au_uwrite(au_to_arg32(2, "cmd", (uint_t)uap->cmd));
758 + au_uwrite(au_to_arg32(3, "arg", (uint_t)uap->arg));
759 +}
760 +
746 761 /* acct start function */
747 762 /*ARGSUSED*/
748 763 static void
749 764 aus_acct(struct t_audit_data *tad)
750 765 {
751 766 klwp_t *clwp = ttolwp(curthread);
752 767 uintptr_t fname;
753 768
754 769 struct a {
755 770 long fname; /* char * */
756 771 } *uap = (struct a *)clwp->lwp_ap;
757 772
758 773 fname = (uintptr_t)uap->fname;
759 774
760 775 if (fname == 0)
761 776 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
762 777 }
763 778
764 779 /* chown start function */
765 780 /*ARGSUSED*/
766 781 static void
767 782 aus_chown(struct t_audit_data *tad)
768 783 {
769 784 klwp_t *clwp = ttolwp(curthread);
770 785 uint32_t uid, gid;
771 786
772 787 struct a {
773 788 long fname; /* char * */
774 789 long uid;
775 790 long gid;
776 791 } *uap = (struct a *)clwp->lwp_ap;
777 792
778 793 uid = (uint32_t)uap->uid;
779 794 gid = (uint32_t)uap->gid;
780 795
781 796 au_uwrite(au_to_arg32(2, "new file uid", uid));
782 797 au_uwrite(au_to_arg32(3, "new file gid", gid));
783 798 }
784 799
785 800 /* fchown start function */
786 801 /*ARGSUSED*/
787 802 static void
788 803 aus_fchown(struct t_audit_data *tad)
789 804 {
790 805 klwp_t *clwp = ttolwp(curthread);
791 806 uint32_t uid, gid, fd;
792 807 struct file *fp;
793 808 struct vnode *vp;
794 809 struct f_audit_data *fad;
795 810
796 811 struct a {
797 812 long fd;
798 813 long uid;
799 814 long gid;
800 815 } *uap = (struct a *)clwp->lwp_ap;
801 816
802 817 fd = (uint32_t)uap->fd;
803 818 uid = (uint32_t)uap->uid;
804 819 gid = (uint32_t)uap->gid;
805 820
806 821 au_uwrite(au_to_arg32(2, "new file uid", uid));
807 822 au_uwrite(au_to_arg32(3, "new file gid", gid));
808 823
809 824 /*
810 825 * convert file pointer to file descriptor
811 826 * Note: fd ref count incremented here.
812 827 */
813 828 if ((fp = getf(fd)) == NULL)
814 829 return;
815 830
816 831 /* get path from file struct here */
817 832 fad = F2A(fp);
818 833 if (fad->fad_aupath != NULL) {
819 834 au_uwrite(au_to_path(fad->fad_aupath));
820 835 } else {
821 836 au_uwrite(au_to_arg32(1, "no path: fd", fd));
822 837 }
823 838
824 839 vp = fp->f_vnode;
825 840 audit_attributes(vp);
826 841
827 842 /* decrement file descriptor reference count */
828 843 releasef(fd);
829 844 }
830 845
831 846 /*ARGSUSED*/
832 847 static void
833 848 aus_lchown(struct t_audit_data *tad)
834 849 {
835 850 klwp_t *clwp = ttolwp(curthread);
836 851 uint32_t uid, gid;
837 852
838 853
839 854 struct a {
840 855 long fname; /* char * */
841 856 long uid;
842 857 long gid;
843 858 } *uap = (struct a *)clwp->lwp_ap;
844 859
845 860 uid = (uint32_t)uap->uid;
846 861 gid = (uint32_t)uap->gid;
847 862
848 863 au_uwrite(au_to_arg32(2, "new file uid", uid));
849 864 au_uwrite(au_to_arg32(3, "new file gid", gid));
850 865 }
851 866
852 867 static au_event_t
853 868 aui_fchownat(au_event_t e)
854 869 {
855 870 klwp_t *clwp = ttolwp(curthread);
856 871
857 872 struct a {
858 873 long fd;
859 874 long fname; /* char * */
860 875 long uid;
861 876 long gid;
862 877 long flags;
863 878 } *uap = (struct a *)clwp->lwp_ap;
864 879
865 880 if (uap->fname == NULL)
866 881 e = AUE_FCHOWN;
867 882 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
868 883 e = AUE_LCHOWN;
869 884 else
870 885 e = AUE_CHOWN;
871 886
872 887 return (e);
873 888 }
874 889
875 890 /*ARGSUSED*/
876 891 static void
877 892 aus_fchownat(struct t_audit_data *tad)
878 893 {
879 894 klwp_t *clwp = ttolwp(curthread);
880 895 uint32_t uid, gid;
881 896
882 897 struct a {
883 898 long fd;
884 899 long fname; /* char * */
885 900 long uid;
886 901 long gid;
887 902 long flags;
888 903 } *uap = (struct a *)clwp->lwp_ap;
889 904
890 905 uid = (uint32_t)uap->uid;
891 906 gid = (uint32_t)uap->gid;
892 907
893 908 au_uwrite(au_to_arg32(3, "new file uid", uid));
894 909 au_uwrite(au_to_arg32(4, "new file gid", gid));
895 910 }
896 911
897 912 /*ARGSUSED*/
898 913 static void
899 914 aus_chmod(struct t_audit_data *tad)
900 915 {
901 916 klwp_t *clwp = ttolwp(curthread);
902 917 uint32_t fmode;
903 918
904 919 struct a {
905 920 long fname; /* char * */
906 921 long fmode;
907 922 } *uap = (struct a *)clwp->lwp_ap;
908 923
909 924 fmode = (uint32_t)uap->fmode;
910 925
911 926 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
912 927 }
913 928
914 929 /*ARGSUSED*/
915 930 static void
916 931 aus_fchmod(struct t_audit_data *tad)
917 932 {
918 933 klwp_t *clwp = ttolwp(curthread);
919 934 uint32_t fmode, fd;
920 935 struct file *fp;
921 936 struct vnode *vp;
922 937 struct f_audit_data *fad;
923 938
924 939 struct a {
925 940 long fd;
926 941 long fmode;
927 942 } *uap = (struct a *)clwp->lwp_ap;
928 943
929 944 fd = (uint32_t)uap->fd;
930 945 fmode = (uint32_t)uap->fmode;
931 946
932 947 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
933 948
934 949 /*
935 950 * convert file pointer to file descriptor
936 951 * Note: fd ref count incremented here.
937 952 */
938 953 if ((fp = getf(fd)) == NULL)
939 954 return;
940 955
941 956 /* get path from file struct here */
942 957 fad = F2A(fp);
943 958 if (fad->fad_aupath != NULL) {
944 959 au_uwrite(au_to_path(fad->fad_aupath));
945 960 } else {
946 961 au_uwrite(au_to_arg32(1, "no path: fd", fd));
947 962 }
948 963
949 964 vp = fp->f_vnode;
950 965 audit_attributes(vp);
951 966
952 967 /* decrement file descriptor reference count */
953 968 releasef(fd);
954 969 }
955 970
956 971 static au_event_t
957 972 aui_fchmodat(au_event_t e)
958 973 {
959 974 klwp_t *clwp = ttolwp(curthread);
960 975
961 976 struct a {
962 977 long fd;
963 978 long fname; /* char * */
964 979 long fmode;
965 980 long flag;
966 981 } *uap = (struct a *)clwp->lwp_ap;
967 982
968 983 if (uap->fname == NULL)
969 984 e = AUE_FCHMOD;
970 985 else
971 986 e = AUE_CHMOD;
972 987
973 988 return (e);
974 989 }
975 990
976 991 /*ARGSUSED*/
977 992 static void
978 993 aus_fchmodat(struct t_audit_data *tad)
979 994 {
980 995 klwp_t *clwp = ttolwp(curthread);
981 996 uint32_t fmode;
982 997 uint32_t fd;
983 998 struct file *fp;
984 999 struct vnode *vp;
985 1000 struct f_audit_data *fad;
986 1001
987 1002 struct a {
988 1003 long fd;
989 1004 long fname; /* char * */
990 1005 long fmode;
991 1006 long flag;
992 1007 } *uap = (struct a *)clwp->lwp_ap;
993 1008
994 1009 fd = (uint32_t)uap->fd;
995 1010 fmode = (uint32_t)uap->fmode;
996 1011
997 1012 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
998 1013
999 1014 if (fd == AT_FDCWD || uap->fname != NULL) /* same as chmod() */
1000 1015 return;
1001 1016
1002 1017 /*
1003 1018 * convert file pointer to file descriptor
1004 1019 * Note: fd ref count incremented here.
1005 1020 */
1006 1021 if ((fp = getf(fd)) == NULL)
1007 1022 return;
1008 1023
1009 1024 /* get path from file struct here */
1010 1025 fad = F2A(fp);
1011 1026 if (fad->fad_aupath != NULL) {
1012 1027 au_uwrite(au_to_path(fad->fad_aupath));
1013 1028 } else {
1014 1029 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1015 1030 }
1016 1031
1017 1032 vp = fp->f_vnode;
1018 1033 audit_attributes(vp);
1019 1034
1020 1035 /* decrement file descriptor reference count */
1021 1036 releasef(fd);
1022 1037 }
1023 1038
1024 1039 /*
1025 1040 * convert open mode to appropriate open event
1026 1041 */
1027 1042 au_event_t
1028 1043 open_event(uint_t fm)
1029 1044 {
1030 1045 au_event_t e;
1031 1046
1032 1047 switch (fm & (O_ACCMODE | O_CREAT | O_TRUNC)) {
1033 1048 case O_RDONLY:
1034 1049 e = AUE_OPEN_R;
1035 1050 break;
1036 1051 case O_RDONLY | O_CREAT:
1037 1052 e = AUE_OPEN_RC;
1038 1053 break;
1039 1054 case O_RDONLY | O_TRUNC:
1040 1055 e = AUE_OPEN_RT;
1041 1056 break;
1042 1057 case O_RDONLY | O_TRUNC | O_CREAT:
1043 1058 e = AUE_OPEN_RTC;
1044 1059 break;
1045 1060 case O_WRONLY:
1046 1061 e = AUE_OPEN_W;
1047 1062 break;
1048 1063 case O_WRONLY | O_CREAT:
1049 1064 e = AUE_OPEN_WC;
1050 1065 break;
1051 1066 case O_WRONLY | O_TRUNC:
1052 1067 e = AUE_OPEN_WT;
1053 1068 break;
1054 1069 case O_WRONLY | O_TRUNC | O_CREAT:
1055 1070 e = AUE_OPEN_WTC;
1056 1071 break;
1057 1072 case O_RDWR:
1058 1073 e = AUE_OPEN_RW;
1059 1074 break;
1060 1075 case O_RDWR | O_CREAT:
1061 1076 e = AUE_OPEN_RWC;
1062 1077 break;
1063 1078 case O_RDWR | O_TRUNC:
1064 1079 e = AUE_OPEN_RWT;
1065 1080 break;
1066 1081 case O_RDWR | O_TRUNC | O_CREAT:
1067 1082 e = AUE_OPEN_RWTC;
1068 1083 break;
1069 1084 case O_SEARCH:
1070 1085 e = AUE_OPEN_S;
1071 1086 break;
1072 1087 case O_EXEC:
1073 1088 e = AUE_OPEN_E;
1074 1089 break;
1075 1090 default:
1076 1091 e = AUE_NULL;
1077 1092 break;
1078 1093 }
1079 1094
1080 1095 return (e);
1081 1096 }
1082 1097
1083 1098 /* ARGSUSED */
1084 1099 static au_event_t
1085 1100 aui_open(au_event_t e)
1086 1101 {
1087 1102 klwp_t *clwp = ttolwp(curthread);
1088 1103 uint_t fm;
1089 1104
1090 1105 struct a {
1091 1106 long fnamep; /* char * */
1092 1107 long fmode;
1093 1108 long cmode;
1094 1109 } *uap = (struct a *)clwp->lwp_ap;
1095 1110
1096 1111 fm = (uint_t)uap->fmode;
1097 1112
1098 1113 return (open_event(fm));
1099 1114 }
1100 1115
1101 1116 static void
1102 1117 aus_open(struct t_audit_data *tad)
1103 1118 {
1104 1119 klwp_t *clwp = ttolwp(curthread);
1105 1120 uint_t fm;
1106 1121
1107 1122 struct a {
1108 1123 long fnamep; /* char * */
1109 1124 long fmode;
1110 1125 long cmode;
1111 1126 } *uap = (struct a *)clwp->lwp_ap;
1112 1127
1113 1128 fm = (uint_t)uap->fmode;
1114 1129
1115 1130 /* If no write, create, or trunc modes, mark as a public op */
1116 1131 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1117 1132 tad->tad_ctrl |= TAD_PUBLIC_EV;
1118 1133 }
1119 1134
1120 1135 /* ARGSUSED */
1121 1136 static au_event_t
1122 1137 aui_openat(au_event_t e)
1123 1138 {
1124 1139 t_audit_data_t *tad = T2A(curthread);
1125 1140 klwp_t *clwp = ttolwp(curthread);
1126 1141 uint_t fm;
1127 1142
1128 1143 struct a {
1129 1144 long filedes;
1130 1145 long fnamep; /* char * */
1131 1146 long fmode;
1132 1147 long cmode;
1133 1148 } *uap = (struct a *)clwp->lwp_ap;
1134 1149
1135 1150 fm = (uint_t)uap->fmode;
1136 1151
1137 1152 /*
1138 1153 * __openattrdirat() does an extra pathname lookup in order to
1139 1154 * enter the extended system attribute namespace of the referenced
1140 1155 * extended attribute filename.
1141 1156 */
1142 1157 if (fm & FXATTRDIROPEN)
1143 1158 tad->tad_ctrl |= TAD_MLD;
1144 1159
1145 1160 return (open_event(fm));
1146 1161 }
1147 1162
1148 1163 static void
1149 1164 aus_openat(struct t_audit_data *tad)
1150 1165 {
1151 1166 klwp_t *clwp = ttolwp(curthread);
1152 1167 uint_t fm;
1153 1168
1154 1169 struct a {
1155 1170 long filedes;
1156 1171 long fnamep; /* char * */
1157 1172 long fmode;
1158 1173 long cmode;
1159 1174 } *uap = (struct a *)clwp->lwp_ap;
1160 1175
1161 1176 fm = (uint_t)uap->fmode;
1162 1177
1163 1178 /* If no write, create, or trunc modes, mark as a public op */
1164 1179 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1165 1180 tad->tad_ctrl |= TAD_PUBLIC_EV;
1166 1181 }
1167 1182
1168 1183 static au_event_t
1169 1184 aui_unlinkat(au_event_t e)
1170 1185 {
1171 1186 klwp_t *clwp = ttolwp(curthread);
1172 1187
1173 1188 struct a {
1174 1189 long filedes;
1175 1190 long fnamep; /* char * */
1176 1191 long flags;
1177 1192 } *uap = (struct a *)clwp->lwp_ap;
1178 1193
1179 1194 if (uap->flags & AT_REMOVEDIR)
1180 1195 e = AUE_RMDIR;
1181 1196 else
1182 1197 e = AUE_UNLINK;
1183 1198
1184 1199 return (e);
1185 1200 }
1186 1201
1187 1202 static au_event_t
1188 1203 aui_fstatat(au_event_t e)
1189 1204 {
1190 1205 klwp_t *clwp = ttolwp(curthread);
1191 1206
1192 1207 struct a {
1193 1208 long filedes;
1194 1209 long fnamep; /* char * */
1195 1210 long statb;
1196 1211 long flags;
1197 1212 } *uap = (struct a *)clwp->lwp_ap;
1198 1213
1199 1214 if (uap->fnamep == NULL)
1200 1215 e = AUE_FSTAT;
1201 1216 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
1202 1217 e = AUE_LSTAT;
1203 1218 else
1204 1219 e = AUE_STAT;
1205 1220
1206 1221 return (e);
1207 1222 }
1208 1223
1209 1224 /* msgsys */
1210 1225 static au_event_t
1211 1226 aui_msgsys(au_event_t e)
1212 1227 {
1213 1228 klwp_t *clwp = ttolwp(curthread);
1214 1229 uint_t fm;
1215 1230
1216 1231 struct a {
1217 1232 long id; /* function code id */
1218 1233 long ap; /* arg pointer for recvmsg */
1219 1234 } *uap = (struct a *)clwp->lwp_ap;
1220 1235
1221 1236 struct b {
1222 1237 long msgid;
1223 1238 long cmd;
1224 1239 long buf; /* struct msqid_ds * */
1225 1240 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1226 1241
1227 1242 fm = (uint_t)uap->id;
1228 1243
1229 1244 switch (fm) {
1230 1245 case 0: /* msgget */
1231 1246 e = AUE_MSGGET;
1232 1247 break;
1233 1248 case 1: /* msgctl */
1234 1249 switch ((uint_t)uap1->cmd) {
1235 1250 case IPC_RMID:
1236 1251 e = AUE_MSGCTL_RMID;
1237 1252 break;
1238 1253 case IPC_SET:
1239 1254 e = AUE_MSGCTL_SET;
1240 1255 break;
1241 1256 case IPC_STAT:
1242 1257 e = AUE_MSGCTL_STAT;
1243 1258 break;
1244 1259 default:
1245 1260 e = AUE_MSGCTL;
1246 1261 break;
1247 1262 }
1248 1263 break;
1249 1264 case 2: /* msgrcv */
1250 1265 e = AUE_MSGRCV;
1251 1266 break;
1252 1267 case 3: /* msgsnd */
1253 1268 e = AUE_MSGSND;
1254 1269 break;
1255 1270 default: /* illegal system call */
1256 1271 e = AUE_NULL;
1257 1272 break;
1258 1273 }
1259 1274
1260 1275 return (e);
1261 1276 }
1262 1277
1263 1278
1264 1279 /* shmsys */
1265 1280 static au_event_t
1266 1281 aui_shmsys(au_event_t e)
1267 1282 {
1268 1283 klwp_t *clwp = ttolwp(curthread);
1269 1284 int fm;
1270 1285
1271 1286 struct a { /* shmsys */
1272 1287 long id; /* function code id */
1273 1288 } *uap = (struct a *)clwp->lwp_ap;
1274 1289
1275 1290 struct b { /* ctrl */
1276 1291 long shmid;
1277 1292 long cmd;
1278 1293 long arg; /* struct shmid_ds * */
1279 1294 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1280 1295 fm = (uint_t)uap->id;
1281 1296
1282 1297 switch (fm) {
1283 1298 case 0: /* shmat */
1284 1299 e = AUE_SHMAT;
1285 1300 break;
1286 1301 case 1: /* shmctl */
1287 1302 switch ((uint_t)uap1->cmd) {
1288 1303 case IPC_RMID:
1289 1304 e = AUE_SHMCTL_RMID;
1290 1305 break;
1291 1306 case IPC_SET:
1292 1307 e = AUE_SHMCTL_SET;
1293 1308 break;
1294 1309 case IPC_STAT:
1295 1310 e = AUE_SHMCTL_STAT;
1296 1311 break;
1297 1312 default:
1298 1313 e = AUE_SHMCTL;
1299 1314 break;
1300 1315 }
1301 1316 break;
1302 1317 case 2: /* shmdt */
1303 1318 e = AUE_SHMDT;
1304 1319 break;
1305 1320 case 3: /* shmget */
1306 1321 e = AUE_SHMGET;
1307 1322 break;
1308 1323 default: /* illegal system call */
1309 1324 e = AUE_NULL;
1310 1325 break;
1311 1326 }
1312 1327
1313 1328 return (e);
1314 1329 }
1315 1330
1316 1331
1317 1332 /* semsys */
1318 1333 static au_event_t
1319 1334 aui_semsys(au_event_t e)
1320 1335 {
1321 1336 klwp_t *clwp = ttolwp(curthread);
1322 1337 uint_t fm;
1323 1338
1324 1339 struct a { /* semsys */
1325 1340 long id;
1326 1341 } *uap = (struct a *)clwp->lwp_ap;
1327 1342
1328 1343 struct b { /* ctrl */
1329 1344 long semid;
1330 1345 long semnum;
1331 1346 long cmd;
1332 1347 long arg;
1333 1348 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1334 1349
1335 1350 fm = (uint_t)uap->id;
1336 1351
1337 1352 switch (fm) {
1338 1353 case 0: /* semctl */
1339 1354 switch ((uint_t)uap1->cmd) {
1340 1355 case IPC_RMID:
1341 1356 e = AUE_SEMCTL_RMID;
1342 1357 break;
1343 1358 case IPC_SET:
1344 1359 e = AUE_SEMCTL_SET;
1345 1360 break;
1346 1361 case IPC_STAT:
1347 1362 e = AUE_SEMCTL_STAT;
1348 1363 break;
1349 1364 case GETNCNT:
1350 1365 e = AUE_SEMCTL_GETNCNT;
1351 1366 break;
1352 1367 case GETPID:
1353 1368 e = AUE_SEMCTL_GETPID;
1354 1369 break;
1355 1370 case GETVAL:
1356 1371 e = AUE_SEMCTL_GETVAL;
1357 1372 break;
1358 1373 case GETALL:
1359 1374 e = AUE_SEMCTL_GETALL;
1360 1375 break;
1361 1376 case GETZCNT:
1362 1377 e = AUE_SEMCTL_GETZCNT;
1363 1378 break;
1364 1379 case SETVAL:
1365 1380 e = AUE_SEMCTL_SETVAL;
1366 1381 break;
1367 1382 case SETALL:
1368 1383 e = AUE_SEMCTL_SETALL;
1369 1384 break;
1370 1385 default:
1371 1386 e = AUE_SEMCTL;
1372 1387 break;
1373 1388 }
1374 1389 break;
1375 1390 case 1: /* semget */
1376 1391 e = AUE_SEMGET;
1377 1392 break;
1378 1393 case 2: /* semop */
1379 1394 e = AUE_SEMOP;
1380 1395 break;
1381 1396 default: /* illegal system call */
1382 1397 e = AUE_NULL;
1383 1398 break;
1384 1399 }
1385 1400
1386 1401 return (e);
1387 1402 }
1388 1403
1389 1404 /* utssys - uname(2), ustat(2), fusers(2) */
1390 1405 static au_event_t
1391 1406 aui_utssys(au_event_t e)
1392 1407 {
1393 1408 klwp_t *clwp = ttolwp(curthread);
1394 1409 uint_t type;
1395 1410
1396 1411 struct a {
1397 1412 union {
1398 1413 long cbuf; /* char * */
1399 1414 long ubuf; /* struct stat * */
1400 1415 } ub;
1401 1416 union {
1402 1417 long mv; /* for USTAT */
1403 1418 long flags; /* for FUSERS */
1404 1419 } un;
1405 1420 long type;
1406 1421 long outbp; /* char * for FUSERS */
1407 1422 } *uap = (struct a *)clwp->lwp_ap;
1408 1423
1409 1424 type = (uint_t)uap->type;
1410 1425
1411 1426 if (type == UTS_FUSERS)
1412 1427 return (e);
1413 1428 else
1414 1429 return ((au_event_t)AUE_NULL);
1415 1430 }
1416 1431
1417 1432 static au_event_t
1418 1433 aui_fcntl(au_event_t e)
1419 1434 {
1420 1435 klwp_t *clwp = ttolwp(curthread);
1421 1436 uint_t cmd;
1422 1437
1423 1438 struct a {
1424 1439 long fdes;
1425 1440 long cmd;
1426 1441 long arg;
1427 1442 } *uap = (struct a *)clwp->lwp_ap;
1428 1443
1429 1444 cmd = (uint_t)uap->cmd;
1430 1445
1431 1446 switch (cmd) {
1432 1447 case F_GETLK:
1433 1448 case F_SETLK:
1434 1449 case F_SETLKW:
1435 1450 break;
1436 1451 case F_SETFL:
1437 1452 case F_GETFL:
1438 1453 case F_GETFD:
1439 1454 break;
1440 1455 default:
1441 1456 e = (au_event_t)AUE_NULL;
1442 1457 break;
1443 1458 }
1444 1459 return ((au_event_t)e);
1445 1460 }
1446 1461
1447 1462 /* null function for now */
1448 1463 static au_event_t
1449 1464 aui_execve(au_event_t e)
1450 1465 {
1451 1466 return (e);
1452 1467 }
1453 1468
1454 1469 /*ARGSUSED*/
1455 1470 static void
1456 1471 aus_fcntl(struct t_audit_data *tad)
1457 1472 {
1458 1473 klwp_t *clwp = ttolwp(curthread);
1459 1474 uint32_t cmd, fd, flags;
1460 1475 struct file *fp;
1461 1476 struct vnode *vp;
1462 1477 struct f_audit_data *fad;
1463 1478
1464 1479 struct a {
1465 1480 long fd;
1466 1481 long cmd;
1467 1482 long arg;
1468 1483 } *uap = (struct a *)clwp->lwp_ap;
1469 1484
1470 1485 cmd = (uint32_t)uap->cmd;
1471 1486 fd = (uint32_t)uap->fd;
1472 1487 flags = (uint32_t)uap->arg;
1473 1488
1474 1489 au_uwrite(au_to_arg32(2, "cmd", cmd));
1475 1490
1476 1491 if (cmd == F_SETFL)
1477 1492 au_uwrite(au_to_arg32(3, "flags", flags));
1478 1493
1479 1494 /*
1480 1495 * convert file pointer to file descriptor
1481 1496 * Note: fd ref count incremented here.
1482 1497 */
1483 1498 if ((fp = getf(fd)) == NULL)
1484 1499 return;
1485 1500
1486 1501 /* get path from file struct here */
1487 1502 fad = F2A(fp);
1488 1503 if (fad->fad_aupath != NULL) {
1489 1504 au_uwrite(au_to_path(fad->fad_aupath));
1490 1505 } else {
1491 1506 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1492 1507 }
1493 1508
1494 1509 vp = fp->f_vnode;
1495 1510 audit_attributes(vp);
1496 1511
1497 1512 /* decrement file descriptor reference count */
1498 1513 releasef(fd);
1499 1514 }
1500 1515
1501 1516 /*ARGSUSED*/
1502 1517 static void
1503 1518 aus_kill(struct t_audit_data *tad)
1504 1519 {
1505 1520 klwp_t *clwp = ttolwp(curthread);
1506 1521 struct proc *p;
1507 1522 uint32_t signo;
1508 1523 uid_t uid, ruid;
1509 1524 gid_t gid, rgid;
1510 1525 pid_t pid;
1511 1526 const auditinfo_addr_t *ainfo;
1512 1527 cred_t *cr;
1513 1528
1514 1529 struct a {
1515 1530 long pid;
1516 1531 long signo;
1517 1532 } *uap = (struct a *)clwp->lwp_ap;
1518 1533
1519 1534 pid = (pid_t)uap->pid;
1520 1535 signo = (uint32_t)uap->signo;
1521 1536
1522 1537 au_uwrite(au_to_arg32(2, "signal", signo));
1523 1538 if (pid > 0) {
1524 1539 mutex_enter(&pidlock);
1525 1540 if (((p = prfind(pid)) == (struct proc *)0) ||
1526 1541 (p->p_stat == SIDL)) {
1527 1542 mutex_exit(&pidlock);
1528 1543 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1529 1544 return;
1530 1545 }
1531 1546 mutex_enter(&p->p_lock); /* so process doesn't go away */
1532 1547 mutex_exit(&pidlock);
1533 1548
1534 1549 mutex_enter(&p->p_crlock);
1535 1550 crhold(cr = p->p_cred);
1536 1551 mutex_exit(&p->p_crlock);
1537 1552 mutex_exit(&p->p_lock);
1538 1553
1539 1554 ainfo = crgetauinfo(cr);
1540 1555 if (ainfo == NULL) {
1541 1556 crfree(cr);
1542 1557 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1543 1558 return;
1544 1559 }
1545 1560
1546 1561 uid = crgetuid(cr);
1547 1562 gid = crgetgid(cr);
1548 1563 ruid = crgetruid(cr);
1549 1564 rgid = crgetrgid(cr);
1550 1565 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
1551 1566 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
1552 1567
1553 1568 if (is_system_labeled())
1554 1569 au_uwrite(au_to_label(CR_SL(cr)));
1555 1570
1556 1571 crfree(cr);
1557 1572 }
1558 1573 else
1559 1574 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1560 1575 }
1561 1576
1562 1577 /*ARGSUSED*/
1563 1578 static void
1564 1579 aus_mkdir(struct t_audit_data *tad)
1565 1580 {
1566 1581 klwp_t *clwp = ttolwp(curthread);
1567 1582 uint32_t dmode;
1568 1583
1569 1584 struct a {
1570 1585 long dirnamep; /* char * */
1571 1586 long dmode;
1572 1587 } *uap = (struct a *)clwp->lwp_ap;
1573 1588
1574 1589 dmode = (uint32_t)uap->dmode;
1575 1590
1576 1591 au_uwrite(au_to_arg32(2, "mode", dmode));
1577 1592 }
1578 1593
1579 1594 /*ARGSUSED*/
1580 1595 static void
1581 1596 aus_mkdirat(struct t_audit_data *tad)
1582 1597 {
1583 1598 klwp_t *clwp = ttolwp(curthread);
1584 1599 uint32_t dmode;
1585 1600
1586 1601 struct a {
1587 1602 long fd;
1588 1603 long dirnamep; /* char * */
1589 1604 long dmode;
1590 1605 } *uap = (struct a *)clwp->lwp_ap;
1591 1606
1592 1607 dmode = (uint32_t)uap->dmode;
1593 1608
1594 1609 au_uwrite(au_to_arg32(2, "mode", dmode));
1595 1610 }
1596 1611
1597 1612 /*ARGSUSED*/
1598 1613 static void
1599 1614 aus_mknod(struct t_audit_data *tad)
1600 1615 {
1601 1616 klwp_t *clwp = ttolwp(curthread);
1602 1617 uint32_t fmode;
1603 1618 dev_t dev;
1604 1619
1605 1620 struct a {
1606 1621 long pnamep; /* char * */
1607 1622 long fmode;
1608 1623 long dev;
1609 1624 } *uap = (struct a *)clwp->lwp_ap;
1610 1625
1611 1626 fmode = (uint32_t)uap->fmode;
1612 1627 dev = (dev_t)uap->dev;
1613 1628
1614 1629 au_uwrite(au_to_arg32(2, "mode", fmode));
1615 1630 #ifdef _LP64
1616 1631 au_uwrite(au_to_arg64(3, "dev", dev));
1617 1632 #else
1618 1633 au_uwrite(au_to_arg32(3, "dev", dev));
1619 1634 #endif
1620 1635 }
1621 1636
1622 1637 /*ARGSUSED*/
1623 1638 static void
1624 1639 auf_mknod(struct t_audit_data *tad, int error, rval_t *rval)
1625 1640 {
1626 1641 klwp_t *clwp = ttolwp(curthread);
1627 1642 vnode_t *dvp;
1628 1643 caddr_t pnamep;
1629 1644
1630 1645 struct a {
1631 1646 long pnamep; /* char * */
1632 1647 long fmode;
1633 1648 long dev;
1634 1649 } *uap = (struct a *)clwp->lwp_ap;
1635 1650
1636 1651 /* no error, then already path token in audit record */
1637 1652 if (error != EPERM && error != EINVAL)
1638 1653 return;
1639 1654
1640 1655 /* do the lookup to force generation of path token */
1641 1656 pnamep = (caddr_t)uap->pnamep;
1642 1657 tad->tad_ctrl |= TAD_NOATTRB;
1643 1658 error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP);
1644 1659 if (error == 0)
1645 1660 VN_RELE(dvp);
1646 1661 }
1647 1662
1648 1663 /*ARGSUSED*/
1649 1664 static void
1650 1665 aus_mknodat(struct t_audit_data *tad)
1651 1666 {
1652 1667 klwp_t *clwp = ttolwp(curthread);
1653 1668 uint32_t fmode;
1654 1669 dev_t dev;
1655 1670
1656 1671 struct a {
1657 1672 long fd;
1658 1673 long pnamep; /* char * */
1659 1674 long fmode;
1660 1675 long dev;
1661 1676 } *uap = (struct a *)clwp->lwp_ap;
1662 1677
1663 1678 fmode = (uint32_t)uap->fmode;
1664 1679 dev = (dev_t)uap->dev;
1665 1680
1666 1681 au_uwrite(au_to_arg32(2, "mode", fmode));
1667 1682 #ifdef _LP64
1668 1683 au_uwrite(au_to_arg64(3, "dev", dev));
1669 1684 #else
1670 1685 au_uwrite(au_to_arg32(3, "dev", dev));
1671 1686 #endif
1672 1687 }
1673 1688
1674 1689 /*ARGSUSED*/
1675 1690 static void
1676 1691 auf_mknodat(struct t_audit_data *tad, int error, rval_t *rval)
1677 1692 {
1678 1693 klwp_t *clwp = ttolwp(curthread);
1679 1694 vnode_t *startvp;
1680 1695 vnode_t *dvp;
1681 1696 caddr_t pnamep;
1682 1697 int fd;
1683 1698
1684 1699 struct a {
1685 1700 long fd;
1686 1701 long pnamep; /* char * */
1687 1702 long fmode;
1688 1703 long dev;
1689 1704 } *uap = (struct a *)clwp->lwp_ap;
1690 1705
1691 1706 /* no error, then already path token in audit record */
1692 1707 if (error != EPERM && error != EINVAL)
1693 1708 return;
1694 1709
1695 1710 /* do the lookup to force generation of path token */
1696 1711 fd = (int)uap->fd;
1697 1712 pnamep = (caddr_t)uap->pnamep;
1698 1713 if (pnamep == NULL ||
1699 1714 fgetstartvp(fd, pnamep, &startvp) != 0)
1700 1715 return;
1701 1716 tad->tad_ctrl |= TAD_NOATTRB;
1702 1717 error = lookupnameat(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP,
1703 1718 startvp);
1704 1719 if (error == 0)
1705 1720 VN_RELE(dvp);
1706 1721 if (startvp != NULL)
1707 1722 VN_RELE(startvp);
1708 1723 }
1709 1724
1710 1725 /*ARGSUSED*/
1711 1726 static void
1712 1727 aus_mount(struct t_audit_data *tad)
1713 1728 { /* AUS_START */
1714 1729 klwp_t *clwp = ttolwp(curthread);
1715 1730 uint32_t flags;
1716 1731 uintptr_t u_fstype, dataptr;
1717 1732 STRUCT_DECL(nfs_args, nfsargs);
1718 1733 size_t len;
1719 1734 char *fstype, *hostname;
1720 1735
1721 1736 struct a {
1722 1737 long spec; /* char * */
1723 1738 long dir; /* char * */
1724 1739 long flags;
1725 1740 long fstype; /* char * */
1726 1741 long dataptr; /* char * */
1727 1742 long datalen;
1728 1743 } *uap = (struct a *)clwp->lwp_ap;
1729 1744
1730 1745 u_fstype = (uintptr_t)uap->fstype;
1731 1746 flags = (uint32_t)uap->flags;
1732 1747 dataptr = (uintptr_t)uap->dataptr;
1733 1748
1734 1749 fstype = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1735 1750 if (copyinstr((caddr_t)u_fstype, (caddr_t)fstype, MAXNAMELEN, &len))
1736 1751 goto mount_free_fstype;
1737 1752
1738 1753 au_uwrite(au_to_arg32(3, "flags", flags));
1739 1754 au_uwrite(au_to_text(fstype));
1740 1755
1741 1756 if (strncmp(fstype, "nfs", 3) == 0) {
1742 1757
1743 1758 STRUCT_INIT(nfsargs, get_udatamodel());
1744 1759 bzero(STRUCT_BUF(nfsargs), STRUCT_SIZE(nfsargs));
1745 1760
1746 1761 if (copyin((caddr_t)dataptr,
1747 1762 STRUCT_BUF(nfsargs),
1748 1763 MIN(uap->datalen, STRUCT_SIZE(nfsargs)))) {
1749 1764 /* DEBUG debug_enter((char *)NULL); */
1750 1765 goto mount_free_fstype;
1751 1766 }
1752 1767 hostname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1753 1768 if (copyinstr(STRUCT_FGETP(nfsargs, hostname),
1754 1769 (caddr_t)hostname,
1755 1770 MAXNAMELEN, &len)) {
1756 1771 goto mount_free_hostname;
1757 1772 }
1758 1773 au_uwrite(au_to_text(hostname));
1759 1774 au_uwrite(au_to_arg32(3, "internal flags",
1760 1775 (uint_t)STRUCT_FGET(nfsargs, flags)));
1761 1776
1762 1777 mount_free_hostname:
1763 1778 kmem_free(hostname, MAXNAMELEN);
1764 1779 }
1765 1780
1766 1781 mount_free_fstype:
1767 1782 kmem_free(fstype, MAXNAMELEN);
1768 1783 } /* AUS_MOUNT */
1769 1784
1770 1785 static void
1771 1786 aus_umount_path(caddr_t umount_dir)
1772 1787 {
1773 1788 char *dir_path;
1774 1789 struct audit_path *path;
1775 1790 size_t path_len, dir_len;
1776 1791
1777 1792 /* length alloc'd for two string pointers */
1778 1793 path_len = sizeof (struct audit_path) + sizeof (char *);
1779 1794 path = kmem_alloc(path_len, KM_SLEEP);
1780 1795 dir_path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1781 1796
1782 1797 if (copyinstr(umount_dir, (caddr_t)dir_path,
1783 1798 MAXPATHLEN, &dir_len))
1784 1799 goto umount2_free_dir;
1785 1800
1786 1801 /*
1787 1802 * the audit_path struct assumes that the buffer pointed to
1788 1803 * by audp_sect[n] contains string 0 immediatedly followed
1789 1804 * by string 1.
1790 1805 */
1791 1806 path->audp_sect[0] = dir_path;
1792 1807 path->audp_sect[1] = dir_path + strlen(dir_path) + 1;
1793 1808 path->audp_size = path_len;
1794 1809 path->audp_ref = 1; /* not used */
1795 1810 path->audp_cnt = 1; /* one path string */
1796 1811
1797 1812 au_uwrite(au_to_path(path));
1798 1813
1799 1814 umount2_free_dir:
1800 1815 kmem_free(dir_path, MAXPATHLEN);
1801 1816 kmem_free(path, path_len);
1802 1817 }
1803 1818
1804 1819 /*ARGSUSED*/
1805 1820 static void
1806 1821 aus_umount2(struct t_audit_data *tad)
1807 1822 {
1808 1823 klwp_t *clwp = ttolwp(curthread);
1809 1824 struct a {
1810 1825 long dir; /* char * */
1811 1826 long flags;
1812 1827 } *uap = (struct a *)clwp->lwp_ap;
1813 1828
1814 1829 aus_umount_path((caddr_t)uap->dir);
1815 1830
1816 1831 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
1817 1832 }
1818 1833
1819 1834 static void
1820 1835 aus_msgsys(struct t_audit_data *tad)
1821 1836 {
1822 1837 klwp_t *clwp = ttolwp(curthread);
1823 1838 uint32_t msgid;
1824 1839
1825 1840 struct b {
1826 1841 long msgid;
1827 1842 long cmd;
1828 1843 long buf; /* struct msqid_ds * */
1829 1844 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1830 1845
1831 1846 msgid = (uint32_t)uap1->msgid;
1832 1847
1833 1848
1834 1849 switch (tad->tad_event) {
1835 1850 case AUE_MSGGET: /* msgget */
1836 1851 au_uwrite(au_to_arg32(1, "msg key", msgid));
1837 1852 break;
1838 1853 case AUE_MSGCTL: /* msgctl */
1839 1854 case AUE_MSGCTL_RMID: /* msgctl */
1840 1855 case AUE_MSGCTL_SET: /* msgctl */
1841 1856 case AUE_MSGCTL_STAT: /* msgctl */
1842 1857 case AUE_MSGRCV: /* msgrcv */
1843 1858 case AUE_MSGSND: /* msgsnd */
1844 1859 au_uwrite(au_to_arg32(1, "msg ID", msgid));
1845 1860 break;
1846 1861 }
1847 1862 }
1848 1863
1849 1864 /*ARGSUSED*/
1850 1865 static void
1851 1866 auf_msgsys(struct t_audit_data *tad, int error, rval_t *rval)
1852 1867 {
1853 1868 int id;
1854 1869
1855 1870 if (error != 0)
1856 1871 return;
1857 1872 if (tad->tad_event == AUE_MSGGET) {
1858 1873 uint32_t scid;
1859 1874 uint32_t sy_flags;
1860 1875
1861 1876 /* need to determine type of executing binary */
1862 1877 scid = tad->tad_scid;
1863 1878 #ifdef _SYSCALL32_IMPL
1864 1879 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1865 1880 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1866 1881 else
1867 1882 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1868 1883 #else
1869 1884 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1870 1885 #endif
1871 1886 if (sy_flags == SE_32RVAL1)
1872 1887 id = rval->r_val1;
1873 1888 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1874 1889 id = rval->r_val1;
1875 1890 if (sy_flags == SE_64RVAL)
1876 1891 id = (int)rval->r_vals;
1877 1892
1878 1893 au_uwrite(au_to_ipc(AT_IPC_MSG, id));
1879 1894 }
1880 1895 }
1881 1896
1882 1897 static void
1883 1898 aus_semsys(struct t_audit_data *tad)
1884 1899 {
1885 1900 klwp_t *clwp = ttolwp(curthread);
1886 1901 uint32_t semid;
1887 1902
1888 1903 struct b { /* ctrl */
1889 1904 long semid;
1890 1905 long semnum;
1891 1906 long cmd;
1892 1907 long arg;
1893 1908 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1894 1909
1895 1910 semid = (uint32_t)uap1->semid;
1896 1911
1897 1912 switch (tad->tad_event) {
1898 1913 case AUE_SEMCTL_RMID:
1899 1914 case AUE_SEMCTL_STAT:
1900 1915 case AUE_SEMCTL_GETNCNT:
1901 1916 case AUE_SEMCTL_GETPID:
1902 1917 case AUE_SEMCTL_GETVAL:
1903 1918 case AUE_SEMCTL_GETALL:
1904 1919 case AUE_SEMCTL_GETZCNT:
1905 1920 case AUE_SEMCTL_SET:
1906 1921 case AUE_SEMCTL_SETVAL:
1907 1922 case AUE_SEMCTL_SETALL:
1908 1923 case AUE_SEMCTL:
1909 1924 case AUE_SEMOP:
1910 1925 au_uwrite(au_to_arg32(1, "sem ID", semid));
1911 1926 break;
1912 1927 case AUE_SEMGET:
1913 1928 au_uwrite(au_to_arg32(1, "sem key", semid));
1914 1929 break;
1915 1930 }
1916 1931 }
1917 1932
1918 1933 /*ARGSUSED*/
1919 1934 static void
1920 1935 auf_semsys(struct t_audit_data *tad, int error, rval_t *rval)
1921 1936 {
1922 1937 int id;
1923 1938
1924 1939 if (error != 0)
1925 1940 return;
1926 1941 if (tad->tad_event == AUE_SEMGET) {
1927 1942 uint32_t scid;
1928 1943 uint32_t sy_flags;
1929 1944
1930 1945 /* need to determine type of executing binary */
1931 1946 scid = tad->tad_scid;
1932 1947 #ifdef _SYSCALL32_IMPL
1933 1948 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1934 1949 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1935 1950 else
1936 1951 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1937 1952 #else
1938 1953 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1939 1954 #endif
1940 1955 if (sy_flags == SE_32RVAL1)
1941 1956 id = rval->r_val1;
1942 1957 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1943 1958 id = rval->r_val1;
1944 1959 if (sy_flags == SE_64RVAL)
1945 1960 id = (int)rval->r_vals;
1946 1961
1947 1962 au_uwrite(au_to_ipc(AT_IPC_SEM, id));
1948 1963 }
1949 1964 }
1950 1965
1951 1966 /*ARGSUSED*/
1952 1967 static void
1953 1968 aus_close(struct t_audit_data *tad)
1954 1969 {
1955 1970 klwp_t *clwp = ttolwp(curthread);
1956 1971 uint32_t fd;
1957 1972 struct file *fp;
1958 1973 struct f_audit_data *fad;
1959 1974 struct vnode *vp;
1960 1975 struct vattr attr;
1961 1976 au_kcontext_t *kctx = GET_KCTX_PZ;
1962 1977
1963 1978 struct a {
1964 1979 long i;
1965 1980 } *uap = (struct a *)clwp->lwp_ap;
1966 1981
1967 1982 fd = (uint32_t)uap->i;
1968 1983
1969 1984 attr.va_mask = 0;
1970 1985 au_uwrite(au_to_arg32(1, "fd", fd));
1971 1986
1972 1987 /*
1973 1988 * convert file pointer to file descriptor
1974 1989 * Note: fd ref count incremented here.
1975 1990 */
1976 1991 if ((fp = getf(fd)) == NULL)
1977 1992 return;
1978 1993
1979 1994 fad = F2A(fp);
1980 1995 tad->tad_evmod = (au_emod_t)fad->fad_flags;
1981 1996 if (fad->fad_aupath != NULL) {
1982 1997 au_uwrite(au_to_path(fad->fad_aupath));
1983 1998 if ((vp = fp->f_vnode) != NULL) {
1984 1999 attr.va_mask = AT_ALL;
1985 2000 if (VOP_GETATTR(vp, &attr, 0, CRED(), NULL) == 0) {
1986 2001 /*
1987 2002 * When write was not used and the file can be
1988 2003 * considered public, skip the audit.
1989 2004 */
1990 2005 if (((fp->f_flag & FWRITE) == 0) &&
1991 2006 object_is_public(&attr)) {
1992 2007 tad->tad_flag = 0;
1993 2008 tad->tad_evmod = 0;
1994 2009 /* free any residual audit data */
1995 2010 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
1996 2011 releasef(fd);
1997 2012 return;
1998 2013 }
1999 2014 au_uwrite(au_to_attr(&attr));
2000 2015 audit_sec_attributes(&(u_ad), vp);
2001 2016 }
2002 2017 }
2003 2018 }
2004 2019
2005 2020 /* decrement file descriptor reference count */
2006 2021 releasef(fd);
2007 2022 }
2008 2023
2009 2024 /*ARGSUSED*/
2010 2025 static void
2011 2026 aus_fstatfs(struct t_audit_data *tad)
2012 2027 {
2013 2028 klwp_t *clwp = ttolwp(curthread);
2014 2029 uint32_t fd;
2015 2030 struct file *fp;
2016 2031 struct vnode *vp;
2017 2032 struct f_audit_data *fad;
2018 2033
2019 2034 struct a {
2020 2035 long fd;
2021 2036 long buf; /* struct statfs * */
2022 2037 } *uap = (struct a *)clwp->lwp_ap;
2023 2038
2024 2039 fd = (uint_t)uap->fd;
2025 2040
2026 2041 /*
2027 2042 * convert file pointer to file descriptor
2028 2043 * Note: fd ref count incremented here.
2029 2044 */
2030 2045 if ((fp = getf(fd)) == NULL)
2031 2046 return;
2032 2047
2033 2048 /* get path from file struct here */
2034 2049 fad = F2A(fp);
2035 2050 if (fad->fad_aupath != NULL) {
2036 2051 au_uwrite(au_to_path(fad->fad_aupath));
2037 2052 } else {
2038 2053 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2039 2054 }
2040 2055
2041 2056 vp = fp->f_vnode;
2042 2057 audit_attributes(vp);
2043 2058
2044 2059 /* decrement file descriptor reference count */
2045 2060 releasef(fd);
2046 2061 }
2047 2062
2048 2063 static au_event_t
2049 2064 aui_setpgrp(au_event_t e)
2050 2065 {
2051 2066 klwp_t *clwp = ttolwp(curthread);
2052 2067 int flag;
2053 2068
2054 2069 struct a {
2055 2070 long flag;
2056 2071 long pid;
2057 2072 long pgid;
2058 2073 } *uap = (struct a *)clwp->lwp_ap;
2059 2074
2060 2075 flag = (int)uap->flag;
2061 2076
2062 2077
2063 2078 switch (flag) {
2064 2079
2065 2080 case 1: /* setpgrp() */
2066 2081 e = AUE_SETPGRP;
2067 2082 break;
2068 2083
2069 2084 case 3: /* setsid() */
2070 2085 e = AUE_SETSID;
2071 2086 break;
2072 2087
2073 2088 case 5: /* setpgid() */
2074 2089 e = AUE_SETPGID;
2075 2090 break;
2076 2091
2077 2092 case 0: /* getpgrp() - not security relevant */
2078 2093 case 2: /* getsid() - not security relevant */
2079 2094 case 4: /* getpgid() - not security relevant */
2080 2095 e = AUE_NULL;
2081 2096 break;
2082 2097
2083 2098 default:
2084 2099 e = AUE_NULL;
2085 2100 break;
2086 2101 }
2087 2102
2088 2103 return (e);
2089 2104 }
2090 2105
2091 2106 /*ARGSUSED*/
2092 2107 static void
2093 2108 aus_setpgrp(struct t_audit_data *tad)
2094 2109 {
2095 2110 klwp_t *clwp = ttolwp(curthread);
2096 2111 pid_t pgid;
2097 2112 struct proc *p;
2098 2113 uid_t uid, ruid;
2099 2114 gid_t gid, rgid;
2100 2115 pid_t pid;
2101 2116 cred_t *cr;
2102 2117 int flag;
2103 2118 const auditinfo_addr_t *ainfo;
2104 2119
2105 2120 struct a {
2106 2121 long flag;
2107 2122 long pid;
2108 2123 long pgid;
2109 2124 } *uap = (struct a *)clwp->lwp_ap;
2110 2125
2111 2126 flag = (int)uap->flag;
2112 2127 pid = (pid_t)uap->pid;
2113 2128 pgid = (pid_t)uap->pgid;
2114 2129
2115 2130
2116 2131 switch (flag) {
2117 2132
2118 2133 case 0: /* getpgrp() */
2119 2134 case 1: /* setpgrp() */
2120 2135 case 2: /* getsid() */
2121 2136 case 3: /* setsid() */
2122 2137 case 4: /* getpgid() */
2123 2138 break;
2124 2139
2125 2140 case 5: /* setpgid() */
2126 2141
2127 2142 /* current process? */
2128 2143 if (pid == 0) {
2129 2144 return;
2130 2145 }
2131 2146
2132 2147 mutex_enter(&pidlock);
2133 2148 p = prfind(pid);
2134 2149 if (p == NULL || p->p_as == &kas ||
2135 2150 p->p_stat == SIDL || p->p_stat == SZOMB) {
2136 2151 mutex_exit(&pidlock);
2137 2152 return;
2138 2153 }
2139 2154 mutex_enter(&p->p_lock); /* so process doesn't go away */
2140 2155 mutex_exit(&pidlock);
2141 2156
2142 2157 mutex_enter(&p->p_crlock);
2143 2158 crhold(cr = p->p_cred);
2144 2159 mutex_exit(&p->p_crlock);
2145 2160 mutex_exit(&p->p_lock);
2146 2161
2147 2162 ainfo = crgetauinfo(cr);
2148 2163 if (ainfo == NULL) {
2149 2164 crfree(cr);
2150 2165 return;
2151 2166 }
2152 2167
2153 2168 uid = crgetuid(cr);
2154 2169 gid = crgetgid(cr);
2155 2170 ruid = crgetruid(cr);
2156 2171 rgid = crgetrgid(cr);
2157 2172 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
2158 2173 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
2159 2174 crfree(cr);
2160 2175 au_uwrite(au_to_arg32(2, "pgid", pgid));
2161 2176 break;
2162 2177
2163 2178 default:
2164 2179 break;
2165 2180 }
2166 2181 }
2167 2182
2168 2183
2169 2184 /*ARGSUSED*/
2170 2185 static void
2171 2186 aus_setregid(struct t_audit_data *tad)
2172 2187 {
2173 2188 klwp_t *clwp = ttolwp(curthread);
2174 2189 uint32_t rgid, egid;
2175 2190
2176 2191 struct a {
2177 2192 long rgid;
2178 2193 long egid;
2179 2194 } *uap = (struct a *)clwp->lwp_ap;
2180 2195
2181 2196 rgid = (uint32_t)uap->rgid;
2182 2197 egid = (uint32_t)uap->egid;
2183 2198
2184 2199 au_uwrite(au_to_arg32(1, "rgid", rgid));
2185 2200 au_uwrite(au_to_arg32(2, "egid", egid));
2186 2201 }
2187 2202
2188 2203 /*ARGSUSED*/
2189 2204 static void
2190 2205 aus_setgid(struct t_audit_data *tad)
2191 2206 {
2192 2207 klwp_t *clwp = ttolwp(curthread);
2193 2208 uint32_t gid;
2194 2209
2195 2210 struct a {
2196 2211 long gid;
2197 2212 } *uap = (struct a *)clwp->lwp_ap;
2198 2213
2199 2214 gid = (uint32_t)uap->gid;
2200 2215
2201 2216 au_uwrite(au_to_arg32(1, "gid", gid));
2202 2217 }
2203 2218
2204 2219
2205 2220 /*ARGSUSED*/
2206 2221 static void
2207 2222 aus_setreuid(struct t_audit_data *tad)
2208 2223 {
2209 2224 klwp_t *clwp = ttolwp(curthread);
2210 2225 uint32_t ruid, euid;
2211 2226
2212 2227 struct a {
2213 2228 long ruid;
2214 2229 long euid;
2215 2230 } *uap = (struct a *)clwp->lwp_ap;
2216 2231
2217 2232 ruid = (uint32_t)uap->ruid;
2218 2233 euid = (uint32_t)uap->euid;
2219 2234
2220 2235 au_uwrite(au_to_arg32(1, "ruid", ruid));
2221 2236 au_uwrite(au_to_arg32(2, "euid", euid));
2222 2237 }
2223 2238
2224 2239
2225 2240 /*ARGSUSED*/
2226 2241 static void
2227 2242 aus_setuid(struct t_audit_data *tad)
2228 2243 {
2229 2244 klwp_t *clwp = ttolwp(curthread);
2230 2245 uint32_t uid;
2231 2246
2232 2247 struct a {
2233 2248 long uid;
2234 2249 } *uap = (struct a *)clwp->lwp_ap;
2235 2250
2236 2251 uid = (uint32_t)uap->uid;
2237 2252
2238 2253 au_uwrite(au_to_arg32(1, "uid", uid));
2239 2254 }
2240 2255
2241 2256 /*ARGSUSED*/
2242 2257 static void
2243 2258 aus_shmsys(struct t_audit_data *tad)
2244 2259 {
2245 2260 klwp_t *clwp = ttolwp(curthread);
2246 2261 uint32_t id, cmd;
2247 2262
2248 2263 struct b {
2249 2264 long id;
2250 2265 long cmd;
2251 2266 long buf; /* struct shmid_ds * */
2252 2267 } *uap1 = (struct b *)&clwp->lwp_ap[1];
2253 2268
2254 2269 id = (uint32_t)uap1->id;
2255 2270 cmd = (uint32_t)uap1->cmd;
2256 2271
2257 2272 switch (tad->tad_event) {
2258 2273 case AUE_SHMGET: /* shmget */
2259 2274 au_uwrite(au_to_arg32(1, "shm key", id));
2260 2275 break;
2261 2276 case AUE_SHMCTL: /* shmctl */
2262 2277 case AUE_SHMCTL_RMID: /* shmctl */
2263 2278 case AUE_SHMCTL_STAT: /* shmctl */
2264 2279 case AUE_SHMCTL_SET: /* shmctl */
2265 2280 au_uwrite(au_to_arg32(1, "shm ID", id));
2266 2281 break;
2267 2282 case AUE_SHMDT: /* shmdt */
2268 2283 au_uwrite(au_to_arg32(1, "shm adr", id));
2269 2284 break;
2270 2285 case AUE_SHMAT: /* shmat */
2271 2286 au_uwrite(au_to_arg32(1, "shm ID", id));
2272 2287 au_uwrite(au_to_arg32(2, "shm adr", cmd));
2273 2288 break;
2274 2289 }
2275 2290 }
2276 2291
2277 2292 /*ARGSUSED*/
2278 2293 static void
2279 2294 auf_shmsys(struct t_audit_data *tad, int error, rval_t *rval)
2280 2295 {
2281 2296 int id;
2282 2297
2283 2298 if (error != 0)
2284 2299 return;
2285 2300 if (tad->tad_event == AUE_SHMGET) {
2286 2301 uint32_t scid;
2287 2302 uint32_t sy_flags;
2288 2303
2289 2304 /* need to determine type of executing binary */
2290 2305 scid = tad->tad_scid;
2291 2306 #ifdef _SYSCALL32_IMPL
2292 2307 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
2293 2308 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2294 2309 else
2295 2310 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
2296 2311 #else
2297 2312 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2298 2313 #endif
2299 2314 if (sy_flags == SE_32RVAL1)
2300 2315 id = rval->r_val1;
2301 2316 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
2302 2317 id = rval->r_val1;
2303 2318 if (sy_flags == SE_64RVAL)
2304 2319 id = (int)rval->r_vals;
2305 2320 au_uwrite(au_to_ipc(AT_IPC_SHM, id));
2306 2321 }
2307 2322 }
2308 2323
2309 2324
2310 2325 /*ARGSUSED*/
2311 2326 static void
2312 2327 aus_ioctl(struct t_audit_data *tad)
2313 2328 {
2314 2329 klwp_t *clwp = ttolwp(curthread);
2315 2330 struct file *fp;
2316 2331 struct vnode *vp;
2317 2332 struct f_audit_data *fad;
2318 2333 uint32_t fd, cmd;
2319 2334 uintptr_t cmarg;
2320 2335
2321 2336 /* XX64 */
2322 2337 struct a {
2323 2338 long fd;
2324 2339 long cmd;
2325 2340 long cmarg; /* caddr_t */
2326 2341 } *uap = (struct a *)clwp->lwp_ap;
2327 2342
2328 2343 fd = (uint32_t)uap->fd;
2329 2344 cmd = (uint32_t)uap->cmd;
2330 2345 cmarg = (uintptr_t)uap->cmarg;
2331 2346
2332 2347 /*
2333 2348 * convert file pointer to file descriptor
2334 2349 * Note: fd ref count incremented here.
2335 2350 */
2336 2351 if ((fp = getf(fd)) == NULL) {
2337 2352 au_uwrite(au_to_arg32(1, "fd", fd));
2338 2353 au_uwrite(au_to_arg32(2, "cmd", cmd));
2339 2354 #ifndef _LP64
2340 2355 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2341 2356 #else
2342 2357 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2343 2358 #endif
2344 2359 return;
2345 2360 }
2346 2361
2347 2362 /* get path from file struct here */
2348 2363 fad = F2A(fp);
2349 2364 if (fad->fad_aupath != NULL) {
2350 2365 au_uwrite(au_to_path(fad->fad_aupath));
2351 2366 } else {
2352 2367 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2353 2368 }
2354 2369
2355 2370 vp = fp->f_vnode;
2356 2371 audit_attributes(vp);
2357 2372
2358 2373 /* decrement file descriptor reference count */
2359 2374 releasef(fd);
2360 2375
2361 2376 au_uwrite(au_to_arg32(2, "cmd", cmd));
2362 2377 #ifndef _LP64
2363 2378 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2364 2379 #else
2365 2380 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2366 2381 #endif
2367 2382 }
2368 2383
2369 2384 /*
2370 2385 * null function for memcntl for now. We might want to limit memcntl()
2371 2386 * auditing to commands: MC_LOCKAS, MC_LOCK, MC_UNLOCKAS, MC_UNLOCK which
2372 2387 * require privileges.
2373 2388 */
2374 2389 static au_event_t
2375 2390 aui_memcntl(au_event_t e)
2376 2391 {
2377 2392 return (e);
2378 2393 }
2379 2394
2380 2395 /*ARGSUSED*/
2381 2396 static au_event_t
2382 2397 aui_privsys(au_event_t e)
2383 2398 {
2384 2399 klwp_t *clwp = ttolwp(curthread);
2385 2400
2386 2401 struct a {
2387 2402 long opcode;
2388 2403 } *uap = (struct a *)clwp->lwp_ap;
2389 2404
2390 2405 switch (uap->opcode) {
2391 2406 case PRIVSYS_SETPPRIV:
2392 2407 return (AUE_SETPPRIV);
2393 2408 default:
2394 2409 return (AUE_NULL);
2395 2410 }
2396 2411 }
2397 2412
2398 2413 /*ARGSUSED*/
2399 2414 static void
2400 2415 aus_memcntl(struct t_audit_data *tad)
2401 2416 {
2402 2417 klwp_t *clwp = ttolwp(curthread);
2403 2418
2404 2419 struct a {
2405 2420 long addr;
2406 2421 long len;
2407 2422 long cmd;
2408 2423 long arg;
2409 2424 long attr;
2410 2425 long mask;
2411 2426 } *uap = (struct a *)clwp->lwp_ap;
2412 2427
2413 2428 #ifdef _LP64
2414 2429 au_uwrite(au_to_arg64(1, "base", (uint64_t)uap->addr));
2415 2430 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2416 2431 #else
2417 2432 au_uwrite(au_to_arg32(1, "base", (uint32_t)uap->addr));
2418 2433 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2419 2434 #endif
2420 2435 au_uwrite(au_to_arg32(3, "cmd", (uint_t)uap->cmd));
2421 2436 #ifdef _LP64
2422 2437 au_uwrite(au_to_arg64(4, "arg", (uint64_t)uap->arg));
2423 2438 #else
2424 2439 au_uwrite(au_to_arg32(4, "arg", (uint32_t)uap->arg));
2425 2440 #endif
2426 2441 au_uwrite(au_to_arg32(5, "attr", (uint_t)uap->attr));
2427 2442 au_uwrite(au_to_arg32(6, "mask", (uint_t)uap->mask));
2428 2443 }
2429 2444
2430 2445 /*ARGSUSED*/
2431 2446 static void
2432 2447 aus_mmap(struct t_audit_data *tad)
2433 2448 {
2434 2449 klwp_t *clwp = ttolwp(curthread);
2435 2450 struct file *fp;
2436 2451 struct f_audit_data *fad;
2437 2452 struct vnode *vp;
2438 2453 uint32_t fd;
2439 2454
2440 2455 struct a {
2441 2456 long addr;
2442 2457 long len;
2443 2458 long prot;
2444 2459 long flags;
2445 2460 long fd;
2446 2461 long pos;
2447 2462 } *uap = (struct a *)clwp->lwp_ap;
2448 2463
2449 2464 fd = (uint32_t)uap->fd;
2450 2465
2451 2466 #ifdef _LP64
2452 2467 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2453 2468 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2454 2469 #else
2455 2470 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2456 2471 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2457 2472 #endif
2458 2473
2459 2474 if ((fp = getf(fd)) == NULL) {
2460 2475 au_uwrite(au_to_arg32(5, "fd", (uint32_t)uap->fd));
2461 2476 return;
2462 2477 }
2463 2478
2464 2479 /*
2465 2480 * Mark in the tad if write access is NOT requested... if
2466 2481 * this is later detected (in audit_attributes) to be a
2467 2482 * public object, the mmap event may be discarded.
2468 2483 */
2469 2484 if (((uap->prot) & PROT_WRITE) == 0) {
2470 2485 tad->tad_ctrl |= TAD_PUBLIC_EV;
2471 2486 }
2472 2487
2473 2488 fad = F2A(fp);
2474 2489 if (fad->fad_aupath != NULL) {
2475 2490 au_uwrite(au_to_path(fad->fad_aupath));
2476 2491 } else {
2477 2492 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2478 2493 }
2479 2494
2480 2495 vp = (struct vnode *)fp->f_vnode;
2481 2496 audit_attributes(vp);
2482 2497
2483 2498 /* mark READ/WRITE since we can't predict access */
2484 2499 if (uap->prot & PROT_READ)
2485 2500 fad->fad_flags |= FAD_READ;
2486 2501 if (uap->prot & PROT_WRITE)
2487 2502 fad->fad_flags |= FAD_WRITE;
2488 2503
2489 2504 /* decrement file descriptor reference count */
2490 2505 releasef(fd);
2491 2506
2492 2507 } /* AUS_MMAP */
2493 2508
2494 2509
2495 2510
2496 2511
2497 2512 /*ARGSUSED*/
2498 2513 static void
2499 2514 aus_munmap(struct t_audit_data *tad)
2500 2515 {
2501 2516 klwp_t *clwp = ttolwp(curthread);
2502 2517
2503 2518 struct a {
2504 2519 long addr;
2505 2520 long len;
2506 2521 } *uap = (struct a *)clwp->lwp_ap;
2507 2522
2508 2523 #ifdef _LP64
2509 2524 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2510 2525 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2511 2526 #else
2512 2527 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2513 2528 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2514 2529 #endif
2515 2530
2516 2531 } /* AUS_MUNMAP */
2517 2532
2518 2533
2519 2534
2520 2535
2521 2536
2522 2537
2523 2538
2524 2539 /*ARGSUSED*/
2525 2540 static void
2526 2541 aus_priocntlsys(struct t_audit_data *tad)
2527 2542 {
2528 2543 klwp_t *clwp = ttolwp(curthread);
2529 2544
2530 2545 struct a {
2531 2546 long pc_version;
2532 2547 long psp; /* procset_t */
2533 2548 long cmd;
2534 2549 long arg;
2535 2550 } *uap = (struct a *)clwp->lwp_ap;
2536 2551
2537 2552 au_uwrite(au_to_arg32(1, "pc_version", (uint32_t)uap->pc_version));
2538 2553 au_uwrite(au_to_arg32(3, "cmd", (uint32_t)uap->cmd));
2539 2554
2540 2555 } /* AUS_PRIOCNTLSYS */
2541 2556
2542 2557
2543 2558 /*ARGSUSED*/
2544 2559 static void
2545 2560 aus_setegid(struct t_audit_data *tad)
2546 2561 {
2547 2562 klwp_t *clwp = ttolwp(curthread);
2548 2563 uint32_t gid;
2549 2564
2550 2565 struct a {
2551 2566 long gid;
2552 2567 } *uap = (struct a *)clwp->lwp_ap;
2553 2568
2554 2569 gid = (uint32_t)uap->gid;
2555 2570
2556 2571 au_uwrite(au_to_arg32(1, "gid", gid));
2557 2572 } /* AUS_SETEGID */
2558 2573
2559 2574
2560 2575
2561 2576
2562 2577 /*ARGSUSED*/
2563 2578 static void
2564 2579 aus_setgroups(struct t_audit_data *tad)
2565 2580 {
2566 2581 klwp_t *clwp = ttolwp(curthread);
2567 2582 int i;
2568 2583 int gidsetsize;
2569 2584 uintptr_t gidset;
2570 2585 gid_t *gidlist;
2571 2586
2572 2587 struct a {
2573 2588 long gidsetsize;
2574 2589 long gidset;
2575 2590 } *uap = (struct a *)clwp->lwp_ap;
2576 2591
2577 2592 gidsetsize = (uint_t)uap->gidsetsize;
2578 2593 gidset = (uintptr_t)uap->gidset;
2579 2594
2580 2595 if ((gidsetsize > NGROUPS_MAX_DEFAULT) || (gidsetsize < 0))
2581 2596 return;
2582 2597 if (gidsetsize != 0) {
2583 2598 gidlist = kmem_alloc(gidsetsize * sizeof (gid_t),
2584 2599 KM_SLEEP);
2585 2600 if (copyin((caddr_t)gidset, gidlist,
2586 2601 gidsetsize * sizeof (gid_t)) == 0)
2587 2602 for (i = 0; i < gidsetsize; i++)
2588 2603 au_uwrite(au_to_arg32(1, "setgroups",
2589 2604 (uint32_t)gidlist[i]));
2590 2605 kmem_free(gidlist, gidsetsize * sizeof (gid_t));
2591 2606 } else
2592 2607 au_uwrite(au_to_arg32(1, "setgroups", (uint32_t)0));
2593 2608
2594 2609 } /* AUS_SETGROUPS */
2595 2610
2596 2611
2597 2612
2598 2613
2599 2614
2600 2615 /*ARGSUSED*/
2601 2616 static void
2602 2617 aus_seteuid(struct t_audit_data *tad)
2603 2618 {
2604 2619 klwp_t *clwp = ttolwp(curthread);
2605 2620 uint32_t uid;
2606 2621
2607 2622 struct a {
2608 2623 long uid;
2609 2624 } *uap = (struct a *)clwp->lwp_ap;
2610 2625
2611 2626 uid = (uint32_t)uap->uid;
2612 2627
2613 2628 au_uwrite(au_to_arg32(1, "euid", uid));
2614 2629
2615 2630 } /* AUS_SETEUID */
2616 2631
2617 2632 /*ARGSUSED*/
2618 2633 static void
2619 2634 aus_putmsg(struct t_audit_data *tad)
2620 2635 {
2621 2636 klwp_t *clwp = ttolwp(curthread);
2622 2637 uint32_t fd, pri;
2623 2638 struct file *fp;
2624 2639 struct f_audit_data *fad;
2625 2640
2626 2641 struct a {
2627 2642 long fdes;
2628 2643 long ctl; /* struct strbuf * */
2629 2644 long data; /* struct strbuf * */
2630 2645 long pri;
2631 2646 } *uap = (struct a *)clwp->lwp_ap;
2632 2647
2633 2648 fd = (uint32_t)uap->fdes;
2634 2649 pri = (uint32_t)uap->pri;
2635 2650
2636 2651 au_uwrite(au_to_arg32(1, "fd", fd));
2637 2652
2638 2653 if ((fp = getf(fd)) != NULL) {
2639 2654 fad = F2A(fp);
2640 2655
2641 2656 fad->fad_flags |= FAD_WRITE;
2642 2657
2643 2658 /* add path name to audit record */
2644 2659 if (fad->fad_aupath != NULL) {
2645 2660 au_uwrite(au_to_path(fad->fad_aupath));
2646 2661 }
2647 2662 audit_attributes(fp->f_vnode);
2648 2663
2649 2664 releasef(fd);
2650 2665 }
2651 2666
2652 2667 au_uwrite(au_to_arg32(4, "pri", pri));
2653 2668 }
2654 2669
2655 2670 /*ARGSUSED*/
2656 2671 static void
2657 2672 aus_putpmsg(struct t_audit_data *tad)
2658 2673 {
2659 2674 klwp_t *clwp = ttolwp(curthread);
2660 2675 uint32_t fd, pri, flags;
2661 2676 struct file *fp;
2662 2677 struct f_audit_data *fad;
2663 2678
2664 2679 struct a {
2665 2680 long fdes;
2666 2681 long ctl; /* struct strbuf * */
2667 2682 long data; /* struct strbuf * */
2668 2683 long pri;
2669 2684 long flags;
2670 2685 } *uap = (struct a *)clwp->lwp_ap;
2671 2686
2672 2687 fd = (uint32_t)uap->fdes;
2673 2688 pri = (uint32_t)uap->pri;
2674 2689 flags = (uint32_t)uap->flags;
2675 2690
2676 2691 au_uwrite(au_to_arg32(1, "fd", fd));
2677 2692
2678 2693 if ((fp = getf(fd)) != NULL) {
2679 2694 fad = F2A(fp);
2680 2695
2681 2696 fad->fad_flags |= FAD_WRITE;
2682 2697
2683 2698 /* add path name to audit record */
2684 2699 if (fad->fad_aupath != NULL) {
2685 2700 au_uwrite(au_to_path(fad->fad_aupath));
2686 2701 }
2687 2702 audit_attributes(fp->f_vnode);
2688 2703
2689 2704 releasef(fd);
2690 2705 }
2691 2706
2692 2707
2693 2708 au_uwrite(au_to_arg32(4, "pri", pri));
2694 2709 au_uwrite(au_to_arg32(5, "flags", flags));
2695 2710 }
2696 2711
2697 2712 /*ARGSUSED*/
2698 2713 static void
2699 2714 aus_getmsg(struct t_audit_data *tad)
2700 2715 {
2701 2716 klwp_t *clwp = ttolwp(curthread);
2702 2717 uint32_t fd, pri;
2703 2718 struct file *fp;
2704 2719 struct f_audit_data *fad;
2705 2720
2706 2721 struct a {
2707 2722 long fdes;
2708 2723 long ctl; /* struct strbuf * */
2709 2724 long data; /* struct strbuf * */
2710 2725 long pri;
2711 2726 } *uap = (struct a *)clwp->lwp_ap;
2712 2727
2713 2728 fd = (uint32_t)uap->fdes;
2714 2729 pri = (uint32_t)uap->pri;
2715 2730
2716 2731 au_uwrite(au_to_arg32(1, "fd", fd));
2717 2732
2718 2733 if ((fp = getf(fd)) != NULL) {
2719 2734 fad = F2A(fp);
2720 2735
2721 2736 /*
2722 2737 * read operation on this object
2723 2738 */
2724 2739 fad->fad_flags |= FAD_READ;
2725 2740
2726 2741 /* add path name to audit record */
2727 2742 if (fad->fad_aupath != NULL) {
2728 2743 au_uwrite(au_to_path(fad->fad_aupath));
2729 2744 }
2730 2745 audit_attributes(fp->f_vnode);
2731 2746
2732 2747 releasef(fd);
2733 2748 }
2734 2749
2735 2750 au_uwrite(au_to_arg32(4, "pri", pri));
2736 2751 }
2737 2752
2738 2753 /*ARGSUSED*/
2739 2754 static void
2740 2755 aus_getpmsg(struct t_audit_data *tad)
2741 2756 {
2742 2757 klwp_t *clwp = ttolwp(curthread);
2743 2758 uint32_t fd;
2744 2759 struct file *fp;
2745 2760 struct f_audit_data *fad;
2746 2761
2747 2762 struct a {
2748 2763 long fdes;
2749 2764 long ctl; /* struct strbuf * */
2750 2765 long data; /* struct strbuf * */
2751 2766 long pri;
2752 2767 long flags;
2753 2768 } *uap = (struct a *)clwp->lwp_ap;
2754 2769
2755 2770 fd = (uint32_t)uap->fdes;
2756 2771
2757 2772 au_uwrite(au_to_arg32(1, "fd", fd));
2758 2773
2759 2774 if ((fp = getf(fd)) != NULL) {
2760 2775 fad = F2A(fp);
2761 2776
2762 2777 /*
2763 2778 * read operation on this object
2764 2779 */
2765 2780 fad->fad_flags |= FAD_READ;
2766 2781
2767 2782 /* add path name to audit record */
2768 2783 if (fad->fad_aupath != NULL) {
2769 2784 au_uwrite(au_to_path(fad->fad_aupath));
2770 2785 }
2771 2786 audit_attributes(fp->f_vnode);
2772 2787
2773 2788 releasef(fd);
2774 2789 }
2775 2790 }
2776 2791
2777 2792 static au_event_t
2778 2793 aui_labelsys(au_event_t e)
2779 2794 {
2780 2795 klwp_t *clwp = ttolwp(curthread);
2781 2796 uint32_t code;
2782 2797 uint32_t cmd;
2783 2798
2784 2799 struct a {
2785 2800 long code;
2786 2801 long cmd;
2787 2802 } *uap = (struct a *)clwp->lwp_ap;
2788 2803
2789 2804 code = (uint32_t)uap->code;
2790 2805 cmd = (uint32_t)uap->cmd;
2791 2806
2792 2807 /* not security relevant if not changing kernel cache */
2793 2808 if (cmd == TNDB_GET)
2794 2809 return (AUE_NULL);
2795 2810
2796 2811 switch (code) {
2797 2812 case TSOL_TNRH:
2798 2813 e = AUE_LABELSYS_TNRH;
2799 2814 break;
2800 2815 case TSOL_TNRHTP:
2801 2816 e = AUE_LABELSYS_TNRHTP;
2802 2817 break;
2803 2818 case TSOL_TNMLP:
2804 2819 e = AUE_LABELSYS_TNMLP;
2805 2820 break;
2806 2821 default:
2807 2822 e = AUE_NULL;
2808 2823 break;
2809 2824 }
2810 2825
2811 2826 return (e);
2812 2827
2813 2828 }
2814 2829
2815 2830 static void
2816 2831 aus_labelsys(struct t_audit_data *tad)
2817 2832 {
2818 2833 klwp_t *clwp = ttolwp(curthread);
2819 2834 uint32_t cmd;
2820 2835 uintptr_t a2;
2821 2836
2822 2837 struct a {
2823 2838 long code;
2824 2839 long cmd;
2825 2840 long a2;
2826 2841 } *uap = (struct a *)clwp->lwp_ap;
2827 2842
2828 2843 cmd = (uint32_t)uap->cmd;
2829 2844 a2 = (uintptr_t)uap->a2;
2830 2845
2831 2846 switch (tad->tad_event) {
2832 2847 case AUE_LABELSYS_TNRH:
2833 2848 {
2834 2849 tsol_rhent_t *rhent;
2835 2850 tnaddr_t *rh_addr;
2836 2851
2837 2852 au_uwrite(au_to_arg32(1, "cmd", cmd));
2838 2853
2839 2854 /* Remaining args don't apply for FLUSH, so skip */
2840 2855 if (cmd == TNDB_FLUSH)
2841 2856 break;
2842 2857
2843 2858 rhent = kmem_alloc(sizeof (tsol_rhent_t), KM_SLEEP);
2844 2859 if (copyin((caddr_t)a2, rhent, sizeof (tsol_rhent_t))) {
2845 2860 kmem_free(rhent, sizeof (tsol_rhent_t));
2846 2861 return;
2847 2862 }
2848 2863
2849 2864 rh_addr = &rhent->rh_address;
2850 2865 if (rh_addr->ta_family == AF_INET) {
2851 2866 struct in_addr *ipaddr;
2852 2867
2853 2868 ipaddr = &(rh_addr->ta_addr_v4);
2854 2869 au_uwrite(au_to_in_addr(ipaddr));
2855 2870 } else if (rh_addr->ta_family == AF_INET6) {
2856 2871 int32_t *ipaddr;
2857 2872
2858 2873 ipaddr = (int32_t *)&(rh_addr->ta_addr_v6);
2859 2874 au_uwrite(au_to_in_addr_ex(ipaddr));
2860 2875 }
2861 2876 au_uwrite(au_to_arg32(2, "prefix len", rhent->rh_prefix));
2862 2877
2863 2878 kmem_free(rhent, sizeof (tsol_rhent_t));
2864 2879
2865 2880 break;
2866 2881 }
2867 2882 case AUE_LABELSYS_TNRHTP:
2868 2883 {
2869 2884 tsol_tpent_t *tpent;
2870 2885
2871 2886 au_uwrite(au_to_arg32(1, "cmd", cmd));
2872 2887
2873 2888 /* Remaining args don't apply for FLUSH, so skip */
2874 2889 if (cmd == TNDB_FLUSH)
2875 2890 break;
2876 2891
2877 2892 tpent = kmem_alloc(sizeof (tsol_tpent_t), KM_SLEEP);
2878 2893 if (copyin((caddr_t)a2, tpent, sizeof (tsol_tpent_t))) {
2879 2894 kmem_free(tpent, sizeof (tsol_tpent_t));
2880 2895 return;
2881 2896 }
2882 2897
2883 2898 /* Make sure that the template name is null-terminated. */
2884 2899 *(tpent->name + TNTNAMSIZ - 1) = '\0';
2885 2900
2886 2901 au_uwrite(au_to_text(tpent->name));
2887 2902 kmem_free(tpent, sizeof (tsol_tpent_t));
2888 2903
2889 2904 break;
2890 2905 }
2891 2906 case AUE_LABELSYS_TNMLP:
2892 2907 {
2893 2908 tsol_mlpent_t *mlpent;
2894 2909
2895 2910 au_uwrite(au_to_arg32(1, "cmd", cmd));
2896 2911
2897 2912 mlpent = kmem_alloc(sizeof (tsol_mlpent_t), KM_SLEEP);
2898 2913 if (copyin((caddr_t)a2, mlpent, sizeof (tsol_mlpent_t))) {
2899 2914 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2900 2915 return;
2901 2916 }
2902 2917
2903 2918 if (mlpent->tsme_flags & TSOL_MEF_SHARED) {
2904 2919 au_uwrite(au_to_text("shared"));
2905 2920 } else {
2906 2921 zone_t *zone;
2907 2922
2908 2923 zone = zone_find_by_id(mlpent->tsme_zoneid);
2909 2924 if (zone != NULL) {
2910 2925 au_uwrite(au_to_text(zone->zone_name));
2911 2926 zone_rele(zone);
2912 2927 }
2913 2928 }
2914 2929
2915 2930 /* Remaining args don't apply for FLUSH, so skip */
2916 2931 if (cmd == TNDB_FLUSH) {
2917 2932 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2918 2933 break;
2919 2934 }
2920 2935
2921 2936 au_uwrite(au_to_arg32(2, "proto num",
2922 2937 (uint32_t)mlpent->tsme_mlp.mlp_ipp));
2923 2938 au_uwrite(au_to_arg32(2, "mlp_port",
2924 2939 (uint32_t)mlpent->tsme_mlp.mlp_port));
2925 2940
2926 2941 if (mlpent->tsme_mlp.mlp_port_upper != 0)
2927 2942 au_uwrite(au_to_arg32(2, "mlp_port_upper",
2928 2943 (uint32_t)mlpent->tsme_mlp.mlp_port_upper));
2929 2944
2930 2945 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2931 2946
2932 2947 break;
2933 2948 }
2934 2949 default:
2935 2950 break;
2936 2951 }
2937 2952 }
2938 2953
2939 2954
2940 2955 static au_event_t
2941 2956 aui_auditsys(au_event_t e)
2942 2957 {
2943 2958 klwp_t *clwp = ttolwp(curthread);
2944 2959 uint32_t code;
2945 2960
2946 2961 struct a {
2947 2962 long code;
2948 2963 long a1;
2949 2964 long a2;
2950 2965 long a3;
2951 2966 long a4;
2952 2967 long a5;
2953 2968 long a6;
2954 2969 long a7;
2955 2970 } *uap = (struct a *)clwp->lwp_ap;
2956 2971
2957 2972 code = (uint32_t)uap->code;
2958 2973
2959 2974 switch (code) {
2960 2975
2961 2976 case BSM_GETAUID:
2962 2977 e = AUE_GETAUID;
2963 2978 break;
2964 2979 case BSM_SETAUID:
2965 2980 e = AUE_SETAUID;
2966 2981 break;
2967 2982 case BSM_GETAUDIT:
2968 2983 e = AUE_GETAUDIT;
2969 2984 break;
2970 2985 case BSM_GETAUDIT_ADDR:
2971 2986 e = AUE_GETAUDIT_ADDR;
2972 2987 break;
2973 2988 case BSM_SETAUDIT:
2974 2989 e = AUE_SETAUDIT;
2975 2990 break;
2976 2991 case BSM_SETAUDIT_ADDR:
2977 2992 e = AUE_SETAUDIT_ADDR;
2978 2993 break;
2979 2994 case BSM_AUDIT:
2980 2995 e = AUE_AUDIT;
2981 2996 break;
2982 2997 case BSM_AUDITCTL:
2983 2998 switch ((uint_t)uap->a1) {
2984 2999
2985 3000 case A_GETPOLICY:
2986 3001 e = AUE_AUDITON_GPOLICY;
2987 3002 break;
2988 3003 case A_SETPOLICY:
2989 3004 e = AUE_AUDITON_SPOLICY;
2990 3005 break;
2991 3006 case A_GETAMASK:
2992 3007 e = AUE_AUDITON_GETAMASK;
2993 3008 break;
2994 3009 case A_SETAMASK:
2995 3010 e = AUE_AUDITON_SETAMASK;
2996 3011 break;
2997 3012 case A_GETKMASK:
2998 3013 e = AUE_AUDITON_GETKMASK;
2999 3014 break;
3000 3015 case A_SETKMASK:
3001 3016 e = AUE_AUDITON_SETKMASK;
3002 3017 break;
3003 3018 case A_GETQCTRL:
3004 3019 e = AUE_AUDITON_GQCTRL;
3005 3020 break;
3006 3021 case A_SETQCTRL:
3007 3022 e = AUE_AUDITON_SQCTRL;
3008 3023 break;
3009 3024 case A_GETCWD:
3010 3025 e = AUE_AUDITON_GETCWD;
3011 3026 break;
3012 3027 case A_GETCAR:
3013 3028 e = AUE_AUDITON_GETCAR;
3014 3029 break;
3015 3030 case A_GETSTAT:
3016 3031 e = AUE_AUDITON_GETSTAT;
3017 3032 break;
3018 3033 case A_SETSTAT:
3019 3034 e = AUE_AUDITON_SETSTAT;
3020 3035 break;
3021 3036 case A_SETUMASK:
3022 3037 e = AUE_AUDITON_SETUMASK;
3023 3038 break;
3024 3039 case A_SETSMASK:
3025 3040 e = AUE_AUDITON_SETSMASK;
3026 3041 break;
3027 3042 case A_GETCOND:
3028 3043 e = AUE_AUDITON_GETCOND;
3029 3044 break;
3030 3045 case A_SETCOND:
3031 3046 e = AUE_AUDITON_SETCOND;
3032 3047 break;
3033 3048 case A_GETCLASS:
3034 3049 e = AUE_AUDITON_GETCLASS;
3035 3050 break;
3036 3051 case A_SETCLASS:
3037 3052 e = AUE_AUDITON_SETCLASS;
3038 3053 break;
3039 3054 default:
3040 3055 e = AUE_NULL;
3041 3056 break;
3042 3057 }
3043 3058 break;
3044 3059 default:
3045 3060 e = AUE_NULL;
3046 3061 break;
3047 3062 }
3048 3063
3049 3064 return (e);
3050 3065
3051 3066 } /* AUI_AUDITSYS */
3052 3067
3053 3068
3054 3069 static void
3055 3070 aus_auditsys(struct t_audit_data *tad)
3056 3071 {
3057 3072 klwp_t *clwp = ttolwp(curthread);
3058 3073 uintptr_t a1, a2;
3059 3074 STRUCT_DECL(auditinfo, ainfo);
3060 3075 STRUCT_DECL(auditinfo_addr, ainfo_addr);
3061 3076 au_evclass_map_t event;
3062 3077 au_mask_t mask;
3063 3078 int auditstate, policy;
3064 3079 au_id_t auid;
3065 3080
3066 3081
3067 3082 struct a {
3068 3083 long code;
3069 3084 long a1;
3070 3085 long a2;
3071 3086 long a3;
3072 3087 long a4;
3073 3088 long a5;
3074 3089 long a6;
3075 3090 long a7;
3076 3091 } *uap = (struct a *)clwp->lwp_ap;
3077 3092
3078 3093 a1 = (uintptr_t)uap->a1;
3079 3094 a2 = (uintptr_t)uap->a2;
3080 3095
3081 3096 switch (tad->tad_event) {
3082 3097 case AUE_SETAUID:
3083 3098 if (copyin((caddr_t)a1, &auid, sizeof (au_id_t)))
3084 3099 return;
3085 3100 au_uwrite(au_to_arg32(2, "setauid", auid));
3086 3101 break;
3087 3102 case AUE_SETAUDIT:
3088 3103 STRUCT_INIT(ainfo, get_udatamodel());
3089 3104 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo),
3090 3105 STRUCT_SIZE(ainfo))) {
3091 3106 return;
3092 3107 }
3093 3108 au_uwrite(au_to_arg32((char)1, "setaudit:auid",
3094 3109 (uint32_t)STRUCT_FGET(ainfo, ai_auid)));
3095 3110 #ifdef _LP64
3096 3111 au_uwrite(au_to_arg64((char)1, "setaudit:port",
3097 3112 (uint64_t)STRUCT_FGET(ainfo, ai_termid.port)));
3098 3113 #else
3099 3114 au_uwrite(au_to_arg32((char)1, "setaudit:port",
3100 3115 (uint32_t)STRUCT_FGET(ainfo, ai_termid.port)));
3101 3116 #endif
3102 3117 au_uwrite(au_to_arg32((char)1, "setaudit:machine",
3103 3118 (uint32_t)STRUCT_FGET(ainfo, ai_termid.machine)));
3104 3119 au_uwrite(au_to_arg32((char)1, "setaudit:as_success",
3105 3120 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3106 3121 au_uwrite(au_to_arg32((char)1, "setaudit:as_failure",
3107 3122 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3108 3123 au_uwrite(au_to_arg32((char)1, "setaudit:asid",
3109 3124 (uint32_t)STRUCT_FGET(ainfo, ai_asid)));
3110 3125 break;
3111 3126 case AUE_SETAUDIT_ADDR:
3112 3127 STRUCT_INIT(ainfo_addr, get_udatamodel());
3113 3128 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
3114 3129 STRUCT_SIZE(ainfo_addr))) {
3115 3130 return;
3116 3131 }
3117 3132 au_uwrite(au_to_arg32((char)1, "auid",
3118 3133 (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
3119 3134 #ifdef _LP64
3120 3135 au_uwrite(au_to_arg64((char)1, "port",
3121 3136 (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3122 3137 #else
3123 3138 au_uwrite(au_to_arg32((char)1, "port",
3124 3139 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3125 3140 #endif
3126 3141 au_uwrite(au_to_arg32((char)1, "type",
3127 3142 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
3128 3143 if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
3129 3144 AU_IPv4) {
3130 3145 au_uwrite(au_to_in_addr(
3131 3146 (struct in_addr *)STRUCT_FGETP(ainfo_addr,
3132 3147 ai_termid.at_addr)));
3133 3148 } else {
3134 3149 au_uwrite(au_to_in_addr_ex(
3135 3150 (int32_t *)STRUCT_FGETP(ainfo_addr,
3136 3151 ai_termid.at_addr)));
3137 3152 }
3138 3153 au_uwrite(au_to_arg32((char)1, "as_success",
3139 3154 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
3140 3155 au_uwrite(au_to_arg32((char)1, "as_failure",
3141 3156 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
3142 3157 au_uwrite(au_to_arg32((char)1, "asid",
3143 3158 (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
3144 3159 break;
3145 3160 case AUE_AUDITON_SETAMASK:
3146 3161 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3147 3162 return;
3148 3163 au_uwrite(au_to_arg32(
3149 3164 2, "setamask:as_success", (uint32_t)mask.as_success));
3150 3165 au_uwrite(au_to_arg32(
3151 3166 2, "setamask:as_failure", (uint32_t)mask.as_failure));
3152 3167 break;
3153 3168 case AUE_AUDITON_SETKMASK:
3154 3169 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3155 3170 return;
3156 3171 au_uwrite(au_to_arg32(
3157 3172 2, "setkmask:as_success", (uint32_t)mask.as_success));
3158 3173 au_uwrite(au_to_arg32(
3159 3174 2, "setkmask:as_failure", (uint32_t)mask.as_failure));
3160 3175 break;
3161 3176 case AUE_AUDITON_SPOLICY:
3162 3177 if (copyin((caddr_t)a2, &policy, sizeof (int)))
3163 3178 return;
3164 3179 au_uwrite(au_to_arg32(3, "setpolicy", (uint32_t)policy));
3165 3180 break;
3166 3181 case AUE_AUDITON_SQCTRL: {
3167 3182 STRUCT_DECL(au_qctrl, qctrl);
3168 3183 model_t model;
3169 3184
3170 3185 model = get_udatamodel();
3171 3186 STRUCT_INIT(qctrl, model);
3172 3187 if (copyin((caddr_t)a2, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
3173 3188 return;
3174 3189 if (model == DATAMODEL_ILP32) {
3175 3190 au_uwrite(au_to_arg32(
3176 3191 3, "setqctrl:aq_hiwater",
3177 3192 (uint32_t)STRUCT_FGET(qctrl, aq_hiwater)));
3178 3193 au_uwrite(au_to_arg32(
3179 3194 3, "setqctrl:aq_lowater",
3180 3195 (uint32_t)STRUCT_FGET(qctrl, aq_lowater)));
3181 3196 au_uwrite(au_to_arg32(
3182 3197 3, "setqctrl:aq_bufsz",
3183 3198 (uint32_t)STRUCT_FGET(qctrl, aq_bufsz)));
3184 3199 au_uwrite(au_to_arg32(
3185 3200 3, "setqctrl:aq_delay",
3186 3201 (uint32_t)STRUCT_FGET(qctrl, aq_delay)));
3187 3202 } else {
3188 3203 au_uwrite(au_to_arg64(
3189 3204 3, "setqctrl:aq_hiwater",
3190 3205 (uint64_t)STRUCT_FGET(qctrl, aq_hiwater)));
3191 3206 au_uwrite(au_to_arg64(
3192 3207 3, "setqctrl:aq_lowater",
3193 3208 (uint64_t)STRUCT_FGET(qctrl, aq_lowater)));
3194 3209 au_uwrite(au_to_arg64(
3195 3210 3, "setqctrl:aq_bufsz",
3196 3211 (uint64_t)STRUCT_FGET(qctrl, aq_bufsz)));
3197 3212 au_uwrite(au_to_arg64(
3198 3213 3, "setqctrl:aq_delay",
3199 3214 (uint64_t)STRUCT_FGET(qctrl, aq_delay)));
3200 3215 }
3201 3216 break;
3202 3217 }
3203 3218 case AUE_AUDITON_SETUMASK:
3204 3219 STRUCT_INIT(ainfo, get_udatamodel());
3205 3220 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3206 3221 STRUCT_SIZE(ainfo))) {
3207 3222 return;
3208 3223 }
3209 3224 au_uwrite(au_to_arg32(3, "setumask:as_success",
3210 3225 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3211 3226 au_uwrite(au_to_arg32(3, "setumask:as_failure",
3212 3227 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3213 3228 break;
3214 3229 case AUE_AUDITON_SETSMASK:
3215 3230 STRUCT_INIT(ainfo, get_udatamodel());
3216 3231 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3217 3232 STRUCT_SIZE(ainfo))) {
3218 3233 return;
3219 3234 }
3220 3235 au_uwrite(au_to_arg32(3, "setsmask:as_success",
3221 3236 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3222 3237 au_uwrite(au_to_arg32(3, "setsmask:as_failure",
3223 3238 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3224 3239 break;
3225 3240 case AUE_AUDITON_SETCOND:
3226 3241 if (copyin((caddr_t)a2, &auditstate, sizeof (int)))
3227 3242 return;
3228 3243 au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3229 3244 break;
3230 3245 case AUE_AUDITON_SETCLASS:
3231 3246 if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3232 3247 return;
3233 3248 au_uwrite(au_to_arg32(
3234 3249 2, "setclass:ec_event", (uint32_t)event.ec_number));
3235 3250 au_uwrite(au_to_arg32(
3236 3251 3, "setclass:ec_class", (uint32_t)event.ec_class));
3237 3252 break;
3238 3253 case AUE_GETAUID:
3239 3254 case AUE_GETAUDIT:
3240 3255 case AUE_GETAUDIT_ADDR:
3241 3256 case AUE_AUDIT:
3242 3257 case AUE_AUDITON_GPOLICY:
3243 3258 case AUE_AUDITON_GQCTRL:
3244 3259 case AUE_AUDITON_GETAMASK:
3245 3260 case AUE_AUDITON_GETKMASK:
3246 3261 case AUE_AUDITON_GETCWD:
3247 3262 case AUE_AUDITON_GETCAR:
3248 3263 case AUE_AUDITON_GETSTAT:
3249 3264 case AUE_AUDITON_SETSTAT:
3250 3265 case AUE_AUDITON_GETCOND:
3251 3266 case AUE_AUDITON_GETCLASS:
3252 3267 break;
3253 3268 default:
3254 3269 break;
3255 3270 }
3256 3271
3257 3272 } /* AUS_AUDITSYS */
3258 3273
3259 3274
3260 3275 /* only audit privileged operations for systeminfo(2) system call */
3261 3276 static au_event_t
3262 3277 aui_sysinfo(au_event_t e)
3263 3278 {
3264 3279 klwp_t *clwp = ttolwp(curthread);
3265 3280 uint32_t command;
3266 3281
3267 3282 struct a {
3268 3283 long command;
3269 3284 long buf; /* char * */
3270 3285 long count;
3271 3286 } *uap = (struct a *)clwp->lwp_ap;
3272 3287
3273 3288 command = (uint32_t)uap->command;
3274 3289
3275 3290 switch (command) {
3276 3291 case SI_SET_HOSTNAME:
3277 3292 case SI_SET_SRPC_DOMAIN:
3278 3293 e = (au_event_t)AUE_SYSINFO;
3279 3294 break;
3280 3295 default:
3281 3296 e = (au_event_t)AUE_NULL;
3282 3297 break;
3283 3298 }
3284 3299 return (e);
3285 3300 }
3286 3301
3287 3302 /*ARGSUSED*/
3288 3303 static void
3289 3304 aus_sysinfo(struct t_audit_data *tad)
3290 3305 {
3291 3306 klwp_t *clwp = ttolwp(curthread);
3292 3307 uint32_t command;
3293 3308 size_t len, maxlen;
3294 3309 char *name;
3295 3310 uintptr_t buf;
3296 3311
3297 3312 struct a {
3298 3313 long command;
3299 3314 long buf; /* char * */
3300 3315 long count;
3301 3316 } *uap = (struct a *)clwp->lwp_ap;
3302 3317
3303 3318 command = (uint32_t)uap->command;
3304 3319 buf = (uintptr_t)uap->buf;
3305 3320
3306 3321 au_uwrite(au_to_arg32(1, "cmd", command));
3307 3322
3308 3323 switch (command) {
3309 3324 case SI_SET_HOSTNAME:
3310 3325 {
3311 3326 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3312 3327 return;
3313 3328
3314 3329 maxlen = SYS_NMLN;
3315 3330 name = kmem_alloc(maxlen, KM_SLEEP);
3316 3331 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3317 3332 break;
3318 3333
3319 3334 /*
3320 3335 * Must be non-NULL string and string
3321 3336 * must be less than SYS_NMLN chars.
3322 3337 */
3323 3338 if (len < 2 || (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0'))
3324 3339 break;
3325 3340
3326 3341 au_uwrite(au_to_text(name));
3327 3342 break;
3328 3343 }
3329 3344
3330 3345 case SI_SET_SRPC_DOMAIN:
3331 3346 {
3332 3347 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3333 3348 return;
3334 3349
3335 3350 maxlen = SYS_NMLN;
3336 3351 name = kmem_alloc(maxlen, KM_SLEEP);
3337 3352 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3338 3353 break;
3339 3354
3340 3355 /*
3341 3356 * If string passed in is longer than length
3342 3357 * allowed for domain name, fail.
3343 3358 */
3344 3359 if (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0')
3345 3360 break;
3346 3361
3347 3362 au_uwrite(au_to_text(name));
3348 3363 break;
3349 3364 }
3350 3365
3351 3366 default:
3352 3367 return;
3353 3368 }
3354 3369
3355 3370 kmem_free(name, maxlen);
3356 3371 }
3357 3372
3358 3373 static au_event_t
3359 3374 aui_modctl(au_event_t e)
3360 3375 {
3361 3376 klwp_t *clwp = ttolwp(curthread);
3362 3377 uint_t cmd;
3363 3378
3364 3379 struct a {
3365 3380 long cmd;
3366 3381 } *uap = (struct a *)clwp->lwp_ap;
3367 3382
3368 3383 cmd = (uint_t)uap->cmd;
3369 3384
3370 3385 switch (cmd) {
3371 3386 case MODLOAD:
3372 3387 e = AUE_MODLOAD;
3373 3388 break;
3374 3389 case MODUNLOAD:
3375 3390 e = AUE_MODUNLOAD;
3376 3391 break;
3377 3392 case MODADDMAJBIND:
3378 3393 e = AUE_MODADDMAJ;
3379 3394 break;
3380 3395 case MODSETDEVPOLICY:
3381 3396 e = AUE_MODDEVPLCY;
3382 3397 break;
3383 3398 case MODALLOCPRIV:
3384 3399 e = AUE_MODADDPRIV;
3385 3400 break;
3386 3401 default:
3387 3402 e = AUE_NULL;
3388 3403 break;
3389 3404 }
3390 3405 return (e);
3391 3406 }
3392 3407
3393 3408
3394 3409 /*ARGSUSED*/
3395 3410 static void
3396 3411 aus_modctl(struct t_audit_data *tad)
3397 3412 {
3398 3413 klwp_t *clwp = ttolwp(curthread);
3399 3414 void *a = clwp->lwp_ap;
3400 3415 uint_t use_path;
3401 3416
3402 3417 switch (tad->tad_event) {
3403 3418 case AUE_MODLOAD: {
3404 3419 typedef struct {
3405 3420 long cmd;
3406 3421 long use_path;
3407 3422 long filename; /* char * */
3408 3423 } modloada_t;
3409 3424
3410 3425 char *filenamep;
3411 3426 uintptr_t fname;
3412 3427 extern char *default_path;
3413 3428
3414 3429 fname = (uintptr_t)((modloada_t *)a)->filename;
3415 3430 use_path = (uint_t)((modloada_t *)a)->use_path;
3416 3431
3417 3432 /* space to hold path */
3418 3433 filenamep = kmem_alloc(MOD_MAXPATH, KM_SLEEP);
3419 3434 /* get string */
3420 3435 if (copyinstr((caddr_t)fname, filenamep, MOD_MAXPATH, 0)) {
3421 3436 /* free allocated path */
3422 3437 kmem_free(filenamep, MOD_MAXPATH);
3423 3438 return;
3424 3439 }
3425 3440 /* ensure it's null terminated */
3426 3441 filenamep[MOD_MAXPATH - 1] = 0;
3427 3442
3428 3443 if (use_path)
3429 3444 au_uwrite(au_to_text(default_path));
3430 3445 au_uwrite(au_to_text(filenamep));
3431 3446
3432 3447 /* release temporary memory */
3433 3448 kmem_free(filenamep, MOD_MAXPATH);
3434 3449 break;
3435 3450 }
3436 3451 case AUE_MODUNLOAD: {
3437 3452 typedef struct {
3438 3453 long cmd;
3439 3454 long id;
3440 3455 } modunloada_t;
3441 3456
3442 3457 uint32_t id = (uint32_t)((modunloada_t *)a)->id;
3443 3458
3444 3459 au_uwrite(au_to_arg32(1, "id", id));
3445 3460 break;
3446 3461 }
3447 3462 case AUE_MODADDMAJ: {
3448 3463 STRUCT_DECL(modconfig, mc);
3449 3464 typedef struct {
3450 3465 long cmd;
3451 3466 long subcmd;
3452 3467 long data; /* int * */
3453 3468 } modconfiga_t;
3454 3469
3455 3470 STRUCT_DECL(aliases, alias);
3456 3471 caddr_t ap;
3457 3472 int i, num_aliases;
3458 3473 char *drvname, *mc_drvname;
3459 3474 char *name;
3460 3475 extern char *ddi_major_to_name(major_t);
3461 3476 model_t model;
3462 3477
3463 3478 uintptr_t data = (uintptr_t)((modconfiga_t *)a)->data;
3464 3479
3465 3480 model = get_udatamodel();
3466 3481 STRUCT_INIT(mc, model);
3467 3482 /* sanitize buffer */
3468 3483 bzero((caddr_t)STRUCT_BUF(mc), STRUCT_SIZE(mc));
3469 3484 /* get user arguments */
3470 3485 if (copyin((caddr_t)data, (caddr_t)STRUCT_BUF(mc),
3471 3486 STRUCT_SIZE(mc)) != 0)
3472 3487 return;
3473 3488
3474 3489 mc_drvname = STRUCT_FGET(mc, drvname);
3475 3490 if ((drvname = ddi_major_to_name(
3476 3491 (major_t)STRUCT_FGET(mc, major))) != NULL &&
3477 3492 strncmp(drvname, mc_drvname, MAXMODCONFNAME) != 0) {
3478 3493 /* safety */
3479 3494 if (mc_drvname[0] != '\0') {
3480 3495 mc_drvname[MAXMODCONFNAME-1] = '\0';
3481 3496 au_uwrite(au_to_text(mc_drvname));
3482 3497 }
3483 3498 /* drvname != NULL from test above */
3484 3499 au_uwrite(au_to_text(drvname));
3485 3500 return;
3486 3501 }
3487 3502
3488 3503 if (mc_drvname[0] != '\0') {
3489 3504 /* safety */
3490 3505 mc_drvname[MAXMODCONFNAME-1] = '\0';
3491 3506 au_uwrite(au_to_text(mc_drvname));
3492 3507 } else
3493 3508 au_uwrite(au_to_text("no drvname"));
3494 3509
3495 3510 num_aliases = STRUCT_FGET(mc, num_aliases);
3496 3511 au_uwrite(au_to_arg32(5, "", (uint32_t)num_aliases));
3497 3512 ap = (caddr_t)STRUCT_FGETP(mc, ap);
3498 3513 name = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
3499 3514 STRUCT_INIT(alias, model);
3500 3515 for (i = 0; i < num_aliases; i++) {
3501 3516 bzero((caddr_t)STRUCT_BUF(alias),
3502 3517 STRUCT_SIZE(alias));
3503 3518 if (copyin((caddr_t)ap, (caddr_t)STRUCT_BUF(alias),
3504 3519 STRUCT_SIZE(alias)) != 0)
3505 3520 break;
3506 3521 if (copyinstr(STRUCT_FGETP(alias, a_name), name,
3507 3522 MAXMODCONFNAME, NULL) != 0) {
3508 3523 break;
3509 3524 }
3510 3525
3511 3526 au_uwrite(au_to_text(name));
3512 3527 ap = (caddr_t)STRUCT_FGETP(alias, a_next);
3513 3528 }
3514 3529 kmem_free(name, MAXMODCONFNAME);
3515 3530 break;
3516 3531 }
3517 3532 default:
3518 3533 break;
3519 3534 }
3520 3535 }
3521 3536
3522 3537
3523 3538 /*ARGSUSED*/
3524 3539 static void
3525 3540 auf_accept(
3526 3541 struct t_audit_data *tad,
3527 3542 int error,
3528 3543 rval_t *rval)
3529 3544 {
3530 3545 uint32_t scid;
3531 3546 uint32_t sy_flags;
3532 3547 int fd;
3533 3548 struct sonode *so;
3534 3549 char so_laddr[sizeof (struct sockaddr_in6)];
3535 3550 char so_faddr[sizeof (struct sockaddr_in6)];
3536 3551 int err;
3537 3552 short so_family, so_type;
3538 3553 int add_sock_token = 0;
3539 3554
3540 3555 /* need to determine type of executing binary */
3541 3556 scid = tad->tad_scid;
3542 3557 #ifdef _SYSCALL32_IMPL
3543 3558 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
3544 3559 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3545 3560 else
3546 3561 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
3547 3562 #else
3548 3563 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3549 3564 #endif
3550 3565 switch (sy_flags) {
3551 3566 case SE_32RVAL1:
3552 3567 /* FALLTHRU */
3553 3568 case SE_32RVAL2|SE_32RVAL1:
3554 3569 fd = rval->r_val1;
3555 3570 break;
3556 3571 case SE_64RVAL:
3557 3572 fd = (int)rval->r_vals;
3558 3573 break;
3559 3574 default:
3560 3575 /*
3561 3576 * should never happen, seems to be an internal error
3562 3577 * in sysent => no fd, nothing to audit here, returning
3563 3578 */
3564 3579 return;
3565 3580 }
3566 3581
3567 3582 if (error) {
3568 3583 /* can't trust socket contents. Just return */
3569 3584 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3570 3585 return;
3571 3586 }
3572 3587
3573 3588 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3574 3589 /*
3575 3590 * not security relevant if doing a accept from non socket
3576 3591 * so no extra tokens. Should probably turn off audit record
3577 3592 * generation here.
3578 3593 */
3579 3594 return;
3580 3595 }
3581 3596
3582 3597 so_family = so->so_family;
3583 3598 so_type = so->so_type;
3584 3599
3585 3600 switch (so_family) {
3586 3601 case AF_INET:
3587 3602 case AF_INET6:
3588 3603 /*
3589 3604 * XXX - what about other socket types for AF_INET (e.g. DGRAM)
3590 3605 */
3591 3606 if (so->so_type == SOCK_STREAM) {
3592 3607 socklen_t len;
3593 3608
3594 3609 bzero((void *)so_laddr, sizeof (so_laddr));
3595 3610 bzero((void *)so_faddr, sizeof (so_faddr));
3596 3611
3597 3612 len = sizeof (so_laddr);
3598 3613 (void) socket_getsockname(so,
3599 3614 (struct sockaddr *)so_laddr, &len, CRED());
3600 3615 len = sizeof (so_faddr);
3601 3616 (void) socket_getpeername(so,
3602 3617 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3603 3618
3604 3619 add_sock_token = 1;
3605 3620 }
3606 3621 break;
3607 3622
3608 3623 default:
3609 3624 /* AF_UNIX, AF_ROUTE, AF_KEY do not support accept */
3610 3625 break;
3611 3626 }
3612 3627
3613 3628 releasef(fd);
3614 3629
3615 3630 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3616 3631
3617 3632 if (add_sock_token == 0) {
3618 3633 au_uwrite(au_to_arg32(0, "family", (uint32_t)(so_family)));
3619 3634 au_uwrite(au_to_arg32(0, "type", (uint32_t)(so_type)));
3620 3635 return;
3621 3636 }
3622 3637
3623 3638 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3624 3639
3625 3640 }
3626 3641
3627 3642 /*ARGSUSED*/
3628 3643 static void
3629 3644 auf_bind(struct t_audit_data *tad, int error, rval_t *rvp)
3630 3645 {
3631 3646 struct a {
3632 3647 long fd;
3633 3648 long addr;
3634 3649 long len;
3635 3650 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3636 3651
3637 3652 struct sonode *so;
3638 3653 char so_laddr[sizeof (struct sockaddr_in6)];
3639 3654 char so_faddr[sizeof (struct sockaddr_in6)];
3640 3655 int err, fd;
3641 3656 socklen_t len;
3642 3657 short so_family, so_type;
3643 3658 int add_sock_token = 0;
3644 3659
3645 3660 fd = (int)uap->fd;
3646 3661
3647 3662 /*
3648 3663 * bind failed, then nothing extra to add to audit record.
3649 3664 */
3650 3665 if (error) {
3651 3666 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3652 3667 /* XXX may want to add failed address some day */
3653 3668 return;
3654 3669 }
3655 3670
3656 3671 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3657 3672 /*
3658 3673 * not security relevant if doing a bind from non socket
3659 3674 * so no extra tokens. Should probably turn off audit record
3660 3675 * generation here.
3661 3676 */
3662 3677 return;
3663 3678 }
3664 3679
3665 3680 so_family = so->so_family;
3666 3681 so_type = so->so_type;
3667 3682
3668 3683 switch (so_family) {
3669 3684 case AF_INET:
3670 3685 case AF_INET6:
3671 3686
3672 3687 bzero(so_faddr, sizeof (so_faddr));
3673 3688 len = sizeof (so_faddr);
3674 3689
3675 3690 (void) socket_getpeername(so,
3676 3691 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3677 3692 add_sock_token = 1;
3678 3693
3679 3694 break;
3680 3695
3681 3696 case AF_UNIX:
3682 3697 /* token added by lookup */
3683 3698 break;
3684 3699 default:
3685 3700 /* AF_ROUTE, AF_KEY do not support accept */
3686 3701 break;
3687 3702 }
3688 3703
3689 3704 releasef(fd);
3690 3705
3691 3706 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3692 3707
3693 3708 if (add_sock_token == 0) {
3694 3709 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3695 3710 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3696 3711 return;
3697 3712 }
3698 3713
3699 3714 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3700 3715
3701 3716 }
3702 3717
3703 3718 /*ARGSUSED*/
3704 3719 static void
3705 3720 auf_connect(struct t_audit_data *tad, int error, rval_t *rval)
3706 3721 {
3707 3722 struct a {
3708 3723 long fd;
3709 3724 long addr;
3710 3725 long len;
3711 3726 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3712 3727
3713 3728 struct sonode *so;
3714 3729 char so_laddr[sizeof (struct sockaddr_in6)];
3715 3730 char so_faddr[sizeof (struct sockaddr_in6)];
3716 3731 int err, fd;
3717 3732 socklen_t len;
3718 3733 short so_family, so_type;
3719 3734 int add_sock_token = 0;
3720 3735
3721 3736 fd = (int)uap->fd;
3722 3737
3723 3738
3724 3739 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3725 3740 /*
3726 3741 * not security relevant if doing a connect from non socket
3727 3742 * so no extra tokens. Should probably turn off audit record
3728 3743 * generation here.
3729 3744 */
3730 3745 return;
3731 3746 }
3732 3747
3733 3748 so_family = so->so_family;
3734 3749 so_type = so->so_type;
3735 3750
3736 3751 switch (so_family) {
3737 3752 case AF_INET:
3738 3753 case AF_INET6:
3739 3754
3740 3755 bzero(so_laddr, sizeof (so_laddr));
3741 3756 bzero(so_faddr, sizeof (so_faddr));
3742 3757
3743 3758 len = sizeof (so_laddr);
3744 3759 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3745 3760 &len, CRED());
3746 3761 if (error) {
3747 3762 if (uap->addr == NULL)
3748 3763 break;
3749 3764 if (uap->len <= 0)
3750 3765 break;
3751 3766 len = min(uap->len, sizeof (so_faddr));
3752 3767 if (copyin((caddr_t)(uap->addr), so_faddr, len) != 0)
3753 3768 break;
3754 3769 #ifdef NOTYET
3755 3770 au_uwrite(au_to_data(AUP_HEX, AUR_CHAR, len, so_faddr));
3756 3771 #endif
3757 3772 } else {
3758 3773 /* sanity check on length */
3759 3774 len = sizeof (so_faddr);
3760 3775 (void) socket_getpeername(so,
3761 3776 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3762 3777 }
3763 3778
3764 3779 add_sock_token = 1;
3765 3780
3766 3781 break;
3767 3782
3768 3783 case AF_UNIX:
3769 3784 /* does a lookup on name */
3770 3785 break;
3771 3786
3772 3787 default:
3773 3788 /* AF_ROUTE, AF_KEY do not support accept */
3774 3789 break;
3775 3790 }
3776 3791
3777 3792 releasef(fd);
3778 3793
3779 3794 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3780 3795
3781 3796 if (add_sock_token == 0) {
3782 3797 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3783 3798 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3784 3799 return;
3785 3800 }
3786 3801
3787 3802 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3788 3803
3789 3804 }
3790 3805
3791 3806 /*ARGSUSED*/
3792 3807 static void
3793 3808 aus_shutdown(struct t_audit_data *tad)
3794 3809 {
3795 3810 struct a {
3796 3811 long fd;
3797 3812 long how;
3798 3813 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3799 3814
3800 3815 struct sonode *so;
3801 3816 char so_laddr[sizeof (struct sockaddr_in6)];
3802 3817 char so_faddr[sizeof (struct sockaddr_in6)];
3803 3818 int err, fd;
3804 3819 socklen_t len;
3805 3820 short so_family, so_type;
3806 3821 int add_sock_token = 0;
3807 3822 file_t *fp; /* unix domain sockets */
3808 3823 struct f_audit_data *fad; /* unix domain sockets */
3809 3824
3810 3825 fd = (int)uap->fd;
3811 3826
3812 3827 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3813 3828 /*
3814 3829 * not security relevant if doing a shutdown using non socket
3815 3830 * so no extra tokens. Should probably turn off audit record
3816 3831 * generation here.
3817 3832 */
3818 3833 return;
3819 3834 }
3820 3835
3821 3836 so_family = so->so_family;
3822 3837 so_type = so->so_type;
3823 3838
3824 3839 switch (so_family) {
3825 3840 case AF_INET:
3826 3841 case AF_INET6:
3827 3842
3828 3843 bzero(so_laddr, sizeof (so_laddr));
3829 3844 bzero(so_faddr, sizeof (so_faddr));
3830 3845
3831 3846 len = sizeof (so_laddr);
3832 3847 (void) socket_getsockname(so,
3833 3848 (struct sockaddr *)so_laddr, &len, CRED());
3834 3849 len = sizeof (so_faddr);
3835 3850 (void) socket_getpeername(so,
3836 3851 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3837 3852
3838 3853 add_sock_token = 1;
3839 3854
3840 3855 break;
3841 3856
3842 3857 case AF_UNIX:
3843 3858
3844 3859 /* get path from file struct here */
3845 3860 fad = F2A(fp);
3846 3861 ASSERT(fad);
3847 3862
3848 3863 if (fad->fad_aupath != NULL) {
3849 3864 au_uwrite(au_to_path(fad->fad_aupath));
3850 3865 } else {
3851 3866 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3852 3867 }
3853 3868
3854 3869 audit_attributes(fp->f_vnode);
3855 3870
3856 3871 break;
3857 3872
3858 3873 default:
3859 3874 /*
3860 3875 * AF_KEY and AF_ROUTE support shutdown. No socket token
3861 3876 * added.
3862 3877 */
3863 3878 break;
3864 3879 }
3865 3880
3866 3881 releasef(fd);
3867 3882
3868 3883 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3869 3884
3870 3885 if (add_sock_token == 0) {
3871 3886 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3872 3887 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3873 3888 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3874 3889 return;
3875 3890 }
3876 3891
3877 3892 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3878 3893
3879 3894 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3880 3895
3881 3896 }
3882 3897
3883 3898 /*ARGSUSED*/
3884 3899 static void
3885 3900 auf_setsockopt(struct t_audit_data *tad, int error, rval_t *rval)
3886 3901 {
3887 3902 struct a {
3888 3903 long fd;
3889 3904 long level;
3890 3905 long optname;
3891 3906 long *optval;
3892 3907 long optlen;
3893 3908 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3894 3909
3895 3910 struct sonode *so;
3896 3911 char so_laddr[sizeof (struct sockaddr_in6)];
3897 3912 char so_faddr[sizeof (struct sockaddr_in6)];
3898 3913 char val[AU_BUFSIZE];
3899 3914 int err, fd;
3900 3915 socklen_t len;
3901 3916 short so_family, so_type;
3902 3917 int add_sock_token = 0;
3903 3918 file_t *fp; /* unix domain sockets */
3904 3919 struct f_audit_data *fad; /* unix domain sockets */
3905 3920
3906 3921 fd = (int)uap->fd;
3907 3922
3908 3923 if (error) {
3909 3924 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3910 3925 au_uwrite(au_to_arg32(2, "level", (uint32_t)uap->level));
3911 3926 /* XXX may want to include other arguments */
3912 3927 return;
3913 3928 }
3914 3929
3915 3930 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3916 3931 /*
3917 3932 * not security relevant if doing a setsockopt from non socket
3918 3933 * so no extra tokens. Should probably turn off audit record
3919 3934 * generation here.
3920 3935 */
3921 3936 return;
3922 3937 }
3923 3938
3924 3939 so_family = so->so_family;
3925 3940 so_type = so->so_type;
3926 3941
3927 3942 switch (so_family) {
3928 3943 case AF_INET:
3929 3944 case AF_INET6:
3930 3945 bzero((void *)so_laddr, sizeof (so_laddr));
3931 3946 bzero((void *)so_faddr, sizeof (so_faddr));
3932 3947
3933 3948 /* get local and foreign addresses */
3934 3949 len = sizeof (so_laddr);
3935 3950 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3936 3951 &len, CRED());
3937 3952 len = sizeof (so_faddr);
3938 3953 (void) socket_getpeername(so, (struct sockaddr *)so_faddr,
3939 3954 &len, B_FALSE, CRED());
3940 3955
3941 3956 add_sock_token = 1;
3942 3957
3943 3958 break;
3944 3959
3945 3960 case AF_UNIX:
3946 3961
3947 3962 /* get path from file struct here */
3948 3963 fad = F2A(fp);
3949 3964 ASSERT(fad);
3950 3965
3951 3966 if (fad->fad_aupath != NULL) {
3952 3967 au_uwrite(au_to_path(fad->fad_aupath));
3953 3968 } else {
3954 3969 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3955 3970 }
3956 3971
3957 3972 audit_attributes(fp->f_vnode);
3958 3973
3959 3974 break;
3960 3975
3961 3976 default:
3962 3977 /*
3963 3978 * AF_KEY and AF_ROUTE support setsockopt. No socket token
3964 3979 * added.
3965 3980 */
3966 3981 break;
3967 3982 }
3968 3983
3969 3984 releasef(fd);
3970 3985
3971 3986 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3972 3987
3973 3988 if (add_sock_token == 0) {
3974 3989 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3975 3990 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3976 3991 }
3977 3992 au_uwrite(au_to_arg32(2, "level", (uint32_t)(uap->level)));
3978 3993 au_uwrite(au_to_arg32(3, "optname", (uint32_t)(uap->optname)));
3979 3994
3980 3995 bzero(val, sizeof (val));
3981 3996 len = min(uap->optlen, sizeof (val));
3982 3997 if ((len > 0) &&
3983 3998 (copyin((caddr_t)(uap->optval), (caddr_t)val, len) == 0)) {
3984 3999 au_uwrite(au_to_arg32(5, "optlen", (uint32_t)(uap->optlen)));
3985 4000 au_uwrite(au_to_data(AUP_HEX, AUR_BYTE, len, val));
3986 4001 }
3987 4002
3988 4003 if (add_sock_token == 0)
3989 4004 return;
3990 4005
3991 4006 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3992 4007
3993 4008 }
3994 4009
3995 4010 /*ARGSUSED*/
3996 4011 static void
3997 4012 aus_sockconfig(tad)
3998 4013 struct t_audit_data *tad;
3999 4014 {
4000 4015 struct a {
4001 4016 long cmd;
4002 4017 long arg1;
4003 4018 long arg2;
4004 4019 long arg3;
4005 4020 long arg4;
4006 4021 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4007 4022
4008 4023 char *buf;
4009 4024 int buflen;
4010 4025 size_t size;
4011 4026
4012 4027 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4013 4028 switch (uap->cmd) {
4014 4029 case SOCKCONFIG_ADD_SOCK:
4015 4030 case SOCKCONFIG_REMOVE_SOCK:
4016 4031 au_uwrite(au_to_arg32(2, "domain", (uint32_t)uap->arg1));
4017 4032 au_uwrite(au_to_arg32(3, "type", (uint32_t)uap->arg2));
4018 4033 au_uwrite(au_to_arg32(4, "protocol", (uint32_t)uap->arg3));
4019 4034
4020 4035 if (uap->arg4 == 0) {
4021 4036 au_uwrite(au_to_arg32(5, "devpath", (uint32_t)0));
4022 4037 } else {
4023 4038 buflen = MAXPATHLEN + 1;
4024 4039 buf = kmem_alloc(buflen, KM_SLEEP);
4025 4040 if (copyinstr((caddr_t)uap->arg4, buf, buflen,
4026 4041 &size)) {
4027 4042 kmem_free(buf, buflen);
4028 4043 return;
4029 4044 }
4030 4045
4031 4046 if (size > MAXPATHLEN) {
4032 4047 kmem_free(buf, buflen);
4033 4048 return;
4034 4049 }
4035 4050
4036 4051 au_uwrite(au_to_text(buf));
4037 4052 kmem_free(buf, buflen);
4038 4053 }
4039 4054 break;
4040 4055 case SOCKCONFIG_ADD_FILTER:
4041 4056 case SOCKCONFIG_REMOVE_FILTER:
4042 4057 buflen = FILNAME_MAX;
4043 4058 buf = kmem_alloc(buflen, KM_SLEEP);
4044 4059
4045 4060 if (copyinstr((caddr_t)uap->arg1, buf, buflen, &size)) {
4046 4061 kmem_free(buf, buflen);
4047 4062 return;
4048 4063 }
4049 4064
4050 4065 au_uwrite(au_to_text(buf));
4051 4066 kmem_free(buf, buflen);
4052 4067 break;
4053 4068 default:
4054 4069 break;
4055 4070 }
4056 4071 }
4057 4072
4058 4073 /*
4059 4074 * only audit recvmsg when the system call represents the creation of a new
4060 4075 * circuit. This effectively occurs for all UDP packets and may occur for
4061 4076 * special TCP situations where the local host has not set a local address
4062 4077 * in the socket structure.
4063 4078 */
4064 4079 /*ARGSUSED*/
4065 4080 static void
4066 4081 auf_recvmsg(
4067 4082 struct t_audit_data *tad,
4068 4083 int error,
4069 4084 rval_t *rvp)
4070 4085 {
4071 4086 struct a {
4072 4087 long fd;
4073 4088 long msg; /* struct msghdr */
4074 4089 long flags;
4075 4090 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4076 4091
4077 4092 struct sonode *so;
4078 4093 STRUCT_DECL(msghdr, msg);
4079 4094 caddr_t msg_name;
4080 4095 socklen_t msg_namelen;
4081 4096 int fd;
4082 4097 int err;
4083 4098 char so_laddr[sizeof (struct sockaddr_in6)];
4084 4099 char so_faddr[sizeof (struct sockaddr_in6)];
4085 4100 socklen_t len;
4086 4101 file_t *fp; /* unix domain sockets */
4087 4102 struct f_audit_data *fad; /* unix domain sockets */
4088 4103 short so_family, so_type;
4089 4104 int add_sock_token = 0;
4090 4105 au_kcontext_t *kctx = GET_KCTX_PZ;
4091 4106
4092 4107 fd = (int)uap->fd;
4093 4108
4094 4109 /* bail if an error */
4095 4110 if (error) {
4096 4111 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4097 4112 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4098 4113 return;
4099 4114 }
4100 4115
4101 4116 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4102 4117 /*
4103 4118 * not security relevant if doing a recvmsg from non socket
4104 4119 * so no extra tokens. Should probably turn off audit record
4105 4120 * generation here.
4106 4121 */
4107 4122 return;
4108 4123 }
4109 4124
4110 4125 so_family = so->so_family;
4111 4126 so_type = so->so_type;
4112 4127
4113 4128 /*
4114 4129 * only putout SOCKET_EX token if INET/INET6 family.
4115 4130 * XXX - what do we do about other families?
4116 4131 */
4117 4132
4118 4133 switch (so_family) {
4119 4134 case AF_INET:
4120 4135 case AF_INET6:
4121 4136
4122 4137 /*
4123 4138 * if datagram type socket, then just use what is in
4124 4139 * socket structure for local address.
4125 4140 * XXX - what do we do for other types?
4126 4141 */
4127 4142 if ((so->so_type == SOCK_DGRAM) ||
4128 4143 (so->so_type == SOCK_RAW)) {
4129 4144 add_sock_token = 1;
4130 4145
4131 4146 bzero((void *)so_laddr, sizeof (so_laddr));
4132 4147 bzero((void *)so_faddr, sizeof (so_faddr));
4133 4148
4134 4149 /* get local address */
4135 4150 len = sizeof (so_laddr);
4136 4151 (void) socket_getsockname(so,
4137 4152 (struct sockaddr *)so_laddr, &len, CRED());
4138 4153
4139 4154 /* get peer address */
4140 4155 STRUCT_INIT(msg, get_udatamodel());
4141 4156
4142 4157 if (copyin((caddr_t)(uap->msg),
4143 4158 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4144 4159 break;
4145 4160 }
4146 4161 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4147 4162 if (msg_name == NULL) {
4148 4163 break;
4149 4164 }
4150 4165
4151 4166 /* length is value from recvmsg - sanity check */
4152 4167 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4153 4168 if (msg_namelen == 0) {
4154 4169 break;
4155 4170 }
4156 4171 if (copyin(msg_name, so_faddr,
4157 4172 sizeof (so_faddr)) != 0) {
4158 4173 break;
4159 4174 }
4160 4175
4161 4176 } else if (so->so_type == SOCK_STREAM) {
4162 4177
4163 4178 /* get path from file struct here */
4164 4179 fad = F2A(fp);
4165 4180 ASSERT(fad);
4166 4181
4167 4182 /*
4168 4183 * already processed this file for read attempt
4169 4184 */
4170 4185 if (fad->fad_flags & FAD_READ) {
4171 4186 /* don't want to audit every recvmsg attempt */
4172 4187 tad->tad_flag = 0;
4173 4188 /* free any residual audit data */
4174 4189 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4175 4190 releasef(fd);
4176 4191 return;
4177 4192 }
4178 4193 /*
4179 4194 * mark things so we know what happened and don't
4180 4195 * repeat things
4181 4196 */
4182 4197 fad->fad_flags |= FAD_READ;
4183 4198
4184 4199 bzero((void *)so_laddr, sizeof (so_laddr));
4185 4200 bzero((void *)so_faddr, sizeof (so_faddr));
4186 4201
4187 4202 /* get local and foreign addresses */
4188 4203 len = sizeof (so_laddr);
4189 4204 (void) socket_getsockname(so,
4190 4205 (struct sockaddr *)so_laddr, &len, CRED());
4191 4206 len = sizeof (so_faddr);
4192 4207 (void) socket_getpeername(so,
4193 4208 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4194 4209
4195 4210 add_sock_token = 1;
4196 4211 }
4197 4212
4198 4213 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4199 4214
4200 4215 break;
4201 4216
4202 4217 case AF_UNIX:
4203 4218 /*
4204 4219 * first check if this is first time through. Too much
4205 4220 * duplicate code to put this in an aui_ routine.
4206 4221 */
4207 4222
4208 4223 /* get path from file struct here */
4209 4224 fad = F2A(fp);
4210 4225 ASSERT(fad);
4211 4226
4212 4227 /*
4213 4228 * already processed this file for read attempt
4214 4229 */
4215 4230 if (fad->fad_flags & FAD_READ) {
4216 4231 releasef(fd);
4217 4232 /* don't want to audit every recvmsg attempt */
4218 4233 tad->tad_flag = 0;
4219 4234 /* free any residual audit data */
4220 4235 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4221 4236 return;
4222 4237 }
4223 4238 /*
4224 4239 * mark things so we know what happened and don't
4225 4240 * repeat things
4226 4241 */
4227 4242 fad->fad_flags |= FAD_READ;
4228 4243
4229 4244 if (fad->fad_aupath != NULL) {
4230 4245 au_uwrite(au_to_path(fad->fad_aupath));
4231 4246 } else {
4232 4247 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4233 4248 }
4234 4249
4235 4250 audit_attributes(fp->f_vnode);
4236 4251
4237 4252 releasef(fd);
4238 4253
4239 4254 return;
4240 4255
4241 4256 default:
4242 4257 break;
4243 4258
4244 4259 }
4245 4260
4246 4261 releasef(fd);
4247 4262
4248 4263 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4249 4264
4250 4265 if (add_sock_token == 0) {
4251 4266 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4252 4267 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4253 4268 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4254 4269 return;
4255 4270 }
4256 4271
4257 4272 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4258 4273
4259 4274 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4260 4275
4261 4276 }
4262 4277
4263 4278 /*ARGSUSED*/
4264 4279 static void
4265 4280 auf_recvfrom(
4266 4281 struct t_audit_data *tad,
4267 4282 int error,
4268 4283 rval_t *rvp)
4269 4284 {
4270 4285
4271 4286 struct a {
4272 4287 long fd;
4273 4288 long msg; /* char */
4274 4289 long len;
4275 4290 long flags;
4276 4291 long from; /* struct sockaddr */
4277 4292 long fromlen;
4278 4293 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4279 4294
4280 4295 socklen_t fromlen;
4281 4296 struct sonode *so;
4282 4297 char so_laddr[sizeof (struct sockaddr_in6)];
4283 4298 char so_faddr[sizeof (struct sockaddr_in6)];
4284 4299 int fd;
4285 4300 short so_family, so_type;
4286 4301 int add_sock_token = 0;
4287 4302 socklen_t len;
4288 4303 int err;
4289 4304 struct file *fp;
4290 4305 struct f_audit_data *fad; /* unix domain sockets */
4291 4306 au_kcontext_t *kctx = GET_KCTX_PZ;
4292 4307
4293 4308 fd = (int)uap->fd;
4294 4309
4295 4310 /* bail if an error */
4296 4311 if (error) {
4297 4312 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4298 4313 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4299 4314 return;
4300 4315 }
4301 4316
4302 4317 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4303 4318 /*
4304 4319 * not security relevant if doing a recvmsg from non socket
4305 4320 * so no extra tokens. Should probably turn off audit record
4306 4321 * generation here.
4307 4322 */
4308 4323 return;
4309 4324 }
4310 4325
4311 4326 so_family = so->so_family;
4312 4327 so_type = so->so_type;
4313 4328
4314 4329 /*
4315 4330 * only putout SOCKET_EX token if INET/INET6 family.
4316 4331 * XXX - what do we do about other families?
4317 4332 */
4318 4333
4319 4334 switch (so_family) {
4320 4335 case AF_INET:
4321 4336 case AF_INET6:
4322 4337
4323 4338 /*
4324 4339 * if datagram type socket, then just use what is in
4325 4340 * socket structure for local address.
4326 4341 * XXX - what do we do for other types?
4327 4342 */
4328 4343 if ((so->so_type == SOCK_DGRAM) ||
4329 4344 (so->so_type == SOCK_RAW)) {
4330 4345 add_sock_token = 1;
4331 4346
4332 4347 /* get local address */
4333 4348 len = sizeof (so_laddr);
4334 4349 (void) socket_getsockname(so,
4335 4350 (struct sockaddr *)so_laddr, &len, CRED());
4336 4351
4337 4352 /* get peer address */
4338 4353 bzero((void *)so_faddr, sizeof (so_faddr));
4339 4354
4340 4355 /* sanity check */
4341 4356 if (uap->from == NULL)
4342 4357 break;
4343 4358
4344 4359 /* sanity checks */
4345 4360 if (uap->fromlen == 0)
4346 4361 break;
4347 4362
4348 4363 if (copyin((caddr_t)(uap->fromlen), (caddr_t)&fromlen,
4349 4364 sizeof (fromlen)) != 0)
4350 4365 break;
4351 4366
4352 4367 if (fromlen == 0)
4353 4368 break;
4354 4369
4355 4370 /* enforce maximum size */
4356 4371 if (fromlen > sizeof (so_faddr))
4357 4372 fromlen = sizeof (so_faddr);
4358 4373
4359 4374 if (copyin((caddr_t)(uap->from), so_faddr,
4360 4375 fromlen) != 0)
4361 4376 break;
4362 4377
4363 4378 } else if (so->so_type == SOCK_STREAM) {
4364 4379
4365 4380 /* get path from file struct here */
4366 4381 fad = F2A(fp);
4367 4382 ASSERT(fad);
4368 4383
4369 4384 /*
4370 4385 * already processed this file for read attempt
4371 4386 */
4372 4387 if (fad->fad_flags & FAD_READ) {
4373 4388 /* don't want to audit every recvfrom attempt */
4374 4389 tad->tad_flag = 0;
4375 4390 /* free any residual audit data */
4376 4391 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4377 4392 releasef(fd);
4378 4393 return;
4379 4394 }
4380 4395 /*
4381 4396 * mark things so we know what happened and don't
4382 4397 * repeat things
4383 4398 */
4384 4399 fad->fad_flags |= FAD_READ;
4385 4400
4386 4401 bzero((void *)so_laddr, sizeof (so_laddr));
4387 4402 bzero((void *)so_faddr, sizeof (so_faddr));
4388 4403
4389 4404 /* get local and foreign addresses */
4390 4405 len = sizeof (so_laddr);
4391 4406 (void) socket_getsockname(so,
4392 4407 (struct sockaddr *)so_laddr, &len, CRED());
4393 4408 len = sizeof (so_faddr);
4394 4409 (void) socket_getpeername(so,
4395 4410 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4396 4411
4397 4412 add_sock_token = 1;
4398 4413 }
4399 4414
4400 4415 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4401 4416
4402 4417 break;
4403 4418
4404 4419 case AF_UNIX:
4405 4420 /*
4406 4421 * first check if this is first time through. Too much
4407 4422 * duplicate code to put this in an aui_ routine.
4408 4423 */
4409 4424
4410 4425 /* get path from file struct here */
4411 4426 fad = F2A(fp);
4412 4427 ASSERT(fad);
4413 4428
4414 4429 /*
4415 4430 * already processed this file for read attempt
4416 4431 */
4417 4432 if (fad->fad_flags & FAD_READ) {
4418 4433 /* don't want to audit every recvfrom attempt */
4419 4434 tad->tad_flag = 0;
4420 4435 /* free any residual audit data */
4421 4436 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4422 4437 releasef(fd);
4423 4438 return;
4424 4439 }
4425 4440 /*
4426 4441 * mark things so we know what happened and don't
4427 4442 * repeat things
4428 4443 */
4429 4444 fad->fad_flags |= FAD_READ;
4430 4445
4431 4446 if (fad->fad_aupath != NULL) {
4432 4447 au_uwrite(au_to_path(fad->fad_aupath));
4433 4448 } else {
4434 4449 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4435 4450 }
4436 4451
4437 4452 audit_attributes(fp->f_vnode);
4438 4453
4439 4454 releasef(fd);
4440 4455
4441 4456 return;
4442 4457
4443 4458 default:
4444 4459 break;
4445 4460
4446 4461 }
4447 4462
4448 4463 releasef(fd);
4449 4464
4450 4465 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4451 4466
4452 4467 if (add_sock_token == 0) {
4453 4468 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4454 4469 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4455 4470 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4456 4471 return;
4457 4472 }
4458 4473
4459 4474 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4460 4475
4461 4476 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4462 4477 }
4463 4478
4464 4479 /*ARGSUSED*/
4465 4480 static void
4466 4481 auf_sendmsg(struct t_audit_data *tad, int error, rval_t *rval)
4467 4482 {
4468 4483 struct a {
4469 4484 long fd;
4470 4485 long msg; /* struct msghdr */
4471 4486 long flags;
4472 4487 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4473 4488
4474 4489 struct sonode *so;
4475 4490 char so_laddr[sizeof (struct sockaddr_in6)];
4476 4491 char so_faddr[sizeof (struct sockaddr_in6)];
4477 4492 int err;
4478 4493 int fd;
4479 4494 short so_family, so_type;
4480 4495 int add_sock_token = 0;
4481 4496 socklen_t len;
4482 4497 struct file *fp;
4483 4498 struct f_audit_data *fad;
4484 4499 caddr_t msg_name;
4485 4500 socklen_t msg_namelen;
4486 4501 STRUCT_DECL(msghdr, msg);
4487 4502 au_kcontext_t *kctx = GET_KCTX_PZ;
4488 4503
4489 4504 fd = (int)uap->fd;
4490 4505
4491 4506 /* bail if an error */
4492 4507 if (error) {
4493 4508 /* XXX include destination address from system call arguments */
4494 4509 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4495 4510 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4496 4511 return;
4497 4512 }
4498 4513
4499 4514 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4500 4515 /*
4501 4516 * not security relevant if doing a sendmsg from non socket
4502 4517 * so no extra tokens. Should probably turn off audit record
4503 4518 * generation here.
4504 4519 */
4505 4520 return;
4506 4521 }
4507 4522
4508 4523 so_family = so->so_family;
4509 4524 so_type = so->so_type;
4510 4525
4511 4526 switch (so_family) {
4512 4527 case AF_INET:
4513 4528 case AF_INET6:
4514 4529 /*
4515 4530 * if datagram type socket, then just use what is in
4516 4531 * socket structure for local address.
4517 4532 * XXX - what do we do for other types?
4518 4533 */
4519 4534 if ((so->so_type == SOCK_DGRAM) ||
4520 4535 (so->so_type == SOCK_RAW)) {
4521 4536
4522 4537 bzero((void *)so_laddr, sizeof (so_laddr));
4523 4538 bzero((void *)so_faddr, sizeof (so_faddr));
4524 4539
4525 4540 /* get local address */
4526 4541 len = sizeof (so_laddr);
4527 4542 (void) socket_getsockname(so,
4528 4543 (struct sockaddr *)so_laddr, &len, CRED());
4529 4544
4530 4545 /* get peer address */
4531 4546 STRUCT_INIT(msg, get_udatamodel());
4532 4547
4533 4548 if (copyin((caddr_t)(uap->msg),
4534 4549 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4535 4550 break;
4536 4551 }
4537 4552 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4538 4553 if (msg_name == NULL)
4539 4554 break;
4540 4555
4541 4556 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4542 4557 /* length is value from recvmsg - sanity check */
4543 4558 if (msg_namelen == 0)
4544 4559 break;
4545 4560
4546 4561 if (copyin(msg_name, so_faddr,
4547 4562 sizeof (so_faddr)) != 0)
4548 4563 break;
4549 4564
4550 4565 add_sock_token = 1;
4551 4566
4552 4567 } else if (so->so_type == SOCK_STREAM) {
4553 4568
4554 4569 /* get path from file struct here */
4555 4570 fad = F2A(fp);
4556 4571 ASSERT(fad);
4557 4572
4558 4573 /*
4559 4574 * already processed this file for write attempt
4560 4575 */
4561 4576 if (fad->fad_flags & FAD_WRITE) {
4562 4577 releasef(fd);
4563 4578 /* don't want to audit every sendmsg attempt */
4564 4579 tad->tad_flag = 0;
4565 4580 /* free any residual audit data */
4566 4581 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4567 4582 return;
4568 4583 }
4569 4584
4570 4585 /*
4571 4586 * mark things so we know what happened and don't
4572 4587 * repeat things
4573 4588 */
4574 4589 fad->fad_flags |= FAD_WRITE;
4575 4590
4576 4591 bzero((void *)so_laddr, sizeof (so_laddr));
4577 4592 bzero((void *)so_faddr, sizeof (so_faddr));
4578 4593
4579 4594 /* get local and foreign addresses */
4580 4595 len = sizeof (so_laddr);
4581 4596 (void) socket_getsockname(so,
4582 4597 (struct sockaddr *)so_laddr, &len, CRED());
4583 4598 len = sizeof (so_faddr);
4584 4599 (void) socket_getpeername(so,
4585 4600 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4586 4601
4587 4602 add_sock_token = 1;
4588 4603 }
4589 4604
4590 4605 /* XXX - what about SOCK_RAW/SOCK_RDM/SOCK_SEQPACKET ??? */
4591 4606
4592 4607 break;
4593 4608
4594 4609 case AF_UNIX:
4595 4610 /*
4596 4611 * first check if this is first time through. Too much
4597 4612 * duplicate code to put this in an aui_ routine.
4598 4613 */
4599 4614
4600 4615 /* get path from file struct here */
4601 4616 fad = F2A(fp);
4602 4617 ASSERT(fad);
4603 4618
4604 4619 /*
4605 4620 * already processed this file for write attempt
4606 4621 */
4607 4622 if (fad->fad_flags & FAD_WRITE) {
4608 4623 releasef(fd);
4609 4624 /* don't want to audit every sendmsg attempt */
4610 4625 tad->tad_flag = 0;
4611 4626 /* free any residual audit data */
4612 4627 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4613 4628 return;
4614 4629 }
4615 4630 /*
4616 4631 * mark things so we know what happened and don't
4617 4632 * repeat things
4618 4633 */
4619 4634 fad->fad_flags |= FAD_WRITE;
4620 4635
4621 4636 if (fad->fad_aupath != NULL) {
4622 4637 au_uwrite(au_to_path(fad->fad_aupath));
4623 4638 } else {
4624 4639 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4625 4640 }
4626 4641
4627 4642 audit_attributes(fp->f_vnode);
4628 4643
4629 4644 releasef(fd);
4630 4645
4631 4646 return;
4632 4647
4633 4648 default:
4634 4649 break;
4635 4650 }
4636 4651
4637 4652 releasef(fd);
4638 4653
4639 4654 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4640 4655
4641 4656 if (add_sock_token == 0) {
4642 4657 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4643 4658 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4644 4659 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4645 4660 return;
4646 4661 }
4647 4662
4648 4663 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4649 4664
4650 4665 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4651 4666 }
4652 4667
4653 4668 /*ARGSUSED*/
4654 4669 static void
4655 4670 auf_sendto(struct t_audit_data *tad, int error, rval_t *rval)
4656 4671 {
4657 4672 struct a {
4658 4673 long fd;
4659 4674 long msg; /* char */
4660 4675 long len;
4661 4676 long flags;
4662 4677 long to; /* struct sockaddr */
4663 4678 long tolen;
4664 4679 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4665 4680
4666 4681 struct sonode *so;
4667 4682 char so_laddr[sizeof (struct sockaddr_in6)];
4668 4683 char so_faddr[sizeof (struct sockaddr_in6)];
4669 4684 socklen_t tolen;
4670 4685 int err;
4671 4686 int fd;
4672 4687 socklen_t len;
4673 4688 short so_family, so_type;
4674 4689 int add_sock_token = 0;
4675 4690 struct file *fp;
4676 4691 struct f_audit_data *fad;
4677 4692 au_kcontext_t *kctx = GET_KCTX_PZ;
4678 4693
4679 4694 fd = (int)uap->fd;
4680 4695
4681 4696 /* bail if an error */
4682 4697 if (error) {
4683 4698 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4684 4699 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4685 4700 /* XXX include destination address from system call arguments */
4686 4701 return;
4687 4702 }
4688 4703
4689 4704 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4690 4705 /*
4691 4706 * not security relevant if doing a sendto using non socket
4692 4707 * so no extra tokens. Should probably turn off audit record
4693 4708 * generation here.
4694 4709 */
4695 4710 return;
4696 4711 }
4697 4712
4698 4713 so_family = so->so_family;
4699 4714 so_type = so->so_type;
4700 4715
4701 4716 /*
4702 4717 * only putout SOCKET_EX token if INET/INET6 family.
4703 4718 * XXX - what do we do about other families?
4704 4719 */
4705 4720
4706 4721 switch (so_family) {
4707 4722 case AF_INET:
4708 4723 case AF_INET6:
4709 4724
4710 4725 /*
4711 4726 * if datagram type socket, then just use what is in
4712 4727 * socket structure for local address.
4713 4728 * XXX - what do we do for other types?
4714 4729 */
4715 4730 if ((so->so_type == SOCK_DGRAM) ||
4716 4731 (so->so_type == SOCK_RAW)) {
4717 4732
4718 4733 bzero((void *)so_laddr, sizeof (so_laddr));
4719 4734 bzero((void *)so_faddr, sizeof (so_faddr));
4720 4735
4721 4736 /* get local address */
4722 4737 len = sizeof (so_laddr);
4723 4738 (void) socket_getsockname(so,
4724 4739 (struct sockaddr *)so_laddr, &len, CRED());
4725 4740
4726 4741 /* get peer address */
4727 4742
4728 4743 /* sanity check */
4729 4744 if (uap->to == NULL)
4730 4745 break;
4731 4746
4732 4747 /* sanity checks */
4733 4748 if (uap->tolen == 0)
4734 4749 break;
4735 4750
4736 4751 tolen = (socklen_t)uap->tolen;
4737 4752
4738 4753 /* enforce maximum size */
4739 4754 if (tolen > sizeof (so_faddr))
4740 4755 tolen = sizeof (so_faddr);
4741 4756
4742 4757 if (copyin((caddr_t)(uap->to), so_faddr, tolen) != 0)
4743 4758 break;
4744 4759
4745 4760 add_sock_token = 1;
4746 4761 } else {
4747 4762 /*
4748 4763 * check if this is first time through.
4749 4764 */
4750 4765
4751 4766 /* get path from file struct here */
4752 4767 fad = F2A(fp);
4753 4768 ASSERT(fad);
4754 4769
4755 4770 /*
4756 4771 * already processed this file for write attempt
4757 4772 */
4758 4773 if (fad->fad_flags & FAD_WRITE) {
4759 4774 /* don't want to audit every sendto attempt */
4760 4775 tad->tad_flag = 0;
4761 4776 /* free any residual audit data */
4762 4777 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4763 4778 releasef(fd);
4764 4779 return;
4765 4780 }
4766 4781 /*
4767 4782 * mark things so we know what happened and don't
4768 4783 * repeat things
4769 4784 */
4770 4785 fad->fad_flags |= FAD_WRITE;
4771 4786
4772 4787 bzero((void *)so_laddr, sizeof (so_laddr));
4773 4788 bzero((void *)so_faddr, sizeof (so_faddr));
4774 4789
4775 4790 /* get local and foreign addresses */
4776 4791 len = sizeof (so_laddr);
4777 4792 (void) socket_getsockname(so,
4778 4793 (struct sockaddr *)so_laddr, &len, CRED());
4779 4794 len = sizeof (so_faddr);
4780 4795 (void) socket_getpeername(so,
4781 4796 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4782 4797
4783 4798 add_sock_token = 1;
4784 4799 }
4785 4800
4786 4801 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4787 4802
4788 4803 break;
4789 4804
4790 4805 case AF_UNIX:
4791 4806 /*
4792 4807 * first check if this is first time through. Too much
4793 4808 * duplicate code to put this in an aui_ routine.
4794 4809 */
4795 4810
4796 4811 /* get path from file struct here */
4797 4812 fad = F2A(fp);
4798 4813 ASSERT(fad);
4799 4814
4800 4815 /*
4801 4816 * already processed this file for write attempt
4802 4817 */
4803 4818 if (fad->fad_flags & FAD_WRITE) {
4804 4819 /* don't want to audit every sendto attempt */
4805 4820 tad->tad_flag = 0;
4806 4821 /* free any residual audit data */
4807 4822 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4808 4823 releasef(fd);
4809 4824 return;
4810 4825 }
4811 4826 /*
4812 4827 * mark things so we know what happened and don't
4813 4828 * repeat things
4814 4829 */
4815 4830 fad->fad_flags |= FAD_WRITE;
4816 4831
4817 4832 if (fad->fad_aupath != NULL) {
4818 4833 au_uwrite(au_to_path(fad->fad_aupath));
4819 4834 } else {
4820 4835 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4821 4836 }
4822 4837
4823 4838 audit_attributes(fp->f_vnode);
4824 4839
4825 4840 releasef(fd);
4826 4841
4827 4842 return;
4828 4843
4829 4844 default:
4830 4845 break;
4831 4846
4832 4847 }
4833 4848
4834 4849 releasef(fd);
4835 4850
4836 4851 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4837 4852
4838 4853 if (add_sock_token == 0) {
4839 4854 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4840 4855 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4841 4856 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4842 4857 return;
4843 4858 }
4844 4859
4845 4860 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4846 4861
4847 4862 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4848 4863
4849 4864 }
4850 4865
4851 4866 /*
4852 4867 * XXX socket(2) may be equivalent to open(2) on a unix domain
4853 4868 * socket. This needs investigation.
4854 4869 */
4855 4870
4856 4871 /*ARGSUSED*/
4857 4872 static void
4858 4873 aus_socket(struct t_audit_data *tad)
4859 4874 {
4860 4875 struct a {
4861 4876 long domain;
4862 4877 long type;
4863 4878 long protocol;
4864 4879 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4865 4880
4866 4881 au_uwrite(au_to_arg32(1, "domain", (uint32_t)uap->domain));
4867 4882 au_uwrite(au_to_arg32(2, "type", (uint32_t)uap->type));
4868 4883 au_uwrite(au_to_arg32(3, "protocol", (uint32_t)uap->protocol));
4869 4884 }
4870 4885
4871 4886 /*ARGSUSED*/
4872 4887 static void
4873 4888 aus_sigqueue(struct t_audit_data *tad)
4874 4889 {
4875 4890 struct a {
4876 4891 long pid;
4877 4892 long signo;
4878 4893 long *val;
4879 4894 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4880 4895 struct proc *p;
4881 4896 uid_t uid, ruid;
4882 4897 gid_t gid, rgid;
4883 4898 pid_t pid;
4884 4899 const auditinfo_addr_t *ainfo;
4885 4900 cred_t *cr;
4886 4901
4887 4902 pid = (pid_t)uap->pid;
4888 4903
4889 4904 au_uwrite(au_to_arg32(2, "signal", (uint32_t)uap->signo));
4890 4905 if (pid > 0) {
4891 4906 mutex_enter(&pidlock);
4892 4907 if ((p = prfind(pid)) == (struct proc *)0) {
4893 4908 mutex_exit(&pidlock);
4894 4909 return;
4895 4910 }
4896 4911 mutex_enter(&p->p_lock); /* so process doesn't go away */
4897 4912 mutex_exit(&pidlock);
4898 4913
4899 4914 mutex_enter(&p->p_crlock);
4900 4915 crhold(cr = p->p_cred);
4901 4916 mutex_exit(&p->p_crlock);
4902 4917 mutex_exit(&p->p_lock);
4903 4918
4904 4919 ainfo = crgetauinfo(cr);
4905 4920 if (ainfo == NULL) {
4906 4921 crfree(cr);
4907 4922 return;
4908 4923 }
4909 4924
4910 4925 uid = crgetuid(cr);
4911 4926 gid = crgetgid(cr);
4912 4927 ruid = crgetruid(cr);
4913 4928 rgid = crgetrgid(cr);
4914 4929 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
4915 4930 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
4916 4931 crfree(cr);
4917 4932 }
4918 4933 else
4919 4934 au_uwrite(au_to_arg32(1, "process ID", (uint32_t)pid));
4920 4935 }
4921 4936
4922 4937 /*ARGSUSED*/
4923 4938 static void
4924 4939 aus_inst_sync(struct t_audit_data *tad)
4925 4940 {
4926 4941 struct a {
4927 4942 long name; /* char */
4928 4943 long flags;
4929 4944 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4930 4945
4931 4946 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
4932 4947 }
4933 4948
4934 4949 /*ARGSUSED*/
4935 4950 static void
4936 4951 aus_brandsys(struct t_audit_data *tad)
4937 4952 {
4938 4953 klwp_t *clwp = ttolwp(curthread);
4939 4954
4940 4955 struct a {
4941 4956 long cmd;
4942 4957 long arg1;
4943 4958 long arg2;
4944 4959 long arg3;
4945 4960 long arg4;
4946 4961 long arg5;
4947 4962 long arg6;
4948 4963 } *uap = (struct a *)clwp->lwp_ap;
4949 4964
4950 4965 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4951 4966 #ifdef _LP64
4952 4967 au_uwrite(au_to_arg64(2, "arg1", (uint64_t)uap->arg1));
4953 4968 au_uwrite(au_to_arg64(3, "arg2", (uint64_t)uap->arg2));
4954 4969 au_uwrite(au_to_arg64(4, "arg3", (uint64_t)uap->arg3));
4955 4970 au_uwrite(au_to_arg64(5, "arg4", (uint64_t)uap->arg4));
4956 4971 au_uwrite(au_to_arg64(6, "arg5", (uint64_t)uap->arg5));
4957 4972 au_uwrite(au_to_arg64(7, "arg6", (uint64_t)uap->arg6));
4958 4973 #else
4959 4974 au_uwrite(au_to_arg32(2, "arg1", (uint32_t)uap->arg1));
4960 4975 au_uwrite(au_to_arg32(3, "arg2", (uint32_t)uap->arg2));
4961 4976 au_uwrite(au_to_arg32(4, "arg3", (uint32_t)uap->arg3));
4962 4977 au_uwrite(au_to_arg32(5, "arg4", (uint32_t)uap->arg4));
4963 4978 au_uwrite(au_to_arg32(6, "arg5", (uint32_t)uap->arg5));
4964 4979 au_uwrite(au_to_arg32(7, "arg6", (uint32_t)uap->arg6));
4965 4980 #endif
4966 4981 }
4967 4982
4968 4983 /*ARGSUSED*/
4969 4984 static void
4970 4985 aus_p_online(struct t_audit_data *tad)
4971 4986 {
4972 4987 struct a {
4973 4988 long processor_id;
4974 4989 long flag;
4975 4990 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4976 4991
4977 4992 struct flags {
4978 4993 int flag;
4979 4994 char *cflag;
4980 4995 } aflags[6] = {
4981 4996 { P_ONLINE, "P_ONLINE"},
4982 4997 { P_OFFLINE, "P_OFFLINE"},
4983 4998 { P_NOINTR, "P_NOINTR"},
4984 4999 { P_SPARE, "P_SPARE"},
4985 5000 { P_FAULTED, "P_FAULTED"},
4986 5001 { P_STATUS, "P_STATUS"}
4987 5002 };
4988 5003 int i;
4989 5004 char *cflag;
4990 5005
4991 5006 au_uwrite(au_to_arg32(1, "processor ID", (uint32_t)uap->processor_id));
4992 5007 au_uwrite(au_to_arg32(2, "flag", (uint32_t)uap->flag));
4993 5008
4994 5009 for (i = 0; i < 6; i++) {
4995 5010 if (aflags[i].flag == uap->flag)
4996 5011 break;
4997 5012 }
4998 5013 cflag = (i == 6) ? "bad flag":aflags[i].cflag;
4999 5014
5000 5015 au_uwrite(au_to_text(cflag));
5001 5016 }
5002 5017
5003 5018 /*ARGSUSED*/
5004 5019 static void
5005 5020 aus_processor_bind(struct t_audit_data *tad)
5006 5021 {
5007 5022 struct a {
5008 5023 long id_type;
5009 5024 long id;
5010 5025 long processor_id;
5011 5026 long obind;
5012 5027 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5013 5028
5014 5029 struct proc *p;
5015 5030 int lwpcnt;
5016 5031 uid_t uid, ruid;
5017 5032 gid_t gid, rgid;
5018 5033 pid_t pid;
5019 5034 const auditinfo_addr_t *ainfo;
5020 5035 cred_t *cr;
5021 5036
5022 5037 au_uwrite(au_to_arg32(1, "ID type", (uint32_t)uap->id_type));
5023 5038 au_uwrite(au_to_arg32(2, "ID", (uint32_t)uap->id));
5024 5039 if (uap->processor_id == PBIND_NONE)
5025 5040 au_uwrite(au_to_text("PBIND_NONE"));
5026 5041 else
5027 5042 au_uwrite(au_to_arg32(3, "processor_id",
5028 5043 (uint32_t)uap->processor_id));
5029 5044
5030 5045 switch (uap->id_type) {
5031 5046 case P_MYID:
5032 5047 case P_LWPID:
5033 5048 mutex_enter(&pidlock);
5034 5049 p = ttoproc(curthread);
5035 5050 if (p == NULL || p->p_as == &kas) {
5036 5051 mutex_exit(&pidlock);
5037 5052 return;
5038 5053 }
5039 5054 mutex_enter(&p->p_lock);
5040 5055 mutex_exit(&pidlock);
5041 5056 lwpcnt = p->p_lwpcnt;
5042 5057 pid = p->p_pid;
5043 5058
5044 5059 mutex_enter(&p->p_crlock);
5045 5060 crhold(cr = p->p_cred);
5046 5061 mutex_exit(&p->p_crlock);
5047 5062 mutex_exit(&p->p_lock);
5048 5063
5049 5064 ainfo = crgetauinfo(cr);
5050 5065 if (ainfo == NULL) {
5051 5066 crfree(cr);
5052 5067 return;
5053 5068 }
5054 5069
5055 5070 uid = crgetuid(cr);
5056 5071 gid = crgetgid(cr);
5057 5072 ruid = crgetruid(cr);
5058 5073 rgid = crgetrgid(cr);
5059 5074 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5060 5075 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5061 5076 crfree(cr);
5062 5077 break;
5063 5078 case P_PID:
5064 5079 mutex_enter(&pidlock);
5065 5080 p = prfind(uap->id);
5066 5081 if (p == NULL || p->p_as == &kas) {
5067 5082 mutex_exit(&pidlock);
5068 5083 return;
5069 5084 }
5070 5085 mutex_enter(&p->p_lock);
5071 5086 mutex_exit(&pidlock);
5072 5087 lwpcnt = p->p_lwpcnt;
5073 5088 pid = p->p_pid;
5074 5089
5075 5090 mutex_enter(&p->p_crlock);
5076 5091 crhold(cr = p->p_cred);
5077 5092 mutex_exit(&p->p_crlock);
5078 5093 mutex_exit(&p->p_lock);
5079 5094
5080 5095 ainfo = crgetauinfo(cr);
5081 5096 if (ainfo == NULL) {
5082 5097 crfree(cr);
5083 5098 return;
5084 5099 }
5085 5100
5086 5101 uid = crgetuid(cr);
5087 5102 gid = crgetgid(cr);
5088 5103 ruid = crgetruid(cr);
5089 5104 rgid = crgetrgid(cr);
5090 5105 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5091 5106 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5092 5107 crfree(cr);
5093 5108
5094 5109 break;
5095 5110 default:
5096 5111 return;
5097 5112 }
5098 5113
5099 5114 if (uap->processor_id == PBIND_NONE &&
5100 5115 (!(uap->id_type == P_LWPID && lwpcnt > 1)))
5101 5116 au_uwrite(au_to_text("PBIND_NONE for process"));
5102 5117 else
5103 5118 au_uwrite(au_to_arg32(3, "processor_id",
5104 5119 (uint32_t)uap->processor_id));
5105 5120 }
5106 5121
5107 5122 /*ARGSUSED*/
5108 5123 static au_event_t
5109 5124 aui_doorfs(au_event_t e)
5110 5125 {
5111 5126 uint32_t code;
5112 5127
5113 5128 struct a { /* doorfs */
5114 5129 long a1;
5115 5130 long a2;
5116 5131 long a3;
5117 5132 long a4;
5118 5133 long a5;
5119 5134 long code;
5120 5135 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5121 5136
5122 5137 /*
5123 5138 * audit formats for several of the
5124 5139 * door calls have not yet been determined
5125 5140 */
5126 5141 code = (uint32_t)uap->code;
5127 5142 switch (code) {
5128 5143 case DOOR_CALL:
5129 5144 e = AUE_DOORFS_DOOR_CALL;
5130 5145 break;
5131 5146 case DOOR_RETURN:
5132 5147 e = AUE_NULL;
5133 5148 break;
5134 5149 case DOOR_CREATE:
5135 5150 e = AUE_DOORFS_DOOR_CREATE;
5136 5151 break;
5137 5152 case DOOR_REVOKE:
5138 5153 e = AUE_DOORFS_DOOR_REVOKE;
5139 5154 break;
5140 5155 case DOOR_INFO:
5141 5156 e = AUE_NULL;
5142 5157 break;
5143 5158 case DOOR_UCRED:
5144 5159 e = AUE_NULL;
5145 5160 break;
5146 5161 case DOOR_BIND:
5147 5162 e = AUE_NULL;
5148 5163 break;
5149 5164 case DOOR_UNBIND:
5150 5165 e = AUE_NULL;
5151 5166 break;
5152 5167 case DOOR_GETPARAM:
5153 5168 e = AUE_NULL;
5154 5169 break;
5155 5170 case DOOR_SETPARAM:
5156 5171 e = AUE_NULL;
5157 5172 break;
5158 5173 default: /* illegal system call */
5159 5174 e = AUE_NULL;
5160 5175 break;
5161 5176 }
5162 5177
5163 5178 return (e);
5164 5179 }
5165 5180
5166 5181 static door_node_t *
5167 5182 au_door_lookup(int did)
5168 5183 {
5169 5184 vnode_t *vp;
5170 5185 file_t *fp;
5171 5186
5172 5187 if ((fp = getf(did)) == NULL)
5173 5188 return (NULL);
5174 5189 /*
5175 5190 * Use the underlying vnode (we may be namefs mounted)
5176 5191 */
5177 5192 if (VOP_REALVP(fp->f_vnode, &vp, NULL))
5178 5193 vp = fp->f_vnode;
5179 5194
5180 5195 if (vp == NULL || vp->v_type != VDOOR) {
5181 5196 releasef(did);
5182 5197 return (NULL);
5183 5198 }
5184 5199
5185 5200 return (VTOD(vp));
5186 5201 }
5187 5202
5188 5203 /*ARGSUSED*/
5189 5204 static void
5190 5205 aus_doorfs(struct t_audit_data *tad)
5191 5206 {
5192 5207
5193 5208 struct a { /* doorfs */
5194 5209 long a1;
5195 5210 long a2;
5196 5211 long a3;
5197 5212 long a4;
5198 5213 long a5;
5199 5214 long code;
5200 5215 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5201 5216
5202 5217 door_node_t *dp;
5203 5218 struct proc *p;
5204 5219 uint32_t did;
5205 5220 uid_t uid, ruid;
5206 5221 gid_t gid, rgid;
5207 5222 pid_t pid;
5208 5223 const auditinfo_addr_t *ainfo;
5209 5224 cred_t *cr;
5210 5225
5211 5226 did = (uint32_t)uap->a1;
5212 5227
5213 5228 switch (tad->tad_event) {
5214 5229 case AUE_DOORFS_DOOR_CALL:
5215 5230 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5216 5231 if ((dp = au_door_lookup(did)) == NULL)
5217 5232 break;
5218 5233
5219 5234 if (DOOR_INVALID(dp)) {
5220 5235 releasef(did);
5221 5236 break;
5222 5237 }
5223 5238
5224 5239 if ((p = dp->door_target) == NULL) {
5225 5240 releasef(did);
5226 5241 break;
5227 5242 }
5228 5243 mutex_enter(&p->p_lock);
5229 5244 releasef(did);
5230 5245
5231 5246 pid = p->p_pid;
5232 5247
5233 5248 mutex_enter(&p->p_crlock);
5234 5249 crhold(cr = p->p_cred);
5235 5250 mutex_exit(&p->p_crlock);
5236 5251 mutex_exit(&p->p_lock);
5237 5252
5238 5253 ainfo = crgetauinfo(cr);
5239 5254 if (ainfo == NULL) {
5240 5255 crfree(cr);
5241 5256 return;
5242 5257 }
5243 5258 uid = crgetuid(cr);
5244 5259 gid = crgetgid(cr);
5245 5260 ruid = crgetruid(cr);
5246 5261 rgid = crgetrgid(cr);
5247 5262 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5248 5263 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5249 5264 crfree(cr);
5250 5265 break;
5251 5266 case AUE_DOORFS_DOOR_RETURN:
5252 5267 /*
5253 5268 * We may want to write information about
5254 5269 * all doors (if any) which will be copied
5255 5270 * by this call to the user space
5256 5271 */
5257 5272 break;
5258 5273 case AUE_DOORFS_DOOR_CREATE:
5259 5274 au_uwrite(au_to_arg32(3, "door attr", (uint32_t)uap->a3));
5260 5275 break;
5261 5276 case AUE_DOORFS_DOOR_REVOKE:
5262 5277 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5263 5278 break;
5264 5279 case AUE_DOORFS_DOOR_INFO:
5265 5280 break;
5266 5281 case AUE_DOORFS_DOOR_CRED:
5267 5282 break;
5268 5283 case AUE_DOORFS_DOOR_BIND:
5269 5284 break;
5270 5285 case AUE_DOORFS_DOOR_UNBIND: {
5271 5286 break;
5272 5287 }
5273 5288 default: /* illegal system call */
5274 5289 break;
5275 5290 }
5276 5291 }
5277 5292
5278 5293 /*ARGSUSED*/
5279 5294 static au_event_t
5280 5295 aui_acl(au_event_t e)
5281 5296 {
5282 5297 struct a {
5283 5298 union {
5284 5299 long name; /* char */
5285 5300 long fd;
5286 5301 } obj;
5287 5302
5288 5303 long cmd;
5289 5304 long nentries;
5290 5305 long arg; /* aclent_t */
5291 5306 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5292 5307
5293 5308 switch (uap->cmd) {
5294 5309 case SETACL:
5295 5310 case ACE_SETACL:
5296 5311 /*
5297 5312 * acl(SETACL/ACE_SETACL, ...) and facl(SETACL/ACE_SETACL, ...)
5298 5313 * are expected.
5299 5314 */
5300 5315 break;
5301 5316 case GETACL:
5302 5317 case GETACLCNT:
5303 5318 case ACE_GETACL:
5304 5319 case ACE_GETACLCNT:
5305 5320 /* do nothing for these four values. */
5306 5321 e = AUE_NULL;
5307 5322 break;
5308 5323 default:
5309 5324 /* illegal system call */
5310 5325 break;
5311 5326 }
5312 5327
5313 5328 return (e);
5314 5329 }
5315 5330
5316 5331 static void
5317 5332 au_acl(int cmd, int nentries, caddr_t bufp)
5318 5333 {
5319 5334 size_t a_size;
5320 5335 aclent_t *aclbufp;
5321 5336 ace_t *acebufp;
5322 5337 int i;
5323 5338
5324 5339 switch (cmd) {
5325 5340 case GETACL:
5326 5341 case GETACLCNT:
5327 5342 break;
5328 5343 case SETACL:
5329 5344 if (nentries < 3)
5330 5345 break;
5331 5346
5332 5347 a_size = nentries * sizeof (aclent_t);
5333 5348
5334 5349 if ((aclbufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5335 5350 break;
5336 5351 if (copyin(bufp, aclbufp, a_size)) {
5337 5352 kmem_free(aclbufp, a_size);
5338 5353 break;
5339 5354 }
5340 5355 for (i = 0; i < nentries; i++) {
5341 5356 au_uwrite(au_to_acl(aclbufp + i));
5342 5357 }
5343 5358 kmem_free(aclbufp, a_size);
5344 5359 break;
5345 5360
5346 5361 case ACE_SETACL:
5347 5362 if (nentries < 1 || nentries > MAX_ACL_ENTRIES)
5348 5363 break;
5349 5364
5350 5365 a_size = nentries * sizeof (ace_t);
5351 5366 if ((acebufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5352 5367 break;
5353 5368 if (copyin(bufp, acebufp, a_size)) {
5354 5369 kmem_free(acebufp, a_size);
5355 5370 break;
5356 5371 }
5357 5372 for (i = 0; i < nentries; i++) {
5358 5373 au_uwrite(au_to_ace(acebufp + i));
5359 5374 }
5360 5375 kmem_free(acebufp, a_size);
5361 5376 break;
5362 5377 default:
5363 5378 break;
5364 5379 }
5365 5380 }
5366 5381
5367 5382 /*ARGSUSED*/
5368 5383 static void
5369 5384 aus_acl(struct t_audit_data *tad)
5370 5385 {
5371 5386 struct a {
5372 5387 long fname;
5373 5388 long cmd;
5374 5389 long nentries;
5375 5390 long aclbufp;
5376 5391 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5377 5392
5378 5393 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5379 5394 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5380 5395
5381 5396 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5382 5397 }
5383 5398
5384 5399 /*ARGSUSED*/
5385 5400 static void
5386 5401 aus_facl(struct t_audit_data *tad)
5387 5402 {
5388 5403 struct a {
5389 5404 long fd;
5390 5405 long cmd;
5391 5406 long nentries;
5392 5407 long aclbufp;
5393 5408 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5394 5409 struct file *fp;
5395 5410 struct vnode *vp;
5396 5411 struct f_audit_data *fad;
5397 5412 int fd;
5398 5413
5399 5414 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5400 5415 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5401 5416
5402 5417 fd = (int)uap->fd;
5403 5418
5404 5419 if ((fp = getf(fd)) == NULL)
5405 5420 return;
5406 5421
5407 5422 /* get path from file struct here */
5408 5423 fad = F2A(fp);
5409 5424 if (fad->fad_aupath != NULL) {
5410 5425 au_uwrite(au_to_path(fad->fad_aupath));
5411 5426 } else {
5412 5427 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5413 5428 }
5414 5429
5415 5430 vp = fp->f_vnode;
5416 5431 audit_attributes(vp);
5417 5432
5418 5433 /* decrement file descriptor reference count */
5419 5434 releasef(fd);
5420 5435
5421 5436 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5422 5437 }
5423 5438
5424 5439 /*ARGSUSED*/
5425 5440 static void
5426 5441 auf_read(tad, error, rval)
5427 5442 struct t_audit_data *tad;
5428 5443 int error;
5429 5444 rval_t *rval;
5430 5445 {
5431 5446 struct file *fp;
5432 5447 struct f_audit_data *fad;
5433 5448 int fd;
5434 5449 register struct a {
5435 5450 long fd;
5436 5451 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5437 5452 au_kcontext_t *kctx = GET_KCTX_PZ;
5438 5453
5439 5454 fd = (int)uap->fd;
5440 5455
5441 5456 /*
5442 5457 * convert file pointer to file descriptor
5443 5458 * Note: fd ref count incremented here.
5444 5459 */
5445 5460 if ((fp = getf(fd)) == NULL)
5446 5461 return;
5447 5462
5448 5463 /* get path from file struct here */
5449 5464 fad = F2A(fp);
5450 5465 ASSERT(fad);
5451 5466
5452 5467 /*
5453 5468 * already processed this file for read attempt
5454 5469 *
5455 5470 * XXX might be better to turn off auditing in a aui_read() routine.
5456 5471 */
5457 5472 if (fad->fad_flags & FAD_READ) {
5458 5473 /* don't really want to audit every read attempt */
5459 5474 tad->tad_flag = 0;
5460 5475 /* free any residual audit data */
5461 5476 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5462 5477 releasef(fd);
5463 5478 return;
5464 5479 }
5465 5480 /* mark things so we know what happened and don't repeat things */
5466 5481 fad->fad_flags |= FAD_READ;
5467 5482
5468 5483 if (fad->fad_aupath != NULL) {
5469 5484 au_uwrite(au_to_path(fad->fad_aupath));
5470 5485 } else {
5471 5486 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5472 5487 }
5473 5488
5474 5489 /* include attributes */
5475 5490 audit_attributes(fp->f_vnode);
5476 5491
5477 5492 /* decrement file descriptor reference count */
5478 5493 releasef(fd);
5479 5494 }
5480 5495
5481 5496 /*ARGSUSED*/
5482 5497 static void
5483 5498 auf_write(tad, error, rval)
5484 5499 struct t_audit_data *tad;
5485 5500 int error;
5486 5501 rval_t *rval;
5487 5502 {
5488 5503 struct file *fp;
5489 5504 struct f_audit_data *fad;
5490 5505 int fd;
5491 5506 register struct a {
5492 5507 long fd;
5493 5508 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5494 5509 au_kcontext_t *kctx = GET_KCTX_PZ;
5495 5510
5496 5511 fd = (int)uap->fd;
5497 5512
5498 5513 /*
5499 5514 * convert file pointer to file descriptor
5500 5515 * Note: fd ref count incremented here.
5501 5516 */
5502 5517 if ((fp = getf(fd)) == NULL)
5503 5518 return;
5504 5519
5505 5520 /* get path from file struct here */
5506 5521 fad = F2A(fp);
5507 5522 ASSERT(fad);
5508 5523
5509 5524 /*
5510 5525 * already processed this file for write attempt
5511 5526 *
5512 5527 * XXX might be better to turn off auditing in a aus_write() routine.
5513 5528 */
5514 5529 if (fad->fad_flags & FAD_WRITE) {
5515 5530 /* don't really want to audit every write attempt */
5516 5531 tad->tad_flag = 0;
5517 5532 /* free any residual audit data */
5518 5533 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5519 5534 releasef(fd);
5520 5535 return;
5521 5536 }
5522 5537 /* mark things so we know what happened and don't repeat things */
5523 5538 fad->fad_flags |= FAD_WRITE;
5524 5539
5525 5540 if (fad->fad_aupath != NULL) {
5526 5541 au_uwrite(au_to_path(fad->fad_aupath));
5527 5542 } else {
5528 5543 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5529 5544 }
5530 5545
5531 5546 /* include attributes */
5532 5547 audit_attributes(fp->f_vnode);
5533 5548
5534 5549 /* decrement file descriptor reference count */
5535 5550 releasef(fd);
5536 5551 }
5537 5552
5538 5553 /*ARGSUSED*/
5539 5554 static void
5540 5555 auf_recv(tad, error, rval)
5541 5556 struct t_audit_data *tad;
5542 5557 int error;
5543 5558 rval_t *rval;
5544 5559 {
5545 5560 struct sonode *so;
5546 5561 char so_laddr[sizeof (struct sockaddr_in6)];
5547 5562 char so_faddr[sizeof (struct sockaddr_in6)];
5548 5563 struct file *fp;
5549 5564 struct f_audit_data *fad;
5550 5565 int fd;
5551 5566 int err;
5552 5567 socklen_t len;
5553 5568 short so_family, so_type;
5554 5569 register struct a {
5555 5570 long fd;
5556 5571 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5557 5572 au_kcontext_t *kctx = GET_KCTX_PZ;
5558 5573
5559 5574 /*
5560 5575 * If there was an error, then nothing to do. Only generate
5561 5576 * audit record on first successful recv.
5562 5577 */
5563 5578 if (error) {
5564 5579 /* Turn off audit record generation here. */
5565 5580 tad->tad_flag = 0;
5566 5581 /* free any residual audit data */
5567 5582 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5568 5583 return;
5569 5584 }
5570 5585
5571 5586 fd = (int)uap->fd;
5572 5587
5573 5588 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5574 5589 /* Turn off audit record generation here. */
5575 5590 tad->tad_flag = 0;
5576 5591 /* free any residual audit data */
5577 5592 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5578 5593 return;
5579 5594 }
5580 5595
5581 5596 /* get path from file struct here */
5582 5597 fad = F2A(fp);
5583 5598 ASSERT(fad);
5584 5599
5585 5600 /*
5586 5601 * already processed this file for read attempt
5587 5602 */
5588 5603 if (fad->fad_flags & FAD_READ) {
5589 5604 releasef(fd);
5590 5605 /* don't really want to audit every recv call */
5591 5606 tad->tad_flag = 0;
5592 5607 /* free any residual audit data */
5593 5608 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5594 5609 return;
5595 5610 }
5596 5611
5597 5612 /* mark things so we know what happened and don't repeat things */
5598 5613 fad->fad_flags |= FAD_READ;
5599 5614
5600 5615 so_family = so->so_family;
5601 5616 so_type = so->so_type;
5602 5617
5603 5618 switch (so_family) {
5604 5619 case AF_INET:
5605 5620 case AF_INET6:
5606 5621 /*
5607 5622 * Only for connections.
5608 5623 * XXX - do we need to worry about SOCK_DGRAM or other types???
5609 5624 */
5610 5625 if (so->so_state & SS_ISBOUND) {
5611 5626
5612 5627 bzero((void *)so_laddr, sizeof (so_laddr));
5613 5628 bzero((void *)so_faddr, sizeof (so_faddr));
5614 5629
5615 5630 /* get local and foreign addresses */
5616 5631 len = sizeof (so_laddr);
5617 5632 (void) socket_getsockname(so,
5618 5633 (struct sockaddr *)so_laddr, &len, CRED());
5619 5634 len = sizeof (so_faddr);
5620 5635 (void) socket_getpeername(so,
5621 5636 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5622 5637
5623 5638 /*
5624 5639 * only way to drop out of switch. Note that we
5625 5640 * we release fd below.
5626 5641 */
5627 5642
5628 5643 break;
5629 5644 }
5630 5645
5631 5646 releasef(fd);
5632 5647
5633 5648 /* don't really want to audit every recv call */
5634 5649 tad->tad_flag = 0;
5635 5650 /* free any residual audit data */
5636 5651 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5637 5652
5638 5653 return;
5639 5654
5640 5655 case AF_UNIX:
5641 5656
5642 5657 if (fad->fad_aupath != NULL) {
5643 5658 au_uwrite(au_to_path(fad->fad_aupath));
5644 5659 } else {
5645 5660 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5646 5661 }
5647 5662
5648 5663 audit_attributes(fp->f_vnode);
5649 5664
5650 5665 releasef(fd);
5651 5666
5652 5667 return;
5653 5668
5654 5669 default:
5655 5670 releasef(fd);
5656 5671
5657 5672 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5658 5673 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5659 5674 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5660 5675
5661 5676 return;
5662 5677 }
5663 5678
5664 5679 releasef(fd);
5665 5680
5666 5681 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5667 5682
5668 5683 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5669 5684
5670 5685 }
5671 5686
5672 5687 /*ARGSUSED*/
5673 5688 static void
5674 5689 auf_send(tad, error, rval)
5675 5690 struct t_audit_data *tad;
5676 5691 int error;
5677 5692 rval_t *rval;
5678 5693 {
5679 5694 struct sonode *so;
5680 5695 char so_laddr[sizeof (struct sockaddr_in6)];
5681 5696 char so_faddr[sizeof (struct sockaddr_in6)];
5682 5697 struct file *fp;
5683 5698 struct f_audit_data *fad;
5684 5699 int fd;
5685 5700 int err;
5686 5701 socklen_t len;
5687 5702 short so_family, so_type;
5688 5703 register struct a {
5689 5704 long fd;
5690 5705 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5691 5706 au_kcontext_t *kctx = GET_KCTX_PZ;
5692 5707
5693 5708 fd = (int)uap->fd;
5694 5709
5695 5710 /*
5696 5711 * If there was an error, then nothing to do. Only generate
5697 5712 * audit record on first successful send.
5698 5713 */
5699 5714 if (error != 0) {
5700 5715 /* Turn off audit record generation here. */
5701 5716 tad->tad_flag = 0;
5702 5717 /* free any residual audit data */
5703 5718 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5704 5719 return;
5705 5720 }
5706 5721
5707 5722 fd = (int)uap->fd;
5708 5723
5709 5724 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5710 5725 /* Turn off audit record generation here. */
5711 5726 tad->tad_flag = 0;
5712 5727 /* free any residual audit data */
5713 5728 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5714 5729 return;
5715 5730 }
5716 5731
5717 5732 /* get path from file struct here */
5718 5733 fad = F2A(fp);
5719 5734 ASSERT(fad);
5720 5735
5721 5736 /*
5722 5737 * already processed this file for write attempt
5723 5738 */
5724 5739 if (fad->fad_flags & FAD_WRITE) {
5725 5740 releasef(fd);
5726 5741 /* don't really want to audit every send call */
5727 5742 tad->tad_flag = 0;
5728 5743 /* free any residual audit data */
5729 5744 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5730 5745 return;
5731 5746 }
5732 5747
5733 5748 /* mark things so we know what happened and don't repeat things */
5734 5749 fad->fad_flags |= FAD_WRITE;
5735 5750
5736 5751 so_family = so->so_family;
5737 5752 so_type = so->so_type;
5738 5753
5739 5754 switch (so_family) {
5740 5755 case AF_INET:
5741 5756 case AF_INET6:
5742 5757 /*
5743 5758 * Only for connections.
5744 5759 * XXX - do we need to worry about SOCK_DGRAM or other types???
5745 5760 */
5746 5761 if (so->so_state & SS_ISBOUND) {
5747 5762
5748 5763 bzero((void *)so_laddr, sizeof (so_laddr));
5749 5764 bzero((void *)so_faddr, sizeof (so_faddr));
5750 5765
5751 5766 /* get local and foreign addresses */
5752 5767 len = sizeof (so_laddr);
5753 5768 (void) socket_getsockname(so,
5754 5769 (struct sockaddr *)so_laddr, &len, CRED());
5755 5770 len = sizeof (so_faddr);
5756 5771 (void) socket_getpeername(so,
5757 5772 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5758 5773
5759 5774 /*
5760 5775 * only way to drop out of switch. Note that we
5761 5776 * we release fd below.
5762 5777 */
5763 5778
5764 5779 break;
5765 5780 }
5766 5781
5767 5782 releasef(fd);
5768 5783 /* don't really want to audit every send call */
5769 5784 tad->tad_flag = 0;
5770 5785 /* free any residual audit data */
5771 5786 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5772 5787
5773 5788 return;
5774 5789
5775 5790 case AF_UNIX:
5776 5791
5777 5792 if (fad->fad_aupath != NULL) {
5778 5793 au_uwrite(au_to_path(fad->fad_aupath));
5779 5794 } else {
5780 5795 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5781 5796 }
5782 5797
5783 5798 audit_attributes(fp->f_vnode);
5784 5799
5785 5800 releasef(fd);
5786 5801
5787 5802 return;
5788 5803
5789 5804 default:
5790 5805 releasef(fd);
5791 5806
5792 5807 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5793 5808 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5794 5809 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5795 5810
5796 5811 return;
5797 5812 }
5798 5813
5799 5814 releasef(fd);
5800 5815
5801 5816 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5802 5817
5803 5818 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5804 5819 }
5805 5820
5806 5821 static au_event_t
5807 5822 aui_forksys(au_event_t e)
5808 5823 {
5809 5824 struct a {
5810 5825 long subcode;
5811 5826 long flags;
5812 5827 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5813 5828
5814 5829 switch ((uint_t)uap->subcode) {
5815 5830 case 0:
5816 5831 e = AUE_FORK1;
5817 5832 break;
5818 5833 case 1:
5819 5834 e = AUE_FORKALL;
5820 5835 break;
5821 5836 case 2:
5822 5837 e = AUE_VFORK;
5823 5838 break;
5824 5839 default:
5825 5840 e = AUE_NULL;
5826 5841 break;
5827 5842 }
5828 5843
5829 5844 return (e);
5830 5845 }
5831 5846
5832 5847 /*ARGSUSED*/
5833 5848 static au_event_t
5834 5849 aui_portfs(au_event_t e)
5835 5850 {
5836 5851 struct a { /* portfs */
5837 5852 long a1;
5838 5853 long a2;
5839 5854 long a3;
5840 5855 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5841 5856
5842 5857 /*
5843 5858 * check opcode
5844 5859 */
5845 5860 switch (((uint_t)uap->a1) & PORT_CODE_MASK) {
5846 5861 case PORT_ASSOCIATE:
5847 5862 /* check source */
5848 5863 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5849 5864 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5850 5865 e = AUE_PORTFS_ASSOCIATE;
5851 5866 } else {
5852 5867 e = AUE_NULL;
5853 5868 }
5854 5869 break;
5855 5870 case PORT_DISSOCIATE:
5856 5871 /* check source */
5857 5872 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5858 5873 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5859 5874 e = AUE_PORTFS_DISSOCIATE;
5860 5875 } else {
5861 5876 e = AUE_NULL;
5862 5877 }
5863 5878 break;
5864 5879 default:
5865 5880 e = AUE_NULL;
5866 5881 }
5867 5882 return (e);
5868 5883 }
|
↓ open down ↓ |
5113 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX