60 #include <c2/audit.h>
61 #include <c2/audit_kernel.h>
62 #include <c2/audit_kevents.h>
63 #include <c2/audit_record.h>
64 #include <sys/procset.h>
65 #include <nfs/mount.h>
66 #include <sys/param.h>
67 #include <sys/debug.h>
68 #include <sys/sysmacros.h>
69 #include <sys/stream.h>
70 #include <sys/strsubr.h>
71 #include <sys/stropts.h>
72 #include <sys/tihdr.h>
73 #include <sys/socket.h>
74 #include <sys/socketvar.h>
75 #include <sys/vfs_opreg.h>
76 #include <fs/sockfs/sockcommon.h>
77 #include <netinet/in.h>
78 #include <sys/ddi.h>
79 #include <sys/port_impl.h>
80
81 static au_event_t aui_fchownat(au_event_t);
82 static au_event_t aui_fchmodat(au_event_t);
83 static au_event_t aui_open(au_event_t);
84 static au_event_t aui_openat(au_event_t);
85 static au_event_t aui_unlinkat(au_event_t);
86 static au_event_t aui_fstatat(au_event_t);
87 static au_event_t aui_msgsys(au_event_t);
88 static au_event_t aui_shmsys(au_event_t);
89 static au_event_t aui_semsys(au_event_t);
90 static au_event_t aui_utssys(au_event_t);
91 static au_event_t aui_fcntl(au_event_t);
92 static au_event_t aui_execve(au_event_t);
93 static au_event_t aui_memcntl(au_event_t);
94 static au_event_t aui_sysinfo(au_event_t);
95 static au_event_t aui_portfs(au_event_t);
96 static au_event_t aui_auditsys(au_event_t);
97 static au_event_t aui_modctl(au_event_t);
98 static au_event_t aui_acl(au_event_t);
99 static au_event_t aui_doorfs(au_event_t);
100 static au_event_t aui_privsys(au_event_t);
101 static au_event_t aui_forksys(au_event_t);
102 static au_event_t aui_labelsys(au_event_t);
103 static au_event_t aui_setpgrp(au_event_t);
104
105 static void aus_exit(struct t_audit_data *);
106 static void aus_open(struct t_audit_data *);
107 static void aus_openat(struct t_audit_data *);
108 static void aus_acl(struct t_audit_data *);
109 static void aus_acct(struct t_audit_data *);
110 static void aus_chown(struct t_audit_data *);
111 static void aus_fchown(struct t_audit_data *);
112 static void aus_lchown(struct t_audit_data *);
113 static void aus_fchownat(struct t_audit_data *);
114 static void aus_chmod(struct t_audit_data *);
115 static void aus_facl(struct t_audit_data *);
116 static void aus_fchmod(struct t_audit_data *);
117 static void aus_fchmodat(struct t_audit_data *);
118 static void aus_fcntl(struct t_audit_data *);
119 static void aus_mkdir(struct t_audit_data *);
120 static void aus_mkdirat(struct t_audit_data *);
121 static void aus_mknod(struct t_audit_data *);
122 static void aus_mknodat(struct t_audit_data *);
123 static void aus_mount(struct t_audit_data *);
124 static void aus_umount2(struct t_audit_data *);
187
188 #define aui_null NULL /* NULL initialize function */
189 #define aus_null NULL /* NULL start function */
190 #define auf_null NULL /* NULL finish function */
191
192 struct audit_s2e audit_s2e[] =
193 {
194 /*
195 * ---------- ---------- ---------- ----------
196 * INITIAL AUDIT START SYSTEM
197 * PROCESSING EVENT PROCESSING CALL
198 * ---------- ---------- ---------- -----------
199 * FINISH EVENT
200 * PROCESSING CONTROL
201 * ----------------------------------------------------------
202 */
203 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
204 auf_null, 0,
205 aui_null, AUE_EXIT, aus_exit, /* 1 exit */
206 auf_null, S2E_NPT,
207 aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
208 auf_null, 0,
209 aui_null, AUE_READ, aus_null, /* 3 read */
210 auf_read, S2E_PUB,
211 aui_null, AUE_WRITE, aus_null, /* 4 write */
212 auf_write, 0,
213 aui_open, AUE_OPEN, aus_open, /* 5 open */
214 auf_null, S2E_SP,
215 aui_null, AUE_CLOSE, aus_close, /* 6 close */
216 auf_null, 0,
217 aui_null, AUE_LINK, aus_null, /* 7 linkat */
218 auf_null, 0,
219 aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
220 auf_null, 0,
221 aui_null, AUE_LINK, aus_null, /* 9 link */
222 auf_null, 0,
223 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
224 auf_null, 0,
225 aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
226 auf_null, 0,
227 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
726 auf_null, 0
727 };
728
729 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
730
731
732 /* exit start function */
733 /*ARGSUSED*/
734 static void
735 aus_exit(struct t_audit_data *tad)
736 {
737 uint32_t rval;
738 struct a {
739 long rval;
740 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
741
742 rval = (uint32_t)uap->rval;
743 au_uwrite(au_to_arg32(1, "exit status", rval));
744 }
745
746 /* acct start function */
747 /*ARGSUSED*/
748 static void
749 aus_acct(struct t_audit_data *tad)
750 {
751 klwp_t *clwp = ttolwp(curthread);
752 uintptr_t fname;
753
754 struct a {
755 long fname; /* char * */
756 } *uap = (struct a *)clwp->lwp_ap;
757
758 fname = (uintptr_t)uap->fname;
759
760 if (fname == 0)
761 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
762 }
763
764 /* chown start function */
765 /*ARGSUSED*/
|
60 #include <c2/audit.h>
61 #include <c2/audit_kernel.h>
62 #include <c2/audit_kevents.h>
63 #include <c2/audit_record.h>
64 #include <sys/procset.h>
65 #include <nfs/mount.h>
66 #include <sys/param.h>
67 #include <sys/debug.h>
68 #include <sys/sysmacros.h>
69 #include <sys/stream.h>
70 #include <sys/strsubr.h>
71 #include <sys/stropts.h>
72 #include <sys/tihdr.h>
73 #include <sys/socket.h>
74 #include <sys/socketvar.h>
75 #include <sys/vfs_opreg.h>
76 #include <fs/sockfs/sockcommon.h>
77 #include <netinet/in.h>
78 #include <sys/ddi.h>
79 #include <sys/port_impl.h>
80 #include <sys/secflags.h>
81
82 static au_event_t aui_fchownat(au_event_t);
83 static au_event_t aui_fchmodat(au_event_t);
84 static au_event_t aui_open(au_event_t);
85 static au_event_t aui_openat(au_event_t);
86 static au_event_t aui_unlinkat(au_event_t);
87 static au_event_t aui_fstatat(au_event_t);
88 static au_event_t aui_msgsys(au_event_t);
89 static au_event_t aui_shmsys(au_event_t);
90 static au_event_t aui_semsys(au_event_t);
91 static au_event_t aui_utssys(au_event_t);
92 static au_event_t aui_fcntl(au_event_t);
93 static au_event_t aui_execve(au_event_t);
94 static au_event_t aui_memcntl(au_event_t);
95 static au_event_t aui_sysinfo(au_event_t);
96 static au_event_t aui_portfs(au_event_t);
97 static au_event_t aui_auditsys(au_event_t);
98 static au_event_t aui_modctl(au_event_t);
99 static au_event_t aui_acl(au_event_t);
100 static au_event_t aui_doorfs(au_event_t);
101 static au_event_t aui_privsys(au_event_t);
102 static au_event_t aui_forksys(au_event_t);
103 static au_event_t aui_labelsys(au_event_t);
104 static au_event_t aui_setpgrp(au_event_t);
105
106
107 static void aus_exit(struct t_audit_data *);
108 static void aus_open(struct t_audit_data *);
109 static void aus_openat(struct t_audit_data *);
110 static void aus_acl(struct t_audit_data *);
111 static void aus_acct(struct t_audit_data *);
112 static void aus_chown(struct t_audit_data *);
113 static void aus_fchown(struct t_audit_data *);
114 static void aus_lchown(struct t_audit_data *);
115 static void aus_fchownat(struct t_audit_data *);
116 static void aus_chmod(struct t_audit_data *);
117 static void aus_facl(struct t_audit_data *);
118 static void aus_fchmod(struct t_audit_data *);
119 static void aus_fchmodat(struct t_audit_data *);
120 static void aus_fcntl(struct t_audit_data *);
121 static void aus_mkdir(struct t_audit_data *);
122 static void aus_mkdirat(struct t_audit_data *);
123 static void aus_mknod(struct t_audit_data *);
124 static void aus_mknodat(struct t_audit_data *);
125 static void aus_mount(struct t_audit_data *);
126 static void aus_umount2(struct t_audit_data *);
189
190 #define aui_null NULL /* NULL initialize function */
191 #define aus_null NULL /* NULL start function */
192 #define auf_null NULL /* NULL finish function */
193
194 struct audit_s2e audit_s2e[] =
195 {
196 /*
197 * ---------- ---------- ---------- ----------
198 * INITIAL AUDIT START SYSTEM
199 * PROCESSING EVENT PROCESSING CALL
200 * ---------- ---------- ---------- -----------
201 * FINISH EVENT
202 * PROCESSING CONTROL
203 * ----------------------------------------------------------
204 */
205 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
206 auf_null, 0,
207 aui_null, AUE_EXIT, aus_exit, /* 1 exit */
208 auf_null, S2E_NPT,
209 aui_null, AUE_PSECFLAGS, aus_null, /* 2 psecflags */
210 auf_null, 0,
211 aui_null, AUE_READ, aus_null, /* 3 read */
212 auf_read, S2E_PUB,
213 aui_null, AUE_WRITE, aus_null, /* 4 write */
214 auf_write, 0,
215 aui_open, AUE_OPEN, aus_open, /* 5 open */
216 auf_null, S2E_SP,
217 aui_null, AUE_CLOSE, aus_close, /* 6 close */
218 auf_null, 0,
219 aui_null, AUE_LINK, aus_null, /* 7 linkat */
220 auf_null, 0,
221 aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
222 auf_null, 0,
223 aui_null, AUE_LINK, aus_null, /* 9 link */
224 auf_null, 0,
225 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
226 auf_null, 0,
227 aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
228 auf_null, 0,
229 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
728 auf_null, 0
729 };
730
731 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
732
733
734 /* exit start function */
735 /*ARGSUSED*/
736 static void
737 aus_exit(struct t_audit_data *tad)
738 {
739 uint32_t rval;
740 struct a {
741 long rval;
742 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
743
744 rval = (uint32_t)uap->rval;
745 au_uwrite(au_to_arg32(1, "exit status", rval));
746 }
747
748
749 /* acct start function */
750 /*ARGSUSED*/
751 static void
752 aus_acct(struct t_audit_data *tad)
753 {
754 klwp_t *clwp = ttolwp(curthread);
755 uintptr_t fname;
756
757 struct a {
758 long fname; /* char * */
759 } *uap = (struct a *)clwp->lwp_ap;
760
761 fname = (uintptr_t)uap->fname;
762
763 if (fname == 0)
764 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
765 }
766
767 /* chown start function */
768 /*ARGSUSED*/
|