Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit_event.c
+++ new/usr/src/uts/common/c2/audit_event.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright (c) 2011 Bayard G. Bell. All rights reserved.
25 25 */
26 26
27 27 /*
28 28 * This file contains the audit event table used to control the production
29 29 * of audit records for each system call.
30 30 */
31 31
32 32 #include <sys/policy.h>
33 33 #include <sys/cred.h>
34 34 #include <sys/types.h>
35 35 #include <sys/systm.h>
36 36 #include <sys/systeminfo.h> /* for sysinfo auditing */
37 37 #include <sys/utsname.h> /* for sysinfo auditing */
38 38 #include <sys/proc.h>
39 39 #include <sys/vnode.h>
40 40 #include <sys/mman.h> /* for mmap(2) auditing etc. */
41 41 #include <sys/fcntl.h>
42 42 #include <sys/modctl.h> /* for modctl auditing */
43 43 #include <sys/vnode.h>
44 44 #include <sys/user.h>
45 45 #include <sys/types.h>
46 46 #include <sys/processor.h>
47 47 #include <sys/procset.h>
48 48 #include <sys/acl.h>
49 49 #include <sys/ipc.h>
50 50 #include <sys/door.h>
51 51 #include <sys/sem.h>
52 52 #include <sys/msg.h>
53 53 #include <sys/shm.h>
54 54 #include <sys/kmem.h>
55 55 #include <sys/file.h> /* for accept */
56 56 #include <sys/utssys.h> /* for fuser */
57 57 #include <sys/tsol/label.h>
58 58 #include <sys/tsol/tndb.h>
59 59 #include <sys/tsol/tsyscall.h>
60 60 #include <c2/audit.h>
61 61 #include <c2/audit_kernel.h>
62 62 #include <c2/audit_kevents.h>
63 63 #include <c2/audit_record.h>
64 64 #include <sys/procset.h>
65 65 #include <nfs/mount.h>
66 66 #include <sys/param.h>
67 67 #include <sys/debug.h>
68 68 #include <sys/sysmacros.h>
69 69 #include <sys/stream.h>
|
↓ open down ↓ |
69 lines elided |
↑ open up ↑ |
70 70 #include <sys/strsubr.h>
71 71 #include <sys/stropts.h>
72 72 #include <sys/tihdr.h>
73 73 #include <sys/socket.h>
74 74 #include <sys/socketvar.h>
75 75 #include <sys/vfs_opreg.h>
76 76 #include <fs/sockfs/sockcommon.h>
77 77 #include <netinet/in.h>
78 78 #include <sys/ddi.h>
79 79 #include <sys/port_impl.h>
80 +#include <sys/secflags.h>
80 81
81 82 static au_event_t aui_fchownat(au_event_t);
82 83 static au_event_t aui_fchmodat(au_event_t);
83 84 static au_event_t aui_open(au_event_t);
84 85 static au_event_t aui_openat(au_event_t);
85 86 static au_event_t aui_unlinkat(au_event_t);
86 87 static au_event_t aui_fstatat(au_event_t);
87 88 static au_event_t aui_msgsys(au_event_t);
88 89 static au_event_t aui_shmsys(au_event_t);
89 90 static au_event_t aui_semsys(au_event_t);
90 91 static au_event_t aui_utssys(au_event_t);
91 92 static au_event_t aui_fcntl(au_event_t);
92 93 static au_event_t aui_execve(au_event_t);
93 94 static au_event_t aui_memcntl(au_event_t);
94 95 static au_event_t aui_sysinfo(au_event_t);
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
95 96 static au_event_t aui_portfs(au_event_t);
96 97 static au_event_t aui_auditsys(au_event_t);
97 98 static au_event_t aui_modctl(au_event_t);
98 99 static au_event_t aui_acl(au_event_t);
99 100 static au_event_t aui_doorfs(au_event_t);
100 101 static au_event_t aui_privsys(au_event_t);
101 102 static au_event_t aui_forksys(au_event_t);
102 103 static au_event_t aui_labelsys(au_event_t);
103 104 static au_event_t aui_setpgrp(au_event_t);
104 105
106 +
105 107 static void aus_exit(struct t_audit_data *);
106 108 static void aus_open(struct t_audit_data *);
107 109 static void aus_openat(struct t_audit_data *);
108 110 static void aus_acl(struct t_audit_data *);
109 111 static void aus_acct(struct t_audit_data *);
110 112 static void aus_chown(struct t_audit_data *);
111 113 static void aus_fchown(struct t_audit_data *);
112 114 static void aus_lchown(struct t_audit_data *);
113 115 static void aus_fchownat(struct t_audit_data *);
114 116 static void aus_chmod(struct t_audit_data *);
115 117 static void aus_facl(struct t_audit_data *);
116 118 static void aus_fchmod(struct t_audit_data *);
117 119 static void aus_fchmodat(struct t_audit_data *);
118 120 static void aus_fcntl(struct t_audit_data *);
119 121 static void aus_mkdir(struct t_audit_data *);
120 122 static void aus_mkdirat(struct t_audit_data *);
121 123 static void aus_mknod(struct t_audit_data *);
122 124 static void aus_mknodat(struct t_audit_data *);
123 125 static void aus_mount(struct t_audit_data *);
124 126 static void aus_umount2(struct t_audit_data *);
125 127 static void aus_msgsys(struct t_audit_data *);
126 128 static void aus_semsys(struct t_audit_data *);
127 129 static void aus_close(struct t_audit_data *);
128 130 static void aus_fstatfs(struct t_audit_data *);
129 131 static void aus_setgid(struct t_audit_data *);
130 132 static void aus_setpgrp(struct t_audit_data *);
131 133 static void aus_setuid(struct t_audit_data *);
132 134 static void aus_shmsys(struct t_audit_data *);
133 135 static void aus_doorfs(struct t_audit_data *);
134 136 static void aus_ioctl(struct t_audit_data *);
135 137 static void aus_memcntl(struct t_audit_data *);
136 138 static void aus_mmap(struct t_audit_data *);
137 139 static void aus_munmap(struct t_audit_data *);
138 140 static void aus_priocntlsys(struct t_audit_data *);
139 141 static void aus_setegid(struct t_audit_data *);
140 142 static void aus_setgroups(struct t_audit_data *);
141 143 static void aus_seteuid(struct t_audit_data *);
142 144 static void aus_putmsg(struct t_audit_data *);
143 145 static void aus_putpmsg(struct t_audit_data *);
144 146 static void aus_getmsg(struct t_audit_data *);
145 147 static void aus_getpmsg(struct t_audit_data *);
146 148 static void aus_auditsys(struct t_audit_data *);
147 149 static void aus_sysinfo(struct t_audit_data *);
148 150 static void aus_modctl(struct t_audit_data *);
149 151 static void aus_kill(struct t_audit_data *);
150 152 static void aus_setregid(struct t_audit_data *);
151 153 static void aus_setreuid(struct t_audit_data *);
152 154 static void aus_labelsys(struct t_audit_data *);
153 155
154 156 static void auf_mknod(struct t_audit_data *, int, rval_t *);
155 157 static void auf_mknodat(struct t_audit_data *, int, rval_t *);
156 158 static void auf_msgsys(struct t_audit_data *, int, rval_t *);
157 159 static void auf_semsys(struct t_audit_data *, int, rval_t *);
158 160 static void auf_shmsys(struct t_audit_data *, int, rval_t *);
159 161 static void auf_read(struct t_audit_data *, int, rval_t *);
160 162 static void auf_write(struct t_audit_data *, int, rval_t *);
161 163
162 164 static void aus_sigqueue(struct t_audit_data *);
163 165 static void aus_p_online(struct t_audit_data *);
164 166 static void aus_processor_bind(struct t_audit_data *);
165 167 static void aus_inst_sync(struct t_audit_data *);
166 168 static void aus_brandsys(struct t_audit_data *);
167 169
168 170 static void auf_accept(struct t_audit_data *, int, rval_t *);
169 171
170 172 static void auf_bind(struct t_audit_data *, int, rval_t *);
171 173 static void auf_connect(struct t_audit_data *, int, rval_t *);
172 174 static void aus_shutdown(struct t_audit_data *);
173 175 static void auf_setsockopt(struct t_audit_data *, int, rval_t *);
174 176 static void aus_sockconfig(struct t_audit_data *);
175 177 static void auf_recv(struct t_audit_data *, int, rval_t *);
176 178 static void auf_recvmsg(struct t_audit_data *, int, rval_t *);
177 179 static void auf_send(struct t_audit_data *, int, rval_t *);
178 180 static void auf_sendmsg(struct t_audit_data *, int, rval_t *);
179 181 static void auf_recvfrom(struct t_audit_data *, int, rval_t *);
180 182 static void auf_sendto(struct t_audit_data *, int, rval_t *);
181 183 static void aus_socket(struct t_audit_data *);
182 184 /*
183 185 * This table contains mapping information for converting system call numbers
184 186 * to audit event IDs. In several cases it is necessary to map a single system
185 187 * call to several events.
186 188 */
187 189
188 190 #define aui_null NULL /* NULL initialize function */
189 191 #define aus_null NULL /* NULL start function */
190 192 #define auf_null NULL /* NULL finish function */
191 193
192 194 struct audit_s2e audit_s2e[] =
193 195 {
194 196 /*
195 197 * ---------- ---------- ---------- ----------
196 198 * INITIAL AUDIT START SYSTEM
|
↓ open down ↓ |
82 lines elided |
↑ open up ↑ |
197 199 * PROCESSING EVENT PROCESSING CALL
198 200 * ---------- ---------- ---------- -----------
199 201 * FINISH EVENT
200 202 * PROCESSING CONTROL
201 203 * ----------------------------------------------------------
202 204 */
203 205 aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
204 206 auf_null, 0,
205 207 aui_null, AUE_EXIT, aus_exit, /* 1 exit */
206 208 auf_null, S2E_NPT,
207 -aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
209 +aui_null, AUE_PSECFLAGS, aus_null, /* 2 psecflags */
208 210 auf_null, 0,
209 211 aui_null, AUE_READ, aus_null, /* 3 read */
210 212 auf_read, S2E_PUB,
211 213 aui_null, AUE_WRITE, aus_null, /* 4 write */
212 214 auf_write, 0,
213 215 aui_open, AUE_OPEN, aus_open, /* 5 open */
214 216 auf_null, S2E_SP,
215 217 aui_null, AUE_CLOSE, aus_close, /* 6 close */
216 218 auf_null, 0,
217 219 aui_null, AUE_LINK, aus_null, /* 7 linkat */
218 220 auf_null, 0,
219 221 aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
220 222 auf_null, 0,
221 223 aui_null, AUE_LINK, aus_null, /* 9 link */
222 224 auf_null, 0,
223 225 aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
224 226 auf_null, 0,
225 227 aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
226 228 auf_null, 0,
227 229 aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
228 230 auf_null, S2E_SP,
229 231 aui_null, AUE_NULL, aus_null, /* 13 time */
230 232 auf_null, 0,
231 233 aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */
232 234 auf_mknod, S2E_MLD,
233 235 aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */
234 236 auf_null, 0,
235 237 aui_null, AUE_CHOWN, aus_chown, /* 16 chown */
236 238 auf_null, 0,
237 239 aui_null, AUE_NULL, aus_null, /* 17 brk */
238 240 auf_null, 0,
239 241 aui_null, AUE_STAT, aus_null, /* 18 stat */
240 242 auf_null, S2E_PUB,
241 243 aui_null, AUE_NULL, aus_null, /* 19 lseek */
242 244 auf_null, 0,
243 245 aui_null, AUE_NULL, aus_null, /* 20 getpid */
244 246 auf_null, 0,
245 247 aui_null, AUE_MOUNT, aus_mount, /* 21 mount */
246 248 auf_null, S2E_MLD,
247 249 aui_null, AUE_READLINK, aus_null, /* 22 readlinkat */
248 250 auf_null, S2E_PUB,
249 251 aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */
250 252 auf_null, 0,
251 253 aui_null, AUE_NULL, aus_null, /* 24 getuid */
252 254 auf_null, 0,
253 255 aui_null, AUE_STIME, aus_null, /* 25 stime */
254 256 auf_null, 0,
255 257 aui_null, AUE_NULL, aus_null, /* 26 pcsample */
256 258 auf_null, 0,
257 259 aui_null, AUE_NULL, aus_null, /* 27 alarm */
258 260 auf_null, 0,
259 261 aui_null, AUE_NULL, aus_null, /* 28 fstat */
260 262 auf_null, 0,
261 263 aui_null, AUE_NULL, aus_null, /* 29 pause */
262 264 auf_null, 0,
263 265 aui_null, AUE_NULL, aus_null, /* 30 (loadable) was utime */
264 266 auf_null, 0,
265 267 aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */
266 268 auf_null, 0,
267 269 aui_null, AUE_NULL, aus_null, /* 32 gtty */
268 270 auf_null, 0,
269 271 aui_null, AUE_ACCESS, aus_null, /* 33 access */
270 272 auf_null, S2E_PUB,
271 273 aui_null, AUE_NICE, aus_null, /* 34 nice */
272 274 auf_null, 0,
273 275 aui_null, AUE_STATFS, aus_null, /* 35 statfs */
274 276 auf_null, S2E_PUB,
275 277 aui_null, AUE_NULL, aus_null, /* 36 sync */
276 278 auf_null, 0,
277 279 aui_null, AUE_KILL, aus_kill, /* 37 kill */
278 280 auf_null, 0,
279 281 aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */
280 282 auf_null, S2E_PUB,
281 283 aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */
282 284 auf_null, 0,
283 285 aui_null, AUE_NULL, aus_null, /* 40 uucopystr */
284 286 auf_null, 0,
285 287 aui_null, AUE_NULL, aus_null, /* 41 (loadable) was dup */
286 288 auf_null, 0,
287 289 aui_null, AUE_PIPE, aus_null, /* 42 (loadable) pipe */
288 290 auf_null, 0,
289 291 aui_null, AUE_NULL, aus_null, /* 43 times */
290 292 auf_null, 0,
291 293 aui_null, AUE_NULL, aus_null, /* 44 profil */
292 294 auf_null, 0,
293 295 aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */
294 296 auf_null, S2E_PUB,
295 297 aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */
296 298 auf_null, 0,
297 299 aui_null, AUE_NULL, aus_null, /* 47 getgid */
298 300 auf_null, 0,
299 301 aui_null, AUE_MKNOD, aus_mknodat, /* 48 mknodat */
300 302 auf_mknodat, S2E_MLD,
301 303 aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) msgsys */
302 304 auf_msgsys, 0,
303 305 #if defined(__x86)
304 306 aui_null, AUE_NULL, aus_null, /* 50 sysi86 */
305 307 auf_null, 0,
306 308 #else
307 309 aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */
308 310 auf_null, 0,
309 311 #endif /* __x86 */
310 312 aui_null, AUE_ACCT, aus_acct, /* 51 (loadable) sysacct */
311 313 auf_null, 0,
312 314 aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 (loadable) shmsys */
313 315 auf_shmsys, 0,
314 316 aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 (loadable) semsys */
315 317 auf_semsys, 0,
316 318 aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */
317 319 auf_null, 0,
318 320 aui_null, AUE_NULL, aus_null, /* 55 uadmin */
319 321 auf_null, 0,
320 322 aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */
321 323 auf_null, 0,
322 324 aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */
323 325 auf_null, 0,
324 326 aui_null, AUE_NULL, aus_null, /* 58 fsync */
325 327 auf_null, 0,
326 328 aui_execve, AUE_EXECVE, aus_null, /* 59 exece */
327 329 auf_null, S2E_MLD,
328 330 aui_null, AUE_NULL, aus_null, /* 60 umask */
329 331 auf_null, 0,
330 332 aui_null, AUE_CHROOT, aus_null, /* 61 chroot */
331 333 auf_null, S2E_SP,
332 334 aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */
333 335 auf_null, 0,
334 336 aui_null, AUE_NULL, aus_null, /* 63 ulimit */
335 337 auf_null, 0,
336 338 aui_null, AUE_RENAME, aus_null, /* 64 renameat */
337 339 auf_null, 0,
338 340 aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */
339 341 auf_null, 0,
340 342 aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */
341 343 auf_null, S2E_PUB,
342 344 aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */
343 345 auf_null, S2E_PUB,
344 346 aui_openat, AUE_OPEN, aus_openat, /* 68 openat */
345 347 auf_null, S2E_SP,
346 348 aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */
347 349 auf_null, S2E_SP,
348 350 aui_null, AUE_NULL, aus_null, /* 70 tasksys */
349 351 auf_null, 0,
350 352 aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */
351 353 auf_null, 0,
352 354 aui_null, AUE_NULL, aus_null, /* 72 (loadable) exacct */
353 355 auf_null, 0,
354 356 aui_null, AUE_NULL, aus_null, /* 73 getpagesizes */
355 357 auf_null, 0,
356 358 aui_null, AUE_NULL, aus_null, /* 74 rctlsys */
357 359 auf_null, 0,
358 360 aui_null, AUE_NULL, aus_null, /* 75 sidsys */
359 361 auf_null, 0,
360 362 aui_null, AUE_NULL, aus_null, /* 76 (loadable) was fsat */
361 363 auf_null, 0,
362 364 aui_null, AUE_NULL, aus_null, /* 77 syslwp_park */
363 365 auf_null, 0,
364 366 aui_null, AUE_NULL, aus_null, /* 78 sendfilev */
365 367 auf_null, 0,
366 368 aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */
367 369 auf_null, 0,
368 370 aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */
369 371 auf_null, 0,
370 372 aui_null, AUE_NULL, aus_null, /* 81 getdents */
371 373 auf_null, 0,
372 374 aui_privsys, AUE_NULL, aus_null, /* 82 privsys */
373 375 auf_null, 0,
374 376 aui_null, AUE_NULL, aus_null, /* 83 ucredsys */
375 377 auf_null, 0,
376 378 aui_null, AUE_NULL, aus_null, /* 84 sysfs */
377 379 auf_null, 0,
378 380 aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */
379 381 auf_null, 0,
380 382 aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */
381 383 auf_null, 0,
382 384 aui_null, AUE_NULL, aus_null, /* 87 (loadable) was poll */
383 385 auf_null, 0,
384 386 aui_null, AUE_LSTAT, aus_null, /* 88 lstat */
385 387 auf_null, S2E_PUB,
386 388 aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */
387 389 auf_null, 0,
388 390 aui_null, AUE_READLINK, aus_null, /* 90 readlink */
389 391 auf_null, S2E_PUB,
390 392 aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */
391 393 auf_null, 0,
392 394 aui_null, AUE_NULL, aus_null, /* 92 getgroups */
393 395 auf_null, 0,
394 396 aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */
395 397 auf_null, 0,
396 398 aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */
397 399 auf_null, 0,
398 400 aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */
399 401 auf_null, 0,
400 402 aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */
401 403 auf_null, 0,
402 404 aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */
403 405 auf_null, 0,
404 406 aui_null, AUE_NULL, aus_null, /* 98 sigaction */
405 407 auf_null, 0,
406 408 aui_null, AUE_NULL, aus_null, /* 99 sigpending */
407 409 auf_null, 0,
408 410 aui_null, AUE_NULL, aus_null, /* 100 setcontext */
409 411 auf_null, 0,
410 412 aui_fchmodat, AUE_NULL, aus_fchmodat, /* 101 fchmodat */
411 413 auf_null, 0,
412 414 aui_null, AUE_MKDIR, aus_mkdirat, /* 102 mkdirat */
413 415 auf_null, 0,
414 416 aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */
415 417 auf_null, S2E_PUB,
416 418 aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */
417 419 auf_null, 0,
418 420 aui_null, AUE_NULL, aus_null, /* 105 getloadavg */
419 421 auf_null, 0,
420 422 aui_null, AUE_NULL, aus_null, /* 106 nfssys */
421 423 auf_null, 0,
422 424 aui_null, AUE_NULL, aus_null, /* 107 waitsys */
423 425 auf_null, 0,
424 426 aui_null, AUE_NULL, aus_null, /* 108 sigsendsys */
425 427 auf_null, 0,
426 428 #if defined(__x86)
427 429 aui_null, AUE_NULL, aus_null, /* 109 hrtsys */
428 430 auf_null, 0,
429 431 #else
430 432 aui_null, AUE_NULL, aus_null, /* 109 (loadable) */
431 433 auf_null, 0,
432 434 #endif /* __x86 */
433 435 aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */
434 436 auf_null, 0,
435 437 aui_null, AUE_NULL, aus_null, /* 111 sigresend */
436 438 auf_null, 0,
437 439 aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */
438 440 auf_null, 0,
439 441 aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */
440 442 auf_null, S2E_PUB,
441 443 aui_null, AUE_NULL, aus_null, /* 114 mincore */
442 444 auf_null, 0,
443 445 aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */
444 446 auf_null, 0,
445 447 aui_null, AUE_NULL, aus_null, /* 116 mprotect */
446 448 auf_null, 0,
447 449 aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */
448 450 auf_null, 0,
449 451 aui_null, AUE_NULL, aus_null, /* 118 fpathconf */
450 452 auf_null, 0,
451 453 aui_null, AUE_VFORK, aus_null, /* 119 vfork */
452 454 auf_null, 0,
453 455 aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */
454 456 auf_null, 0,
455 457 aui_null, AUE_READ, aus_null, /* 121 readv */
456 458 auf_read, S2E_PUB,
457 459 aui_null, AUE_WRITE, aus_null, /* 122 writev */
458 460 auf_write, 0,
459 461 aui_null, AUE_NULL, aus_null, /* 123 (loadable) was xstat */
460 462 auf_null, 0,
461 463 aui_null, AUE_NULL, aus_null, /* 124 (loadable) was lxstat */
462 464 auf_null, 0,
463 465 aui_null, AUE_NULL, aus_null, /* 125 (loadable) was fxstat */
464 466 auf_null, 0,
465 467 aui_null, AUE_NULL, aus_null, /* 126 (loadable) was xmknod */
466 468 auf_null, 0,
467 469 aui_null, AUE_NULL, aus_null, /* 127 mmapobj */
468 470 auf_null, 0,
469 471 aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */
470 472 auf_null, 0,
471 473 aui_null, AUE_NULL, aus_null, /* 129 getrlimit */
472 474 auf_null, 0,
473 475 aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */
474 476 auf_null, 0,
475 477 aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */
476 478 auf_null, 0,
477 479 aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */
478 480 auf_null, 0,
479 481 aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */
480 482 auf_null, 0,
481 483 aui_null, AUE_RENAME, aus_null, /* 134 rename */
482 484 auf_null, 0,
483 485 aui_null, AUE_NULL, aus_null, /* 135 uname */
484 486 auf_null, 0,
485 487 aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */
486 488 auf_null, 0,
487 489 aui_null, AUE_NULL, aus_null, /* 137 sysconfig */
488 490 auf_null, 0,
489 491 aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */
490 492 auf_null, 0,
491 493 aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */
492 494 auf_null, 0,
493 495 aui_null, AUE_NULL, aus_null, /* 140 (loadable) sharefs */
494 496 auf_null, 0,
495 497 aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */
496 498 auf_null, 0,
497 499 aui_forksys, AUE_NULL, aus_null, /* 142 forksys */
498 500 auf_null, 0,
499 501 aui_null, AUE_NULL, aus_null, /* 143 (loadable) was fork1 */
500 502 auf_null, 0,
501 503 aui_null, AUE_NULL, aus_null, /* 144 sigwait */
502 504 auf_null, 0,
503 505 aui_null, AUE_NULL, aus_null, /* 145 lwp_info */
504 506 auf_null, 0,
505 507 aui_null, AUE_NULL, aus_null, /* 146 yield */
506 508 auf_null, 0,
507 509 aui_null, AUE_NULL, aus_null, /* 147 (loadable) */
508 510 /* was lwp_sema_wait */
509 511 auf_null, 0,
510 512 aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */
511 513 auf_null, 0,
512 514 aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */
513 515 auf_null, 0,
514 516 aui_null, AUE_NULL, aus_null, /* 150 lwp_detach */
515 517 auf_null, 0,
516 518 aui_null, AUE_NULL, aus_null, /* 151 corectl */
517 519 auf_null, 0,
518 520 aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */
519 521 auf_null, 0,
520 522 aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */
521 523 auf_null, 0,
522 524 aui_null, AUE_NULL, aus_null, /* 154 (loadable) was utimes */
523 525 auf_null, 0,
524 526 aui_null, AUE_NULL, aus_null, /* 155 vhangup */
525 527 auf_null, 0,
526 528 aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */
527 529 auf_null, 0,
528 530 aui_null, AUE_NULL, aus_null, /* 157 getitimer */
529 531 auf_null, 0,
530 532 aui_null, AUE_NULL, aus_null, /* 158 setitimer */
531 533 auf_null, 0,
532 534 aui_null, AUE_NULL, aus_null, /* 159 lwp_create */
533 535 auf_null, 0,
534 536 aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */
535 537 auf_null, 0,
536 538 aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */
537 539 auf_null, 0,
538 540 aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */
539 541 auf_null, 0,
540 542 aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */
541 543 auf_null, 0,
542 544 aui_null, AUE_NULL, aus_null, /* 164 lwp_self */
543 545 auf_null, 0,
544 546 aui_null, AUE_NULL, aus_null, /* 165 lwp_sigmask */
545 547 auf_null, 0,
546 548 aui_null, AUE_NULL, aus_null, /* 166 lwp_private */
547 549 auf_null, 0,
548 550 aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */
549 551 auf_null, 0,
550 552 aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */
551 553 auf_null, 0,
552 554 aui_null, AUE_NULL, aus_null, /* 169 (loadable) */
553 555 /* was lwp_mutex_lock */
554 556 auf_null, 0,
555 557 aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */
556 558 auf_null, 0,
557 559 aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */
558 560 auf_null, 0,
559 561 aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */
560 562 auf_null, 0,
561 563 aui_null, AUE_READ, aus_null, /* 173 pread */
562 564 auf_read, S2E_PUB,
563 565 aui_null, AUE_WRITE, aus_null, /* 174 pwrite */
564 566 auf_write, 0,
565 567 aui_null, AUE_NULL, aus_null, /* 175 llseek */
566 568 auf_null, 0,
567 569 aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) inst_sync */
568 570 auf_null, 0,
569 571 aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */
570 572 auf_null, 0,
571 573 aui_null, AUE_NULL, aus_null, /* 178 (loadable) kaio */
572 574 auf_null, 0,
573 575 aui_null, AUE_NULL, aus_null, /* 179 (loadable) cpc */
574 576 auf_null, 0,
575 577 aui_null, AUE_NULL, aus_null, /* 180 lgrpsys */
576 578 auf_null, 0,
577 579 aui_null, AUE_NULL, aus_null, /* 181 rusagesys */
578 580 auf_null, 0,
579 581 aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */
580 582 auf_null, S2E_MLD,
581 583 aui_null, AUE_NULL, aus_null, /* 183 pollsys */
582 584 auf_null, 0,
583 585 aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */
584 586 auf_null, 0,
585 587 aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */
586 588 auf_null, 0,
587 589 aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */
588 590 auf_null, 0,
589 591 aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, /* 187 processor_bind */
590 592 auf_null, 0,
591 593 aui_null, AUE_NULL, aus_null, /* 188 processor_info */
592 594 auf_null, 0,
593 595 aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */
594 596 auf_null, 0,
595 597 aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */
596 598 auf_null, 0,
597 599 aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */
598 600 auf_null, 0,
599 601 aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */
600 602 auf_null, 0,
601 603 aui_null, AUE_NULL, aus_null, /* 193 clock_getres */
602 604 auf_null, 0,
603 605 aui_null, AUE_NULL, aus_null, /* 194 timer_create */
604 606 auf_null, 0,
605 607 aui_null, AUE_NULL, aus_null, /* 195 timer_delete */
606 608 auf_null, 0,
607 609 aui_null, AUE_NULL, aus_null, /* 196 timer_settime */
608 610 auf_null, 0,
609 611 aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */
610 612 auf_null, 0,
611 613 aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */
612 614 auf_null, 0,
613 615 aui_null, AUE_NULL, aus_null, /* 199 nanosleep */
614 616 auf_null, 0,
615 617 aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */
616 618 auf_null, 0,
617 619 aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */
618 620 auf_null, 0,
619 621 aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */
620 622 auf_null, 0,
621 623 aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */
622 624 auf_null, 0,
623 625 aui_null, AUE_NULL, aus_null, /* 204 install_utrap */
624 626 auf_null, 0,
625 627 aui_null, AUE_NULL, aus_null, /* 205 signotify */
626 628 auf_null, 0,
627 629 aui_null, AUE_NULL, aus_null, /* 206 schedctl */
628 630 auf_null, 0,
629 631 aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */
630 632 auf_null, 0,
631 633 aui_null, AUE_NULL, aus_null, /* 208 sparc_utrap_install */
632 634 auf_null, 0,
633 635 aui_null, AUE_NULL, aus_null, /* 209 resolvepath */
634 636 auf_null, 0,
635 637 aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */
636 638 auf_null, 0,
637 639 aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */
638 640 auf_null, 0,
639 641 aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */
640 642 auf_null, 0,
641 643 aui_null, AUE_NULL, aus_null, /* 213 getdents64 */
642 644 auf_null, 0,
643 645 aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */
644 646 auf_null, 0,
645 647 aui_null, AUE_STAT, aus_null, /* 215 stat64 */
646 648 auf_null, S2E_PUB,
647 649 aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */
648 650 auf_null, S2E_PUB,
649 651 aui_null, AUE_NULL, aus_null, /* 217 fstat64 */
650 652 auf_null, 0,
651 653 aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */
652 654 auf_null, S2E_PUB,
653 655 aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */
654 656 auf_null, 0,
655 657 aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */
656 658 auf_null, 0,
657 659 aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */
658 660 auf_null, 0,
659 661 aui_null, AUE_READ, aus_null, /* 222 pread64 */
660 662 auf_read, S2E_PUB,
661 663 aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */
662 664 auf_write, 0,
663 665 aui_null, AUE_NULL, aus_null, /* 224 (loadable) was creat64 */
664 666 auf_null, 0,
665 667 aui_open, AUE_OPEN, aus_open, /* 225 open64 */
666 668 auf_null, S2E_SP,
667 669 aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */
668 670 auf_null, 0,
669 671 aui_null, AUE_NULL, aus_null, /* 227 zone */
670 672 auf_null, 0,
671 673 aui_null, AUE_NULL, aus_null, /* 228 (loadable) autofssys */
672 674 auf_null, 0,
673 675 aui_null, AUE_NULL, aus_null, /* 229 getcwd */
674 676 auf_null, 0,
675 677 aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */
676 678 auf_null, 0,
677 679 aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */
678 680 auf_null, 0,
679 681 aui_null, AUE_BIND, aus_null, /* 232 bind */
680 682 auf_bind, 0,
681 683 aui_null, AUE_NULL, aus_null, /* 233 listen */
682 684 auf_null, 0,
683 685 aui_null, AUE_ACCEPT, aus_null, /* 234 accept */
684 686 auf_accept, 0,
685 687 aui_null, AUE_CONNECT, aus_null, /* 235 connect */
686 688 auf_connect, 0,
687 689 aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */
688 690 auf_null, 0,
689 691 aui_null, AUE_READ, aus_null, /* 237 recv */
690 692 auf_recv, 0,
691 693 aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */
692 694 auf_recvfrom, 0,
693 695 aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */
694 696 auf_recvmsg, 0,
695 697 aui_null, AUE_WRITE, aus_null, /* 240 send */
696 698 auf_send, 0,
697 699 aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */
698 700 auf_sendmsg, 0,
699 701 aui_null, AUE_SENDTO, aus_null, /* 242 sendto */
700 702 auf_sendto, 0,
701 703 aui_null, AUE_NULL, aus_null, /* 243 getpeername */
702 704 auf_null, 0,
703 705 aui_null, AUE_NULL, aus_null, /* 244 getsockname */
704 706 auf_null, 0,
705 707 aui_null, AUE_NULL, aus_null, /* 245 getsockopt */
706 708 auf_null, 0,
707 709 aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */
708 710 auf_setsockopt, 0,
709 711 aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */
710 712 auf_null, 0,
711 713 aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */
712 714 auf_null, 0,
713 715 aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */
714 716 auf_null, 0,
715 717 aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */
716 718 auf_null, 0,
717 719 aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */
718 720 auf_null, 0,
719 721 aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */
720 722 auf_null, 0,
721 723 aui_null, AUE_NULL, aus_null, /* 253 cladm */
722 724 auf_null, 0,
723 725 aui_null, AUE_NULL, aus_null, /* 254 uucopy */
724 726 auf_null, 0,
725 727 aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */
726 728 auf_null, 0
727 729 };
728 730
729 731 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
730 732
731 733
732 734 /* exit start function */
733 735 /*ARGSUSED*/
734 736 static void
735 737 aus_exit(struct t_audit_data *tad)
|
↓ open down ↓ |
518 lines elided |
↑ open up ↑ |
736 738 {
737 739 uint32_t rval;
738 740 struct a {
739 741 long rval;
740 742 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
741 743
742 744 rval = (uint32_t)uap->rval;
743 745 au_uwrite(au_to_arg32(1, "exit status", rval));
744 746 }
745 747
748 +
746 749 /* acct start function */
747 750 /*ARGSUSED*/
748 751 static void
749 752 aus_acct(struct t_audit_data *tad)
750 753 {
751 754 klwp_t *clwp = ttolwp(curthread);
752 755 uintptr_t fname;
753 756
754 757 struct a {
755 758 long fname; /* char * */
756 759 } *uap = (struct a *)clwp->lwp_ap;
757 760
758 761 fname = (uintptr_t)uap->fname;
759 762
760 763 if (fname == 0)
761 764 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
762 765 }
763 766
764 767 /* chown start function */
765 768 /*ARGSUSED*/
766 769 static void
767 770 aus_chown(struct t_audit_data *tad)
768 771 {
769 772 klwp_t *clwp = ttolwp(curthread);
770 773 uint32_t uid, gid;
771 774
772 775 struct a {
773 776 long fname; /* char * */
774 777 long uid;
775 778 long gid;
776 779 } *uap = (struct a *)clwp->lwp_ap;
777 780
778 781 uid = (uint32_t)uap->uid;
779 782 gid = (uint32_t)uap->gid;
780 783
781 784 au_uwrite(au_to_arg32(2, "new file uid", uid));
782 785 au_uwrite(au_to_arg32(3, "new file gid", gid));
783 786 }
784 787
785 788 /* fchown start function */
786 789 /*ARGSUSED*/
787 790 static void
788 791 aus_fchown(struct t_audit_data *tad)
789 792 {
790 793 klwp_t *clwp = ttolwp(curthread);
791 794 uint32_t uid, gid, fd;
792 795 struct file *fp;
793 796 struct vnode *vp;
794 797 struct f_audit_data *fad;
795 798
796 799 struct a {
797 800 long fd;
798 801 long uid;
799 802 long gid;
800 803 } *uap = (struct a *)clwp->lwp_ap;
801 804
802 805 fd = (uint32_t)uap->fd;
803 806 uid = (uint32_t)uap->uid;
804 807 gid = (uint32_t)uap->gid;
805 808
806 809 au_uwrite(au_to_arg32(2, "new file uid", uid));
807 810 au_uwrite(au_to_arg32(3, "new file gid", gid));
808 811
809 812 /*
810 813 * convert file pointer to file descriptor
811 814 * Note: fd ref count incremented here.
812 815 */
813 816 if ((fp = getf(fd)) == NULL)
814 817 return;
815 818
816 819 /* get path from file struct here */
817 820 fad = F2A(fp);
818 821 if (fad->fad_aupath != NULL) {
819 822 au_uwrite(au_to_path(fad->fad_aupath));
820 823 } else {
821 824 au_uwrite(au_to_arg32(1, "no path: fd", fd));
822 825 }
823 826
824 827 vp = fp->f_vnode;
825 828 audit_attributes(vp);
826 829
827 830 /* decrement file descriptor reference count */
828 831 releasef(fd);
829 832 }
830 833
831 834 /*ARGSUSED*/
832 835 static void
833 836 aus_lchown(struct t_audit_data *tad)
834 837 {
835 838 klwp_t *clwp = ttolwp(curthread);
836 839 uint32_t uid, gid;
837 840
838 841
839 842 struct a {
840 843 long fname; /* char * */
841 844 long uid;
842 845 long gid;
843 846 } *uap = (struct a *)clwp->lwp_ap;
844 847
845 848 uid = (uint32_t)uap->uid;
846 849 gid = (uint32_t)uap->gid;
847 850
848 851 au_uwrite(au_to_arg32(2, "new file uid", uid));
849 852 au_uwrite(au_to_arg32(3, "new file gid", gid));
850 853 }
851 854
852 855 static au_event_t
853 856 aui_fchownat(au_event_t e)
854 857 {
855 858 klwp_t *clwp = ttolwp(curthread);
856 859
857 860 struct a {
858 861 long fd;
859 862 long fname; /* char * */
860 863 long uid;
861 864 long gid;
862 865 long flags;
863 866 } *uap = (struct a *)clwp->lwp_ap;
864 867
865 868 if (uap->fname == NULL)
866 869 e = AUE_FCHOWN;
867 870 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
868 871 e = AUE_LCHOWN;
869 872 else
870 873 e = AUE_CHOWN;
871 874
872 875 return (e);
873 876 }
874 877
875 878 /*ARGSUSED*/
876 879 static void
877 880 aus_fchownat(struct t_audit_data *tad)
878 881 {
879 882 klwp_t *clwp = ttolwp(curthread);
880 883 uint32_t uid, gid;
881 884
882 885 struct a {
883 886 long fd;
884 887 long fname; /* char * */
885 888 long uid;
886 889 long gid;
887 890 long flags;
888 891 } *uap = (struct a *)clwp->lwp_ap;
889 892
890 893 uid = (uint32_t)uap->uid;
891 894 gid = (uint32_t)uap->gid;
892 895
893 896 au_uwrite(au_to_arg32(3, "new file uid", uid));
894 897 au_uwrite(au_to_arg32(4, "new file gid", gid));
895 898 }
896 899
897 900 /*ARGSUSED*/
898 901 static void
899 902 aus_chmod(struct t_audit_data *tad)
900 903 {
901 904 klwp_t *clwp = ttolwp(curthread);
902 905 uint32_t fmode;
903 906
904 907 struct a {
905 908 long fname; /* char * */
906 909 long fmode;
907 910 } *uap = (struct a *)clwp->lwp_ap;
908 911
909 912 fmode = (uint32_t)uap->fmode;
910 913
911 914 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
912 915 }
913 916
914 917 /*ARGSUSED*/
915 918 static void
916 919 aus_fchmod(struct t_audit_data *tad)
917 920 {
918 921 klwp_t *clwp = ttolwp(curthread);
919 922 uint32_t fmode, fd;
920 923 struct file *fp;
921 924 struct vnode *vp;
922 925 struct f_audit_data *fad;
923 926
924 927 struct a {
925 928 long fd;
926 929 long fmode;
927 930 } *uap = (struct a *)clwp->lwp_ap;
928 931
929 932 fd = (uint32_t)uap->fd;
930 933 fmode = (uint32_t)uap->fmode;
931 934
932 935 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
933 936
934 937 /*
935 938 * convert file pointer to file descriptor
936 939 * Note: fd ref count incremented here.
937 940 */
938 941 if ((fp = getf(fd)) == NULL)
939 942 return;
940 943
941 944 /* get path from file struct here */
942 945 fad = F2A(fp);
943 946 if (fad->fad_aupath != NULL) {
944 947 au_uwrite(au_to_path(fad->fad_aupath));
945 948 } else {
946 949 au_uwrite(au_to_arg32(1, "no path: fd", fd));
947 950 }
948 951
949 952 vp = fp->f_vnode;
950 953 audit_attributes(vp);
951 954
952 955 /* decrement file descriptor reference count */
953 956 releasef(fd);
954 957 }
955 958
956 959 static au_event_t
957 960 aui_fchmodat(au_event_t e)
958 961 {
959 962 klwp_t *clwp = ttolwp(curthread);
960 963
961 964 struct a {
962 965 long fd;
963 966 long fname; /* char * */
964 967 long fmode;
965 968 long flag;
966 969 } *uap = (struct a *)clwp->lwp_ap;
967 970
968 971 if (uap->fname == NULL)
969 972 e = AUE_FCHMOD;
970 973 else
971 974 e = AUE_CHMOD;
972 975
973 976 return (e);
974 977 }
975 978
976 979 /*ARGSUSED*/
977 980 static void
978 981 aus_fchmodat(struct t_audit_data *tad)
979 982 {
980 983 klwp_t *clwp = ttolwp(curthread);
981 984 uint32_t fmode;
982 985 uint32_t fd;
983 986 struct file *fp;
984 987 struct vnode *vp;
985 988 struct f_audit_data *fad;
986 989
987 990 struct a {
988 991 long fd;
989 992 long fname; /* char * */
990 993 long fmode;
991 994 long flag;
992 995 } *uap = (struct a *)clwp->lwp_ap;
993 996
994 997 fd = (uint32_t)uap->fd;
995 998 fmode = (uint32_t)uap->fmode;
996 999
997 1000 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
998 1001
999 1002 if (fd == AT_FDCWD || uap->fname != NULL) /* same as chmod() */
1000 1003 return;
1001 1004
1002 1005 /*
1003 1006 * convert file pointer to file descriptor
1004 1007 * Note: fd ref count incremented here.
1005 1008 */
1006 1009 if ((fp = getf(fd)) == NULL)
1007 1010 return;
1008 1011
1009 1012 /* get path from file struct here */
1010 1013 fad = F2A(fp);
1011 1014 if (fad->fad_aupath != NULL) {
1012 1015 au_uwrite(au_to_path(fad->fad_aupath));
1013 1016 } else {
1014 1017 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1015 1018 }
1016 1019
1017 1020 vp = fp->f_vnode;
1018 1021 audit_attributes(vp);
1019 1022
1020 1023 /* decrement file descriptor reference count */
1021 1024 releasef(fd);
1022 1025 }
1023 1026
1024 1027 /*
1025 1028 * convert open mode to appropriate open event
1026 1029 */
1027 1030 au_event_t
1028 1031 open_event(uint_t fm)
1029 1032 {
1030 1033 au_event_t e;
1031 1034
1032 1035 switch (fm & (O_ACCMODE | O_CREAT | O_TRUNC)) {
1033 1036 case O_RDONLY:
1034 1037 e = AUE_OPEN_R;
1035 1038 break;
1036 1039 case O_RDONLY | O_CREAT:
1037 1040 e = AUE_OPEN_RC;
1038 1041 break;
1039 1042 case O_RDONLY | O_TRUNC:
1040 1043 e = AUE_OPEN_RT;
1041 1044 break;
1042 1045 case O_RDONLY | O_TRUNC | O_CREAT:
1043 1046 e = AUE_OPEN_RTC;
1044 1047 break;
1045 1048 case O_WRONLY:
1046 1049 e = AUE_OPEN_W;
1047 1050 break;
1048 1051 case O_WRONLY | O_CREAT:
1049 1052 e = AUE_OPEN_WC;
1050 1053 break;
1051 1054 case O_WRONLY | O_TRUNC:
1052 1055 e = AUE_OPEN_WT;
1053 1056 break;
1054 1057 case O_WRONLY | O_TRUNC | O_CREAT:
1055 1058 e = AUE_OPEN_WTC;
1056 1059 break;
1057 1060 case O_RDWR:
1058 1061 e = AUE_OPEN_RW;
1059 1062 break;
1060 1063 case O_RDWR | O_CREAT:
1061 1064 e = AUE_OPEN_RWC;
1062 1065 break;
1063 1066 case O_RDWR | O_TRUNC:
1064 1067 e = AUE_OPEN_RWT;
1065 1068 break;
1066 1069 case O_RDWR | O_TRUNC | O_CREAT:
1067 1070 e = AUE_OPEN_RWTC;
1068 1071 break;
1069 1072 case O_SEARCH:
1070 1073 e = AUE_OPEN_S;
1071 1074 break;
1072 1075 case O_EXEC:
1073 1076 e = AUE_OPEN_E;
1074 1077 break;
1075 1078 default:
1076 1079 e = AUE_NULL;
1077 1080 break;
1078 1081 }
1079 1082
1080 1083 return (e);
1081 1084 }
1082 1085
1083 1086 /* ARGSUSED */
1084 1087 static au_event_t
1085 1088 aui_open(au_event_t e)
1086 1089 {
1087 1090 klwp_t *clwp = ttolwp(curthread);
1088 1091 uint_t fm;
1089 1092
1090 1093 struct a {
1091 1094 long fnamep; /* char * */
1092 1095 long fmode;
1093 1096 long cmode;
1094 1097 } *uap = (struct a *)clwp->lwp_ap;
1095 1098
1096 1099 fm = (uint_t)uap->fmode;
1097 1100
1098 1101 return (open_event(fm));
1099 1102 }
1100 1103
1101 1104 static void
1102 1105 aus_open(struct t_audit_data *tad)
1103 1106 {
1104 1107 klwp_t *clwp = ttolwp(curthread);
1105 1108 uint_t fm;
1106 1109
1107 1110 struct a {
1108 1111 long fnamep; /* char * */
1109 1112 long fmode;
1110 1113 long cmode;
1111 1114 } *uap = (struct a *)clwp->lwp_ap;
1112 1115
1113 1116 fm = (uint_t)uap->fmode;
1114 1117
1115 1118 /* If no write, create, or trunc modes, mark as a public op */
1116 1119 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1117 1120 tad->tad_ctrl |= TAD_PUBLIC_EV;
1118 1121 }
1119 1122
1120 1123 /* ARGSUSED */
1121 1124 static au_event_t
1122 1125 aui_openat(au_event_t e)
1123 1126 {
1124 1127 t_audit_data_t *tad = T2A(curthread);
1125 1128 klwp_t *clwp = ttolwp(curthread);
1126 1129 uint_t fm;
1127 1130
1128 1131 struct a {
1129 1132 long filedes;
1130 1133 long fnamep; /* char * */
1131 1134 long fmode;
1132 1135 long cmode;
1133 1136 } *uap = (struct a *)clwp->lwp_ap;
1134 1137
1135 1138 fm = (uint_t)uap->fmode;
1136 1139
1137 1140 /*
1138 1141 * __openattrdirat() does an extra pathname lookup in order to
1139 1142 * enter the extended system attribute namespace of the referenced
1140 1143 * extended attribute filename.
1141 1144 */
1142 1145 if (fm & FXATTRDIROPEN)
1143 1146 tad->tad_ctrl |= TAD_MLD;
1144 1147
1145 1148 return (open_event(fm));
1146 1149 }
1147 1150
1148 1151 static void
1149 1152 aus_openat(struct t_audit_data *tad)
1150 1153 {
1151 1154 klwp_t *clwp = ttolwp(curthread);
1152 1155 uint_t fm;
1153 1156
1154 1157 struct a {
1155 1158 long filedes;
1156 1159 long fnamep; /* char * */
1157 1160 long fmode;
1158 1161 long cmode;
1159 1162 } *uap = (struct a *)clwp->lwp_ap;
1160 1163
1161 1164 fm = (uint_t)uap->fmode;
1162 1165
1163 1166 /* If no write, create, or trunc modes, mark as a public op */
1164 1167 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1165 1168 tad->tad_ctrl |= TAD_PUBLIC_EV;
1166 1169 }
1167 1170
1168 1171 static au_event_t
1169 1172 aui_unlinkat(au_event_t e)
1170 1173 {
1171 1174 klwp_t *clwp = ttolwp(curthread);
1172 1175
1173 1176 struct a {
1174 1177 long filedes;
1175 1178 long fnamep; /* char * */
1176 1179 long flags;
1177 1180 } *uap = (struct a *)clwp->lwp_ap;
1178 1181
1179 1182 if (uap->flags & AT_REMOVEDIR)
1180 1183 e = AUE_RMDIR;
1181 1184 else
1182 1185 e = AUE_UNLINK;
1183 1186
1184 1187 return (e);
1185 1188 }
1186 1189
1187 1190 static au_event_t
1188 1191 aui_fstatat(au_event_t e)
1189 1192 {
1190 1193 klwp_t *clwp = ttolwp(curthread);
1191 1194
1192 1195 struct a {
1193 1196 long filedes;
1194 1197 long fnamep; /* char * */
1195 1198 long statb;
1196 1199 long flags;
1197 1200 } *uap = (struct a *)clwp->lwp_ap;
1198 1201
1199 1202 if (uap->fnamep == NULL)
1200 1203 e = AUE_FSTAT;
1201 1204 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
1202 1205 e = AUE_LSTAT;
1203 1206 else
1204 1207 e = AUE_STAT;
1205 1208
1206 1209 return (e);
1207 1210 }
1208 1211
1209 1212 /* msgsys */
1210 1213 static au_event_t
1211 1214 aui_msgsys(au_event_t e)
1212 1215 {
1213 1216 klwp_t *clwp = ttolwp(curthread);
1214 1217 uint_t fm;
1215 1218
1216 1219 struct a {
1217 1220 long id; /* function code id */
1218 1221 long ap; /* arg pointer for recvmsg */
1219 1222 } *uap = (struct a *)clwp->lwp_ap;
1220 1223
1221 1224 struct b {
1222 1225 long msgid;
1223 1226 long cmd;
1224 1227 long buf; /* struct msqid_ds * */
1225 1228 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1226 1229
1227 1230 fm = (uint_t)uap->id;
1228 1231
1229 1232 switch (fm) {
1230 1233 case 0: /* msgget */
1231 1234 e = AUE_MSGGET;
1232 1235 break;
1233 1236 case 1: /* msgctl */
1234 1237 switch ((uint_t)uap1->cmd) {
1235 1238 case IPC_RMID:
1236 1239 e = AUE_MSGCTL_RMID;
1237 1240 break;
1238 1241 case IPC_SET:
1239 1242 e = AUE_MSGCTL_SET;
1240 1243 break;
1241 1244 case IPC_STAT:
1242 1245 e = AUE_MSGCTL_STAT;
1243 1246 break;
1244 1247 default:
1245 1248 e = AUE_MSGCTL;
1246 1249 break;
1247 1250 }
1248 1251 break;
1249 1252 case 2: /* msgrcv */
1250 1253 e = AUE_MSGRCV;
1251 1254 break;
1252 1255 case 3: /* msgsnd */
1253 1256 e = AUE_MSGSND;
1254 1257 break;
1255 1258 default: /* illegal system call */
1256 1259 e = AUE_NULL;
1257 1260 break;
1258 1261 }
1259 1262
1260 1263 return (e);
1261 1264 }
1262 1265
1263 1266
1264 1267 /* shmsys */
1265 1268 static au_event_t
1266 1269 aui_shmsys(au_event_t e)
1267 1270 {
1268 1271 klwp_t *clwp = ttolwp(curthread);
1269 1272 int fm;
1270 1273
1271 1274 struct a { /* shmsys */
1272 1275 long id; /* function code id */
1273 1276 } *uap = (struct a *)clwp->lwp_ap;
1274 1277
1275 1278 struct b { /* ctrl */
1276 1279 long shmid;
1277 1280 long cmd;
1278 1281 long arg; /* struct shmid_ds * */
1279 1282 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1280 1283 fm = (uint_t)uap->id;
1281 1284
1282 1285 switch (fm) {
1283 1286 case 0: /* shmat */
1284 1287 e = AUE_SHMAT;
1285 1288 break;
1286 1289 case 1: /* shmctl */
1287 1290 switch ((uint_t)uap1->cmd) {
1288 1291 case IPC_RMID:
1289 1292 e = AUE_SHMCTL_RMID;
1290 1293 break;
1291 1294 case IPC_SET:
1292 1295 e = AUE_SHMCTL_SET;
1293 1296 break;
1294 1297 case IPC_STAT:
1295 1298 e = AUE_SHMCTL_STAT;
1296 1299 break;
1297 1300 default:
1298 1301 e = AUE_SHMCTL;
1299 1302 break;
1300 1303 }
1301 1304 break;
1302 1305 case 2: /* shmdt */
1303 1306 e = AUE_SHMDT;
1304 1307 break;
1305 1308 case 3: /* shmget */
1306 1309 e = AUE_SHMGET;
1307 1310 break;
1308 1311 default: /* illegal system call */
1309 1312 e = AUE_NULL;
1310 1313 break;
1311 1314 }
1312 1315
1313 1316 return (e);
1314 1317 }
1315 1318
1316 1319
1317 1320 /* semsys */
1318 1321 static au_event_t
1319 1322 aui_semsys(au_event_t e)
1320 1323 {
1321 1324 klwp_t *clwp = ttolwp(curthread);
1322 1325 uint_t fm;
1323 1326
1324 1327 struct a { /* semsys */
1325 1328 long id;
1326 1329 } *uap = (struct a *)clwp->lwp_ap;
1327 1330
1328 1331 struct b { /* ctrl */
1329 1332 long semid;
1330 1333 long semnum;
1331 1334 long cmd;
1332 1335 long arg;
1333 1336 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1334 1337
1335 1338 fm = (uint_t)uap->id;
1336 1339
1337 1340 switch (fm) {
1338 1341 case 0: /* semctl */
1339 1342 switch ((uint_t)uap1->cmd) {
1340 1343 case IPC_RMID:
1341 1344 e = AUE_SEMCTL_RMID;
1342 1345 break;
1343 1346 case IPC_SET:
1344 1347 e = AUE_SEMCTL_SET;
1345 1348 break;
1346 1349 case IPC_STAT:
1347 1350 e = AUE_SEMCTL_STAT;
1348 1351 break;
1349 1352 case GETNCNT:
1350 1353 e = AUE_SEMCTL_GETNCNT;
1351 1354 break;
1352 1355 case GETPID:
1353 1356 e = AUE_SEMCTL_GETPID;
1354 1357 break;
1355 1358 case GETVAL:
1356 1359 e = AUE_SEMCTL_GETVAL;
1357 1360 break;
1358 1361 case GETALL:
1359 1362 e = AUE_SEMCTL_GETALL;
1360 1363 break;
1361 1364 case GETZCNT:
1362 1365 e = AUE_SEMCTL_GETZCNT;
1363 1366 break;
1364 1367 case SETVAL:
1365 1368 e = AUE_SEMCTL_SETVAL;
1366 1369 break;
1367 1370 case SETALL:
1368 1371 e = AUE_SEMCTL_SETALL;
1369 1372 break;
1370 1373 default:
1371 1374 e = AUE_SEMCTL;
1372 1375 break;
1373 1376 }
1374 1377 break;
1375 1378 case 1: /* semget */
1376 1379 e = AUE_SEMGET;
1377 1380 break;
1378 1381 case 2: /* semop */
1379 1382 e = AUE_SEMOP;
1380 1383 break;
1381 1384 default: /* illegal system call */
1382 1385 e = AUE_NULL;
1383 1386 break;
1384 1387 }
1385 1388
1386 1389 return (e);
1387 1390 }
1388 1391
1389 1392 /* utssys - uname(2), ustat(2), fusers(2) */
1390 1393 static au_event_t
1391 1394 aui_utssys(au_event_t e)
1392 1395 {
1393 1396 klwp_t *clwp = ttolwp(curthread);
1394 1397 uint_t type;
1395 1398
1396 1399 struct a {
1397 1400 union {
1398 1401 long cbuf; /* char * */
1399 1402 long ubuf; /* struct stat * */
1400 1403 } ub;
1401 1404 union {
1402 1405 long mv; /* for USTAT */
1403 1406 long flags; /* for FUSERS */
1404 1407 } un;
1405 1408 long type;
1406 1409 long outbp; /* char * for FUSERS */
1407 1410 } *uap = (struct a *)clwp->lwp_ap;
1408 1411
1409 1412 type = (uint_t)uap->type;
1410 1413
1411 1414 if (type == UTS_FUSERS)
1412 1415 return (e);
1413 1416 else
1414 1417 return ((au_event_t)AUE_NULL);
1415 1418 }
1416 1419
1417 1420 static au_event_t
1418 1421 aui_fcntl(au_event_t e)
1419 1422 {
1420 1423 klwp_t *clwp = ttolwp(curthread);
1421 1424 uint_t cmd;
1422 1425
1423 1426 struct a {
1424 1427 long fdes;
1425 1428 long cmd;
1426 1429 long arg;
1427 1430 } *uap = (struct a *)clwp->lwp_ap;
1428 1431
1429 1432 cmd = (uint_t)uap->cmd;
1430 1433
1431 1434 switch (cmd) {
1432 1435 case F_GETLK:
1433 1436 case F_SETLK:
1434 1437 case F_SETLKW:
1435 1438 break;
1436 1439 case F_SETFL:
1437 1440 case F_GETFL:
1438 1441 case F_GETFD:
1439 1442 break;
1440 1443 default:
1441 1444 e = (au_event_t)AUE_NULL;
1442 1445 break;
1443 1446 }
1444 1447 return ((au_event_t)e);
1445 1448 }
1446 1449
1447 1450 /* null function for now */
1448 1451 static au_event_t
1449 1452 aui_execve(au_event_t e)
1450 1453 {
1451 1454 return (e);
1452 1455 }
1453 1456
1454 1457 /*ARGSUSED*/
1455 1458 static void
1456 1459 aus_fcntl(struct t_audit_data *tad)
1457 1460 {
1458 1461 klwp_t *clwp = ttolwp(curthread);
1459 1462 uint32_t cmd, fd, flags;
1460 1463 struct file *fp;
1461 1464 struct vnode *vp;
1462 1465 struct f_audit_data *fad;
1463 1466
1464 1467 struct a {
1465 1468 long fd;
1466 1469 long cmd;
1467 1470 long arg;
1468 1471 } *uap = (struct a *)clwp->lwp_ap;
1469 1472
1470 1473 cmd = (uint32_t)uap->cmd;
1471 1474 fd = (uint32_t)uap->fd;
1472 1475 flags = (uint32_t)uap->arg;
1473 1476
1474 1477 au_uwrite(au_to_arg32(2, "cmd", cmd));
1475 1478
1476 1479 if (cmd == F_SETFL)
1477 1480 au_uwrite(au_to_arg32(3, "flags", flags));
1478 1481
1479 1482 /*
1480 1483 * convert file pointer to file descriptor
1481 1484 * Note: fd ref count incremented here.
1482 1485 */
1483 1486 if ((fp = getf(fd)) == NULL)
1484 1487 return;
1485 1488
1486 1489 /* get path from file struct here */
1487 1490 fad = F2A(fp);
1488 1491 if (fad->fad_aupath != NULL) {
1489 1492 au_uwrite(au_to_path(fad->fad_aupath));
1490 1493 } else {
1491 1494 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1492 1495 }
1493 1496
1494 1497 vp = fp->f_vnode;
1495 1498 audit_attributes(vp);
1496 1499
1497 1500 /* decrement file descriptor reference count */
1498 1501 releasef(fd);
1499 1502 }
1500 1503
1501 1504 /*ARGSUSED*/
1502 1505 static void
1503 1506 aus_kill(struct t_audit_data *tad)
1504 1507 {
1505 1508 klwp_t *clwp = ttolwp(curthread);
1506 1509 struct proc *p;
1507 1510 uint32_t signo;
1508 1511 uid_t uid, ruid;
1509 1512 gid_t gid, rgid;
1510 1513 pid_t pid;
1511 1514 const auditinfo_addr_t *ainfo;
1512 1515 cred_t *cr;
1513 1516
1514 1517 struct a {
1515 1518 long pid;
1516 1519 long signo;
1517 1520 } *uap = (struct a *)clwp->lwp_ap;
1518 1521
1519 1522 pid = (pid_t)uap->pid;
1520 1523 signo = (uint32_t)uap->signo;
1521 1524
1522 1525 au_uwrite(au_to_arg32(2, "signal", signo));
1523 1526 if (pid > 0) {
1524 1527 mutex_enter(&pidlock);
1525 1528 if (((p = prfind(pid)) == (struct proc *)0) ||
1526 1529 (p->p_stat == SIDL)) {
1527 1530 mutex_exit(&pidlock);
1528 1531 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1529 1532 return;
1530 1533 }
1531 1534 mutex_enter(&p->p_lock); /* so process doesn't go away */
1532 1535 mutex_exit(&pidlock);
1533 1536
1534 1537 mutex_enter(&p->p_crlock);
1535 1538 crhold(cr = p->p_cred);
1536 1539 mutex_exit(&p->p_crlock);
1537 1540 mutex_exit(&p->p_lock);
1538 1541
1539 1542 ainfo = crgetauinfo(cr);
1540 1543 if (ainfo == NULL) {
1541 1544 crfree(cr);
1542 1545 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1543 1546 return;
1544 1547 }
1545 1548
1546 1549 uid = crgetuid(cr);
1547 1550 gid = crgetgid(cr);
1548 1551 ruid = crgetruid(cr);
1549 1552 rgid = crgetrgid(cr);
1550 1553 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
1551 1554 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
1552 1555
1553 1556 if (is_system_labeled())
1554 1557 au_uwrite(au_to_label(CR_SL(cr)));
1555 1558
1556 1559 crfree(cr);
1557 1560 }
1558 1561 else
1559 1562 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1560 1563 }
1561 1564
1562 1565 /*ARGSUSED*/
1563 1566 static void
1564 1567 aus_mkdir(struct t_audit_data *tad)
1565 1568 {
1566 1569 klwp_t *clwp = ttolwp(curthread);
1567 1570 uint32_t dmode;
1568 1571
1569 1572 struct a {
1570 1573 long dirnamep; /* char * */
1571 1574 long dmode;
1572 1575 } *uap = (struct a *)clwp->lwp_ap;
1573 1576
1574 1577 dmode = (uint32_t)uap->dmode;
1575 1578
1576 1579 au_uwrite(au_to_arg32(2, "mode", dmode));
1577 1580 }
1578 1581
1579 1582 /*ARGSUSED*/
1580 1583 static void
1581 1584 aus_mkdirat(struct t_audit_data *tad)
1582 1585 {
1583 1586 klwp_t *clwp = ttolwp(curthread);
1584 1587 uint32_t dmode;
1585 1588
1586 1589 struct a {
1587 1590 long fd;
1588 1591 long dirnamep; /* char * */
1589 1592 long dmode;
1590 1593 } *uap = (struct a *)clwp->lwp_ap;
1591 1594
1592 1595 dmode = (uint32_t)uap->dmode;
1593 1596
1594 1597 au_uwrite(au_to_arg32(2, "mode", dmode));
1595 1598 }
1596 1599
1597 1600 /*ARGSUSED*/
1598 1601 static void
1599 1602 aus_mknod(struct t_audit_data *tad)
1600 1603 {
1601 1604 klwp_t *clwp = ttolwp(curthread);
1602 1605 uint32_t fmode;
1603 1606 dev_t dev;
1604 1607
1605 1608 struct a {
1606 1609 long pnamep; /* char * */
1607 1610 long fmode;
1608 1611 long dev;
1609 1612 } *uap = (struct a *)clwp->lwp_ap;
1610 1613
1611 1614 fmode = (uint32_t)uap->fmode;
1612 1615 dev = (dev_t)uap->dev;
1613 1616
1614 1617 au_uwrite(au_to_arg32(2, "mode", fmode));
1615 1618 #ifdef _LP64
1616 1619 au_uwrite(au_to_arg64(3, "dev", dev));
1617 1620 #else
1618 1621 au_uwrite(au_to_arg32(3, "dev", dev));
1619 1622 #endif
1620 1623 }
1621 1624
1622 1625 /*ARGSUSED*/
1623 1626 static void
1624 1627 auf_mknod(struct t_audit_data *tad, int error, rval_t *rval)
1625 1628 {
1626 1629 klwp_t *clwp = ttolwp(curthread);
1627 1630 vnode_t *dvp;
1628 1631 caddr_t pnamep;
1629 1632
1630 1633 struct a {
1631 1634 long pnamep; /* char * */
1632 1635 long fmode;
1633 1636 long dev;
1634 1637 } *uap = (struct a *)clwp->lwp_ap;
1635 1638
1636 1639 /* no error, then already path token in audit record */
1637 1640 if (error != EPERM && error != EINVAL)
1638 1641 return;
1639 1642
1640 1643 /* do the lookup to force generation of path token */
1641 1644 pnamep = (caddr_t)uap->pnamep;
1642 1645 tad->tad_ctrl |= TAD_NOATTRB;
1643 1646 error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP);
1644 1647 if (error == 0)
1645 1648 VN_RELE(dvp);
1646 1649 }
1647 1650
1648 1651 /*ARGSUSED*/
1649 1652 static void
1650 1653 aus_mknodat(struct t_audit_data *tad)
1651 1654 {
1652 1655 klwp_t *clwp = ttolwp(curthread);
1653 1656 uint32_t fmode;
1654 1657 dev_t dev;
1655 1658
1656 1659 struct a {
1657 1660 long fd;
1658 1661 long pnamep; /* char * */
1659 1662 long fmode;
1660 1663 long dev;
1661 1664 } *uap = (struct a *)clwp->lwp_ap;
1662 1665
1663 1666 fmode = (uint32_t)uap->fmode;
1664 1667 dev = (dev_t)uap->dev;
1665 1668
1666 1669 au_uwrite(au_to_arg32(2, "mode", fmode));
1667 1670 #ifdef _LP64
1668 1671 au_uwrite(au_to_arg64(3, "dev", dev));
1669 1672 #else
1670 1673 au_uwrite(au_to_arg32(3, "dev", dev));
1671 1674 #endif
1672 1675 }
1673 1676
1674 1677 /*ARGSUSED*/
1675 1678 static void
1676 1679 auf_mknodat(struct t_audit_data *tad, int error, rval_t *rval)
1677 1680 {
1678 1681 klwp_t *clwp = ttolwp(curthread);
1679 1682 vnode_t *startvp;
1680 1683 vnode_t *dvp;
1681 1684 caddr_t pnamep;
1682 1685 int fd;
1683 1686
1684 1687 struct a {
1685 1688 long fd;
1686 1689 long pnamep; /* char * */
1687 1690 long fmode;
1688 1691 long dev;
1689 1692 } *uap = (struct a *)clwp->lwp_ap;
1690 1693
1691 1694 /* no error, then already path token in audit record */
1692 1695 if (error != EPERM && error != EINVAL)
1693 1696 return;
1694 1697
1695 1698 /* do the lookup to force generation of path token */
1696 1699 fd = (int)uap->fd;
1697 1700 pnamep = (caddr_t)uap->pnamep;
1698 1701 if (pnamep == NULL ||
1699 1702 fgetstartvp(fd, pnamep, &startvp) != 0)
1700 1703 return;
1701 1704 tad->tad_ctrl |= TAD_NOATTRB;
1702 1705 error = lookupnameat(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP,
1703 1706 startvp);
1704 1707 if (error == 0)
1705 1708 VN_RELE(dvp);
1706 1709 if (startvp != NULL)
1707 1710 VN_RELE(startvp);
1708 1711 }
1709 1712
1710 1713 /*ARGSUSED*/
1711 1714 static void
1712 1715 aus_mount(struct t_audit_data *tad)
1713 1716 { /* AUS_START */
1714 1717 klwp_t *clwp = ttolwp(curthread);
1715 1718 uint32_t flags;
1716 1719 uintptr_t u_fstype, dataptr;
1717 1720 STRUCT_DECL(nfs_args, nfsargs);
1718 1721 size_t len;
1719 1722 char *fstype, *hostname;
1720 1723
1721 1724 struct a {
1722 1725 long spec; /* char * */
1723 1726 long dir; /* char * */
1724 1727 long flags;
1725 1728 long fstype; /* char * */
1726 1729 long dataptr; /* char * */
1727 1730 long datalen;
1728 1731 } *uap = (struct a *)clwp->lwp_ap;
1729 1732
1730 1733 u_fstype = (uintptr_t)uap->fstype;
1731 1734 flags = (uint32_t)uap->flags;
1732 1735 dataptr = (uintptr_t)uap->dataptr;
1733 1736
1734 1737 fstype = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1735 1738 if (copyinstr((caddr_t)u_fstype, (caddr_t)fstype, MAXNAMELEN, &len))
1736 1739 goto mount_free_fstype;
1737 1740
1738 1741 au_uwrite(au_to_arg32(3, "flags", flags));
1739 1742 au_uwrite(au_to_text(fstype));
1740 1743
1741 1744 if (strncmp(fstype, "nfs", 3) == 0) {
1742 1745
1743 1746 STRUCT_INIT(nfsargs, get_udatamodel());
1744 1747 bzero(STRUCT_BUF(nfsargs), STRUCT_SIZE(nfsargs));
1745 1748
1746 1749 if (copyin((caddr_t)dataptr,
1747 1750 STRUCT_BUF(nfsargs),
1748 1751 MIN(uap->datalen, STRUCT_SIZE(nfsargs)))) {
1749 1752 /* DEBUG debug_enter((char *)NULL); */
1750 1753 goto mount_free_fstype;
1751 1754 }
1752 1755 hostname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1753 1756 if (copyinstr(STRUCT_FGETP(nfsargs, hostname),
1754 1757 (caddr_t)hostname,
1755 1758 MAXNAMELEN, &len)) {
1756 1759 goto mount_free_hostname;
1757 1760 }
1758 1761 au_uwrite(au_to_text(hostname));
1759 1762 au_uwrite(au_to_arg32(3, "internal flags",
1760 1763 (uint_t)STRUCT_FGET(nfsargs, flags)));
1761 1764
1762 1765 mount_free_hostname:
1763 1766 kmem_free(hostname, MAXNAMELEN);
1764 1767 }
1765 1768
1766 1769 mount_free_fstype:
1767 1770 kmem_free(fstype, MAXNAMELEN);
1768 1771 } /* AUS_MOUNT */
1769 1772
1770 1773 static void
1771 1774 aus_umount_path(caddr_t umount_dir)
1772 1775 {
1773 1776 char *dir_path;
1774 1777 struct audit_path *path;
1775 1778 size_t path_len, dir_len;
1776 1779
1777 1780 /* length alloc'd for two string pointers */
1778 1781 path_len = sizeof (struct audit_path) + sizeof (char *);
1779 1782 path = kmem_alloc(path_len, KM_SLEEP);
1780 1783 dir_path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1781 1784
1782 1785 if (copyinstr(umount_dir, (caddr_t)dir_path,
1783 1786 MAXPATHLEN, &dir_len))
1784 1787 goto umount2_free_dir;
1785 1788
1786 1789 /*
1787 1790 * the audit_path struct assumes that the buffer pointed to
1788 1791 * by audp_sect[n] contains string 0 immediatedly followed
1789 1792 * by string 1.
1790 1793 */
1791 1794 path->audp_sect[0] = dir_path;
1792 1795 path->audp_sect[1] = dir_path + strlen(dir_path) + 1;
1793 1796 path->audp_size = path_len;
1794 1797 path->audp_ref = 1; /* not used */
1795 1798 path->audp_cnt = 1; /* one path string */
1796 1799
1797 1800 au_uwrite(au_to_path(path));
1798 1801
1799 1802 umount2_free_dir:
1800 1803 kmem_free(dir_path, MAXPATHLEN);
1801 1804 kmem_free(path, path_len);
1802 1805 }
1803 1806
1804 1807 /*ARGSUSED*/
1805 1808 static void
1806 1809 aus_umount2(struct t_audit_data *tad)
1807 1810 {
1808 1811 klwp_t *clwp = ttolwp(curthread);
1809 1812 struct a {
1810 1813 long dir; /* char * */
1811 1814 long flags;
1812 1815 } *uap = (struct a *)clwp->lwp_ap;
1813 1816
1814 1817 aus_umount_path((caddr_t)uap->dir);
1815 1818
1816 1819 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
1817 1820 }
1818 1821
1819 1822 static void
1820 1823 aus_msgsys(struct t_audit_data *tad)
1821 1824 {
1822 1825 klwp_t *clwp = ttolwp(curthread);
1823 1826 uint32_t msgid;
1824 1827
1825 1828 struct b {
1826 1829 long msgid;
1827 1830 long cmd;
1828 1831 long buf; /* struct msqid_ds * */
1829 1832 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1830 1833
1831 1834 msgid = (uint32_t)uap1->msgid;
1832 1835
1833 1836
1834 1837 switch (tad->tad_event) {
1835 1838 case AUE_MSGGET: /* msgget */
1836 1839 au_uwrite(au_to_arg32(1, "msg key", msgid));
1837 1840 break;
1838 1841 case AUE_MSGCTL: /* msgctl */
1839 1842 case AUE_MSGCTL_RMID: /* msgctl */
1840 1843 case AUE_MSGCTL_SET: /* msgctl */
1841 1844 case AUE_MSGCTL_STAT: /* msgctl */
1842 1845 case AUE_MSGRCV: /* msgrcv */
1843 1846 case AUE_MSGSND: /* msgsnd */
1844 1847 au_uwrite(au_to_arg32(1, "msg ID", msgid));
1845 1848 break;
1846 1849 }
1847 1850 }
1848 1851
1849 1852 /*ARGSUSED*/
1850 1853 static void
1851 1854 auf_msgsys(struct t_audit_data *tad, int error, rval_t *rval)
1852 1855 {
1853 1856 int id;
1854 1857
1855 1858 if (error != 0)
1856 1859 return;
1857 1860 if (tad->tad_event == AUE_MSGGET) {
1858 1861 uint32_t scid;
1859 1862 uint32_t sy_flags;
1860 1863
1861 1864 /* need to determine type of executing binary */
1862 1865 scid = tad->tad_scid;
1863 1866 #ifdef _SYSCALL32_IMPL
1864 1867 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1865 1868 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1866 1869 else
1867 1870 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1868 1871 #else
1869 1872 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1870 1873 #endif
1871 1874 if (sy_flags == SE_32RVAL1)
1872 1875 id = rval->r_val1;
1873 1876 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1874 1877 id = rval->r_val1;
1875 1878 if (sy_flags == SE_64RVAL)
1876 1879 id = (int)rval->r_vals;
1877 1880
1878 1881 au_uwrite(au_to_ipc(AT_IPC_MSG, id));
1879 1882 }
1880 1883 }
1881 1884
1882 1885 static void
1883 1886 aus_semsys(struct t_audit_data *tad)
1884 1887 {
1885 1888 klwp_t *clwp = ttolwp(curthread);
1886 1889 uint32_t semid;
1887 1890
1888 1891 struct b { /* ctrl */
1889 1892 long semid;
1890 1893 long semnum;
1891 1894 long cmd;
1892 1895 long arg;
1893 1896 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1894 1897
1895 1898 semid = (uint32_t)uap1->semid;
1896 1899
1897 1900 switch (tad->tad_event) {
1898 1901 case AUE_SEMCTL_RMID:
1899 1902 case AUE_SEMCTL_STAT:
1900 1903 case AUE_SEMCTL_GETNCNT:
1901 1904 case AUE_SEMCTL_GETPID:
1902 1905 case AUE_SEMCTL_GETVAL:
1903 1906 case AUE_SEMCTL_GETALL:
1904 1907 case AUE_SEMCTL_GETZCNT:
1905 1908 case AUE_SEMCTL_SET:
1906 1909 case AUE_SEMCTL_SETVAL:
1907 1910 case AUE_SEMCTL_SETALL:
1908 1911 case AUE_SEMCTL:
1909 1912 case AUE_SEMOP:
1910 1913 au_uwrite(au_to_arg32(1, "sem ID", semid));
1911 1914 break;
1912 1915 case AUE_SEMGET:
1913 1916 au_uwrite(au_to_arg32(1, "sem key", semid));
1914 1917 break;
1915 1918 }
1916 1919 }
1917 1920
1918 1921 /*ARGSUSED*/
1919 1922 static void
1920 1923 auf_semsys(struct t_audit_data *tad, int error, rval_t *rval)
1921 1924 {
1922 1925 int id;
1923 1926
1924 1927 if (error != 0)
1925 1928 return;
1926 1929 if (tad->tad_event == AUE_SEMGET) {
1927 1930 uint32_t scid;
1928 1931 uint32_t sy_flags;
1929 1932
1930 1933 /* need to determine type of executing binary */
1931 1934 scid = tad->tad_scid;
1932 1935 #ifdef _SYSCALL32_IMPL
1933 1936 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1934 1937 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1935 1938 else
1936 1939 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1937 1940 #else
1938 1941 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1939 1942 #endif
1940 1943 if (sy_flags == SE_32RVAL1)
1941 1944 id = rval->r_val1;
1942 1945 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1943 1946 id = rval->r_val1;
1944 1947 if (sy_flags == SE_64RVAL)
1945 1948 id = (int)rval->r_vals;
1946 1949
1947 1950 au_uwrite(au_to_ipc(AT_IPC_SEM, id));
1948 1951 }
1949 1952 }
1950 1953
1951 1954 /*ARGSUSED*/
1952 1955 static void
1953 1956 aus_close(struct t_audit_data *tad)
1954 1957 {
1955 1958 klwp_t *clwp = ttolwp(curthread);
1956 1959 uint32_t fd;
1957 1960 struct file *fp;
1958 1961 struct f_audit_data *fad;
1959 1962 struct vnode *vp;
1960 1963 struct vattr attr;
1961 1964 au_kcontext_t *kctx = GET_KCTX_PZ;
1962 1965
1963 1966 struct a {
1964 1967 long i;
1965 1968 } *uap = (struct a *)clwp->lwp_ap;
1966 1969
1967 1970 fd = (uint32_t)uap->i;
1968 1971
1969 1972 attr.va_mask = 0;
1970 1973 au_uwrite(au_to_arg32(1, "fd", fd));
1971 1974
1972 1975 /*
1973 1976 * convert file pointer to file descriptor
1974 1977 * Note: fd ref count incremented here.
1975 1978 */
1976 1979 if ((fp = getf(fd)) == NULL)
1977 1980 return;
1978 1981
1979 1982 fad = F2A(fp);
1980 1983 tad->tad_evmod = (au_emod_t)fad->fad_flags;
1981 1984 if (fad->fad_aupath != NULL) {
1982 1985 au_uwrite(au_to_path(fad->fad_aupath));
1983 1986 if ((vp = fp->f_vnode) != NULL) {
1984 1987 attr.va_mask = AT_ALL;
1985 1988 if (VOP_GETATTR(vp, &attr, 0, CRED(), NULL) == 0) {
1986 1989 /*
1987 1990 * When write was not used and the file can be
1988 1991 * considered public, skip the audit.
1989 1992 */
1990 1993 if (((fp->f_flag & FWRITE) == 0) &&
1991 1994 object_is_public(&attr)) {
1992 1995 tad->tad_flag = 0;
1993 1996 tad->tad_evmod = 0;
1994 1997 /* free any residual audit data */
1995 1998 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
1996 1999 releasef(fd);
1997 2000 return;
1998 2001 }
1999 2002 au_uwrite(au_to_attr(&attr));
2000 2003 audit_sec_attributes(&(u_ad), vp);
2001 2004 }
2002 2005 }
2003 2006 }
2004 2007
2005 2008 /* decrement file descriptor reference count */
2006 2009 releasef(fd);
2007 2010 }
2008 2011
2009 2012 /*ARGSUSED*/
2010 2013 static void
2011 2014 aus_fstatfs(struct t_audit_data *tad)
2012 2015 {
2013 2016 klwp_t *clwp = ttolwp(curthread);
2014 2017 uint32_t fd;
2015 2018 struct file *fp;
2016 2019 struct vnode *vp;
2017 2020 struct f_audit_data *fad;
2018 2021
2019 2022 struct a {
2020 2023 long fd;
2021 2024 long buf; /* struct statfs * */
2022 2025 } *uap = (struct a *)clwp->lwp_ap;
2023 2026
2024 2027 fd = (uint_t)uap->fd;
2025 2028
2026 2029 /*
2027 2030 * convert file pointer to file descriptor
2028 2031 * Note: fd ref count incremented here.
2029 2032 */
2030 2033 if ((fp = getf(fd)) == NULL)
2031 2034 return;
2032 2035
2033 2036 /* get path from file struct here */
2034 2037 fad = F2A(fp);
2035 2038 if (fad->fad_aupath != NULL) {
2036 2039 au_uwrite(au_to_path(fad->fad_aupath));
2037 2040 } else {
2038 2041 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2039 2042 }
2040 2043
2041 2044 vp = fp->f_vnode;
2042 2045 audit_attributes(vp);
2043 2046
2044 2047 /* decrement file descriptor reference count */
2045 2048 releasef(fd);
2046 2049 }
2047 2050
2048 2051 static au_event_t
2049 2052 aui_setpgrp(au_event_t e)
2050 2053 {
2051 2054 klwp_t *clwp = ttolwp(curthread);
2052 2055 int flag;
2053 2056
2054 2057 struct a {
2055 2058 long flag;
2056 2059 long pid;
2057 2060 long pgid;
2058 2061 } *uap = (struct a *)clwp->lwp_ap;
2059 2062
2060 2063 flag = (int)uap->flag;
2061 2064
2062 2065
2063 2066 switch (flag) {
2064 2067
2065 2068 case 1: /* setpgrp() */
2066 2069 e = AUE_SETPGRP;
2067 2070 break;
2068 2071
2069 2072 case 3: /* setsid() */
2070 2073 e = AUE_SETSID;
2071 2074 break;
2072 2075
2073 2076 case 5: /* setpgid() */
2074 2077 e = AUE_SETPGID;
2075 2078 break;
2076 2079
2077 2080 case 0: /* getpgrp() - not security relevant */
2078 2081 case 2: /* getsid() - not security relevant */
2079 2082 case 4: /* getpgid() - not security relevant */
2080 2083 e = AUE_NULL;
2081 2084 break;
2082 2085
2083 2086 default:
2084 2087 e = AUE_NULL;
2085 2088 break;
2086 2089 }
2087 2090
2088 2091 return (e);
2089 2092 }
2090 2093
2091 2094 /*ARGSUSED*/
2092 2095 static void
2093 2096 aus_setpgrp(struct t_audit_data *tad)
2094 2097 {
2095 2098 klwp_t *clwp = ttolwp(curthread);
2096 2099 pid_t pgid;
2097 2100 struct proc *p;
2098 2101 uid_t uid, ruid;
2099 2102 gid_t gid, rgid;
2100 2103 pid_t pid;
2101 2104 cred_t *cr;
2102 2105 int flag;
2103 2106 const auditinfo_addr_t *ainfo;
2104 2107
2105 2108 struct a {
2106 2109 long flag;
2107 2110 long pid;
2108 2111 long pgid;
2109 2112 } *uap = (struct a *)clwp->lwp_ap;
2110 2113
2111 2114 flag = (int)uap->flag;
2112 2115 pid = (pid_t)uap->pid;
2113 2116 pgid = (pid_t)uap->pgid;
2114 2117
2115 2118
2116 2119 switch (flag) {
2117 2120
2118 2121 case 0: /* getpgrp() */
2119 2122 case 1: /* setpgrp() */
2120 2123 case 2: /* getsid() */
2121 2124 case 3: /* setsid() */
2122 2125 case 4: /* getpgid() */
2123 2126 break;
2124 2127
2125 2128 case 5: /* setpgid() */
2126 2129
2127 2130 /* current process? */
2128 2131 if (pid == 0) {
2129 2132 return;
2130 2133 }
2131 2134
2132 2135 mutex_enter(&pidlock);
2133 2136 p = prfind(pid);
2134 2137 if (p == NULL || p->p_as == &kas ||
2135 2138 p->p_stat == SIDL || p->p_stat == SZOMB) {
2136 2139 mutex_exit(&pidlock);
2137 2140 return;
2138 2141 }
2139 2142 mutex_enter(&p->p_lock); /* so process doesn't go away */
2140 2143 mutex_exit(&pidlock);
2141 2144
2142 2145 mutex_enter(&p->p_crlock);
2143 2146 crhold(cr = p->p_cred);
2144 2147 mutex_exit(&p->p_crlock);
2145 2148 mutex_exit(&p->p_lock);
2146 2149
2147 2150 ainfo = crgetauinfo(cr);
2148 2151 if (ainfo == NULL) {
2149 2152 crfree(cr);
2150 2153 return;
2151 2154 }
2152 2155
2153 2156 uid = crgetuid(cr);
2154 2157 gid = crgetgid(cr);
2155 2158 ruid = crgetruid(cr);
2156 2159 rgid = crgetrgid(cr);
2157 2160 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
2158 2161 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
2159 2162 crfree(cr);
2160 2163 au_uwrite(au_to_arg32(2, "pgid", pgid));
2161 2164 break;
2162 2165
2163 2166 default:
2164 2167 break;
2165 2168 }
2166 2169 }
2167 2170
2168 2171
2169 2172 /*ARGSUSED*/
2170 2173 static void
2171 2174 aus_setregid(struct t_audit_data *tad)
2172 2175 {
2173 2176 klwp_t *clwp = ttolwp(curthread);
2174 2177 uint32_t rgid, egid;
2175 2178
2176 2179 struct a {
2177 2180 long rgid;
2178 2181 long egid;
2179 2182 } *uap = (struct a *)clwp->lwp_ap;
2180 2183
2181 2184 rgid = (uint32_t)uap->rgid;
2182 2185 egid = (uint32_t)uap->egid;
2183 2186
2184 2187 au_uwrite(au_to_arg32(1, "rgid", rgid));
2185 2188 au_uwrite(au_to_arg32(2, "egid", egid));
2186 2189 }
2187 2190
2188 2191 /*ARGSUSED*/
2189 2192 static void
2190 2193 aus_setgid(struct t_audit_data *tad)
2191 2194 {
2192 2195 klwp_t *clwp = ttolwp(curthread);
2193 2196 uint32_t gid;
2194 2197
2195 2198 struct a {
2196 2199 long gid;
2197 2200 } *uap = (struct a *)clwp->lwp_ap;
2198 2201
2199 2202 gid = (uint32_t)uap->gid;
2200 2203
2201 2204 au_uwrite(au_to_arg32(1, "gid", gid));
2202 2205 }
2203 2206
2204 2207
2205 2208 /*ARGSUSED*/
2206 2209 static void
2207 2210 aus_setreuid(struct t_audit_data *tad)
2208 2211 {
2209 2212 klwp_t *clwp = ttolwp(curthread);
2210 2213 uint32_t ruid, euid;
2211 2214
2212 2215 struct a {
2213 2216 long ruid;
2214 2217 long euid;
2215 2218 } *uap = (struct a *)clwp->lwp_ap;
2216 2219
2217 2220 ruid = (uint32_t)uap->ruid;
2218 2221 euid = (uint32_t)uap->euid;
2219 2222
2220 2223 au_uwrite(au_to_arg32(1, "ruid", ruid));
2221 2224 au_uwrite(au_to_arg32(2, "euid", euid));
2222 2225 }
2223 2226
2224 2227
2225 2228 /*ARGSUSED*/
2226 2229 static void
2227 2230 aus_setuid(struct t_audit_data *tad)
2228 2231 {
2229 2232 klwp_t *clwp = ttolwp(curthread);
2230 2233 uint32_t uid;
2231 2234
2232 2235 struct a {
2233 2236 long uid;
2234 2237 } *uap = (struct a *)clwp->lwp_ap;
2235 2238
2236 2239 uid = (uint32_t)uap->uid;
2237 2240
2238 2241 au_uwrite(au_to_arg32(1, "uid", uid));
2239 2242 }
2240 2243
2241 2244 /*ARGSUSED*/
2242 2245 static void
2243 2246 aus_shmsys(struct t_audit_data *tad)
2244 2247 {
2245 2248 klwp_t *clwp = ttolwp(curthread);
2246 2249 uint32_t id, cmd;
2247 2250
2248 2251 struct b {
2249 2252 long id;
2250 2253 long cmd;
2251 2254 long buf; /* struct shmid_ds * */
2252 2255 } *uap1 = (struct b *)&clwp->lwp_ap[1];
2253 2256
2254 2257 id = (uint32_t)uap1->id;
2255 2258 cmd = (uint32_t)uap1->cmd;
2256 2259
2257 2260 switch (tad->tad_event) {
2258 2261 case AUE_SHMGET: /* shmget */
2259 2262 au_uwrite(au_to_arg32(1, "shm key", id));
2260 2263 break;
2261 2264 case AUE_SHMCTL: /* shmctl */
2262 2265 case AUE_SHMCTL_RMID: /* shmctl */
2263 2266 case AUE_SHMCTL_STAT: /* shmctl */
2264 2267 case AUE_SHMCTL_SET: /* shmctl */
2265 2268 au_uwrite(au_to_arg32(1, "shm ID", id));
2266 2269 break;
2267 2270 case AUE_SHMDT: /* shmdt */
2268 2271 au_uwrite(au_to_arg32(1, "shm adr", id));
2269 2272 break;
2270 2273 case AUE_SHMAT: /* shmat */
2271 2274 au_uwrite(au_to_arg32(1, "shm ID", id));
2272 2275 au_uwrite(au_to_arg32(2, "shm adr", cmd));
2273 2276 break;
2274 2277 }
2275 2278 }
2276 2279
2277 2280 /*ARGSUSED*/
2278 2281 static void
2279 2282 auf_shmsys(struct t_audit_data *tad, int error, rval_t *rval)
2280 2283 {
2281 2284 int id;
2282 2285
2283 2286 if (error != 0)
2284 2287 return;
2285 2288 if (tad->tad_event == AUE_SHMGET) {
2286 2289 uint32_t scid;
2287 2290 uint32_t sy_flags;
2288 2291
2289 2292 /* need to determine type of executing binary */
2290 2293 scid = tad->tad_scid;
2291 2294 #ifdef _SYSCALL32_IMPL
2292 2295 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
2293 2296 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2294 2297 else
2295 2298 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
2296 2299 #else
2297 2300 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2298 2301 #endif
2299 2302 if (sy_flags == SE_32RVAL1)
2300 2303 id = rval->r_val1;
2301 2304 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
2302 2305 id = rval->r_val1;
2303 2306 if (sy_flags == SE_64RVAL)
2304 2307 id = (int)rval->r_vals;
2305 2308 au_uwrite(au_to_ipc(AT_IPC_SHM, id));
2306 2309 }
2307 2310 }
2308 2311
2309 2312
2310 2313 /*ARGSUSED*/
2311 2314 static void
2312 2315 aus_ioctl(struct t_audit_data *tad)
2313 2316 {
2314 2317 klwp_t *clwp = ttolwp(curthread);
2315 2318 struct file *fp;
2316 2319 struct vnode *vp;
2317 2320 struct f_audit_data *fad;
2318 2321 uint32_t fd, cmd;
2319 2322 uintptr_t cmarg;
2320 2323
2321 2324 /* XX64 */
2322 2325 struct a {
2323 2326 long fd;
2324 2327 long cmd;
2325 2328 long cmarg; /* caddr_t */
2326 2329 } *uap = (struct a *)clwp->lwp_ap;
2327 2330
2328 2331 fd = (uint32_t)uap->fd;
2329 2332 cmd = (uint32_t)uap->cmd;
2330 2333 cmarg = (uintptr_t)uap->cmarg;
2331 2334
2332 2335 /*
2333 2336 * convert file pointer to file descriptor
2334 2337 * Note: fd ref count incremented here.
2335 2338 */
2336 2339 if ((fp = getf(fd)) == NULL) {
2337 2340 au_uwrite(au_to_arg32(1, "fd", fd));
2338 2341 au_uwrite(au_to_arg32(2, "cmd", cmd));
2339 2342 #ifndef _LP64
2340 2343 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2341 2344 #else
2342 2345 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2343 2346 #endif
2344 2347 return;
2345 2348 }
2346 2349
2347 2350 /* get path from file struct here */
2348 2351 fad = F2A(fp);
2349 2352 if (fad->fad_aupath != NULL) {
2350 2353 au_uwrite(au_to_path(fad->fad_aupath));
2351 2354 } else {
2352 2355 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2353 2356 }
2354 2357
2355 2358 vp = fp->f_vnode;
2356 2359 audit_attributes(vp);
2357 2360
2358 2361 /* decrement file descriptor reference count */
2359 2362 releasef(fd);
2360 2363
2361 2364 au_uwrite(au_to_arg32(2, "cmd", cmd));
2362 2365 #ifndef _LP64
2363 2366 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2364 2367 #else
2365 2368 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2366 2369 #endif
2367 2370 }
2368 2371
2369 2372 /*
2370 2373 * null function for memcntl for now. We might want to limit memcntl()
2371 2374 * auditing to commands: MC_LOCKAS, MC_LOCK, MC_UNLOCKAS, MC_UNLOCK which
2372 2375 * require privileges.
2373 2376 */
2374 2377 static au_event_t
2375 2378 aui_memcntl(au_event_t e)
2376 2379 {
2377 2380 return (e);
2378 2381 }
2379 2382
2380 2383 /*ARGSUSED*/
2381 2384 static au_event_t
2382 2385 aui_privsys(au_event_t e)
2383 2386 {
2384 2387 klwp_t *clwp = ttolwp(curthread);
2385 2388
2386 2389 struct a {
2387 2390 long opcode;
2388 2391 } *uap = (struct a *)clwp->lwp_ap;
2389 2392
2390 2393 switch (uap->opcode) {
2391 2394 case PRIVSYS_SETPPRIV:
2392 2395 return (AUE_SETPPRIV);
2393 2396 default:
2394 2397 return (AUE_NULL);
2395 2398 }
2396 2399 }
2397 2400
2398 2401 /*ARGSUSED*/
2399 2402 static void
2400 2403 aus_memcntl(struct t_audit_data *tad)
2401 2404 {
2402 2405 klwp_t *clwp = ttolwp(curthread);
2403 2406
2404 2407 struct a {
2405 2408 long addr;
2406 2409 long len;
2407 2410 long cmd;
2408 2411 long arg;
2409 2412 long attr;
2410 2413 long mask;
2411 2414 } *uap = (struct a *)clwp->lwp_ap;
2412 2415
2413 2416 #ifdef _LP64
2414 2417 au_uwrite(au_to_arg64(1, "base", (uint64_t)uap->addr));
2415 2418 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2416 2419 #else
2417 2420 au_uwrite(au_to_arg32(1, "base", (uint32_t)uap->addr));
2418 2421 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2419 2422 #endif
2420 2423 au_uwrite(au_to_arg32(3, "cmd", (uint_t)uap->cmd));
2421 2424 #ifdef _LP64
2422 2425 au_uwrite(au_to_arg64(4, "arg", (uint64_t)uap->arg));
2423 2426 #else
2424 2427 au_uwrite(au_to_arg32(4, "arg", (uint32_t)uap->arg));
2425 2428 #endif
2426 2429 au_uwrite(au_to_arg32(5, "attr", (uint_t)uap->attr));
2427 2430 au_uwrite(au_to_arg32(6, "mask", (uint_t)uap->mask));
2428 2431 }
2429 2432
2430 2433 /*ARGSUSED*/
2431 2434 static void
2432 2435 aus_mmap(struct t_audit_data *tad)
2433 2436 {
2434 2437 klwp_t *clwp = ttolwp(curthread);
2435 2438 struct file *fp;
2436 2439 struct f_audit_data *fad;
2437 2440 struct vnode *vp;
2438 2441 uint32_t fd;
2439 2442
2440 2443 struct a {
2441 2444 long addr;
2442 2445 long len;
2443 2446 long prot;
2444 2447 long flags;
2445 2448 long fd;
2446 2449 long pos;
2447 2450 } *uap = (struct a *)clwp->lwp_ap;
2448 2451
2449 2452 fd = (uint32_t)uap->fd;
2450 2453
2451 2454 #ifdef _LP64
2452 2455 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2453 2456 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2454 2457 #else
2455 2458 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2456 2459 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2457 2460 #endif
2458 2461
2459 2462 if ((fp = getf(fd)) == NULL) {
2460 2463 au_uwrite(au_to_arg32(5, "fd", (uint32_t)uap->fd));
2461 2464 return;
2462 2465 }
2463 2466
2464 2467 /*
2465 2468 * Mark in the tad if write access is NOT requested... if
2466 2469 * this is later detected (in audit_attributes) to be a
2467 2470 * public object, the mmap event may be discarded.
2468 2471 */
2469 2472 if (((uap->prot) & PROT_WRITE) == 0) {
2470 2473 tad->tad_ctrl |= TAD_PUBLIC_EV;
2471 2474 }
2472 2475
2473 2476 fad = F2A(fp);
2474 2477 if (fad->fad_aupath != NULL) {
2475 2478 au_uwrite(au_to_path(fad->fad_aupath));
2476 2479 } else {
2477 2480 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2478 2481 }
2479 2482
2480 2483 vp = (struct vnode *)fp->f_vnode;
2481 2484 audit_attributes(vp);
2482 2485
2483 2486 /* mark READ/WRITE since we can't predict access */
2484 2487 if (uap->prot & PROT_READ)
2485 2488 fad->fad_flags |= FAD_READ;
2486 2489 if (uap->prot & PROT_WRITE)
2487 2490 fad->fad_flags |= FAD_WRITE;
2488 2491
2489 2492 /* decrement file descriptor reference count */
2490 2493 releasef(fd);
2491 2494
2492 2495 } /* AUS_MMAP */
2493 2496
2494 2497
2495 2498
2496 2499
2497 2500 /*ARGSUSED*/
2498 2501 static void
2499 2502 aus_munmap(struct t_audit_data *tad)
2500 2503 {
2501 2504 klwp_t *clwp = ttolwp(curthread);
2502 2505
2503 2506 struct a {
2504 2507 long addr;
2505 2508 long len;
2506 2509 } *uap = (struct a *)clwp->lwp_ap;
2507 2510
2508 2511 #ifdef _LP64
2509 2512 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2510 2513 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2511 2514 #else
2512 2515 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2513 2516 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2514 2517 #endif
2515 2518
2516 2519 } /* AUS_MUNMAP */
2517 2520
2518 2521
2519 2522
2520 2523
2521 2524
2522 2525
2523 2526
2524 2527 /*ARGSUSED*/
2525 2528 static void
2526 2529 aus_priocntlsys(struct t_audit_data *tad)
2527 2530 {
2528 2531 klwp_t *clwp = ttolwp(curthread);
2529 2532
2530 2533 struct a {
2531 2534 long pc_version;
2532 2535 long psp; /* procset_t */
2533 2536 long cmd;
2534 2537 long arg;
2535 2538 } *uap = (struct a *)clwp->lwp_ap;
2536 2539
2537 2540 au_uwrite(au_to_arg32(1, "pc_version", (uint32_t)uap->pc_version));
2538 2541 au_uwrite(au_to_arg32(3, "cmd", (uint32_t)uap->cmd));
2539 2542
2540 2543 } /* AUS_PRIOCNTLSYS */
2541 2544
2542 2545
2543 2546 /*ARGSUSED*/
2544 2547 static void
2545 2548 aus_setegid(struct t_audit_data *tad)
2546 2549 {
2547 2550 klwp_t *clwp = ttolwp(curthread);
2548 2551 uint32_t gid;
2549 2552
2550 2553 struct a {
2551 2554 long gid;
2552 2555 } *uap = (struct a *)clwp->lwp_ap;
2553 2556
2554 2557 gid = (uint32_t)uap->gid;
2555 2558
2556 2559 au_uwrite(au_to_arg32(1, "gid", gid));
2557 2560 } /* AUS_SETEGID */
2558 2561
2559 2562
2560 2563
2561 2564
2562 2565 /*ARGSUSED*/
2563 2566 static void
2564 2567 aus_setgroups(struct t_audit_data *tad)
2565 2568 {
2566 2569 klwp_t *clwp = ttolwp(curthread);
2567 2570 int i;
2568 2571 int gidsetsize;
2569 2572 uintptr_t gidset;
2570 2573 gid_t *gidlist;
2571 2574
2572 2575 struct a {
2573 2576 long gidsetsize;
2574 2577 long gidset;
2575 2578 } *uap = (struct a *)clwp->lwp_ap;
2576 2579
2577 2580 gidsetsize = (uint_t)uap->gidsetsize;
2578 2581 gidset = (uintptr_t)uap->gidset;
2579 2582
2580 2583 if ((gidsetsize > NGROUPS_MAX_DEFAULT) || (gidsetsize < 0))
2581 2584 return;
2582 2585 if (gidsetsize != 0) {
2583 2586 gidlist = kmem_alloc(gidsetsize * sizeof (gid_t),
2584 2587 KM_SLEEP);
2585 2588 if (copyin((caddr_t)gidset, gidlist,
2586 2589 gidsetsize * sizeof (gid_t)) == 0)
2587 2590 for (i = 0; i < gidsetsize; i++)
2588 2591 au_uwrite(au_to_arg32(1, "setgroups",
2589 2592 (uint32_t)gidlist[i]));
2590 2593 kmem_free(gidlist, gidsetsize * sizeof (gid_t));
2591 2594 } else
2592 2595 au_uwrite(au_to_arg32(1, "setgroups", (uint32_t)0));
2593 2596
2594 2597 } /* AUS_SETGROUPS */
2595 2598
2596 2599
2597 2600
2598 2601
2599 2602
2600 2603 /*ARGSUSED*/
2601 2604 static void
2602 2605 aus_seteuid(struct t_audit_data *tad)
2603 2606 {
2604 2607 klwp_t *clwp = ttolwp(curthread);
2605 2608 uint32_t uid;
2606 2609
2607 2610 struct a {
2608 2611 long uid;
2609 2612 } *uap = (struct a *)clwp->lwp_ap;
2610 2613
2611 2614 uid = (uint32_t)uap->uid;
2612 2615
2613 2616 au_uwrite(au_to_arg32(1, "euid", uid));
2614 2617
2615 2618 } /* AUS_SETEUID */
2616 2619
2617 2620 /*ARGSUSED*/
2618 2621 static void
2619 2622 aus_putmsg(struct t_audit_data *tad)
2620 2623 {
2621 2624 klwp_t *clwp = ttolwp(curthread);
2622 2625 uint32_t fd, pri;
2623 2626 struct file *fp;
2624 2627 struct f_audit_data *fad;
2625 2628
2626 2629 struct a {
2627 2630 long fdes;
2628 2631 long ctl; /* struct strbuf * */
2629 2632 long data; /* struct strbuf * */
2630 2633 long pri;
2631 2634 } *uap = (struct a *)clwp->lwp_ap;
2632 2635
2633 2636 fd = (uint32_t)uap->fdes;
2634 2637 pri = (uint32_t)uap->pri;
2635 2638
2636 2639 au_uwrite(au_to_arg32(1, "fd", fd));
2637 2640
2638 2641 if ((fp = getf(fd)) != NULL) {
2639 2642 fad = F2A(fp);
2640 2643
2641 2644 fad->fad_flags |= FAD_WRITE;
2642 2645
2643 2646 /* add path name to audit record */
2644 2647 if (fad->fad_aupath != NULL) {
2645 2648 au_uwrite(au_to_path(fad->fad_aupath));
2646 2649 }
2647 2650 audit_attributes(fp->f_vnode);
2648 2651
2649 2652 releasef(fd);
2650 2653 }
2651 2654
2652 2655 au_uwrite(au_to_arg32(4, "pri", pri));
2653 2656 }
2654 2657
2655 2658 /*ARGSUSED*/
2656 2659 static void
2657 2660 aus_putpmsg(struct t_audit_data *tad)
2658 2661 {
2659 2662 klwp_t *clwp = ttolwp(curthread);
2660 2663 uint32_t fd, pri, flags;
2661 2664 struct file *fp;
2662 2665 struct f_audit_data *fad;
2663 2666
2664 2667 struct a {
2665 2668 long fdes;
2666 2669 long ctl; /* struct strbuf * */
2667 2670 long data; /* struct strbuf * */
2668 2671 long pri;
2669 2672 long flags;
2670 2673 } *uap = (struct a *)clwp->lwp_ap;
2671 2674
2672 2675 fd = (uint32_t)uap->fdes;
2673 2676 pri = (uint32_t)uap->pri;
2674 2677 flags = (uint32_t)uap->flags;
2675 2678
2676 2679 au_uwrite(au_to_arg32(1, "fd", fd));
2677 2680
2678 2681 if ((fp = getf(fd)) != NULL) {
2679 2682 fad = F2A(fp);
2680 2683
2681 2684 fad->fad_flags |= FAD_WRITE;
2682 2685
2683 2686 /* add path name to audit record */
2684 2687 if (fad->fad_aupath != NULL) {
2685 2688 au_uwrite(au_to_path(fad->fad_aupath));
2686 2689 }
2687 2690 audit_attributes(fp->f_vnode);
2688 2691
2689 2692 releasef(fd);
2690 2693 }
2691 2694
2692 2695
2693 2696 au_uwrite(au_to_arg32(4, "pri", pri));
2694 2697 au_uwrite(au_to_arg32(5, "flags", flags));
2695 2698 }
2696 2699
2697 2700 /*ARGSUSED*/
2698 2701 static void
2699 2702 aus_getmsg(struct t_audit_data *tad)
2700 2703 {
2701 2704 klwp_t *clwp = ttolwp(curthread);
2702 2705 uint32_t fd, pri;
2703 2706 struct file *fp;
2704 2707 struct f_audit_data *fad;
2705 2708
2706 2709 struct a {
2707 2710 long fdes;
2708 2711 long ctl; /* struct strbuf * */
2709 2712 long data; /* struct strbuf * */
2710 2713 long pri;
2711 2714 } *uap = (struct a *)clwp->lwp_ap;
2712 2715
2713 2716 fd = (uint32_t)uap->fdes;
2714 2717 pri = (uint32_t)uap->pri;
2715 2718
2716 2719 au_uwrite(au_to_arg32(1, "fd", fd));
2717 2720
2718 2721 if ((fp = getf(fd)) != NULL) {
2719 2722 fad = F2A(fp);
2720 2723
2721 2724 /*
2722 2725 * read operation on this object
2723 2726 */
2724 2727 fad->fad_flags |= FAD_READ;
2725 2728
2726 2729 /* add path name to audit record */
2727 2730 if (fad->fad_aupath != NULL) {
2728 2731 au_uwrite(au_to_path(fad->fad_aupath));
2729 2732 }
2730 2733 audit_attributes(fp->f_vnode);
2731 2734
2732 2735 releasef(fd);
2733 2736 }
2734 2737
2735 2738 au_uwrite(au_to_arg32(4, "pri", pri));
2736 2739 }
2737 2740
2738 2741 /*ARGSUSED*/
2739 2742 static void
2740 2743 aus_getpmsg(struct t_audit_data *tad)
2741 2744 {
2742 2745 klwp_t *clwp = ttolwp(curthread);
2743 2746 uint32_t fd;
2744 2747 struct file *fp;
2745 2748 struct f_audit_data *fad;
2746 2749
2747 2750 struct a {
2748 2751 long fdes;
2749 2752 long ctl; /* struct strbuf * */
2750 2753 long data; /* struct strbuf * */
2751 2754 long pri;
2752 2755 long flags;
2753 2756 } *uap = (struct a *)clwp->lwp_ap;
2754 2757
2755 2758 fd = (uint32_t)uap->fdes;
2756 2759
2757 2760 au_uwrite(au_to_arg32(1, "fd", fd));
2758 2761
2759 2762 if ((fp = getf(fd)) != NULL) {
2760 2763 fad = F2A(fp);
2761 2764
2762 2765 /*
2763 2766 * read operation on this object
2764 2767 */
2765 2768 fad->fad_flags |= FAD_READ;
2766 2769
2767 2770 /* add path name to audit record */
2768 2771 if (fad->fad_aupath != NULL) {
2769 2772 au_uwrite(au_to_path(fad->fad_aupath));
2770 2773 }
2771 2774 audit_attributes(fp->f_vnode);
2772 2775
2773 2776 releasef(fd);
2774 2777 }
2775 2778 }
2776 2779
2777 2780 static au_event_t
2778 2781 aui_labelsys(au_event_t e)
2779 2782 {
2780 2783 klwp_t *clwp = ttolwp(curthread);
2781 2784 uint32_t code;
2782 2785 uint32_t cmd;
2783 2786
2784 2787 struct a {
2785 2788 long code;
2786 2789 long cmd;
2787 2790 } *uap = (struct a *)clwp->lwp_ap;
2788 2791
2789 2792 code = (uint32_t)uap->code;
2790 2793 cmd = (uint32_t)uap->cmd;
2791 2794
2792 2795 /* not security relevant if not changing kernel cache */
2793 2796 if (cmd == TNDB_GET)
2794 2797 return (AUE_NULL);
2795 2798
2796 2799 switch (code) {
2797 2800 case TSOL_TNRH:
2798 2801 e = AUE_LABELSYS_TNRH;
2799 2802 break;
2800 2803 case TSOL_TNRHTP:
2801 2804 e = AUE_LABELSYS_TNRHTP;
2802 2805 break;
2803 2806 case TSOL_TNMLP:
2804 2807 e = AUE_LABELSYS_TNMLP;
2805 2808 break;
2806 2809 default:
2807 2810 e = AUE_NULL;
2808 2811 break;
2809 2812 }
2810 2813
2811 2814 return (e);
2812 2815
2813 2816 }
2814 2817
2815 2818 static void
2816 2819 aus_labelsys(struct t_audit_data *tad)
2817 2820 {
2818 2821 klwp_t *clwp = ttolwp(curthread);
2819 2822 uint32_t cmd;
2820 2823 uintptr_t a2;
2821 2824
2822 2825 struct a {
2823 2826 long code;
2824 2827 long cmd;
2825 2828 long a2;
2826 2829 } *uap = (struct a *)clwp->lwp_ap;
2827 2830
2828 2831 cmd = (uint32_t)uap->cmd;
2829 2832 a2 = (uintptr_t)uap->a2;
2830 2833
2831 2834 switch (tad->tad_event) {
2832 2835 case AUE_LABELSYS_TNRH:
2833 2836 {
2834 2837 tsol_rhent_t *rhent;
2835 2838 tnaddr_t *rh_addr;
2836 2839
2837 2840 au_uwrite(au_to_arg32(1, "cmd", cmd));
2838 2841
2839 2842 /* Remaining args don't apply for FLUSH, so skip */
2840 2843 if (cmd == TNDB_FLUSH)
2841 2844 break;
2842 2845
2843 2846 rhent = kmem_alloc(sizeof (tsol_rhent_t), KM_SLEEP);
2844 2847 if (copyin((caddr_t)a2, rhent, sizeof (tsol_rhent_t))) {
2845 2848 kmem_free(rhent, sizeof (tsol_rhent_t));
2846 2849 return;
2847 2850 }
2848 2851
2849 2852 rh_addr = &rhent->rh_address;
2850 2853 if (rh_addr->ta_family == AF_INET) {
2851 2854 struct in_addr *ipaddr;
2852 2855
2853 2856 ipaddr = &(rh_addr->ta_addr_v4);
2854 2857 au_uwrite(au_to_in_addr(ipaddr));
2855 2858 } else if (rh_addr->ta_family == AF_INET6) {
2856 2859 int32_t *ipaddr;
2857 2860
2858 2861 ipaddr = (int32_t *)&(rh_addr->ta_addr_v6);
2859 2862 au_uwrite(au_to_in_addr_ex(ipaddr));
2860 2863 }
2861 2864 au_uwrite(au_to_arg32(2, "prefix len", rhent->rh_prefix));
2862 2865
2863 2866 kmem_free(rhent, sizeof (tsol_rhent_t));
2864 2867
2865 2868 break;
2866 2869 }
2867 2870 case AUE_LABELSYS_TNRHTP:
2868 2871 {
2869 2872 tsol_tpent_t *tpent;
2870 2873
2871 2874 au_uwrite(au_to_arg32(1, "cmd", cmd));
2872 2875
2873 2876 /* Remaining args don't apply for FLUSH, so skip */
2874 2877 if (cmd == TNDB_FLUSH)
2875 2878 break;
2876 2879
2877 2880 tpent = kmem_alloc(sizeof (tsol_tpent_t), KM_SLEEP);
2878 2881 if (copyin((caddr_t)a2, tpent, sizeof (tsol_tpent_t))) {
2879 2882 kmem_free(tpent, sizeof (tsol_tpent_t));
2880 2883 return;
2881 2884 }
2882 2885
2883 2886 /* Make sure that the template name is null-terminated. */
2884 2887 *(tpent->name + TNTNAMSIZ - 1) = '\0';
2885 2888
2886 2889 au_uwrite(au_to_text(tpent->name));
2887 2890 kmem_free(tpent, sizeof (tsol_tpent_t));
2888 2891
2889 2892 break;
2890 2893 }
2891 2894 case AUE_LABELSYS_TNMLP:
2892 2895 {
2893 2896 tsol_mlpent_t *mlpent;
2894 2897
2895 2898 au_uwrite(au_to_arg32(1, "cmd", cmd));
2896 2899
2897 2900 mlpent = kmem_alloc(sizeof (tsol_mlpent_t), KM_SLEEP);
2898 2901 if (copyin((caddr_t)a2, mlpent, sizeof (tsol_mlpent_t))) {
2899 2902 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2900 2903 return;
2901 2904 }
2902 2905
2903 2906 if (mlpent->tsme_flags & TSOL_MEF_SHARED) {
2904 2907 au_uwrite(au_to_text("shared"));
2905 2908 } else {
2906 2909 zone_t *zone;
2907 2910
2908 2911 zone = zone_find_by_id(mlpent->tsme_zoneid);
2909 2912 if (zone != NULL) {
2910 2913 au_uwrite(au_to_text(zone->zone_name));
2911 2914 zone_rele(zone);
2912 2915 }
2913 2916 }
2914 2917
2915 2918 /* Remaining args don't apply for FLUSH, so skip */
2916 2919 if (cmd == TNDB_FLUSH) {
2917 2920 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2918 2921 break;
2919 2922 }
2920 2923
2921 2924 au_uwrite(au_to_arg32(2, "proto num",
2922 2925 (uint32_t)mlpent->tsme_mlp.mlp_ipp));
2923 2926 au_uwrite(au_to_arg32(2, "mlp_port",
2924 2927 (uint32_t)mlpent->tsme_mlp.mlp_port));
2925 2928
2926 2929 if (mlpent->tsme_mlp.mlp_port_upper != 0)
2927 2930 au_uwrite(au_to_arg32(2, "mlp_port_upper",
2928 2931 (uint32_t)mlpent->tsme_mlp.mlp_port_upper));
2929 2932
2930 2933 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2931 2934
2932 2935 break;
2933 2936 }
2934 2937 default:
2935 2938 break;
2936 2939 }
2937 2940 }
2938 2941
2939 2942
2940 2943 static au_event_t
2941 2944 aui_auditsys(au_event_t e)
2942 2945 {
2943 2946 klwp_t *clwp = ttolwp(curthread);
2944 2947 uint32_t code;
2945 2948
2946 2949 struct a {
2947 2950 long code;
2948 2951 long a1;
2949 2952 long a2;
2950 2953 long a3;
2951 2954 long a4;
2952 2955 long a5;
2953 2956 long a6;
2954 2957 long a7;
2955 2958 } *uap = (struct a *)clwp->lwp_ap;
2956 2959
2957 2960 code = (uint32_t)uap->code;
2958 2961
2959 2962 switch (code) {
2960 2963
2961 2964 case BSM_GETAUID:
2962 2965 e = AUE_GETAUID;
2963 2966 break;
2964 2967 case BSM_SETAUID:
2965 2968 e = AUE_SETAUID;
2966 2969 break;
2967 2970 case BSM_GETAUDIT:
2968 2971 e = AUE_GETAUDIT;
2969 2972 break;
2970 2973 case BSM_GETAUDIT_ADDR:
2971 2974 e = AUE_GETAUDIT_ADDR;
2972 2975 break;
2973 2976 case BSM_SETAUDIT:
2974 2977 e = AUE_SETAUDIT;
2975 2978 break;
2976 2979 case BSM_SETAUDIT_ADDR:
2977 2980 e = AUE_SETAUDIT_ADDR;
2978 2981 break;
2979 2982 case BSM_AUDIT:
2980 2983 e = AUE_AUDIT;
2981 2984 break;
2982 2985 case BSM_AUDITCTL:
2983 2986 switch ((uint_t)uap->a1) {
2984 2987
2985 2988 case A_GETPOLICY:
2986 2989 e = AUE_AUDITON_GPOLICY;
2987 2990 break;
2988 2991 case A_SETPOLICY:
2989 2992 e = AUE_AUDITON_SPOLICY;
2990 2993 break;
2991 2994 case A_GETAMASK:
2992 2995 e = AUE_AUDITON_GETAMASK;
2993 2996 break;
2994 2997 case A_SETAMASK:
2995 2998 e = AUE_AUDITON_SETAMASK;
2996 2999 break;
2997 3000 case A_GETKMASK:
2998 3001 e = AUE_AUDITON_GETKMASK;
2999 3002 break;
3000 3003 case A_SETKMASK:
3001 3004 e = AUE_AUDITON_SETKMASK;
3002 3005 break;
3003 3006 case A_GETQCTRL:
3004 3007 e = AUE_AUDITON_GQCTRL;
3005 3008 break;
3006 3009 case A_SETQCTRL:
3007 3010 e = AUE_AUDITON_SQCTRL;
3008 3011 break;
3009 3012 case A_GETCWD:
3010 3013 e = AUE_AUDITON_GETCWD;
3011 3014 break;
3012 3015 case A_GETCAR:
3013 3016 e = AUE_AUDITON_GETCAR;
3014 3017 break;
3015 3018 case A_GETSTAT:
3016 3019 e = AUE_AUDITON_GETSTAT;
3017 3020 break;
3018 3021 case A_SETSTAT:
3019 3022 e = AUE_AUDITON_SETSTAT;
3020 3023 break;
3021 3024 case A_SETUMASK:
3022 3025 e = AUE_AUDITON_SETUMASK;
3023 3026 break;
3024 3027 case A_SETSMASK:
3025 3028 e = AUE_AUDITON_SETSMASK;
3026 3029 break;
3027 3030 case A_GETCOND:
3028 3031 e = AUE_AUDITON_GETCOND;
3029 3032 break;
3030 3033 case A_SETCOND:
3031 3034 e = AUE_AUDITON_SETCOND;
3032 3035 break;
3033 3036 case A_GETCLASS:
3034 3037 e = AUE_AUDITON_GETCLASS;
3035 3038 break;
3036 3039 case A_SETCLASS:
3037 3040 e = AUE_AUDITON_SETCLASS;
3038 3041 break;
3039 3042 default:
3040 3043 e = AUE_NULL;
3041 3044 break;
3042 3045 }
3043 3046 break;
3044 3047 default:
3045 3048 e = AUE_NULL;
3046 3049 break;
3047 3050 }
3048 3051
3049 3052 return (e);
3050 3053
3051 3054 } /* AUI_AUDITSYS */
3052 3055
3053 3056
3054 3057 static void
3055 3058 aus_auditsys(struct t_audit_data *tad)
3056 3059 {
3057 3060 klwp_t *clwp = ttolwp(curthread);
3058 3061 uintptr_t a1, a2;
3059 3062 STRUCT_DECL(auditinfo, ainfo);
3060 3063 STRUCT_DECL(auditinfo_addr, ainfo_addr);
3061 3064 au_evclass_map_t event;
3062 3065 au_mask_t mask;
3063 3066 int auditstate, policy;
3064 3067 au_id_t auid;
3065 3068
3066 3069
3067 3070 struct a {
3068 3071 long code;
3069 3072 long a1;
3070 3073 long a2;
3071 3074 long a3;
3072 3075 long a4;
3073 3076 long a5;
3074 3077 long a6;
3075 3078 long a7;
3076 3079 } *uap = (struct a *)clwp->lwp_ap;
3077 3080
3078 3081 a1 = (uintptr_t)uap->a1;
3079 3082 a2 = (uintptr_t)uap->a2;
3080 3083
3081 3084 switch (tad->tad_event) {
3082 3085 case AUE_SETAUID:
3083 3086 if (copyin((caddr_t)a1, &auid, sizeof (au_id_t)))
3084 3087 return;
3085 3088 au_uwrite(au_to_arg32(2, "setauid", auid));
3086 3089 break;
3087 3090 case AUE_SETAUDIT:
3088 3091 STRUCT_INIT(ainfo, get_udatamodel());
3089 3092 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo),
3090 3093 STRUCT_SIZE(ainfo))) {
3091 3094 return;
3092 3095 }
3093 3096 au_uwrite(au_to_arg32((char)1, "setaudit:auid",
3094 3097 (uint32_t)STRUCT_FGET(ainfo, ai_auid)));
3095 3098 #ifdef _LP64
3096 3099 au_uwrite(au_to_arg64((char)1, "setaudit:port",
3097 3100 (uint64_t)STRUCT_FGET(ainfo, ai_termid.port)));
3098 3101 #else
3099 3102 au_uwrite(au_to_arg32((char)1, "setaudit:port",
3100 3103 (uint32_t)STRUCT_FGET(ainfo, ai_termid.port)));
3101 3104 #endif
3102 3105 au_uwrite(au_to_arg32((char)1, "setaudit:machine",
3103 3106 (uint32_t)STRUCT_FGET(ainfo, ai_termid.machine)));
3104 3107 au_uwrite(au_to_arg32((char)1, "setaudit:as_success",
3105 3108 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3106 3109 au_uwrite(au_to_arg32((char)1, "setaudit:as_failure",
3107 3110 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3108 3111 au_uwrite(au_to_arg32((char)1, "setaudit:asid",
3109 3112 (uint32_t)STRUCT_FGET(ainfo, ai_asid)));
3110 3113 break;
3111 3114 case AUE_SETAUDIT_ADDR:
3112 3115 STRUCT_INIT(ainfo_addr, get_udatamodel());
3113 3116 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
3114 3117 STRUCT_SIZE(ainfo_addr))) {
3115 3118 return;
3116 3119 }
3117 3120 au_uwrite(au_to_arg32((char)1, "auid",
3118 3121 (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
3119 3122 #ifdef _LP64
3120 3123 au_uwrite(au_to_arg64((char)1, "port",
3121 3124 (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3122 3125 #else
3123 3126 au_uwrite(au_to_arg32((char)1, "port",
3124 3127 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3125 3128 #endif
3126 3129 au_uwrite(au_to_arg32((char)1, "type",
3127 3130 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
3128 3131 if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
3129 3132 AU_IPv4) {
3130 3133 au_uwrite(au_to_in_addr(
3131 3134 (struct in_addr *)STRUCT_FGETP(ainfo_addr,
3132 3135 ai_termid.at_addr)));
3133 3136 } else {
3134 3137 au_uwrite(au_to_in_addr_ex(
3135 3138 (int32_t *)STRUCT_FGETP(ainfo_addr,
3136 3139 ai_termid.at_addr)));
3137 3140 }
3138 3141 au_uwrite(au_to_arg32((char)1, "as_success",
3139 3142 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
3140 3143 au_uwrite(au_to_arg32((char)1, "as_failure",
3141 3144 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
3142 3145 au_uwrite(au_to_arg32((char)1, "asid",
3143 3146 (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
3144 3147 break;
3145 3148 case AUE_AUDITON_SETAMASK:
3146 3149 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3147 3150 return;
3148 3151 au_uwrite(au_to_arg32(
3149 3152 2, "setamask:as_success", (uint32_t)mask.as_success));
3150 3153 au_uwrite(au_to_arg32(
3151 3154 2, "setamask:as_failure", (uint32_t)mask.as_failure));
3152 3155 break;
3153 3156 case AUE_AUDITON_SETKMASK:
3154 3157 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3155 3158 return;
3156 3159 au_uwrite(au_to_arg32(
3157 3160 2, "setkmask:as_success", (uint32_t)mask.as_success));
3158 3161 au_uwrite(au_to_arg32(
3159 3162 2, "setkmask:as_failure", (uint32_t)mask.as_failure));
3160 3163 break;
3161 3164 case AUE_AUDITON_SPOLICY:
3162 3165 if (copyin((caddr_t)a2, &policy, sizeof (int)))
3163 3166 return;
3164 3167 au_uwrite(au_to_arg32(3, "setpolicy", (uint32_t)policy));
3165 3168 break;
3166 3169 case AUE_AUDITON_SQCTRL: {
3167 3170 STRUCT_DECL(au_qctrl, qctrl);
3168 3171 model_t model;
3169 3172
3170 3173 model = get_udatamodel();
3171 3174 STRUCT_INIT(qctrl, model);
3172 3175 if (copyin((caddr_t)a2, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
3173 3176 return;
3174 3177 if (model == DATAMODEL_ILP32) {
3175 3178 au_uwrite(au_to_arg32(
3176 3179 3, "setqctrl:aq_hiwater",
3177 3180 (uint32_t)STRUCT_FGET(qctrl, aq_hiwater)));
3178 3181 au_uwrite(au_to_arg32(
3179 3182 3, "setqctrl:aq_lowater",
3180 3183 (uint32_t)STRUCT_FGET(qctrl, aq_lowater)));
3181 3184 au_uwrite(au_to_arg32(
3182 3185 3, "setqctrl:aq_bufsz",
3183 3186 (uint32_t)STRUCT_FGET(qctrl, aq_bufsz)));
3184 3187 au_uwrite(au_to_arg32(
3185 3188 3, "setqctrl:aq_delay",
3186 3189 (uint32_t)STRUCT_FGET(qctrl, aq_delay)));
3187 3190 } else {
3188 3191 au_uwrite(au_to_arg64(
3189 3192 3, "setqctrl:aq_hiwater",
3190 3193 (uint64_t)STRUCT_FGET(qctrl, aq_hiwater)));
3191 3194 au_uwrite(au_to_arg64(
3192 3195 3, "setqctrl:aq_lowater",
3193 3196 (uint64_t)STRUCT_FGET(qctrl, aq_lowater)));
3194 3197 au_uwrite(au_to_arg64(
3195 3198 3, "setqctrl:aq_bufsz",
3196 3199 (uint64_t)STRUCT_FGET(qctrl, aq_bufsz)));
3197 3200 au_uwrite(au_to_arg64(
3198 3201 3, "setqctrl:aq_delay",
3199 3202 (uint64_t)STRUCT_FGET(qctrl, aq_delay)));
3200 3203 }
3201 3204 break;
3202 3205 }
3203 3206 case AUE_AUDITON_SETUMASK:
3204 3207 STRUCT_INIT(ainfo, get_udatamodel());
3205 3208 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3206 3209 STRUCT_SIZE(ainfo))) {
3207 3210 return;
3208 3211 }
3209 3212 au_uwrite(au_to_arg32(3, "setumask:as_success",
3210 3213 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3211 3214 au_uwrite(au_to_arg32(3, "setumask:as_failure",
3212 3215 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3213 3216 break;
3214 3217 case AUE_AUDITON_SETSMASK:
3215 3218 STRUCT_INIT(ainfo, get_udatamodel());
3216 3219 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3217 3220 STRUCT_SIZE(ainfo))) {
3218 3221 return;
3219 3222 }
3220 3223 au_uwrite(au_to_arg32(3, "setsmask:as_success",
3221 3224 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3222 3225 au_uwrite(au_to_arg32(3, "setsmask:as_failure",
3223 3226 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3224 3227 break;
3225 3228 case AUE_AUDITON_SETCOND:
3226 3229 if (copyin((caddr_t)a2, &auditstate, sizeof (int)))
3227 3230 return;
3228 3231 au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3229 3232 break;
3230 3233 case AUE_AUDITON_SETCLASS:
3231 3234 if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3232 3235 return;
3233 3236 au_uwrite(au_to_arg32(
3234 3237 2, "setclass:ec_event", (uint32_t)event.ec_number));
3235 3238 au_uwrite(au_to_arg32(
3236 3239 3, "setclass:ec_class", (uint32_t)event.ec_class));
3237 3240 break;
3238 3241 case AUE_GETAUID:
3239 3242 case AUE_GETAUDIT:
3240 3243 case AUE_GETAUDIT_ADDR:
3241 3244 case AUE_AUDIT:
3242 3245 case AUE_AUDITON_GPOLICY:
3243 3246 case AUE_AUDITON_GQCTRL:
3244 3247 case AUE_AUDITON_GETAMASK:
3245 3248 case AUE_AUDITON_GETKMASK:
3246 3249 case AUE_AUDITON_GETCWD:
3247 3250 case AUE_AUDITON_GETCAR:
3248 3251 case AUE_AUDITON_GETSTAT:
3249 3252 case AUE_AUDITON_SETSTAT:
3250 3253 case AUE_AUDITON_GETCOND:
3251 3254 case AUE_AUDITON_GETCLASS:
3252 3255 break;
3253 3256 default:
3254 3257 break;
3255 3258 }
3256 3259
3257 3260 } /* AUS_AUDITSYS */
3258 3261
3259 3262
3260 3263 /* only audit privileged operations for systeminfo(2) system call */
3261 3264 static au_event_t
3262 3265 aui_sysinfo(au_event_t e)
3263 3266 {
3264 3267 klwp_t *clwp = ttolwp(curthread);
3265 3268 uint32_t command;
3266 3269
3267 3270 struct a {
3268 3271 long command;
3269 3272 long buf; /* char * */
3270 3273 long count;
3271 3274 } *uap = (struct a *)clwp->lwp_ap;
3272 3275
3273 3276 command = (uint32_t)uap->command;
3274 3277
3275 3278 switch (command) {
3276 3279 case SI_SET_HOSTNAME:
3277 3280 case SI_SET_SRPC_DOMAIN:
3278 3281 e = (au_event_t)AUE_SYSINFO;
3279 3282 break;
3280 3283 default:
3281 3284 e = (au_event_t)AUE_NULL;
3282 3285 break;
3283 3286 }
3284 3287 return (e);
3285 3288 }
3286 3289
3287 3290 /*ARGSUSED*/
3288 3291 static void
3289 3292 aus_sysinfo(struct t_audit_data *tad)
3290 3293 {
3291 3294 klwp_t *clwp = ttolwp(curthread);
3292 3295 uint32_t command;
3293 3296 size_t len, maxlen;
3294 3297 char *name;
3295 3298 uintptr_t buf;
3296 3299
3297 3300 struct a {
3298 3301 long command;
3299 3302 long buf; /* char * */
3300 3303 long count;
3301 3304 } *uap = (struct a *)clwp->lwp_ap;
3302 3305
3303 3306 command = (uint32_t)uap->command;
3304 3307 buf = (uintptr_t)uap->buf;
3305 3308
3306 3309 au_uwrite(au_to_arg32(1, "cmd", command));
3307 3310
3308 3311 switch (command) {
3309 3312 case SI_SET_HOSTNAME:
3310 3313 {
3311 3314 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3312 3315 return;
3313 3316
3314 3317 maxlen = SYS_NMLN;
3315 3318 name = kmem_alloc(maxlen, KM_SLEEP);
3316 3319 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3317 3320 break;
3318 3321
3319 3322 /*
3320 3323 * Must be non-NULL string and string
3321 3324 * must be less than SYS_NMLN chars.
3322 3325 */
3323 3326 if (len < 2 || (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0'))
3324 3327 break;
3325 3328
3326 3329 au_uwrite(au_to_text(name));
3327 3330 break;
3328 3331 }
3329 3332
3330 3333 case SI_SET_SRPC_DOMAIN:
3331 3334 {
3332 3335 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3333 3336 return;
3334 3337
3335 3338 maxlen = SYS_NMLN;
3336 3339 name = kmem_alloc(maxlen, KM_SLEEP);
3337 3340 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3338 3341 break;
3339 3342
3340 3343 /*
3341 3344 * If string passed in is longer than length
3342 3345 * allowed for domain name, fail.
3343 3346 */
3344 3347 if (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0')
3345 3348 break;
3346 3349
3347 3350 au_uwrite(au_to_text(name));
3348 3351 break;
3349 3352 }
3350 3353
3351 3354 default:
3352 3355 return;
3353 3356 }
3354 3357
3355 3358 kmem_free(name, maxlen);
3356 3359 }
3357 3360
3358 3361 static au_event_t
3359 3362 aui_modctl(au_event_t e)
3360 3363 {
3361 3364 klwp_t *clwp = ttolwp(curthread);
3362 3365 uint_t cmd;
3363 3366
3364 3367 struct a {
3365 3368 long cmd;
3366 3369 } *uap = (struct a *)clwp->lwp_ap;
3367 3370
3368 3371 cmd = (uint_t)uap->cmd;
3369 3372
3370 3373 switch (cmd) {
3371 3374 case MODLOAD:
3372 3375 e = AUE_MODLOAD;
3373 3376 break;
3374 3377 case MODUNLOAD:
3375 3378 e = AUE_MODUNLOAD;
3376 3379 break;
3377 3380 case MODADDMAJBIND:
3378 3381 e = AUE_MODADDMAJ;
3379 3382 break;
3380 3383 case MODSETDEVPOLICY:
3381 3384 e = AUE_MODDEVPLCY;
3382 3385 break;
3383 3386 case MODALLOCPRIV:
3384 3387 e = AUE_MODADDPRIV;
3385 3388 break;
3386 3389 default:
3387 3390 e = AUE_NULL;
3388 3391 break;
3389 3392 }
3390 3393 return (e);
3391 3394 }
3392 3395
3393 3396
3394 3397 /*ARGSUSED*/
3395 3398 static void
3396 3399 aus_modctl(struct t_audit_data *tad)
3397 3400 {
3398 3401 klwp_t *clwp = ttolwp(curthread);
3399 3402 void *a = clwp->lwp_ap;
3400 3403 uint_t use_path;
3401 3404
3402 3405 switch (tad->tad_event) {
3403 3406 case AUE_MODLOAD: {
3404 3407 typedef struct {
3405 3408 long cmd;
3406 3409 long use_path;
3407 3410 long filename; /* char * */
3408 3411 } modloada_t;
3409 3412
3410 3413 char *filenamep;
3411 3414 uintptr_t fname;
3412 3415 extern char *default_path;
3413 3416
3414 3417 fname = (uintptr_t)((modloada_t *)a)->filename;
3415 3418 use_path = (uint_t)((modloada_t *)a)->use_path;
3416 3419
3417 3420 /* space to hold path */
3418 3421 filenamep = kmem_alloc(MOD_MAXPATH, KM_SLEEP);
3419 3422 /* get string */
3420 3423 if (copyinstr((caddr_t)fname, filenamep, MOD_MAXPATH, 0)) {
3421 3424 /* free allocated path */
3422 3425 kmem_free(filenamep, MOD_MAXPATH);
3423 3426 return;
3424 3427 }
3425 3428 /* ensure it's null terminated */
3426 3429 filenamep[MOD_MAXPATH - 1] = 0;
3427 3430
3428 3431 if (use_path)
3429 3432 au_uwrite(au_to_text(default_path));
3430 3433 au_uwrite(au_to_text(filenamep));
3431 3434
3432 3435 /* release temporary memory */
3433 3436 kmem_free(filenamep, MOD_MAXPATH);
3434 3437 break;
3435 3438 }
3436 3439 case AUE_MODUNLOAD: {
3437 3440 typedef struct {
3438 3441 long cmd;
3439 3442 long id;
3440 3443 } modunloada_t;
3441 3444
3442 3445 uint32_t id = (uint32_t)((modunloada_t *)a)->id;
3443 3446
3444 3447 au_uwrite(au_to_arg32(1, "id", id));
3445 3448 break;
3446 3449 }
3447 3450 case AUE_MODADDMAJ: {
3448 3451 STRUCT_DECL(modconfig, mc);
3449 3452 typedef struct {
3450 3453 long cmd;
3451 3454 long subcmd;
3452 3455 long data; /* int * */
3453 3456 } modconfiga_t;
3454 3457
3455 3458 STRUCT_DECL(aliases, alias);
3456 3459 caddr_t ap;
3457 3460 int i, num_aliases;
3458 3461 char *drvname, *mc_drvname;
3459 3462 char *name;
3460 3463 extern char *ddi_major_to_name(major_t);
3461 3464 model_t model;
3462 3465
3463 3466 uintptr_t data = (uintptr_t)((modconfiga_t *)a)->data;
3464 3467
3465 3468 model = get_udatamodel();
3466 3469 STRUCT_INIT(mc, model);
3467 3470 /* sanitize buffer */
3468 3471 bzero((caddr_t)STRUCT_BUF(mc), STRUCT_SIZE(mc));
3469 3472 /* get user arguments */
3470 3473 if (copyin((caddr_t)data, (caddr_t)STRUCT_BUF(mc),
3471 3474 STRUCT_SIZE(mc)) != 0)
3472 3475 return;
3473 3476
3474 3477 mc_drvname = STRUCT_FGET(mc, drvname);
3475 3478 if ((drvname = ddi_major_to_name(
3476 3479 (major_t)STRUCT_FGET(mc, major))) != NULL &&
3477 3480 strncmp(drvname, mc_drvname, MAXMODCONFNAME) != 0) {
3478 3481 /* safety */
3479 3482 if (mc_drvname[0] != '\0') {
3480 3483 mc_drvname[MAXMODCONFNAME-1] = '\0';
3481 3484 au_uwrite(au_to_text(mc_drvname));
3482 3485 }
3483 3486 /* drvname != NULL from test above */
3484 3487 au_uwrite(au_to_text(drvname));
3485 3488 return;
3486 3489 }
3487 3490
3488 3491 if (mc_drvname[0] != '\0') {
3489 3492 /* safety */
3490 3493 mc_drvname[MAXMODCONFNAME-1] = '\0';
3491 3494 au_uwrite(au_to_text(mc_drvname));
3492 3495 } else
3493 3496 au_uwrite(au_to_text("no drvname"));
3494 3497
3495 3498 num_aliases = STRUCT_FGET(mc, num_aliases);
3496 3499 au_uwrite(au_to_arg32(5, "", (uint32_t)num_aliases));
3497 3500 ap = (caddr_t)STRUCT_FGETP(mc, ap);
3498 3501 name = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
3499 3502 STRUCT_INIT(alias, model);
3500 3503 for (i = 0; i < num_aliases; i++) {
3501 3504 bzero((caddr_t)STRUCT_BUF(alias),
3502 3505 STRUCT_SIZE(alias));
3503 3506 if (copyin((caddr_t)ap, (caddr_t)STRUCT_BUF(alias),
3504 3507 STRUCT_SIZE(alias)) != 0)
3505 3508 break;
3506 3509 if (copyinstr(STRUCT_FGETP(alias, a_name), name,
3507 3510 MAXMODCONFNAME, NULL) != 0) {
3508 3511 break;
3509 3512 }
3510 3513
3511 3514 au_uwrite(au_to_text(name));
3512 3515 ap = (caddr_t)STRUCT_FGETP(alias, a_next);
3513 3516 }
3514 3517 kmem_free(name, MAXMODCONFNAME);
3515 3518 break;
3516 3519 }
3517 3520 default:
3518 3521 break;
3519 3522 }
3520 3523 }
3521 3524
3522 3525
3523 3526 /*ARGSUSED*/
3524 3527 static void
3525 3528 auf_accept(
3526 3529 struct t_audit_data *tad,
3527 3530 int error,
3528 3531 rval_t *rval)
3529 3532 {
3530 3533 uint32_t scid;
3531 3534 uint32_t sy_flags;
3532 3535 int fd;
3533 3536 struct sonode *so;
3534 3537 char so_laddr[sizeof (struct sockaddr_in6)];
3535 3538 char so_faddr[sizeof (struct sockaddr_in6)];
3536 3539 int err;
3537 3540 short so_family, so_type;
3538 3541 int add_sock_token = 0;
3539 3542
3540 3543 /* need to determine type of executing binary */
3541 3544 scid = tad->tad_scid;
3542 3545 #ifdef _SYSCALL32_IMPL
3543 3546 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
3544 3547 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3545 3548 else
3546 3549 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
3547 3550 #else
3548 3551 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3549 3552 #endif
3550 3553 switch (sy_flags) {
3551 3554 case SE_32RVAL1:
3552 3555 /* FALLTHRU */
3553 3556 case SE_32RVAL2|SE_32RVAL1:
3554 3557 fd = rval->r_val1;
3555 3558 break;
3556 3559 case SE_64RVAL:
3557 3560 fd = (int)rval->r_vals;
3558 3561 break;
3559 3562 default:
3560 3563 /*
3561 3564 * should never happen, seems to be an internal error
3562 3565 * in sysent => no fd, nothing to audit here, returning
3563 3566 */
3564 3567 return;
3565 3568 }
3566 3569
3567 3570 if (error) {
3568 3571 /* can't trust socket contents. Just return */
3569 3572 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3570 3573 return;
3571 3574 }
3572 3575
3573 3576 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3574 3577 /*
3575 3578 * not security relevant if doing a accept from non socket
3576 3579 * so no extra tokens. Should probably turn off audit record
3577 3580 * generation here.
3578 3581 */
3579 3582 return;
3580 3583 }
3581 3584
3582 3585 so_family = so->so_family;
3583 3586 so_type = so->so_type;
3584 3587
3585 3588 switch (so_family) {
3586 3589 case AF_INET:
3587 3590 case AF_INET6:
3588 3591 /*
3589 3592 * XXX - what about other socket types for AF_INET (e.g. DGRAM)
3590 3593 */
3591 3594 if (so->so_type == SOCK_STREAM) {
3592 3595 socklen_t len;
3593 3596
3594 3597 bzero((void *)so_laddr, sizeof (so_laddr));
3595 3598 bzero((void *)so_faddr, sizeof (so_faddr));
3596 3599
3597 3600 len = sizeof (so_laddr);
3598 3601 (void) socket_getsockname(so,
3599 3602 (struct sockaddr *)so_laddr, &len, CRED());
3600 3603 len = sizeof (so_faddr);
3601 3604 (void) socket_getpeername(so,
3602 3605 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3603 3606
3604 3607 add_sock_token = 1;
3605 3608 }
3606 3609 break;
3607 3610
3608 3611 default:
3609 3612 /* AF_UNIX, AF_ROUTE, AF_KEY do not support accept */
3610 3613 break;
3611 3614 }
3612 3615
3613 3616 releasef(fd);
3614 3617
3615 3618 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3616 3619
3617 3620 if (add_sock_token == 0) {
3618 3621 au_uwrite(au_to_arg32(0, "family", (uint32_t)(so_family)));
3619 3622 au_uwrite(au_to_arg32(0, "type", (uint32_t)(so_type)));
3620 3623 return;
3621 3624 }
3622 3625
3623 3626 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3624 3627
3625 3628 }
3626 3629
3627 3630 /*ARGSUSED*/
3628 3631 static void
3629 3632 auf_bind(struct t_audit_data *tad, int error, rval_t *rvp)
3630 3633 {
3631 3634 struct a {
3632 3635 long fd;
3633 3636 long addr;
3634 3637 long len;
3635 3638 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3636 3639
3637 3640 struct sonode *so;
3638 3641 char so_laddr[sizeof (struct sockaddr_in6)];
3639 3642 char so_faddr[sizeof (struct sockaddr_in6)];
3640 3643 int err, fd;
3641 3644 socklen_t len;
3642 3645 short so_family, so_type;
3643 3646 int add_sock_token = 0;
3644 3647
3645 3648 fd = (int)uap->fd;
3646 3649
3647 3650 /*
3648 3651 * bind failed, then nothing extra to add to audit record.
3649 3652 */
3650 3653 if (error) {
3651 3654 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3652 3655 /* XXX may want to add failed address some day */
3653 3656 return;
3654 3657 }
3655 3658
3656 3659 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3657 3660 /*
3658 3661 * not security relevant if doing a bind from non socket
3659 3662 * so no extra tokens. Should probably turn off audit record
3660 3663 * generation here.
3661 3664 */
3662 3665 return;
3663 3666 }
3664 3667
3665 3668 so_family = so->so_family;
3666 3669 so_type = so->so_type;
3667 3670
3668 3671 switch (so_family) {
3669 3672 case AF_INET:
3670 3673 case AF_INET6:
3671 3674
3672 3675 bzero(so_faddr, sizeof (so_faddr));
3673 3676 len = sizeof (so_faddr);
3674 3677
3675 3678 (void) socket_getpeername(so,
3676 3679 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3677 3680 add_sock_token = 1;
3678 3681
3679 3682 break;
3680 3683
3681 3684 case AF_UNIX:
3682 3685 /* token added by lookup */
3683 3686 break;
3684 3687 default:
3685 3688 /* AF_ROUTE, AF_KEY do not support accept */
3686 3689 break;
3687 3690 }
3688 3691
3689 3692 releasef(fd);
3690 3693
3691 3694 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3692 3695
3693 3696 if (add_sock_token == 0) {
3694 3697 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3695 3698 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3696 3699 return;
3697 3700 }
3698 3701
3699 3702 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3700 3703
3701 3704 }
3702 3705
3703 3706 /*ARGSUSED*/
3704 3707 static void
3705 3708 auf_connect(struct t_audit_data *tad, int error, rval_t *rval)
3706 3709 {
3707 3710 struct a {
3708 3711 long fd;
3709 3712 long addr;
3710 3713 long len;
3711 3714 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3712 3715
3713 3716 struct sonode *so;
3714 3717 char so_laddr[sizeof (struct sockaddr_in6)];
3715 3718 char so_faddr[sizeof (struct sockaddr_in6)];
3716 3719 int err, fd;
3717 3720 socklen_t len;
3718 3721 short so_family, so_type;
3719 3722 int add_sock_token = 0;
3720 3723
3721 3724 fd = (int)uap->fd;
3722 3725
3723 3726
3724 3727 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3725 3728 /*
3726 3729 * not security relevant if doing a connect from non socket
3727 3730 * so no extra tokens. Should probably turn off audit record
3728 3731 * generation here.
3729 3732 */
3730 3733 return;
3731 3734 }
3732 3735
3733 3736 so_family = so->so_family;
3734 3737 so_type = so->so_type;
3735 3738
3736 3739 switch (so_family) {
3737 3740 case AF_INET:
3738 3741 case AF_INET6:
3739 3742
3740 3743 bzero(so_laddr, sizeof (so_laddr));
3741 3744 bzero(so_faddr, sizeof (so_faddr));
3742 3745
3743 3746 len = sizeof (so_laddr);
3744 3747 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3745 3748 &len, CRED());
3746 3749 if (error) {
3747 3750 if (uap->addr == NULL)
3748 3751 break;
3749 3752 if (uap->len <= 0)
3750 3753 break;
3751 3754 len = min(uap->len, sizeof (so_faddr));
3752 3755 if (copyin((caddr_t)(uap->addr), so_faddr, len) != 0)
3753 3756 break;
3754 3757 #ifdef NOTYET
3755 3758 au_uwrite(au_to_data(AUP_HEX, AUR_CHAR, len, so_faddr));
3756 3759 #endif
3757 3760 } else {
3758 3761 /* sanity check on length */
3759 3762 len = sizeof (so_faddr);
3760 3763 (void) socket_getpeername(so,
3761 3764 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3762 3765 }
3763 3766
3764 3767 add_sock_token = 1;
3765 3768
3766 3769 break;
3767 3770
3768 3771 case AF_UNIX:
3769 3772 /* does a lookup on name */
3770 3773 break;
3771 3774
3772 3775 default:
3773 3776 /* AF_ROUTE, AF_KEY do not support accept */
3774 3777 break;
3775 3778 }
3776 3779
3777 3780 releasef(fd);
3778 3781
3779 3782 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3780 3783
3781 3784 if (add_sock_token == 0) {
3782 3785 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3783 3786 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3784 3787 return;
3785 3788 }
3786 3789
3787 3790 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3788 3791
3789 3792 }
3790 3793
3791 3794 /*ARGSUSED*/
3792 3795 static void
3793 3796 aus_shutdown(struct t_audit_data *tad)
3794 3797 {
3795 3798 struct a {
3796 3799 long fd;
3797 3800 long how;
3798 3801 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3799 3802
3800 3803 struct sonode *so;
3801 3804 char so_laddr[sizeof (struct sockaddr_in6)];
3802 3805 char so_faddr[sizeof (struct sockaddr_in6)];
3803 3806 int err, fd;
3804 3807 socklen_t len;
3805 3808 short so_family, so_type;
3806 3809 int add_sock_token = 0;
3807 3810 file_t *fp; /* unix domain sockets */
3808 3811 struct f_audit_data *fad; /* unix domain sockets */
3809 3812
3810 3813 fd = (int)uap->fd;
3811 3814
3812 3815 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3813 3816 /*
3814 3817 * not security relevant if doing a shutdown using non socket
3815 3818 * so no extra tokens. Should probably turn off audit record
3816 3819 * generation here.
3817 3820 */
3818 3821 return;
3819 3822 }
3820 3823
3821 3824 so_family = so->so_family;
3822 3825 so_type = so->so_type;
3823 3826
3824 3827 switch (so_family) {
3825 3828 case AF_INET:
3826 3829 case AF_INET6:
3827 3830
3828 3831 bzero(so_laddr, sizeof (so_laddr));
3829 3832 bzero(so_faddr, sizeof (so_faddr));
3830 3833
3831 3834 len = sizeof (so_laddr);
3832 3835 (void) socket_getsockname(so,
3833 3836 (struct sockaddr *)so_laddr, &len, CRED());
3834 3837 len = sizeof (so_faddr);
3835 3838 (void) socket_getpeername(so,
3836 3839 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3837 3840
3838 3841 add_sock_token = 1;
3839 3842
3840 3843 break;
3841 3844
3842 3845 case AF_UNIX:
3843 3846
3844 3847 /* get path from file struct here */
3845 3848 fad = F2A(fp);
3846 3849 ASSERT(fad);
3847 3850
3848 3851 if (fad->fad_aupath != NULL) {
3849 3852 au_uwrite(au_to_path(fad->fad_aupath));
3850 3853 } else {
3851 3854 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3852 3855 }
3853 3856
3854 3857 audit_attributes(fp->f_vnode);
3855 3858
3856 3859 break;
3857 3860
3858 3861 default:
3859 3862 /*
3860 3863 * AF_KEY and AF_ROUTE support shutdown. No socket token
3861 3864 * added.
3862 3865 */
3863 3866 break;
3864 3867 }
3865 3868
3866 3869 releasef(fd);
3867 3870
3868 3871 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3869 3872
3870 3873 if (add_sock_token == 0) {
3871 3874 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3872 3875 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3873 3876 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3874 3877 return;
3875 3878 }
3876 3879
3877 3880 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3878 3881
3879 3882 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3880 3883
3881 3884 }
3882 3885
3883 3886 /*ARGSUSED*/
3884 3887 static void
3885 3888 auf_setsockopt(struct t_audit_data *tad, int error, rval_t *rval)
3886 3889 {
3887 3890 struct a {
3888 3891 long fd;
3889 3892 long level;
3890 3893 long optname;
3891 3894 long *optval;
3892 3895 long optlen;
3893 3896 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3894 3897
3895 3898 struct sonode *so;
3896 3899 char so_laddr[sizeof (struct sockaddr_in6)];
3897 3900 char so_faddr[sizeof (struct sockaddr_in6)];
3898 3901 char val[AU_BUFSIZE];
3899 3902 int err, fd;
3900 3903 socklen_t len;
3901 3904 short so_family, so_type;
3902 3905 int add_sock_token = 0;
3903 3906 file_t *fp; /* unix domain sockets */
3904 3907 struct f_audit_data *fad; /* unix domain sockets */
3905 3908
3906 3909 fd = (int)uap->fd;
3907 3910
3908 3911 if (error) {
3909 3912 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3910 3913 au_uwrite(au_to_arg32(2, "level", (uint32_t)uap->level));
3911 3914 /* XXX may want to include other arguments */
3912 3915 return;
3913 3916 }
3914 3917
3915 3918 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3916 3919 /*
3917 3920 * not security relevant if doing a setsockopt from non socket
3918 3921 * so no extra tokens. Should probably turn off audit record
3919 3922 * generation here.
3920 3923 */
3921 3924 return;
3922 3925 }
3923 3926
3924 3927 so_family = so->so_family;
3925 3928 so_type = so->so_type;
3926 3929
3927 3930 switch (so_family) {
3928 3931 case AF_INET:
3929 3932 case AF_INET6:
3930 3933 bzero((void *)so_laddr, sizeof (so_laddr));
3931 3934 bzero((void *)so_faddr, sizeof (so_faddr));
3932 3935
3933 3936 /* get local and foreign addresses */
3934 3937 len = sizeof (so_laddr);
3935 3938 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3936 3939 &len, CRED());
3937 3940 len = sizeof (so_faddr);
3938 3941 (void) socket_getpeername(so, (struct sockaddr *)so_faddr,
3939 3942 &len, B_FALSE, CRED());
3940 3943
3941 3944 add_sock_token = 1;
3942 3945
3943 3946 break;
3944 3947
3945 3948 case AF_UNIX:
3946 3949
3947 3950 /* get path from file struct here */
3948 3951 fad = F2A(fp);
3949 3952 ASSERT(fad);
3950 3953
3951 3954 if (fad->fad_aupath != NULL) {
3952 3955 au_uwrite(au_to_path(fad->fad_aupath));
3953 3956 } else {
3954 3957 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3955 3958 }
3956 3959
3957 3960 audit_attributes(fp->f_vnode);
3958 3961
3959 3962 break;
3960 3963
3961 3964 default:
3962 3965 /*
3963 3966 * AF_KEY and AF_ROUTE support setsockopt. No socket token
3964 3967 * added.
3965 3968 */
3966 3969 break;
3967 3970 }
3968 3971
3969 3972 releasef(fd);
3970 3973
3971 3974 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3972 3975
3973 3976 if (add_sock_token == 0) {
3974 3977 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3975 3978 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3976 3979 }
3977 3980 au_uwrite(au_to_arg32(2, "level", (uint32_t)(uap->level)));
3978 3981 au_uwrite(au_to_arg32(3, "optname", (uint32_t)(uap->optname)));
3979 3982
3980 3983 bzero(val, sizeof (val));
3981 3984 len = min(uap->optlen, sizeof (val));
3982 3985 if ((len > 0) &&
3983 3986 (copyin((caddr_t)(uap->optval), (caddr_t)val, len) == 0)) {
3984 3987 au_uwrite(au_to_arg32(5, "optlen", (uint32_t)(uap->optlen)));
3985 3988 au_uwrite(au_to_data(AUP_HEX, AUR_BYTE, len, val));
3986 3989 }
3987 3990
3988 3991 if (add_sock_token == 0)
3989 3992 return;
3990 3993
3991 3994 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3992 3995
3993 3996 }
3994 3997
3995 3998 /*ARGSUSED*/
3996 3999 static void
3997 4000 aus_sockconfig(tad)
3998 4001 struct t_audit_data *tad;
3999 4002 {
4000 4003 struct a {
4001 4004 long cmd;
4002 4005 long arg1;
4003 4006 long arg2;
4004 4007 long arg3;
4005 4008 long arg4;
4006 4009 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4007 4010
4008 4011 char *buf;
4009 4012 int buflen;
4010 4013 size_t size;
4011 4014
4012 4015 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4013 4016 switch (uap->cmd) {
4014 4017 case SOCKCONFIG_ADD_SOCK:
4015 4018 case SOCKCONFIG_REMOVE_SOCK:
4016 4019 au_uwrite(au_to_arg32(2, "domain", (uint32_t)uap->arg1));
4017 4020 au_uwrite(au_to_arg32(3, "type", (uint32_t)uap->arg2));
4018 4021 au_uwrite(au_to_arg32(4, "protocol", (uint32_t)uap->arg3));
4019 4022
4020 4023 if (uap->arg4 == 0) {
4021 4024 au_uwrite(au_to_arg32(5, "devpath", (uint32_t)0));
4022 4025 } else {
4023 4026 buflen = MAXPATHLEN + 1;
4024 4027 buf = kmem_alloc(buflen, KM_SLEEP);
4025 4028 if (copyinstr((caddr_t)uap->arg4, buf, buflen,
4026 4029 &size)) {
4027 4030 kmem_free(buf, buflen);
4028 4031 return;
4029 4032 }
4030 4033
4031 4034 if (size > MAXPATHLEN) {
4032 4035 kmem_free(buf, buflen);
4033 4036 return;
4034 4037 }
4035 4038
4036 4039 au_uwrite(au_to_text(buf));
4037 4040 kmem_free(buf, buflen);
4038 4041 }
4039 4042 break;
4040 4043 case SOCKCONFIG_ADD_FILTER:
4041 4044 case SOCKCONFIG_REMOVE_FILTER:
4042 4045 buflen = FILNAME_MAX;
4043 4046 buf = kmem_alloc(buflen, KM_SLEEP);
4044 4047
4045 4048 if (copyinstr((caddr_t)uap->arg1, buf, buflen, &size)) {
4046 4049 kmem_free(buf, buflen);
4047 4050 return;
4048 4051 }
4049 4052
4050 4053 au_uwrite(au_to_text(buf));
4051 4054 kmem_free(buf, buflen);
4052 4055 break;
4053 4056 default:
4054 4057 break;
4055 4058 }
4056 4059 }
4057 4060
4058 4061 /*
4059 4062 * only audit recvmsg when the system call represents the creation of a new
4060 4063 * circuit. This effectively occurs for all UDP packets and may occur for
4061 4064 * special TCP situations where the local host has not set a local address
4062 4065 * in the socket structure.
4063 4066 */
4064 4067 /*ARGSUSED*/
4065 4068 static void
4066 4069 auf_recvmsg(
4067 4070 struct t_audit_data *tad,
4068 4071 int error,
4069 4072 rval_t *rvp)
4070 4073 {
4071 4074 struct a {
4072 4075 long fd;
4073 4076 long msg; /* struct msghdr */
4074 4077 long flags;
4075 4078 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4076 4079
4077 4080 struct sonode *so;
4078 4081 STRUCT_DECL(msghdr, msg);
4079 4082 caddr_t msg_name;
4080 4083 socklen_t msg_namelen;
4081 4084 int fd;
4082 4085 int err;
4083 4086 char so_laddr[sizeof (struct sockaddr_in6)];
4084 4087 char so_faddr[sizeof (struct sockaddr_in6)];
4085 4088 socklen_t len;
4086 4089 file_t *fp; /* unix domain sockets */
4087 4090 struct f_audit_data *fad; /* unix domain sockets */
4088 4091 short so_family, so_type;
4089 4092 int add_sock_token = 0;
4090 4093 au_kcontext_t *kctx = GET_KCTX_PZ;
4091 4094
4092 4095 fd = (int)uap->fd;
4093 4096
4094 4097 /* bail if an error */
4095 4098 if (error) {
4096 4099 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4097 4100 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4098 4101 return;
4099 4102 }
4100 4103
4101 4104 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4102 4105 /*
4103 4106 * not security relevant if doing a recvmsg from non socket
4104 4107 * so no extra tokens. Should probably turn off audit record
4105 4108 * generation here.
4106 4109 */
4107 4110 return;
4108 4111 }
4109 4112
4110 4113 so_family = so->so_family;
4111 4114 so_type = so->so_type;
4112 4115
4113 4116 /*
4114 4117 * only putout SOCKET_EX token if INET/INET6 family.
4115 4118 * XXX - what do we do about other families?
4116 4119 */
4117 4120
4118 4121 switch (so_family) {
4119 4122 case AF_INET:
4120 4123 case AF_INET6:
4121 4124
4122 4125 /*
4123 4126 * if datagram type socket, then just use what is in
4124 4127 * socket structure for local address.
4125 4128 * XXX - what do we do for other types?
4126 4129 */
4127 4130 if ((so->so_type == SOCK_DGRAM) ||
4128 4131 (so->so_type == SOCK_RAW)) {
4129 4132 add_sock_token = 1;
4130 4133
4131 4134 bzero((void *)so_laddr, sizeof (so_laddr));
4132 4135 bzero((void *)so_faddr, sizeof (so_faddr));
4133 4136
4134 4137 /* get local address */
4135 4138 len = sizeof (so_laddr);
4136 4139 (void) socket_getsockname(so,
4137 4140 (struct sockaddr *)so_laddr, &len, CRED());
4138 4141
4139 4142 /* get peer address */
4140 4143 STRUCT_INIT(msg, get_udatamodel());
4141 4144
4142 4145 if (copyin((caddr_t)(uap->msg),
4143 4146 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4144 4147 break;
4145 4148 }
4146 4149 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4147 4150 if (msg_name == NULL) {
4148 4151 break;
4149 4152 }
4150 4153
4151 4154 /* length is value from recvmsg - sanity check */
4152 4155 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4153 4156 if (msg_namelen == 0) {
4154 4157 break;
4155 4158 }
4156 4159 if (copyin(msg_name, so_faddr,
4157 4160 sizeof (so_faddr)) != 0) {
4158 4161 break;
4159 4162 }
4160 4163
4161 4164 } else if (so->so_type == SOCK_STREAM) {
4162 4165
4163 4166 /* get path from file struct here */
4164 4167 fad = F2A(fp);
4165 4168 ASSERT(fad);
4166 4169
4167 4170 /*
4168 4171 * already processed this file for read attempt
4169 4172 */
4170 4173 if (fad->fad_flags & FAD_READ) {
4171 4174 /* don't want to audit every recvmsg attempt */
4172 4175 tad->tad_flag = 0;
4173 4176 /* free any residual audit data */
4174 4177 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4175 4178 releasef(fd);
4176 4179 return;
4177 4180 }
4178 4181 /*
4179 4182 * mark things so we know what happened and don't
4180 4183 * repeat things
4181 4184 */
4182 4185 fad->fad_flags |= FAD_READ;
4183 4186
4184 4187 bzero((void *)so_laddr, sizeof (so_laddr));
4185 4188 bzero((void *)so_faddr, sizeof (so_faddr));
4186 4189
4187 4190 /* get local and foreign addresses */
4188 4191 len = sizeof (so_laddr);
4189 4192 (void) socket_getsockname(so,
4190 4193 (struct sockaddr *)so_laddr, &len, CRED());
4191 4194 len = sizeof (so_faddr);
4192 4195 (void) socket_getpeername(so,
4193 4196 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4194 4197
4195 4198 add_sock_token = 1;
4196 4199 }
4197 4200
4198 4201 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4199 4202
4200 4203 break;
4201 4204
4202 4205 case AF_UNIX:
4203 4206 /*
4204 4207 * first check if this is first time through. Too much
4205 4208 * duplicate code to put this in an aui_ routine.
4206 4209 */
4207 4210
4208 4211 /* get path from file struct here */
4209 4212 fad = F2A(fp);
4210 4213 ASSERT(fad);
4211 4214
4212 4215 /*
4213 4216 * already processed this file for read attempt
4214 4217 */
4215 4218 if (fad->fad_flags & FAD_READ) {
4216 4219 releasef(fd);
4217 4220 /* don't want to audit every recvmsg attempt */
4218 4221 tad->tad_flag = 0;
4219 4222 /* free any residual audit data */
4220 4223 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4221 4224 return;
4222 4225 }
4223 4226 /*
4224 4227 * mark things so we know what happened and don't
4225 4228 * repeat things
4226 4229 */
4227 4230 fad->fad_flags |= FAD_READ;
4228 4231
4229 4232 if (fad->fad_aupath != NULL) {
4230 4233 au_uwrite(au_to_path(fad->fad_aupath));
4231 4234 } else {
4232 4235 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4233 4236 }
4234 4237
4235 4238 audit_attributes(fp->f_vnode);
4236 4239
4237 4240 releasef(fd);
4238 4241
4239 4242 return;
4240 4243
4241 4244 default:
4242 4245 break;
4243 4246
4244 4247 }
4245 4248
4246 4249 releasef(fd);
4247 4250
4248 4251 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4249 4252
4250 4253 if (add_sock_token == 0) {
4251 4254 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4252 4255 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4253 4256 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4254 4257 return;
4255 4258 }
4256 4259
4257 4260 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4258 4261
4259 4262 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4260 4263
4261 4264 }
4262 4265
4263 4266 /*ARGSUSED*/
4264 4267 static void
4265 4268 auf_recvfrom(
4266 4269 struct t_audit_data *tad,
4267 4270 int error,
4268 4271 rval_t *rvp)
4269 4272 {
4270 4273
4271 4274 struct a {
4272 4275 long fd;
4273 4276 long msg; /* char */
4274 4277 long len;
4275 4278 long flags;
4276 4279 long from; /* struct sockaddr */
4277 4280 long fromlen;
4278 4281 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4279 4282
4280 4283 socklen_t fromlen;
4281 4284 struct sonode *so;
4282 4285 char so_laddr[sizeof (struct sockaddr_in6)];
4283 4286 char so_faddr[sizeof (struct sockaddr_in6)];
4284 4287 int fd;
4285 4288 short so_family, so_type;
4286 4289 int add_sock_token = 0;
4287 4290 socklen_t len;
4288 4291 int err;
4289 4292 struct file *fp;
4290 4293 struct f_audit_data *fad; /* unix domain sockets */
4291 4294 au_kcontext_t *kctx = GET_KCTX_PZ;
4292 4295
4293 4296 fd = (int)uap->fd;
4294 4297
4295 4298 /* bail if an error */
4296 4299 if (error) {
4297 4300 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4298 4301 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4299 4302 return;
4300 4303 }
4301 4304
4302 4305 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4303 4306 /*
4304 4307 * not security relevant if doing a recvmsg from non socket
4305 4308 * so no extra tokens. Should probably turn off audit record
4306 4309 * generation here.
4307 4310 */
4308 4311 return;
4309 4312 }
4310 4313
4311 4314 so_family = so->so_family;
4312 4315 so_type = so->so_type;
4313 4316
4314 4317 /*
4315 4318 * only putout SOCKET_EX token if INET/INET6 family.
4316 4319 * XXX - what do we do about other families?
4317 4320 */
4318 4321
4319 4322 switch (so_family) {
4320 4323 case AF_INET:
4321 4324 case AF_INET6:
4322 4325
4323 4326 /*
4324 4327 * if datagram type socket, then just use what is in
4325 4328 * socket structure for local address.
4326 4329 * XXX - what do we do for other types?
4327 4330 */
4328 4331 if ((so->so_type == SOCK_DGRAM) ||
4329 4332 (so->so_type == SOCK_RAW)) {
4330 4333 add_sock_token = 1;
4331 4334
4332 4335 /* get local address */
4333 4336 len = sizeof (so_laddr);
4334 4337 (void) socket_getsockname(so,
4335 4338 (struct sockaddr *)so_laddr, &len, CRED());
4336 4339
4337 4340 /* get peer address */
4338 4341 bzero((void *)so_faddr, sizeof (so_faddr));
4339 4342
4340 4343 /* sanity check */
4341 4344 if (uap->from == NULL)
4342 4345 break;
4343 4346
4344 4347 /* sanity checks */
4345 4348 if (uap->fromlen == 0)
4346 4349 break;
4347 4350
4348 4351 if (copyin((caddr_t)(uap->fromlen), (caddr_t)&fromlen,
4349 4352 sizeof (fromlen)) != 0)
4350 4353 break;
4351 4354
4352 4355 if (fromlen == 0)
4353 4356 break;
4354 4357
4355 4358 /* enforce maximum size */
4356 4359 if (fromlen > sizeof (so_faddr))
4357 4360 fromlen = sizeof (so_faddr);
4358 4361
4359 4362 if (copyin((caddr_t)(uap->from), so_faddr,
4360 4363 fromlen) != 0)
4361 4364 break;
4362 4365
4363 4366 } else if (so->so_type == SOCK_STREAM) {
4364 4367
4365 4368 /* get path from file struct here */
4366 4369 fad = F2A(fp);
4367 4370 ASSERT(fad);
4368 4371
4369 4372 /*
4370 4373 * already processed this file for read attempt
4371 4374 */
4372 4375 if (fad->fad_flags & FAD_READ) {
4373 4376 /* don't want to audit every recvfrom attempt */
4374 4377 tad->tad_flag = 0;
4375 4378 /* free any residual audit data */
4376 4379 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4377 4380 releasef(fd);
4378 4381 return;
4379 4382 }
4380 4383 /*
4381 4384 * mark things so we know what happened and don't
4382 4385 * repeat things
4383 4386 */
4384 4387 fad->fad_flags |= FAD_READ;
4385 4388
4386 4389 bzero((void *)so_laddr, sizeof (so_laddr));
4387 4390 bzero((void *)so_faddr, sizeof (so_faddr));
4388 4391
4389 4392 /* get local and foreign addresses */
4390 4393 len = sizeof (so_laddr);
4391 4394 (void) socket_getsockname(so,
4392 4395 (struct sockaddr *)so_laddr, &len, CRED());
4393 4396 len = sizeof (so_faddr);
4394 4397 (void) socket_getpeername(so,
4395 4398 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4396 4399
4397 4400 add_sock_token = 1;
4398 4401 }
4399 4402
4400 4403 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4401 4404
4402 4405 break;
4403 4406
4404 4407 case AF_UNIX:
4405 4408 /*
4406 4409 * first check if this is first time through. Too much
4407 4410 * duplicate code to put this in an aui_ routine.
4408 4411 */
4409 4412
4410 4413 /* get path from file struct here */
4411 4414 fad = F2A(fp);
4412 4415 ASSERT(fad);
4413 4416
4414 4417 /*
4415 4418 * already processed this file for read attempt
4416 4419 */
4417 4420 if (fad->fad_flags & FAD_READ) {
4418 4421 /* don't want to audit every recvfrom attempt */
4419 4422 tad->tad_flag = 0;
4420 4423 /* free any residual audit data */
4421 4424 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4422 4425 releasef(fd);
4423 4426 return;
4424 4427 }
4425 4428 /*
4426 4429 * mark things so we know what happened and don't
4427 4430 * repeat things
4428 4431 */
4429 4432 fad->fad_flags |= FAD_READ;
4430 4433
4431 4434 if (fad->fad_aupath != NULL) {
4432 4435 au_uwrite(au_to_path(fad->fad_aupath));
4433 4436 } else {
4434 4437 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4435 4438 }
4436 4439
4437 4440 audit_attributes(fp->f_vnode);
4438 4441
4439 4442 releasef(fd);
4440 4443
4441 4444 return;
4442 4445
4443 4446 default:
4444 4447 break;
4445 4448
4446 4449 }
4447 4450
4448 4451 releasef(fd);
4449 4452
4450 4453 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4451 4454
4452 4455 if (add_sock_token == 0) {
4453 4456 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4454 4457 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4455 4458 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4456 4459 return;
4457 4460 }
4458 4461
4459 4462 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4460 4463
4461 4464 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4462 4465 }
4463 4466
4464 4467 /*ARGSUSED*/
4465 4468 static void
4466 4469 auf_sendmsg(struct t_audit_data *tad, int error, rval_t *rval)
4467 4470 {
4468 4471 struct a {
4469 4472 long fd;
4470 4473 long msg; /* struct msghdr */
4471 4474 long flags;
4472 4475 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4473 4476
4474 4477 struct sonode *so;
4475 4478 char so_laddr[sizeof (struct sockaddr_in6)];
4476 4479 char so_faddr[sizeof (struct sockaddr_in6)];
4477 4480 int err;
4478 4481 int fd;
4479 4482 short so_family, so_type;
4480 4483 int add_sock_token = 0;
4481 4484 socklen_t len;
4482 4485 struct file *fp;
4483 4486 struct f_audit_data *fad;
4484 4487 caddr_t msg_name;
4485 4488 socklen_t msg_namelen;
4486 4489 STRUCT_DECL(msghdr, msg);
4487 4490 au_kcontext_t *kctx = GET_KCTX_PZ;
4488 4491
4489 4492 fd = (int)uap->fd;
4490 4493
4491 4494 /* bail if an error */
4492 4495 if (error) {
4493 4496 /* XXX include destination address from system call arguments */
4494 4497 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4495 4498 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4496 4499 return;
4497 4500 }
4498 4501
4499 4502 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4500 4503 /*
4501 4504 * not security relevant if doing a sendmsg from non socket
4502 4505 * so no extra tokens. Should probably turn off audit record
4503 4506 * generation here.
4504 4507 */
4505 4508 return;
4506 4509 }
4507 4510
4508 4511 so_family = so->so_family;
4509 4512 so_type = so->so_type;
4510 4513
4511 4514 switch (so_family) {
4512 4515 case AF_INET:
4513 4516 case AF_INET6:
4514 4517 /*
4515 4518 * if datagram type socket, then just use what is in
4516 4519 * socket structure for local address.
4517 4520 * XXX - what do we do for other types?
4518 4521 */
4519 4522 if ((so->so_type == SOCK_DGRAM) ||
4520 4523 (so->so_type == SOCK_RAW)) {
4521 4524
4522 4525 bzero((void *)so_laddr, sizeof (so_laddr));
4523 4526 bzero((void *)so_faddr, sizeof (so_faddr));
4524 4527
4525 4528 /* get local address */
4526 4529 len = sizeof (so_laddr);
4527 4530 (void) socket_getsockname(so,
4528 4531 (struct sockaddr *)so_laddr, &len, CRED());
4529 4532
4530 4533 /* get peer address */
4531 4534 STRUCT_INIT(msg, get_udatamodel());
4532 4535
4533 4536 if (copyin((caddr_t)(uap->msg),
4534 4537 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4535 4538 break;
4536 4539 }
4537 4540 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4538 4541 if (msg_name == NULL)
4539 4542 break;
4540 4543
4541 4544 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4542 4545 /* length is value from recvmsg - sanity check */
4543 4546 if (msg_namelen == 0)
4544 4547 break;
4545 4548
4546 4549 if (copyin(msg_name, so_faddr,
4547 4550 sizeof (so_faddr)) != 0)
4548 4551 break;
4549 4552
4550 4553 add_sock_token = 1;
4551 4554
4552 4555 } else if (so->so_type == SOCK_STREAM) {
4553 4556
4554 4557 /* get path from file struct here */
4555 4558 fad = F2A(fp);
4556 4559 ASSERT(fad);
4557 4560
4558 4561 /*
4559 4562 * already processed this file for write attempt
4560 4563 */
4561 4564 if (fad->fad_flags & FAD_WRITE) {
4562 4565 releasef(fd);
4563 4566 /* don't want to audit every sendmsg attempt */
4564 4567 tad->tad_flag = 0;
4565 4568 /* free any residual audit data */
4566 4569 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4567 4570 return;
4568 4571 }
4569 4572
4570 4573 /*
4571 4574 * mark things so we know what happened and don't
4572 4575 * repeat things
4573 4576 */
4574 4577 fad->fad_flags |= FAD_WRITE;
4575 4578
4576 4579 bzero((void *)so_laddr, sizeof (so_laddr));
4577 4580 bzero((void *)so_faddr, sizeof (so_faddr));
4578 4581
4579 4582 /* get local and foreign addresses */
4580 4583 len = sizeof (so_laddr);
4581 4584 (void) socket_getsockname(so,
4582 4585 (struct sockaddr *)so_laddr, &len, CRED());
4583 4586 len = sizeof (so_faddr);
4584 4587 (void) socket_getpeername(so,
4585 4588 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4586 4589
4587 4590 add_sock_token = 1;
4588 4591 }
4589 4592
4590 4593 /* XXX - what about SOCK_RAW/SOCK_RDM/SOCK_SEQPACKET ??? */
4591 4594
4592 4595 break;
4593 4596
4594 4597 case AF_UNIX:
4595 4598 /*
4596 4599 * first check if this is first time through. Too much
4597 4600 * duplicate code to put this in an aui_ routine.
4598 4601 */
4599 4602
4600 4603 /* get path from file struct here */
4601 4604 fad = F2A(fp);
4602 4605 ASSERT(fad);
4603 4606
4604 4607 /*
4605 4608 * already processed this file for write attempt
4606 4609 */
4607 4610 if (fad->fad_flags & FAD_WRITE) {
4608 4611 releasef(fd);
4609 4612 /* don't want to audit every sendmsg attempt */
4610 4613 tad->tad_flag = 0;
4611 4614 /* free any residual audit data */
4612 4615 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4613 4616 return;
4614 4617 }
4615 4618 /*
4616 4619 * mark things so we know what happened and don't
4617 4620 * repeat things
4618 4621 */
4619 4622 fad->fad_flags |= FAD_WRITE;
4620 4623
4621 4624 if (fad->fad_aupath != NULL) {
4622 4625 au_uwrite(au_to_path(fad->fad_aupath));
4623 4626 } else {
4624 4627 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4625 4628 }
4626 4629
4627 4630 audit_attributes(fp->f_vnode);
4628 4631
4629 4632 releasef(fd);
4630 4633
4631 4634 return;
4632 4635
4633 4636 default:
4634 4637 break;
4635 4638 }
4636 4639
4637 4640 releasef(fd);
4638 4641
4639 4642 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4640 4643
4641 4644 if (add_sock_token == 0) {
4642 4645 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4643 4646 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4644 4647 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4645 4648 return;
4646 4649 }
4647 4650
4648 4651 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4649 4652
4650 4653 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4651 4654 }
4652 4655
4653 4656 /*ARGSUSED*/
4654 4657 static void
4655 4658 auf_sendto(struct t_audit_data *tad, int error, rval_t *rval)
4656 4659 {
4657 4660 struct a {
4658 4661 long fd;
4659 4662 long msg; /* char */
4660 4663 long len;
4661 4664 long flags;
4662 4665 long to; /* struct sockaddr */
4663 4666 long tolen;
4664 4667 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4665 4668
4666 4669 struct sonode *so;
4667 4670 char so_laddr[sizeof (struct sockaddr_in6)];
4668 4671 char so_faddr[sizeof (struct sockaddr_in6)];
4669 4672 socklen_t tolen;
4670 4673 int err;
4671 4674 int fd;
4672 4675 socklen_t len;
4673 4676 short so_family, so_type;
4674 4677 int add_sock_token = 0;
4675 4678 struct file *fp;
4676 4679 struct f_audit_data *fad;
4677 4680 au_kcontext_t *kctx = GET_KCTX_PZ;
4678 4681
4679 4682 fd = (int)uap->fd;
4680 4683
4681 4684 /* bail if an error */
4682 4685 if (error) {
4683 4686 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4684 4687 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4685 4688 /* XXX include destination address from system call arguments */
4686 4689 return;
4687 4690 }
4688 4691
4689 4692 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4690 4693 /*
4691 4694 * not security relevant if doing a sendto using non socket
4692 4695 * so no extra tokens. Should probably turn off audit record
4693 4696 * generation here.
4694 4697 */
4695 4698 return;
4696 4699 }
4697 4700
4698 4701 so_family = so->so_family;
4699 4702 so_type = so->so_type;
4700 4703
4701 4704 /*
4702 4705 * only putout SOCKET_EX token if INET/INET6 family.
4703 4706 * XXX - what do we do about other families?
4704 4707 */
4705 4708
4706 4709 switch (so_family) {
4707 4710 case AF_INET:
4708 4711 case AF_INET6:
4709 4712
4710 4713 /*
4711 4714 * if datagram type socket, then just use what is in
4712 4715 * socket structure for local address.
4713 4716 * XXX - what do we do for other types?
4714 4717 */
4715 4718 if ((so->so_type == SOCK_DGRAM) ||
4716 4719 (so->so_type == SOCK_RAW)) {
4717 4720
4718 4721 bzero((void *)so_laddr, sizeof (so_laddr));
4719 4722 bzero((void *)so_faddr, sizeof (so_faddr));
4720 4723
4721 4724 /* get local address */
4722 4725 len = sizeof (so_laddr);
4723 4726 (void) socket_getsockname(so,
4724 4727 (struct sockaddr *)so_laddr, &len, CRED());
4725 4728
4726 4729 /* get peer address */
4727 4730
4728 4731 /* sanity check */
4729 4732 if (uap->to == NULL)
4730 4733 break;
4731 4734
4732 4735 /* sanity checks */
4733 4736 if (uap->tolen == 0)
4734 4737 break;
4735 4738
4736 4739 tolen = (socklen_t)uap->tolen;
4737 4740
4738 4741 /* enforce maximum size */
4739 4742 if (tolen > sizeof (so_faddr))
4740 4743 tolen = sizeof (so_faddr);
4741 4744
4742 4745 if (copyin((caddr_t)(uap->to), so_faddr, tolen) != 0)
4743 4746 break;
4744 4747
4745 4748 add_sock_token = 1;
4746 4749 } else {
4747 4750 /*
4748 4751 * check if this is first time through.
4749 4752 */
4750 4753
4751 4754 /* get path from file struct here */
4752 4755 fad = F2A(fp);
4753 4756 ASSERT(fad);
4754 4757
4755 4758 /*
4756 4759 * already processed this file for write attempt
4757 4760 */
4758 4761 if (fad->fad_flags & FAD_WRITE) {
4759 4762 /* don't want to audit every sendto attempt */
4760 4763 tad->tad_flag = 0;
4761 4764 /* free any residual audit data */
4762 4765 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4763 4766 releasef(fd);
4764 4767 return;
4765 4768 }
4766 4769 /*
4767 4770 * mark things so we know what happened and don't
4768 4771 * repeat things
4769 4772 */
4770 4773 fad->fad_flags |= FAD_WRITE;
4771 4774
4772 4775 bzero((void *)so_laddr, sizeof (so_laddr));
4773 4776 bzero((void *)so_faddr, sizeof (so_faddr));
4774 4777
4775 4778 /* get local and foreign addresses */
4776 4779 len = sizeof (so_laddr);
4777 4780 (void) socket_getsockname(so,
4778 4781 (struct sockaddr *)so_laddr, &len, CRED());
4779 4782 len = sizeof (so_faddr);
4780 4783 (void) socket_getpeername(so,
4781 4784 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4782 4785
4783 4786 add_sock_token = 1;
4784 4787 }
4785 4788
4786 4789 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4787 4790
4788 4791 break;
4789 4792
4790 4793 case AF_UNIX:
4791 4794 /*
4792 4795 * first check if this is first time through. Too much
4793 4796 * duplicate code to put this in an aui_ routine.
4794 4797 */
4795 4798
4796 4799 /* get path from file struct here */
4797 4800 fad = F2A(fp);
4798 4801 ASSERT(fad);
4799 4802
4800 4803 /*
4801 4804 * already processed this file for write attempt
4802 4805 */
4803 4806 if (fad->fad_flags & FAD_WRITE) {
4804 4807 /* don't want to audit every sendto attempt */
4805 4808 tad->tad_flag = 0;
4806 4809 /* free any residual audit data */
4807 4810 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4808 4811 releasef(fd);
4809 4812 return;
4810 4813 }
4811 4814 /*
4812 4815 * mark things so we know what happened and don't
4813 4816 * repeat things
4814 4817 */
4815 4818 fad->fad_flags |= FAD_WRITE;
4816 4819
4817 4820 if (fad->fad_aupath != NULL) {
4818 4821 au_uwrite(au_to_path(fad->fad_aupath));
4819 4822 } else {
4820 4823 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4821 4824 }
4822 4825
4823 4826 audit_attributes(fp->f_vnode);
4824 4827
4825 4828 releasef(fd);
4826 4829
4827 4830 return;
4828 4831
4829 4832 default:
4830 4833 break;
4831 4834
4832 4835 }
4833 4836
4834 4837 releasef(fd);
4835 4838
4836 4839 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4837 4840
4838 4841 if (add_sock_token == 0) {
4839 4842 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4840 4843 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4841 4844 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4842 4845 return;
4843 4846 }
4844 4847
4845 4848 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4846 4849
4847 4850 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4848 4851
4849 4852 }
4850 4853
4851 4854 /*
4852 4855 * XXX socket(2) may be equivalent to open(2) on a unix domain
4853 4856 * socket. This needs investigation.
4854 4857 */
4855 4858
4856 4859 /*ARGSUSED*/
4857 4860 static void
4858 4861 aus_socket(struct t_audit_data *tad)
4859 4862 {
4860 4863 struct a {
4861 4864 long domain;
4862 4865 long type;
4863 4866 long protocol;
4864 4867 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4865 4868
4866 4869 au_uwrite(au_to_arg32(1, "domain", (uint32_t)uap->domain));
4867 4870 au_uwrite(au_to_arg32(2, "type", (uint32_t)uap->type));
4868 4871 au_uwrite(au_to_arg32(3, "protocol", (uint32_t)uap->protocol));
4869 4872 }
4870 4873
4871 4874 /*ARGSUSED*/
4872 4875 static void
4873 4876 aus_sigqueue(struct t_audit_data *tad)
4874 4877 {
4875 4878 struct a {
4876 4879 long pid;
4877 4880 long signo;
4878 4881 long *val;
4879 4882 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4880 4883 struct proc *p;
4881 4884 uid_t uid, ruid;
4882 4885 gid_t gid, rgid;
4883 4886 pid_t pid;
4884 4887 const auditinfo_addr_t *ainfo;
4885 4888 cred_t *cr;
4886 4889
4887 4890 pid = (pid_t)uap->pid;
4888 4891
4889 4892 au_uwrite(au_to_arg32(2, "signal", (uint32_t)uap->signo));
4890 4893 if (pid > 0) {
4891 4894 mutex_enter(&pidlock);
4892 4895 if ((p = prfind(pid)) == (struct proc *)0) {
4893 4896 mutex_exit(&pidlock);
4894 4897 return;
4895 4898 }
4896 4899 mutex_enter(&p->p_lock); /* so process doesn't go away */
4897 4900 mutex_exit(&pidlock);
4898 4901
4899 4902 mutex_enter(&p->p_crlock);
4900 4903 crhold(cr = p->p_cred);
4901 4904 mutex_exit(&p->p_crlock);
4902 4905 mutex_exit(&p->p_lock);
4903 4906
4904 4907 ainfo = crgetauinfo(cr);
4905 4908 if (ainfo == NULL) {
4906 4909 crfree(cr);
4907 4910 return;
4908 4911 }
4909 4912
4910 4913 uid = crgetuid(cr);
4911 4914 gid = crgetgid(cr);
4912 4915 ruid = crgetruid(cr);
4913 4916 rgid = crgetrgid(cr);
4914 4917 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
4915 4918 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
4916 4919 crfree(cr);
4917 4920 }
4918 4921 else
4919 4922 au_uwrite(au_to_arg32(1, "process ID", (uint32_t)pid));
4920 4923 }
4921 4924
4922 4925 /*ARGSUSED*/
4923 4926 static void
4924 4927 aus_inst_sync(struct t_audit_data *tad)
4925 4928 {
4926 4929 struct a {
4927 4930 long name; /* char */
4928 4931 long flags;
4929 4932 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4930 4933
4931 4934 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
4932 4935 }
4933 4936
4934 4937 /*ARGSUSED*/
4935 4938 static void
4936 4939 aus_brandsys(struct t_audit_data *tad)
4937 4940 {
4938 4941 klwp_t *clwp = ttolwp(curthread);
4939 4942
4940 4943 struct a {
4941 4944 long cmd;
4942 4945 long arg1;
4943 4946 long arg2;
4944 4947 long arg3;
4945 4948 long arg4;
4946 4949 long arg5;
4947 4950 long arg6;
4948 4951 } *uap = (struct a *)clwp->lwp_ap;
4949 4952
4950 4953 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4951 4954 #ifdef _LP64
4952 4955 au_uwrite(au_to_arg64(2, "arg1", (uint64_t)uap->arg1));
4953 4956 au_uwrite(au_to_arg64(3, "arg2", (uint64_t)uap->arg2));
4954 4957 au_uwrite(au_to_arg64(4, "arg3", (uint64_t)uap->arg3));
4955 4958 au_uwrite(au_to_arg64(5, "arg4", (uint64_t)uap->arg4));
4956 4959 au_uwrite(au_to_arg64(6, "arg5", (uint64_t)uap->arg5));
4957 4960 au_uwrite(au_to_arg64(7, "arg6", (uint64_t)uap->arg6));
4958 4961 #else
4959 4962 au_uwrite(au_to_arg32(2, "arg1", (uint32_t)uap->arg1));
4960 4963 au_uwrite(au_to_arg32(3, "arg2", (uint32_t)uap->arg2));
4961 4964 au_uwrite(au_to_arg32(4, "arg3", (uint32_t)uap->arg3));
4962 4965 au_uwrite(au_to_arg32(5, "arg4", (uint32_t)uap->arg4));
4963 4966 au_uwrite(au_to_arg32(6, "arg5", (uint32_t)uap->arg5));
4964 4967 au_uwrite(au_to_arg32(7, "arg6", (uint32_t)uap->arg6));
4965 4968 #endif
4966 4969 }
4967 4970
4968 4971 /*ARGSUSED*/
4969 4972 static void
4970 4973 aus_p_online(struct t_audit_data *tad)
4971 4974 {
4972 4975 struct a {
4973 4976 long processor_id;
4974 4977 long flag;
4975 4978 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4976 4979
4977 4980 struct flags {
4978 4981 int flag;
4979 4982 char *cflag;
4980 4983 } aflags[6] = {
4981 4984 { P_ONLINE, "P_ONLINE"},
4982 4985 { P_OFFLINE, "P_OFFLINE"},
4983 4986 { P_NOINTR, "P_NOINTR"},
4984 4987 { P_SPARE, "P_SPARE"},
4985 4988 { P_FAULTED, "P_FAULTED"},
4986 4989 { P_STATUS, "P_STATUS"}
4987 4990 };
4988 4991 int i;
4989 4992 char *cflag;
4990 4993
4991 4994 au_uwrite(au_to_arg32(1, "processor ID", (uint32_t)uap->processor_id));
4992 4995 au_uwrite(au_to_arg32(2, "flag", (uint32_t)uap->flag));
4993 4996
4994 4997 for (i = 0; i < 6; i++) {
4995 4998 if (aflags[i].flag == uap->flag)
4996 4999 break;
4997 5000 }
4998 5001 cflag = (i == 6) ? "bad flag":aflags[i].cflag;
4999 5002
5000 5003 au_uwrite(au_to_text(cflag));
5001 5004 }
5002 5005
5003 5006 /*ARGSUSED*/
5004 5007 static void
5005 5008 aus_processor_bind(struct t_audit_data *tad)
5006 5009 {
5007 5010 struct a {
5008 5011 long id_type;
5009 5012 long id;
5010 5013 long processor_id;
5011 5014 long obind;
5012 5015 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5013 5016
5014 5017 struct proc *p;
5015 5018 int lwpcnt;
5016 5019 uid_t uid, ruid;
5017 5020 gid_t gid, rgid;
5018 5021 pid_t pid;
5019 5022 const auditinfo_addr_t *ainfo;
5020 5023 cred_t *cr;
5021 5024
5022 5025 au_uwrite(au_to_arg32(1, "ID type", (uint32_t)uap->id_type));
5023 5026 au_uwrite(au_to_arg32(2, "ID", (uint32_t)uap->id));
5024 5027 if (uap->processor_id == PBIND_NONE)
5025 5028 au_uwrite(au_to_text("PBIND_NONE"));
5026 5029 else
5027 5030 au_uwrite(au_to_arg32(3, "processor_id",
5028 5031 (uint32_t)uap->processor_id));
5029 5032
5030 5033 switch (uap->id_type) {
5031 5034 case P_MYID:
5032 5035 case P_LWPID:
5033 5036 mutex_enter(&pidlock);
5034 5037 p = ttoproc(curthread);
5035 5038 if (p == NULL || p->p_as == &kas) {
5036 5039 mutex_exit(&pidlock);
5037 5040 return;
5038 5041 }
5039 5042 mutex_enter(&p->p_lock);
5040 5043 mutex_exit(&pidlock);
5041 5044 lwpcnt = p->p_lwpcnt;
5042 5045 pid = p->p_pid;
5043 5046
5044 5047 mutex_enter(&p->p_crlock);
5045 5048 crhold(cr = p->p_cred);
5046 5049 mutex_exit(&p->p_crlock);
5047 5050 mutex_exit(&p->p_lock);
5048 5051
5049 5052 ainfo = crgetauinfo(cr);
5050 5053 if (ainfo == NULL) {
5051 5054 crfree(cr);
5052 5055 return;
5053 5056 }
5054 5057
5055 5058 uid = crgetuid(cr);
5056 5059 gid = crgetgid(cr);
5057 5060 ruid = crgetruid(cr);
5058 5061 rgid = crgetrgid(cr);
5059 5062 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5060 5063 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5061 5064 crfree(cr);
5062 5065 break;
5063 5066 case P_PID:
5064 5067 mutex_enter(&pidlock);
5065 5068 p = prfind(uap->id);
5066 5069 if (p == NULL || p->p_as == &kas) {
5067 5070 mutex_exit(&pidlock);
5068 5071 return;
5069 5072 }
5070 5073 mutex_enter(&p->p_lock);
5071 5074 mutex_exit(&pidlock);
5072 5075 lwpcnt = p->p_lwpcnt;
5073 5076 pid = p->p_pid;
5074 5077
5075 5078 mutex_enter(&p->p_crlock);
5076 5079 crhold(cr = p->p_cred);
5077 5080 mutex_exit(&p->p_crlock);
5078 5081 mutex_exit(&p->p_lock);
5079 5082
5080 5083 ainfo = crgetauinfo(cr);
5081 5084 if (ainfo == NULL) {
5082 5085 crfree(cr);
5083 5086 return;
5084 5087 }
5085 5088
5086 5089 uid = crgetuid(cr);
5087 5090 gid = crgetgid(cr);
5088 5091 ruid = crgetruid(cr);
5089 5092 rgid = crgetrgid(cr);
5090 5093 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5091 5094 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5092 5095 crfree(cr);
5093 5096
5094 5097 break;
5095 5098 default:
5096 5099 return;
5097 5100 }
5098 5101
5099 5102 if (uap->processor_id == PBIND_NONE &&
5100 5103 (!(uap->id_type == P_LWPID && lwpcnt > 1)))
5101 5104 au_uwrite(au_to_text("PBIND_NONE for process"));
5102 5105 else
5103 5106 au_uwrite(au_to_arg32(3, "processor_id",
5104 5107 (uint32_t)uap->processor_id));
5105 5108 }
5106 5109
5107 5110 /*ARGSUSED*/
5108 5111 static au_event_t
5109 5112 aui_doorfs(au_event_t e)
5110 5113 {
5111 5114 uint32_t code;
5112 5115
5113 5116 struct a { /* doorfs */
5114 5117 long a1;
5115 5118 long a2;
5116 5119 long a3;
5117 5120 long a4;
5118 5121 long a5;
5119 5122 long code;
5120 5123 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5121 5124
5122 5125 /*
5123 5126 * audit formats for several of the
5124 5127 * door calls have not yet been determined
5125 5128 */
5126 5129 code = (uint32_t)uap->code;
5127 5130 switch (code) {
5128 5131 case DOOR_CALL:
5129 5132 e = AUE_DOORFS_DOOR_CALL;
5130 5133 break;
5131 5134 case DOOR_RETURN:
5132 5135 e = AUE_NULL;
5133 5136 break;
5134 5137 case DOOR_CREATE:
5135 5138 e = AUE_DOORFS_DOOR_CREATE;
5136 5139 break;
5137 5140 case DOOR_REVOKE:
5138 5141 e = AUE_DOORFS_DOOR_REVOKE;
5139 5142 break;
5140 5143 case DOOR_INFO:
5141 5144 e = AUE_NULL;
5142 5145 break;
5143 5146 case DOOR_UCRED:
5144 5147 e = AUE_NULL;
5145 5148 break;
5146 5149 case DOOR_BIND:
5147 5150 e = AUE_NULL;
5148 5151 break;
5149 5152 case DOOR_UNBIND:
5150 5153 e = AUE_NULL;
5151 5154 break;
5152 5155 case DOOR_GETPARAM:
5153 5156 e = AUE_NULL;
5154 5157 break;
5155 5158 case DOOR_SETPARAM:
5156 5159 e = AUE_NULL;
5157 5160 break;
5158 5161 default: /* illegal system call */
5159 5162 e = AUE_NULL;
5160 5163 break;
5161 5164 }
5162 5165
5163 5166 return (e);
5164 5167 }
5165 5168
5166 5169 static door_node_t *
5167 5170 au_door_lookup(int did)
5168 5171 {
5169 5172 vnode_t *vp;
5170 5173 file_t *fp;
5171 5174
5172 5175 if ((fp = getf(did)) == NULL)
5173 5176 return (NULL);
5174 5177 /*
5175 5178 * Use the underlying vnode (we may be namefs mounted)
5176 5179 */
5177 5180 if (VOP_REALVP(fp->f_vnode, &vp, NULL))
5178 5181 vp = fp->f_vnode;
5179 5182
5180 5183 if (vp == NULL || vp->v_type != VDOOR) {
5181 5184 releasef(did);
5182 5185 return (NULL);
5183 5186 }
5184 5187
5185 5188 return (VTOD(vp));
5186 5189 }
5187 5190
5188 5191 /*ARGSUSED*/
5189 5192 static void
5190 5193 aus_doorfs(struct t_audit_data *tad)
5191 5194 {
5192 5195
5193 5196 struct a { /* doorfs */
5194 5197 long a1;
5195 5198 long a2;
5196 5199 long a3;
5197 5200 long a4;
5198 5201 long a5;
5199 5202 long code;
5200 5203 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5201 5204
5202 5205 door_node_t *dp;
5203 5206 struct proc *p;
5204 5207 uint32_t did;
5205 5208 uid_t uid, ruid;
5206 5209 gid_t gid, rgid;
5207 5210 pid_t pid;
5208 5211 const auditinfo_addr_t *ainfo;
5209 5212 cred_t *cr;
5210 5213
5211 5214 did = (uint32_t)uap->a1;
5212 5215
5213 5216 switch (tad->tad_event) {
5214 5217 case AUE_DOORFS_DOOR_CALL:
5215 5218 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5216 5219 if ((dp = au_door_lookup(did)) == NULL)
5217 5220 break;
5218 5221
5219 5222 if (DOOR_INVALID(dp)) {
5220 5223 releasef(did);
5221 5224 break;
5222 5225 }
5223 5226
5224 5227 if ((p = dp->door_target) == NULL) {
5225 5228 releasef(did);
5226 5229 break;
5227 5230 }
5228 5231 mutex_enter(&p->p_lock);
5229 5232 releasef(did);
5230 5233
5231 5234 pid = p->p_pid;
5232 5235
5233 5236 mutex_enter(&p->p_crlock);
5234 5237 crhold(cr = p->p_cred);
5235 5238 mutex_exit(&p->p_crlock);
5236 5239 mutex_exit(&p->p_lock);
5237 5240
5238 5241 ainfo = crgetauinfo(cr);
5239 5242 if (ainfo == NULL) {
5240 5243 crfree(cr);
5241 5244 return;
5242 5245 }
5243 5246 uid = crgetuid(cr);
5244 5247 gid = crgetgid(cr);
5245 5248 ruid = crgetruid(cr);
5246 5249 rgid = crgetrgid(cr);
5247 5250 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5248 5251 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5249 5252 crfree(cr);
5250 5253 break;
5251 5254 case AUE_DOORFS_DOOR_RETURN:
5252 5255 /*
5253 5256 * We may want to write information about
5254 5257 * all doors (if any) which will be copied
5255 5258 * by this call to the user space
5256 5259 */
5257 5260 break;
5258 5261 case AUE_DOORFS_DOOR_CREATE:
5259 5262 au_uwrite(au_to_arg32(3, "door attr", (uint32_t)uap->a3));
5260 5263 break;
5261 5264 case AUE_DOORFS_DOOR_REVOKE:
5262 5265 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5263 5266 break;
5264 5267 case AUE_DOORFS_DOOR_INFO:
5265 5268 break;
5266 5269 case AUE_DOORFS_DOOR_CRED:
5267 5270 break;
5268 5271 case AUE_DOORFS_DOOR_BIND:
5269 5272 break;
5270 5273 case AUE_DOORFS_DOOR_UNBIND: {
5271 5274 break;
5272 5275 }
5273 5276 default: /* illegal system call */
5274 5277 break;
5275 5278 }
5276 5279 }
5277 5280
5278 5281 /*ARGSUSED*/
5279 5282 static au_event_t
5280 5283 aui_acl(au_event_t e)
5281 5284 {
5282 5285 struct a {
5283 5286 union {
5284 5287 long name; /* char */
5285 5288 long fd;
5286 5289 } obj;
5287 5290
5288 5291 long cmd;
5289 5292 long nentries;
5290 5293 long arg; /* aclent_t */
5291 5294 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5292 5295
5293 5296 switch (uap->cmd) {
5294 5297 case SETACL:
5295 5298 case ACE_SETACL:
5296 5299 /*
5297 5300 * acl(SETACL/ACE_SETACL, ...) and facl(SETACL/ACE_SETACL, ...)
5298 5301 * are expected.
5299 5302 */
5300 5303 break;
5301 5304 case GETACL:
5302 5305 case GETACLCNT:
5303 5306 case ACE_GETACL:
5304 5307 case ACE_GETACLCNT:
5305 5308 /* do nothing for these four values. */
5306 5309 e = AUE_NULL;
5307 5310 break;
5308 5311 default:
5309 5312 /* illegal system call */
5310 5313 break;
5311 5314 }
5312 5315
5313 5316 return (e);
5314 5317 }
5315 5318
5316 5319 static void
5317 5320 au_acl(int cmd, int nentries, caddr_t bufp)
5318 5321 {
5319 5322 size_t a_size;
5320 5323 aclent_t *aclbufp;
5321 5324 ace_t *acebufp;
5322 5325 int i;
5323 5326
5324 5327 switch (cmd) {
5325 5328 case GETACL:
5326 5329 case GETACLCNT:
5327 5330 break;
5328 5331 case SETACL:
5329 5332 if (nentries < 3)
5330 5333 break;
5331 5334
5332 5335 a_size = nentries * sizeof (aclent_t);
5333 5336
5334 5337 if ((aclbufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5335 5338 break;
5336 5339 if (copyin(bufp, aclbufp, a_size)) {
5337 5340 kmem_free(aclbufp, a_size);
5338 5341 break;
5339 5342 }
5340 5343 for (i = 0; i < nentries; i++) {
5341 5344 au_uwrite(au_to_acl(aclbufp + i));
5342 5345 }
5343 5346 kmem_free(aclbufp, a_size);
5344 5347 break;
5345 5348
5346 5349 case ACE_SETACL:
5347 5350 if (nentries < 1 || nentries > MAX_ACL_ENTRIES)
5348 5351 break;
5349 5352
5350 5353 a_size = nentries * sizeof (ace_t);
5351 5354 if ((acebufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5352 5355 break;
5353 5356 if (copyin(bufp, acebufp, a_size)) {
5354 5357 kmem_free(acebufp, a_size);
5355 5358 break;
5356 5359 }
5357 5360 for (i = 0; i < nentries; i++) {
5358 5361 au_uwrite(au_to_ace(acebufp + i));
5359 5362 }
5360 5363 kmem_free(acebufp, a_size);
5361 5364 break;
5362 5365 default:
5363 5366 break;
5364 5367 }
5365 5368 }
5366 5369
5367 5370 /*ARGSUSED*/
5368 5371 static void
5369 5372 aus_acl(struct t_audit_data *tad)
5370 5373 {
5371 5374 struct a {
5372 5375 long fname;
5373 5376 long cmd;
5374 5377 long nentries;
5375 5378 long aclbufp;
5376 5379 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5377 5380
5378 5381 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5379 5382 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5380 5383
5381 5384 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5382 5385 }
5383 5386
5384 5387 /*ARGSUSED*/
5385 5388 static void
5386 5389 aus_facl(struct t_audit_data *tad)
5387 5390 {
5388 5391 struct a {
5389 5392 long fd;
5390 5393 long cmd;
5391 5394 long nentries;
5392 5395 long aclbufp;
5393 5396 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5394 5397 struct file *fp;
5395 5398 struct vnode *vp;
5396 5399 struct f_audit_data *fad;
5397 5400 int fd;
5398 5401
5399 5402 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5400 5403 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5401 5404
5402 5405 fd = (int)uap->fd;
5403 5406
5404 5407 if ((fp = getf(fd)) == NULL)
5405 5408 return;
5406 5409
5407 5410 /* get path from file struct here */
5408 5411 fad = F2A(fp);
5409 5412 if (fad->fad_aupath != NULL) {
5410 5413 au_uwrite(au_to_path(fad->fad_aupath));
5411 5414 } else {
5412 5415 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5413 5416 }
5414 5417
5415 5418 vp = fp->f_vnode;
5416 5419 audit_attributes(vp);
5417 5420
5418 5421 /* decrement file descriptor reference count */
5419 5422 releasef(fd);
5420 5423
5421 5424 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5422 5425 }
5423 5426
5424 5427 /*ARGSUSED*/
5425 5428 static void
5426 5429 auf_read(tad, error, rval)
5427 5430 struct t_audit_data *tad;
5428 5431 int error;
5429 5432 rval_t *rval;
5430 5433 {
5431 5434 struct file *fp;
5432 5435 struct f_audit_data *fad;
5433 5436 int fd;
5434 5437 register struct a {
5435 5438 long fd;
5436 5439 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5437 5440 au_kcontext_t *kctx = GET_KCTX_PZ;
5438 5441
5439 5442 fd = (int)uap->fd;
5440 5443
5441 5444 /*
5442 5445 * convert file pointer to file descriptor
5443 5446 * Note: fd ref count incremented here.
5444 5447 */
5445 5448 if ((fp = getf(fd)) == NULL)
5446 5449 return;
5447 5450
5448 5451 /* get path from file struct here */
5449 5452 fad = F2A(fp);
5450 5453 ASSERT(fad);
5451 5454
5452 5455 /*
5453 5456 * already processed this file for read attempt
5454 5457 *
5455 5458 * XXX might be better to turn off auditing in a aui_read() routine.
5456 5459 */
5457 5460 if (fad->fad_flags & FAD_READ) {
5458 5461 /* don't really want to audit every read attempt */
5459 5462 tad->tad_flag = 0;
5460 5463 /* free any residual audit data */
5461 5464 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5462 5465 releasef(fd);
5463 5466 return;
5464 5467 }
5465 5468 /* mark things so we know what happened and don't repeat things */
5466 5469 fad->fad_flags |= FAD_READ;
5467 5470
5468 5471 if (fad->fad_aupath != NULL) {
5469 5472 au_uwrite(au_to_path(fad->fad_aupath));
5470 5473 } else {
5471 5474 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5472 5475 }
5473 5476
5474 5477 /* include attributes */
5475 5478 audit_attributes(fp->f_vnode);
5476 5479
5477 5480 /* decrement file descriptor reference count */
5478 5481 releasef(fd);
5479 5482 }
5480 5483
5481 5484 /*ARGSUSED*/
5482 5485 static void
5483 5486 auf_write(tad, error, rval)
5484 5487 struct t_audit_data *tad;
5485 5488 int error;
5486 5489 rval_t *rval;
5487 5490 {
5488 5491 struct file *fp;
5489 5492 struct f_audit_data *fad;
5490 5493 int fd;
5491 5494 register struct a {
5492 5495 long fd;
5493 5496 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5494 5497 au_kcontext_t *kctx = GET_KCTX_PZ;
5495 5498
5496 5499 fd = (int)uap->fd;
5497 5500
5498 5501 /*
5499 5502 * convert file pointer to file descriptor
5500 5503 * Note: fd ref count incremented here.
5501 5504 */
5502 5505 if ((fp = getf(fd)) == NULL)
5503 5506 return;
5504 5507
5505 5508 /* get path from file struct here */
5506 5509 fad = F2A(fp);
5507 5510 ASSERT(fad);
5508 5511
5509 5512 /*
5510 5513 * already processed this file for write attempt
5511 5514 *
5512 5515 * XXX might be better to turn off auditing in a aus_write() routine.
5513 5516 */
5514 5517 if (fad->fad_flags & FAD_WRITE) {
5515 5518 /* don't really want to audit every write attempt */
5516 5519 tad->tad_flag = 0;
5517 5520 /* free any residual audit data */
5518 5521 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5519 5522 releasef(fd);
5520 5523 return;
5521 5524 }
5522 5525 /* mark things so we know what happened and don't repeat things */
5523 5526 fad->fad_flags |= FAD_WRITE;
5524 5527
5525 5528 if (fad->fad_aupath != NULL) {
5526 5529 au_uwrite(au_to_path(fad->fad_aupath));
5527 5530 } else {
5528 5531 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5529 5532 }
5530 5533
5531 5534 /* include attributes */
5532 5535 audit_attributes(fp->f_vnode);
5533 5536
5534 5537 /* decrement file descriptor reference count */
5535 5538 releasef(fd);
5536 5539 }
5537 5540
5538 5541 /*ARGSUSED*/
5539 5542 static void
5540 5543 auf_recv(tad, error, rval)
5541 5544 struct t_audit_data *tad;
5542 5545 int error;
5543 5546 rval_t *rval;
5544 5547 {
5545 5548 struct sonode *so;
5546 5549 char so_laddr[sizeof (struct sockaddr_in6)];
5547 5550 char so_faddr[sizeof (struct sockaddr_in6)];
5548 5551 struct file *fp;
5549 5552 struct f_audit_data *fad;
5550 5553 int fd;
5551 5554 int err;
5552 5555 socklen_t len;
5553 5556 short so_family, so_type;
5554 5557 register struct a {
5555 5558 long fd;
5556 5559 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5557 5560 au_kcontext_t *kctx = GET_KCTX_PZ;
5558 5561
5559 5562 /*
5560 5563 * If there was an error, then nothing to do. Only generate
5561 5564 * audit record on first successful recv.
5562 5565 */
5563 5566 if (error) {
5564 5567 /* Turn off audit record generation here. */
5565 5568 tad->tad_flag = 0;
5566 5569 /* free any residual audit data */
5567 5570 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5568 5571 return;
5569 5572 }
5570 5573
5571 5574 fd = (int)uap->fd;
5572 5575
5573 5576 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5574 5577 /* Turn off audit record generation here. */
5575 5578 tad->tad_flag = 0;
5576 5579 /* free any residual audit data */
5577 5580 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5578 5581 return;
5579 5582 }
5580 5583
5581 5584 /* get path from file struct here */
5582 5585 fad = F2A(fp);
5583 5586 ASSERT(fad);
5584 5587
5585 5588 /*
5586 5589 * already processed this file for read attempt
5587 5590 */
5588 5591 if (fad->fad_flags & FAD_READ) {
5589 5592 releasef(fd);
5590 5593 /* don't really want to audit every recv call */
5591 5594 tad->tad_flag = 0;
5592 5595 /* free any residual audit data */
5593 5596 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5594 5597 return;
5595 5598 }
5596 5599
5597 5600 /* mark things so we know what happened and don't repeat things */
5598 5601 fad->fad_flags |= FAD_READ;
5599 5602
5600 5603 so_family = so->so_family;
5601 5604 so_type = so->so_type;
5602 5605
5603 5606 switch (so_family) {
5604 5607 case AF_INET:
5605 5608 case AF_INET6:
5606 5609 /*
5607 5610 * Only for connections.
5608 5611 * XXX - do we need to worry about SOCK_DGRAM or other types???
5609 5612 */
5610 5613 if (so->so_state & SS_ISBOUND) {
5611 5614
5612 5615 bzero((void *)so_laddr, sizeof (so_laddr));
5613 5616 bzero((void *)so_faddr, sizeof (so_faddr));
5614 5617
5615 5618 /* get local and foreign addresses */
5616 5619 len = sizeof (so_laddr);
5617 5620 (void) socket_getsockname(so,
5618 5621 (struct sockaddr *)so_laddr, &len, CRED());
5619 5622 len = sizeof (so_faddr);
5620 5623 (void) socket_getpeername(so,
5621 5624 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5622 5625
5623 5626 /*
5624 5627 * only way to drop out of switch. Note that we
5625 5628 * we release fd below.
5626 5629 */
5627 5630
5628 5631 break;
5629 5632 }
5630 5633
5631 5634 releasef(fd);
5632 5635
5633 5636 /* don't really want to audit every recv call */
5634 5637 tad->tad_flag = 0;
5635 5638 /* free any residual audit data */
5636 5639 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5637 5640
5638 5641 return;
5639 5642
5640 5643 case AF_UNIX:
5641 5644
5642 5645 if (fad->fad_aupath != NULL) {
5643 5646 au_uwrite(au_to_path(fad->fad_aupath));
5644 5647 } else {
5645 5648 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5646 5649 }
5647 5650
5648 5651 audit_attributes(fp->f_vnode);
5649 5652
5650 5653 releasef(fd);
5651 5654
5652 5655 return;
5653 5656
5654 5657 default:
5655 5658 releasef(fd);
5656 5659
5657 5660 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5658 5661 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5659 5662 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5660 5663
5661 5664 return;
5662 5665 }
5663 5666
5664 5667 releasef(fd);
5665 5668
5666 5669 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5667 5670
5668 5671 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5669 5672
5670 5673 }
5671 5674
5672 5675 /*ARGSUSED*/
5673 5676 static void
5674 5677 auf_send(tad, error, rval)
5675 5678 struct t_audit_data *tad;
5676 5679 int error;
5677 5680 rval_t *rval;
5678 5681 {
5679 5682 struct sonode *so;
5680 5683 char so_laddr[sizeof (struct sockaddr_in6)];
5681 5684 char so_faddr[sizeof (struct sockaddr_in6)];
5682 5685 struct file *fp;
5683 5686 struct f_audit_data *fad;
5684 5687 int fd;
5685 5688 int err;
5686 5689 socklen_t len;
5687 5690 short so_family, so_type;
5688 5691 register struct a {
5689 5692 long fd;
5690 5693 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5691 5694 au_kcontext_t *kctx = GET_KCTX_PZ;
5692 5695
5693 5696 fd = (int)uap->fd;
5694 5697
5695 5698 /*
5696 5699 * If there was an error, then nothing to do. Only generate
5697 5700 * audit record on first successful send.
5698 5701 */
5699 5702 if (error != 0) {
5700 5703 /* Turn off audit record generation here. */
5701 5704 tad->tad_flag = 0;
5702 5705 /* free any residual audit data */
5703 5706 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5704 5707 return;
5705 5708 }
5706 5709
5707 5710 fd = (int)uap->fd;
5708 5711
5709 5712 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5710 5713 /* Turn off audit record generation here. */
5711 5714 tad->tad_flag = 0;
5712 5715 /* free any residual audit data */
5713 5716 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5714 5717 return;
5715 5718 }
5716 5719
5717 5720 /* get path from file struct here */
5718 5721 fad = F2A(fp);
5719 5722 ASSERT(fad);
5720 5723
5721 5724 /*
5722 5725 * already processed this file for write attempt
5723 5726 */
5724 5727 if (fad->fad_flags & FAD_WRITE) {
5725 5728 releasef(fd);
5726 5729 /* don't really want to audit every send call */
5727 5730 tad->tad_flag = 0;
5728 5731 /* free any residual audit data */
5729 5732 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5730 5733 return;
5731 5734 }
5732 5735
5733 5736 /* mark things so we know what happened and don't repeat things */
5734 5737 fad->fad_flags |= FAD_WRITE;
5735 5738
5736 5739 so_family = so->so_family;
5737 5740 so_type = so->so_type;
5738 5741
5739 5742 switch (so_family) {
5740 5743 case AF_INET:
5741 5744 case AF_INET6:
5742 5745 /*
5743 5746 * Only for connections.
5744 5747 * XXX - do we need to worry about SOCK_DGRAM or other types???
5745 5748 */
5746 5749 if (so->so_state & SS_ISBOUND) {
5747 5750
5748 5751 bzero((void *)so_laddr, sizeof (so_laddr));
5749 5752 bzero((void *)so_faddr, sizeof (so_faddr));
5750 5753
5751 5754 /* get local and foreign addresses */
5752 5755 len = sizeof (so_laddr);
5753 5756 (void) socket_getsockname(so,
5754 5757 (struct sockaddr *)so_laddr, &len, CRED());
5755 5758 len = sizeof (so_faddr);
5756 5759 (void) socket_getpeername(so,
5757 5760 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5758 5761
5759 5762 /*
5760 5763 * only way to drop out of switch. Note that we
5761 5764 * we release fd below.
5762 5765 */
5763 5766
5764 5767 break;
5765 5768 }
5766 5769
5767 5770 releasef(fd);
5768 5771 /* don't really want to audit every send call */
5769 5772 tad->tad_flag = 0;
5770 5773 /* free any residual audit data */
5771 5774 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5772 5775
5773 5776 return;
5774 5777
5775 5778 case AF_UNIX:
5776 5779
5777 5780 if (fad->fad_aupath != NULL) {
5778 5781 au_uwrite(au_to_path(fad->fad_aupath));
5779 5782 } else {
5780 5783 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5781 5784 }
5782 5785
5783 5786 audit_attributes(fp->f_vnode);
5784 5787
5785 5788 releasef(fd);
5786 5789
5787 5790 return;
5788 5791
5789 5792 default:
5790 5793 releasef(fd);
5791 5794
5792 5795 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5793 5796 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5794 5797 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5795 5798
5796 5799 return;
5797 5800 }
5798 5801
5799 5802 releasef(fd);
5800 5803
5801 5804 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5802 5805
5803 5806 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5804 5807 }
5805 5808
5806 5809 static au_event_t
5807 5810 aui_forksys(au_event_t e)
5808 5811 {
5809 5812 struct a {
5810 5813 long subcode;
5811 5814 long flags;
5812 5815 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5813 5816
5814 5817 switch ((uint_t)uap->subcode) {
5815 5818 case 0:
5816 5819 e = AUE_FORK1;
5817 5820 break;
5818 5821 case 1:
5819 5822 e = AUE_FORKALL;
5820 5823 break;
5821 5824 case 2:
5822 5825 e = AUE_VFORK;
5823 5826 break;
5824 5827 default:
5825 5828 e = AUE_NULL;
5826 5829 break;
5827 5830 }
5828 5831
5829 5832 return (e);
5830 5833 }
5831 5834
5832 5835 /*ARGSUSED*/
5833 5836 static au_event_t
5834 5837 aui_portfs(au_event_t e)
5835 5838 {
5836 5839 struct a { /* portfs */
5837 5840 long a1;
5838 5841 long a2;
5839 5842 long a3;
5840 5843 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5841 5844
5842 5845 /*
5843 5846 * check opcode
5844 5847 */
5845 5848 switch (((uint_t)uap->a1) & PORT_CODE_MASK) {
5846 5849 case PORT_ASSOCIATE:
5847 5850 /* check source */
5848 5851 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5849 5852 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5850 5853 e = AUE_PORTFS_ASSOCIATE;
5851 5854 } else {
5852 5855 e = AUE_NULL;
5853 5856 }
5854 5857 break;
5855 5858 case PORT_DISSOCIATE:
5856 5859 /* check source */
5857 5860 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5858 5861 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5859 5862 e = AUE_PORTFS_DISSOCIATE;
5860 5863 } else {
5861 5864 e = AUE_NULL;
5862 5865 }
5863 5866 break;
5864 5867 default:
5865 5868 e = AUE_NULL;
5866 5869 }
5867 5870 return (e);
5868 5871 }
|
↓ open down ↓ |
5113 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX