Print this page
cstyle sort of updates
7127 remove -Wno-missing-braces from Makefile.uts
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/c2/audit_event.c
+++ new/usr/src/uts/common/c2/audit_event.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright (c) 2011 Bayard G. Bell. All rights reserved.
25 25 */
26 26
27 27 /*
28 28 * This file contains the audit event table used to control the production
29 29 * of audit records for each system call.
30 30 */
31 31
32 32 #include <sys/policy.h>
33 33 #include <sys/cred.h>
34 34 #include <sys/types.h>
35 35 #include <sys/systm.h>
36 36 #include <sys/systeminfo.h> /* for sysinfo auditing */
37 37 #include <sys/utsname.h> /* for sysinfo auditing */
38 38 #include <sys/proc.h>
39 39 #include <sys/vnode.h>
40 40 #include <sys/mman.h> /* for mmap(2) auditing etc. */
41 41 #include <sys/fcntl.h>
42 42 #include <sys/modctl.h> /* for modctl auditing */
43 43 #include <sys/vnode.h>
44 44 #include <sys/user.h>
45 45 #include <sys/types.h>
46 46 #include <sys/processor.h>
47 47 #include <sys/procset.h>
48 48 #include <sys/acl.h>
49 49 #include <sys/ipc.h>
50 50 #include <sys/door.h>
51 51 #include <sys/sem.h>
52 52 #include <sys/msg.h>
53 53 #include <sys/shm.h>
54 54 #include <sys/kmem.h>
55 55 #include <sys/file.h> /* for accept */
56 56 #include <sys/utssys.h> /* for fuser */
57 57 #include <sys/tsol/label.h>
58 58 #include <sys/tsol/tndb.h>
59 59 #include <sys/tsol/tsyscall.h>
60 60 #include <c2/audit.h>
61 61 #include <c2/audit_kernel.h>
62 62 #include <c2/audit_kevents.h>
63 63 #include <c2/audit_record.h>
64 64 #include <sys/procset.h>
65 65 #include <nfs/mount.h>
66 66 #include <sys/param.h>
67 67 #include <sys/debug.h>
68 68 #include <sys/sysmacros.h>
69 69 #include <sys/stream.h>
70 70 #include <sys/strsubr.h>
71 71 #include <sys/stropts.h>
72 72 #include <sys/tihdr.h>
73 73 #include <sys/socket.h>
74 74 #include <sys/socketvar.h>
75 75 #include <sys/vfs_opreg.h>
76 76 #include <fs/sockfs/sockcommon.h>
77 77 #include <netinet/in.h>
78 78 #include <sys/ddi.h>
79 79 #include <sys/port_impl.h>
80 80
81 81 static au_event_t aui_fchownat(au_event_t);
82 82 static au_event_t aui_fchmodat(au_event_t);
83 83 static au_event_t aui_open(au_event_t);
84 84 static au_event_t aui_openat(au_event_t);
85 85 static au_event_t aui_unlinkat(au_event_t);
86 86 static au_event_t aui_fstatat(au_event_t);
87 87 static au_event_t aui_msgsys(au_event_t);
88 88 static au_event_t aui_shmsys(au_event_t);
89 89 static au_event_t aui_semsys(au_event_t);
90 90 static au_event_t aui_utssys(au_event_t);
91 91 static au_event_t aui_fcntl(au_event_t);
92 92 static au_event_t aui_execve(au_event_t);
93 93 static au_event_t aui_memcntl(au_event_t);
94 94 static au_event_t aui_sysinfo(au_event_t);
95 95 static au_event_t aui_portfs(au_event_t);
96 96 static au_event_t aui_auditsys(au_event_t);
97 97 static au_event_t aui_modctl(au_event_t);
98 98 static au_event_t aui_acl(au_event_t);
99 99 static au_event_t aui_doorfs(au_event_t);
100 100 static au_event_t aui_privsys(au_event_t);
101 101 static au_event_t aui_forksys(au_event_t);
102 102 static au_event_t aui_labelsys(au_event_t);
103 103 static au_event_t aui_setpgrp(au_event_t);
104 104
105 105 static void aus_exit(struct t_audit_data *);
106 106 static void aus_open(struct t_audit_data *);
107 107 static void aus_openat(struct t_audit_data *);
108 108 static void aus_acl(struct t_audit_data *);
109 109 static void aus_acct(struct t_audit_data *);
110 110 static void aus_chown(struct t_audit_data *);
111 111 static void aus_fchown(struct t_audit_data *);
112 112 static void aus_lchown(struct t_audit_data *);
113 113 static void aus_fchownat(struct t_audit_data *);
114 114 static void aus_chmod(struct t_audit_data *);
115 115 static void aus_facl(struct t_audit_data *);
116 116 static void aus_fchmod(struct t_audit_data *);
117 117 static void aus_fchmodat(struct t_audit_data *);
118 118 static void aus_fcntl(struct t_audit_data *);
119 119 static void aus_mkdir(struct t_audit_data *);
120 120 static void aus_mkdirat(struct t_audit_data *);
121 121 static void aus_mknod(struct t_audit_data *);
122 122 static void aus_mknodat(struct t_audit_data *);
123 123 static void aus_mount(struct t_audit_data *);
124 124 static void aus_umount2(struct t_audit_data *);
125 125 static void aus_msgsys(struct t_audit_data *);
126 126 static void aus_semsys(struct t_audit_data *);
127 127 static void aus_close(struct t_audit_data *);
128 128 static void aus_fstatfs(struct t_audit_data *);
129 129 static void aus_setgid(struct t_audit_data *);
130 130 static void aus_setpgrp(struct t_audit_data *);
131 131 static void aus_setuid(struct t_audit_data *);
132 132 static void aus_shmsys(struct t_audit_data *);
133 133 static void aus_doorfs(struct t_audit_data *);
134 134 static void aus_ioctl(struct t_audit_data *);
135 135 static void aus_memcntl(struct t_audit_data *);
136 136 static void aus_mmap(struct t_audit_data *);
137 137 static void aus_munmap(struct t_audit_data *);
138 138 static void aus_priocntlsys(struct t_audit_data *);
139 139 static void aus_setegid(struct t_audit_data *);
140 140 static void aus_setgroups(struct t_audit_data *);
141 141 static void aus_seteuid(struct t_audit_data *);
142 142 static void aus_putmsg(struct t_audit_data *);
143 143 static void aus_putpmsg(struct t_audit_data *);
144 144 static void aus_getmsg(struct t_audit_data *);
145 145 static void aus_getpmsg(struct t_audit_data *);
146 146 static void aus_auditsys(struct t_audit_data *);
147 147 static void aus_sysinfo(struct t_audit_data *);
148 148 static void aus_modctl(struct t_audit_data *);
149 149 static void aus_kill(struct t_audit_data *);
150 150 static void aus_setregid(struct t_audit_data *);
151 151 static void aus_setreuid(struct t_audit_data *);
152 152 static void aus_labelsys(struct t_audit_data *);
153 153
154 154 static void auf_mknod(struct t_audit_data *, int, rval_t *);
155 155 static void auf_mknodat(struct t_audit_data *, int, rval_t *);
156 156 static void auf_msgsys(struct t_audit_data *, int, rval_t *);
157 157 static void auf_semsys(struct t_audit_data *, int, rval_t *);
158 158 static void auf_shmsys(struct t_audit_data *, int, rval_t *);
159 159 static void auf_read(struct t_audit_data *, int, rval_t *);
160 160 static void auf_write(struct t_audit_data *, int, rval_t *);
161 161
162 162 static void aus_sigqueue(struct t_audit_data *);
163 163 static void aus_p_online(struct t_audit_data *);
164 164 static void aus_processor_bind(struct t_audit_data *);
165 165 static void aus_inst_sync(struct t_audit_data *);
166 166 static void aus_brandsys(struct t_audit_data *);
167 167
168 168 static void auf_accept(struct t_audit_data *, int, rval_t *);
169 169
170 170 static void auf_bind(struct t_audit_data *, int, rval_t *);
171 171 static void auf_connect(struct t_audit_data *, int, rval_t *);
172 172 static void aus_shutdown(struct t_audit_data *);
173 173 static void auf_setsockopt(struct t_audit_data *, int, rval_t *);
174 174 static void aus_sockconfig(struct t_audit_data *);
175 175 static void auf_recv(struct t_audit_data *, int, rval_t *);
176 176 static void auf_recvmsg(struct t_audit_data *, int, rval_t *);
177 177 static void auf_send(struct t_audit_data *, int, rval_t *);
178 178 static void auf_sendmsg(struct t_audit_data *, int, rval_t *);
179 179 static void auf_recvfrom(struct t_audit_data *, int, rval_t *);
180 180 static void auf_sendto(struct t_audit_data *, int, rval_t *);
181 181 static void aus_socket(struct t_audit_data *);
182 182 /*
183 183 * This table contains mapping information for converting system call numbers
184 184 * to audit event IDs. In several cases it is necessary to map a single system
185 185 * call to several events.
186 186 */
187 187
188 188 #define aui_null NULL /* NULL initialize function */
189 189 #define aus_null NULL /* NULL start function */
190 190 #define auf_null NULL /* NULL finish function */
191 191
192 192 struct audit_s2e audit_s2e[] =
|
↓ open down ↓ |
192 lines elided |
↑ open up ↑ |
193 193 {
194 194 /*
195 195 * ---------- ---------- ---------- ----------
196 196 * INITIAL AUDIT START SYSTEM
197 197 * PROCESSING EVENT PROCESSING CALL
198 198 * ---------- ---------- ---------- -----------
199 199 * FINISH EVENT
200 200 * PROCESSING CONTROL
201 201 * ----------------------------------------------------------
202 202 */
203 -aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
204 - auf_null, 0,
205 -aui_null, AUE_EXIT, aus_exit, /* 1 exit */
206 - auf_null, S2E_NPT,
207 -aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
208 - auf_null, 0,
209 -aui_null, AUE_READ, aus_null, /* 3 read */
210 - auf_read, S2E_PUB,
211 -aui_null, AUE_WRITE, aus_null, /* 4 write */
212 - auf_write, 0,
213 -aui_open, AUE_OPEN, aus_open, /* 5 open */
214 - auf_null, S2E_SP,
215 -aui_null, AUE_CLOSE, aus_close, /* 6 close */
216 - auf_null, 0,
217 -aui_null, AUE_LINK, aus_null, /* 7 linkat */
218 - auf_null, 0,
219 -aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
220 - auf_null, 0,
221 -aui_null, AUE_LINK, aus_null, /* 9 link */
222 - auf_null, 0,
223 -aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
224 - auf_null, 0,
225 -aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
226 - auf_null, 0,
227 -aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
228 - auf_null, S2E_SP,
229 -aui_null, AUE_NULL, aus_null, /* 13 time */
230 - auf_null, 0,
231 -aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */
232 - auf_mknod, S2E_MLD,
233 -aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */
234 - auf_null, 0,
235 -aui_null, AUE_CHOWN, aus_chown, /* 16 chown */
236 - auf_null, 0,
237 -aui_null, AUE_NULL, aus_null, /* 17 brk */
238 - auf_null, 0,
239 -aui_null, AUE_STAT, aus_null, /* 18 stat */
240 - auf_null, S2E_PUB,
241 -aui_null, AUE_NULL, aus_null, /* 19 lseek */
242 - auf_null, 0,
243 -aui_null, AUE_NULL, aus_null, /* 20 getpid */
244 - auf_null, 0,
245 -aui_null, AUE_MOUNT, aus_mount, /* 21 mount */
246 - auf_null, S2E_MLD,
247 -aui_null, AUE_READLINK, aus_null, /* 22 readlinkat */
248 - auf_null, S2E_PUB,
249 -aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */
250 - auf_null, 0,
251 -aui_null, AUE_NULL, aus_null, /* 24 getuid */
252 - auf_null, 0,
253 -aui_null, AUE_STIME, aus_null, /* 25 stime */
254 - auf_null, 0,
255 -aui_null, AUE_NULL, aus_null, /* 26 pcsample */
256 - auf_null, 0,
257 -aui_null, AUE_NULL, aus_null, /* 27 alarm */
258 - auf_null, 0,
259 -aui_null, AUE_NULL, aus_null, /* 28 fstat */
260 - auf_null, 0,
261 -aui_null, AUE_NULL, aus_null, /* 29 pause */
262 - auf_null, 0,
263 -aui_null, AUE_NULL, aus_null, /* 30 (loadable) was utime */
264 - auf_null, 0,
265 -aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */
266 - auf_null, 0,
267 -aui_null, AUE_NULL, aus_null, /* 32 gtty */
268 - auf_null, 0,
269 -aui_null, AUE_ACCESS, aus_null, /* 33 access */
270 - auf_null, S2E_PUB,
271 -aui_null, AUE_NICE, aus_null, /* 34 nice */
272 - auf_null, 0,
273 -aui_null, AUE_STATFS, aus_null, /* 35 statfs */
274 - auf_null, S2E_PUB,
275 -aui_null, AUE_NULL, aus_null, /* 36 sync */
276 - auf_null, 0,
277 -aui_null, AUE_KILL, aus_kill, /* 37 kill */
278 - auf_null, 0,
279 -aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */
280 - auf_null, S2E_PUB,
281 -aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */
282 - auf_null, 0,
283 -aui_null, AUE_NULL, aus_null, /* 40 uucopystr */
284 - auf_null, 0,
285 -aui_null, AUE_NULL, aus_null, /* 41 (loadable) was dup */
286 - auf_null, 0,
287 -aui_null, AUE_PIPE, aus_null, /* 42 (loadable) pipe */
288 - auf_null, 0,
289 -aui_null, AUE_NULL, aus_null, /* 43 times */
290 - auf_null, 0,
291 -aui_null, AUE_NULL, aus_null, /* 44 profil */
292 - auf_null, 0,
293 -aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */
294 - auf_null, S2E_PUB,
295 -aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */
296 - auf_null, 0,
297 -aui_null, AUE_NULL, aus_null, /* 47 getgid */
298 - auf_null, 0,
299 -aui_null, AUE_MKNOD, aus_mknodat, /* 48 mknodat */
300 - auf_mknodat, S2E_MLD,
301 -aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) msgsys */
302 - auf_msgsys, 0,
203 +/* BEGIN CSTYLED */
204 + { aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */
205 + auf_null, 0 },
206 + { aui_null, AUE_EXIT, aus_exit, /* 1 exit */
207 + auf_null, S2E_NPT },
208 + { aui_null, AUE_NULL, aus_null, /* 2 (loadable) was forkall */
209 + auf_null, 0 },
210 + { aui_null, AUE_READ, aus_null, /* 3 read */
211 + auf_read, S2E_PUB },
212 + { aui_null, AUE_WRITE, aus_null, /* 4 write */
213 + auf_write, 0 },
214 + { aui_open, AUE_OPEN, aus_open, /* 5 open */
215 + auf_null, S2E_SP },
216 + { aui_null, AUE_CLOSE, aus_close, /* 6 close */
217 + auf_null, 0 },
218 + { aui_null, AUE_LINK, aus_null, /* 7 linkat */
219 + auf_null, 0 },
220 + { aui_null, AUE_NULL, aus_null, /* 8 (loadable) was creat */
221 + auf_null, 0 },
222 + { aui_null, AUE_LINK, aus_null, /* 9 link */
223 + auf_null, 0 },
224 + { aui_null, AUE_UNLINK, aus_null, /* 10 unlink */
225 + auf_null, 0 },
226 + { aui_null, AUE_SYMLINK, aus_null, /* 11 symlinkat */
227 + auf_null, 0 },
228 + { aui_null, AUE_CHDIR, aus_null, /* 12 chdir */
229 + auf_null, S2E_SP },
230 + { aui_null, AUE_NULL, aus_null, /* 13 time */
231 + auf_null, 0 },
232 + { aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */
233 + auf_mknod, S2E_MLD },
234 + { aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */
235 + auf_null, 0 },
236 + { aui_null, AUE_CHOWN, aus_chown, /* 16 chown */
237 + auf_null, 0 },
238 + { aui_null, AUE_NULL, aus_null, /* 17 brk */
239 + auf_null, 0 },
240 + { aui_null, AUE_STAT, aus_null, /* 18 stat */
241 + auf_null, S2E_PUB },
242 + { aui_null, AUE_NULL, aus_null, /* 19 lseek */
243 + auf_null, 0 },
244 + { aui_null, AUE_NULL, aus_null, /* 20 getpid */
245 + auf_null, 0 },
246 + { aui_null, AUE_MOUNT, aus_mount, /* 21 mount */
247 + auf_null, S2E_MLD },
248 + { aui_null, AUE_READLINK, aus_null, /* 22 readlinkat */
249 + auf_null, S2E_PUB },
250 + { aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */
251 + auf_null, 0 },
252 + { aui_null, AUE_NULL, aus_null, /* 24 getuid */
253 + auf_null, 0 },
254 + { aui_null, AUE_STIME, aus_null, /* 25 stime */
255 + auf_null, 0 },
256 + { aui_null, AUE_NULL, aus_null, /* 26 pcsample */
257 + auf_null, 0 },
258 + { aui_null, AUE_NULL, aus_null, /* 27 alarm */
259 + auf_null, 0 },
260 + { aui_null, AUE_NULL, aus_null, /* 28 fstat */
261 + auf_null, 0 },
262 + { aui_null, AUE_NULL, aus_null, /* 29 pause */
263 + auf_null, 0 },
264 + { aui_null, AUE_NULL, aus_null, /* 30 (loadable) was utime */
265 + auf_null, 0 },
266 + { aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */
267 + auf_null, 0 },
268 + { aui_null, AUE_NULL, aus_null, /* 32 gtty */
269 + auf_null, 0 },
270 + { aui_null, AUE_ACCESS, aus_null, /* 33 access */
271 + auf_null, S2E_PUB },
272 + { aui_null, AUE_NICE, aus_null, /* 34 nice */
273 + auf_null, 0 },
274 + { aui_null, AUE_STATFS, aus_null, /* 35 statfs */
275 + auf_null, S2E_PUB },
276 + { aui_null, AUE_NULL, aus_null, /* 36 sync */
277 + auf_null, 0 },
278 + { aui_null, AUE_KILL, aus_kill, /* 37 kill */
279 + auf_null, 0 },
280 + { aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */
281 + auf_null, S2E_PUB },
282 + { aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */
283 + auf_null, 0 },
284 + { aui_null, AUE_NULL, aus_null, /* 40 uucopystr */
285 + auf_null, 0 },
286 + { aui_null, AUE_NULL, aus_null, /* 41 (loadable) was dup */
287 + auf_null, 0 },
288 + { aui_null, AUE_PIPE, aus_null, /* 42 (loadable) pipe */
289 + auf_null, 0 },
290 + { aui_null, AUE_NULL, aus_null, /* 43 times */
291 + auf_null, 0 },
292 + { aui_null, AUE_NULL, aus_null, /* 44 profil */
293 + auf_null, 0 },
294 + { aui_null, AUE_ACCESS, aus_null, /* 45 faccessat */
295 + auf_null, S2E_PUB },
296 + { aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */
297 + auf_null, 0 },
298 + { aui_null, AUE_NULL, aus_null, /* 47 getgid */
299 + auf_null, 0 },
300 + { aui_null, AUE_MKNOD, aus_mknodat, /* 48 mknodat */
301 + auf_mknodat, S2E_MLD },
302 + { aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) msgsys */
303 + auf_msgsys, 0 },
303 304 #if defined(__x86)
304 -aui_null, AUE_NULL, aus_null, /* 50 sysi86 */
305 - auf_null, 0,
305 + { aui_null, AUE_NULL, aus_null, /* 50 sysi86 */
306 + auf_null, 0 },
306 307 #else
307 -aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */
308 - auf_null, 0,
308 + { aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */
309 + auf_null, 0 },
309 310 #endif /* __x86 */
310 -aui_null, AUE_ACCT, aus_acct, /* 51 (loadable) sysacct */
311 - auf_null, 0,
312 -aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 (loadable) shmsys */
313 - auf_shmsys, 0,
314 -aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 (loadable) semsys */
315 - auf_semsys, 0,
316 -aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */
317 - auf_null, 0,
318 -aui_null, AUE_NULL, aus_null, /* 55 uadmin */
319 - auf_null, 0,
320 -aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */
321 - auf_null, 0,
322 -aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */
323 - auf_null, 0,
324 -aui_null, AUE_NULL, aus_null, /* 58 fsync */
325 - auf_null, 0,
326 -aui_execve, AUE_EXECVE, aus_null, /* 59 exece */
327 - auf_null, S2E_MLD,
328 -aui_null, AUE_NULL, aus_null, /* 60 umask */
329 - auf_null, 0,
330 -aui_null, AUE_CHROOT, aus_null, /* 61 chroot */
331 - auf_null, S2E_SP,
332 -aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */
333 - auf_null, 0,
334 -aui_null, AUE_NULL, aus_null, /* 63 ulimit */
335 - auf_null, 0,
336 -aui_null, AUE_RENAME, aus_null, /* 64 renameat */
337 - auf_null, 0,
338 -aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */
339 - auf_null, 0,
340 -aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */
341 - auf_null, S2E_PUB,
342 -aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */
343 - auf_null, S2E_PUB,
344 -aui_openat, AUE_OPEN, aus_openat, /* 68 openat */
345 - auf_null, S2E_SP,
346 -aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */
347 - auf_null, S2E_SP,
348 -aui_null, AUE_NULL, aus_null, /* 70 tasksys */
349 - auf_null, 0,
350 -aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */
351 - auf_null, 0,
352 -aui_null, AUE_NULL, aus_null, /* 72 (loadable) exacct */
353 - auf_null, 0,
354 -aui_null, AUE_NULL, aus_null, /* 73 getpagesizes */
355 - auf_null, 0,
356 -aui_null, AUE_NULL, aus_null, /* 74 rctlsys */
357 - auf_null, 0,
358 -aui_null, AUE_NULL, aus_null, /* 75 sidsys */
359 - auf_null, 0,
360 -aui_null, AUE_NULL, aus_null, /* 76 (loadable) was fsat */
361 - auf_null, 0,
362 -aui_null, AUE_NULL, aus_null, /* 77 syslwp_park */
363 - auf_null, 0,
364 -aui_null, AUE_NULL, aus_null, /* 78 sendfilev */
365 - auf_null, 0,
366 -aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */
367 - auf_null, 0,
368 -aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */
369 - auf_null, 0,
370 -aui_null, AUE_NULL, aus_null, /* 81 getdents */
371 - auf_null, 0,
372 -aui_privsys, AUE_NULL, aus_null, /* 82 privsys */
373 - auf_null, 0,
374 -aui_null, AUE_NULL, aus_null, /* 83 ucredsys */
375 - auf_null, 0,
376 -aui_null, AUE_NULL, aus_null, /* 84 sysfs */
377 - auf_null, 0,
378 -aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */
379 - auf_null, 0,
380 -aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */
381 - auf_null, 0,
382 -aui_null, AUE_NULL, aus_null, /* 87 (loadable) was poll */
383 - auf_null, 0,
384 -aui_null, AUE_LSTAT, aus_null, /* 88 lstat */
385 - auf_null, S2E_PUB,
386 -aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */
387 - auf_null, 0,
388 -aui_null, AUE_READLINK, aus_null, /* 90 readlink */
389 - auf_null, S2E_PUB,
390 -aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */
391 - auf_null, 0,
392 -aui_null, AUE_NULL, aus_null, /* 92 getgroups */
393 - auf_null, 0,
394 -aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */
395 - auf_null, 0,
396 -aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */
397 - auf_null, 0,
398 -aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */
399 - auf_null, 0,
400 -aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */
401 - auf_null, 0,
402 -aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */
403 - auf_null, 0,
404 -aui_null, AUE_NULL, aus_null, /* 98 sigaction */
405 - auf_null, 0,
406 -aui_null, AUE_NULL, aus_null, /* 99 sigpending */
407 - auf_null, 0,
408 -aui_null, AUE_NULL, aus_null, /* 100 setcontext */
409 - auf_null, 0,
410 -aui_fchmodat, AUE_NULL, aus_fchmodat, /* 101 fchmodat */
411 - auf_null, 0,
412 -aui_null, AUE_MKDIR, aus_mkdirat, /* 102 mkdirat */
413 - auf_null, 0,
414 -aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */
415 - auf_null, S2E_PUB,
416 -aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */
417 - auf_null, 0,
418 -aui_null, AUE_NULL, aus_null, /* 105 getloadavg */
419 - auf_null, 0,
420 -aui_null, AUE_NULL, aus_null, /* 106 nfssys */
421 - auf_null, 0,
422 -aui_null, AUE_NULL, aus_null, /* 107 waitsys */
423 - auf_null, 0,
424 -aui_null, AUE_NULL, aus_null, /* 108 sigsendsys */
425 - auf_null, 0,
311 + { aui_null, AUE_ACCT, aus_acct, /* 51 (loadable) sysacct */
312 + auf_null, 0 },
313 + { aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 (loadable) shmsys */
314 + auf_shmsys, 0 },
315 + { aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 (loadable) semsys */
316 + auf_semsys, 0 },
317 + { aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */
318 + auf_null, 0 },
319 + { aui_null, AUE_NULL, aus_null, /* 55 uadmin */
320 + auf_null, 0 },
321 + { aui_fchownat, AUE_NULL, aus_fchownat, /* 56 fchownat */
322 + auf_null, 0 },
323 + { aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */
324 + auf_null, 0 },
325 + { aui_null, AUE_NULL, aus_null, /* 58 fsync */
326 + auf_null, 0 },
327 + { aui_execve, AUE_EXECVE, aus_null, /* 59 exece */
328 + auf_null, S2E_MLD },
329 + { aui_null, AUE_NULL, aus_null, /* 60 umask */
330 + auf_null, 0 },
331 + { aui_null, AUE_CHROOT, aus_null, /* 61 chroot */
332 + auf_null, S2E_SP },
333 + { aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */
334 + auf_null, 0 },
335 + { aui_null, AUE_NULL, aus_null, /* 63 ulimit */
336 + auf_null, 0 },
337 + { aui_null, AUE_RENAME, aus_null, /* 64 renameat */
338 + auf_null, 0 },
339 + { aui_unlinkat, AUE_NULL, aus_null, /* 65 unlinkat */
340 + auf_null, 0 },
341 + { aui_fstatat, AUE_NULL, aus_null, /* 66 fstatat */
342 + auf_null, S2E_PUB },
343 + { aui_fstatat, AUE_NULL, aus_null, /* 67 fstatat64 */
344 + auf_null, S2E_PUB },
345 + { aui_openat, AUE_OPEN, aus_openat, /* 68 openat */
346 + auf_null, S2E_SP },
347 + { aui_openat, AUE_OPEN, aus_openat, /* 69 openat64 */
348 + auf_null, S2E_SP },
349 + { aui_null, AUE_NULL, aus_null, /* 70 tasksys */
350 + auf_null, 0 },
351 + { aui_null, AUE_NULL, aus_null, /* 71 (loadable) acctctl */
352 + auf_null, 0 },
353 + { aui_null, AUE_NULL, aus_null, /* 72 (loadable) exacct */
354 + auf_null, 0 },
355 + { aui_null, AUE_NULL, aus_null, /* 73 getpagesizes */
356 + auf_null, 0 },
357 + { aui_null, AUE_NULL, aus_null, /* 74 rctlsys */
358 + auf_null, 0 },
359 + { aui_null, AUE_NULL, aus_null, /* 75 sidsys */
360 + auf_null, 0 },
361 + { aui_null, AUE_NULL, aus_null, /* 76 (loadable) was fsat */
362 + auf_null, 0 },
363 + { aui_null, AUE_NULL, aus_null, /* 77 syslwp_park */
364 + auf_null, 0 },
365 + { aui_null, AUE_NULL, aus_null, /* 78 sendfilev */
366 + auf_null, 0 },
367 + { aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */
368 + auf_null, 0 },
369 + { aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */
370 + auf_null, 0 },
371 + { aui_null, AUE_NULL, aus_null, /* 81 getdents */
372 + auf_null, 0 },
373 + { aui_privsys, AUE_NULL, aus_null, /* 82 privsys */
374 + auf_null, 0 },
375 + { aui_null, AUE_NULL, aus_null, /* 83 ucredsys */
376 + auf_null, 0 },
377 + { aui_null, AUE_NULL, aus_null, /* 84 sysfs */
378 + auf_null, 0 },
379 + { aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */
380 + auf_null, 0 },
381 + { aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */
382 + auf_null, 0 },
383 + { aui_null, AUE_NULL, aus_null, /* 87 (loadable) was poll */
384 + auf_null, 0 },
385 + { aui_null, AUE_LSTAT, aus_null, /* 88 lstat */
386 + auf_null, S2E_PUB },
387 + { aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */
388 + auf_null, 0 },
389 + { aui_null, AUE_READLINK, aus_null, /* 90 readlink */
390 + auf_null, S2E_PUB },
391 + { aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */
392 + auf_null, 0 },
393 + { aui_null, AUE_NULL, aus_null, /* 92 getgroups */
394 + auf_null, 0 },
395 + { aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */
396 + auf_null, 0 },
397 + { aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */
398 + auf_null, 0 },
399 + { aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */
400 + auf_null, 0 },
401 + { aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */
402 + auf_null, 0 },
403 + { aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */
404 + auf_null, 0 },
405 + { aui_null, AUE_NULL, aus_null, /* 98 sigaction */
406 + auf_null, 0 },
407 + { aui_null, AUE_NULL, aus_null, /* 99 sigpending */
408 + auf_null, 0 },
409 + { aui_null, AUE_NULL, aus_null, /* 100 setcontext */
410 + auf_null, 0 },
411 + { aui_fchmodat, AUE_NULL, aus_fchmodat, /* 101 fchmodat */
412 + auf_null, 0 },
413 + { aui_null, AUE_MKDIR, aus_mkdirat, /* 102 mkdirat */
414 + auf_null, 0 },
415 + { aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */
416 + auf_null, S2E_PUB },
417 + { aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */
418 + auf_null, 0 },
419 + { aui_null, AUE_NULL, aus_null, /* 105 getloadavg */
420 + auf_null, 0 },
421 + { aui_null, AUE_NULL, aus_null, /* 106 nfssys */
422 + auf_null, 0 },
423 + { aui_null, AUE_NULL, aus_null, /* 107 waitsys */
424 + auf_null, 0 },
425 + { aui_null, AUE_NULL, aus_null, /* 108 sigsendsys */
426 + auf_null, 0 },
426 427 #if defined(__x86)
427 -aui_null, AUE_NULL, aus_null, /* 109 hrtsys */
428 - auf_null, 0,
428 + { aui_null, AUE_NULL, aus_null, /* 109 hrtsys */
429 + auf_null, 0 },
429 430 #else
430 -aui_null, AUE_NULL, aus_null, /* 109 (loadable) */
431 - auf_null, 0,
431 + { aui_null, AUE_NULL, aus_null, /* 109 (loadable) */
432 + auf_null, 0 },
432 433 #endif /* __x86 */
433 -aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */
434 - auf_null, 0,
435 -aui_null, AUE_NULL, aus_null, /* 111 sigresend */
436 - auf_null, 0,
437 -aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */
438 - auf_null, 0,
439 -aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */
440 - auf_null, S2E_PUB,
441 -aui_null, AUE_NULL, aus_null, /* 114 mincore */
442 - auf_null, 0,
443 -aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */
444 - auf_null, 0,
445 -aui_null, AUE_NULL, aus_null, /* 116 mprotect */
446 - auf_null, 0,
447 -aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */
448 - auf_null, 0,
449 -aui_null, AUE_NULL, aus_null, /* 118 fpathconf */
450 - auf_null, 0,
451 -aui_null, AUE_VFORK, aus_null, /* 119 vfork */
452 - auf_null, 0,
453 -aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */
454 - auf_null, 0,
455 -aui_null, AUE_READ, aus_null, /* 121 readv */
456 - auf_read, S2E_PUB,
457 -aui_null, AUE_WRITE, aus_null, /* 122 writev */
458 - auf_write, 0,
459 -aui_null, AUE_NULL, aus_null, /* 123 (loadable) was xstat */
460 - auf_null, 0,
461 -aui_null, AUE_NULL, aus_null, /* 124 (loadable) was lxstat */
462 - auf_null, 0,
463 -aui_null, AUE_NULL, aus_null, /* 125 (loadable) was fxstat */
464 - auf_null, 0,
465 -aui_null, AUE_NULL, aus_null, /* 126 (loadable) was xmknod */
466 - auf_null, 0,
467 -aui_null, AUE_NULL, aus_null, /* 127 mmapobj */
468 - auf_null, 0,
469 -aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */
470 - auf_null, 0,
471 -aui_null, AUE_NULL, aus_null, /* 129 getrlimit */
472 - auf_null, 0,
473 -aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */
474 - auf_null, 0,
475 -aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */
476 - auf_null, 0,
477 -aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */
478 - auf_null, 0,
479 -aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */
480 - auf_null, 0,
481 -aui_null, AUE_RENAME, aus_null, /* 134 rename */
482 - auf_null, 0,
483 -aui_null, AUE_NULL, aus_null, /* 135 uname */
484 - auf_null, 0,
485 -aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */
486 - auf_null, 0,
487 -aui_null, AUE_NULL, aus_null, /* 137 sysconfig */
488 - auf_null, 0,
489 -aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */
490 - auf_null, 0,
491 -aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */
492 - auf_null, 0,
493 -aui_null, AUE_NULL, aus_null, /* 140 (loadable) sharefs */
494 - auf_null, 0,
495 -aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */
496 - auf_null, 0,
497 -aui_forksys, AUE_NULL, aus_null, /* 142 forksys */
498 - auf_null, 0,
499 -aui_null, AUE_NULL, aus_null, /* 143 (loadable) was fork1 */
500 - auf_null, 0,
501 -aui_null, AUE_NULL, aus_null, /* 144 sigwait */
502 - auf_null, 0,
503 -aui_null, AUE_NULL, aus_null, /* 145 lwp_info */
504 - auf_null, 0,
505 -aui_null, AUE_NULL, aus_null, /* 146 yield */
506 - auf_null, 0,
507 -aui_null, AUE_NULL, aus_null, /* 147 (loadable) */
434 + { aui_null, AUE_UTIMES, aus_null, /* 110 utimesys */
435 + auf_null, 0 },
436 + { aui_null, AUE_NULL, aus_null, /* 111 sigresend */
437 + auf_null, 0 },
438 + { aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, /* 112 priocntlsys */
439 + auf_null, 0 },
440 + { aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */
441 + auf_null, S2E_PUB },
442 + { aui_null, AUE_NULL, aus_null, /* 114 mincore */
443 + auf_null, 0 },
444 + { aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */
445 + auf_null, 0 },
446 + { aui_null, AUE_NULL, aus_null, /* 116 mprotect */
447 + auf_null, 0 },
448 + { aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */
449 + auf_null, 0 },
450 + { aui_null, AUE_NULL, aus_null, /* 118 fpathconf */
451 + auf_null, 0 },
452 + { aui_null, AUE_VFORK, aus_null, /* 119 vfork */
453 + auf_null, 0 },
454 + { aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */
455 + auf_null, 0 },
456 + { aui_null, AUE_READ, aus_null, /* 121 readv */
457 + auf_read, S2E_PUB },
458 + { aui_null, AUE_WRITE, aus_null, /* 122 writev */
459 + auf_write, 0 },
460 + { aui_null, AUE_NULL, aus_null, /* 123 (loadable) was xstat */
461 + auf_null, 0 },
462 + { aui_null, AUE_NULL, aus_null, /* 124 (loadable) was lxstat */
463 + auf_null, 0 },
464 + { aui_null, AUE_NULL, aus_null, /* 125 (loadable) was fxstat */
465 + auf_null, 0 },
466 + { aui_null, AUE_NULL, aus_null, /* 126 (loadable) was xmknod */
467 + auf_null, 0 },
468 + { aui_null, AUE_NULL, aus_null, /* 127 mmapobj */
469 + auf_null, 0 },
470 + { aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */
471 + auf_null, 0 },
472 + { aui_null, AUE_NULL, aus_null, /* 129 getrlimit */
473 + auf_null, 0 },
474 + { aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */
475 + auf_null, 0 },
476 + { aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */
477 + auf_null, 0 },
478 + { aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */
479 + auf_null, 0 },
480 + { aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */
481 + auf_null, 0 },
482 + { aui_null, AUE_RENAME, aus_null, /* 134 rename */
483 + auf_null, 0 },
484 + { aui_null, AUE_NULL, aus_null, /* 135 uname */
485 + auf_null, 0 },
486 + { aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */
487 + auf_null, 0 },
488 + { aui_null, AUE_NULL, aus_null, /* 137 sysconfig */
489 + auf_null, 0 },
490 + { aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */
491 + auf_null, 0 },
492 + { aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */
493 + auf_null, 0 },
494 + { aui_null, AUE_NULL, aus_null, /* 140 (loadable) sharefs */
495 + auf_null, 0 },
496 + { aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */
497 + auf_null, 0 },
498 + { aui_forksys, AUE_NULL, aus_null, /* 142 forksys */
499 + auf_null, 0 },
500 + { aui_null, AUE_NULL, aus_null, /* 143 (loadable) was fork1 */
501 + auf_null, 0 },
502 + { aui_null, AUE_NULL, aus_null, /* 144 sigwait */
503 + auf_null, 0 },
504 + { aui_null, AUE_NULL, aus_null, /* 145 lwp_info */
505 + auf_null, 0 },
506 + { aui_null, AUE_NULL, aus_null, /* 146 yield */
507 + auf_null, 0 },
508 + { aui_null, AUE_NULL, aus_null, /* 147 (loadable) */
508 509 /* was lwp_sema_wait */
509 - auf_null, 0,
510 -aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */
511 - auf_null, 0,
512 -aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */
513 - auf_null, 0,
514 -aui_null, AUE_NULL, aus_null, /* 150 lwp_detach */
515 - auf_null, 0,
516 -aui_null, AUE_NULL, aus_null, /* 151 corectl */
517 - auf_null, 0,
518 -aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */
519 - auf_null, 0,
520 -aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */
521 - auf_null, 0,
522 -aui_null, AUE_NULL, aus_null, /* 154 (loadable) was utimes */
523 - auf_null, 0,
524 -aui_null, AUE_NULL, aus_null, /* 155 vhangup */
525 - auf_null, 0,
526 -aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */
527 - auf_null, 0,
528 -aui_null, AUE_NULL, aus_null, /* 157 getitimer */
529 - auf_null, 0,
530 -aui_null, AUE_NULL, aus_null, /* 158 setitimer */
531 - auf_null, 0,
532 -aui_null, AUE_NULL, aus_null, /* 159 lwp_create */
533 - auf_null, 0,
534 -aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */
535 - auf_null, 0,
536 -aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */
537 - auf_null, 0,
538 -aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */
539 - auf_null, 0,
540 -aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */
541 - auf_null, 0,
542 -aui_null, AUE_NULL, aus_null, /* 164 lwp_self */
543 - auf_null, 0,
544 -aui_null, AUE_NULL, aus_null, /* 165 lwp_sigmask */
545 - auf_null, 0,
546 -aui_null, AUE_NULL, aus_null, /* 166 lwp_private */
547 - auf_null, 0,
548 -aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */
549 - auf_null, 0,
550 -aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */
551 - auf_null, 0,
552 -aui_null, AUE_NULL, aus_null, /* 169 (loadable) */
510 + auf_null, 0 },
511 + { aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */
512 + auf_null, 0 },
513 + { aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */
514 + auf_null, 0 },
515 + { aui_null, AUE_NULL, aus_null, /* 150 lwp_detach */
516 + auf_null, 0 },
517 + { aui_null, AUE_NULL, aus_null, /* 151 corectl */
518 + auf_null, 0 },
519 + { aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */
520 + auf_null, 0 },
521 + { aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */
522 + auf_null, 0 },
523 + { aui_null, AUE_NULL, aus_null, /* 154 (loadable) was utimes */
524 + auf_null, 0 },
525 + { aui_null, AUE_NULL, aus_null, /* 155 vhangup */
526 + auf_null, 0 },
527 + { aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */
528 + auf_null, 0 },
529 + { aui_null, AUE_NULL, aus_null, /* 157 getitimer */
530 + auf_null, 0 },
531 + { aui_null, AUE_NULL, aus_null, /* 158 setitimer */
532 + auf_null, 0 },
533 + { aui_null, AUE_NULL, aus_null, /* 159 lwp_create */
534 + auf_null, 0 },
535 + { aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */
536 + auf_null, 0 },
537 + { aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */
538 + auf_null, 0 },
539 + { aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */
540 + auf_null, 0 },
541 + { aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */
542 + auf_null, 0 },
543 + { aui_null, AUE_NULL, aus_null, /* 164 lwp_self */
544 + auf_null, 0 },
545 + { aui_null, AUE_NULL, aus_null, /* 165 lwp_sigmask */
546 + auf_null, 0 },
547 + { aui_null, AUE_NULL, aus_null, /* 166 lwp_private */
548 + auf_null, 0 },
549 + { aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */
550 + auf_null, 0 },
551 + { aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */
552 + auf_null, 0 },
553 + { aui_null, AUE_NULL, aus_null, /* 169 (loadable) */
553 554 /* was lwp_mutex_lock */
554 - auf_null, 0,
555 -aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */
556 - auf_null, 0,
557 -aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */
558 - auf_null, 0,
559 -aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */
560 - auf_null, 0,
561 -aui_null, AUE_READ, aus_null, /* 173 pread */
562 - auf_read, S2E_PUB,
563 -aui_null, AUE_WRITE, aus_null, /* 174 pwrite */
564 - auf_write, 0,
565 -aui_null, AUE_NULL, aus_null, /* 175 llseek */
566 - auf_null, 0,
567 -aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) inst_sync */
568 - auf_null, 0,
569 -aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */
570 - auf_null, 0,
571 -aui_null, AUE_NULL, aus_null, /* 178 (loadable) kaio */
572 - auf_null, 0,
573 -aui_null, AUE_NULL, aus_null, /* 179 (loadable) cpc */
574 - auf_null, 0,
575 -aui_null, AUE_NULL, aus_null, /* 180 lgrpsys */
576 - auf_null, 0,
577 -aui_null, AUE_NULL, aus_null, /* 181 rusagesys */
578 - auf_null, 0,
579 -aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */
580 - auf_null, S2E_MLD,
581 -aui_null, AUE_NULL, aus_null, /* 183 pollsys */
582 - auf_null, 0,
583 -aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */
584 - auf_null, 0,
585 -aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */
586 - auf_null, 0,
587 -aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */
588 - auf_null, 0,
589 -aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, /* 187 processor_bind */
590 - auf_null, 0,
591 -aui_null, AUE_NULL, aus_null, /* 188 processor_info */
592 - auf_null, 0,
593 -aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */
594 - auf_null, 0,
595 -aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */
596 - auf_null, 0,
597 -aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */
598 - auf_null, 0,
599 -aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */
600 - auf_null, 0,
601 -aui_null, AUE_NULL, aus_null, /* 193 clock_getres */
602 - auf_null, 0,
603 -aui_null, AUE_NULL, aus_null, /* 194 timer_create */
604 - auf_null, 0,
605 -aui_null, AUE_NULL, aus_null, /* 195 timer_delete */
606 - auf_null, 0,
607 -aui_null, AUE_NULL, aus_null, /* 196 timer_settime */
608 - auf_null, 0,
609 -aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */
610 - auf_null, 0,
611 -aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */
612 - auf_null, 0,
613 -aui_null, AUE_NULL, aus_null, /* 199 nanosleep */
614 - auf_null, 0,
615 -aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */
616 - auf_null, 0,
617 -aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */
618 - auf_null, 0,
619 -aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */
620 - auf_null, 0,
621 -aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */
622 - auf_null, 0,
623 -aui_null, AUE_NULL, aus_null, /* 204 install_utrap */
624 - auf_null, 0,
625 -aui_null, AUE_NULL, aus_null, /* 205 signotify */
626 - auf_null, 0,
627 -aui_null, AUE_NULL, aus_null, /* 206 schedctl */
628 - auf_null, 0,
629 -aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */
630 - auf_null, 0,
631 -aui_null, AUE_NULL, aus_null, /* 208 sparc_utrap_install */
632 - auf_null, 0,
633 -aui_null, AUE_NULL, aus_null, /* 209 resolvepath */
634 - auf_null, 0,
635 -aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */
636 - auf_null, 0,
637 -aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */
638 - auf_null, 0,
639 -aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */
640 - auf_null, 0,
641 -aui_null, AUE_NULL, aus_null, /* 213 getdents64 */
642 - auf_null, 0,
643 -aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */
644 - auf_null, 0,
645 -aui_null, AUE_STAT, aus_null, /* 215 stat64 */
646 - auf_null, S2E_PUB,
647 -aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */
648 - auf_null, S2E_PUB,
649 -aui_null, AUE_NULL, aus_null, /* 217 fstat64 */
650 - auf_null, 0,
651 -aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */
652 - auf_null, S2E_PUB,
653 -aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */
654 - auf_null, 0,
655 -aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */
656 - auf_null, 0,
657 -aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */
658 - auf_null, 0,
659 -aui_null, AUE_READ, aus_null, /* 222 pread64 */
660 - auf_read, S2E_PUB,
661 -aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */
662 - auf_write, 0,
663 -aui_null, AUE_NULL, aus_null, /* 224 (loadable) was creat64 */
664 - auf_null, 0,
665 -aui_open, AUE_OPEN, aus_open, /* 225 open64 */
666 - auf_null, S2E_SP,
667 -aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */
668 - auf_null, 0,
669 -aui_null, AUE_NULL, aus_null, /* 227 zone */
670 - auf_null, 0,
671 -aui_null, AUE_NULL, aus_null, /* 228 (loadable) autofssys */
672 - auf_null, 0,
673 -aui_null, AUE_NULL, aus_null, /* 229 getcwd */
674 - auf_null, 0,
675 -aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */
676 - auf_null, 0,
677 -aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */
678 - auf_null, 0,
679 -aui_null, AUE_BIND, aus_null, /* 232 bind */
680 - auf_bind, 0,
681 -aui_null, AUE_NULL, aus_null, /* 233 listen */
682 - auf_null, 0,
683 -aui_null, AUE_ACCEPT, aus_null, /* 234 accept */
684 - auf_accept, 0,
685 -aui_null, AUE_CONNECT, aus_null, /* 235 connect */
686 - auf_connect, 0,
687 -aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */
688 - auf_null, 0,
689 -aui_null, AUE_READ, aus_null, /* 237 recv */
690 - auf_recv, 0,
691 -aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */
692 - auf_recvfrom, 0,
693 -aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */
694 - auf_recvmsg, 0,
695 -aui_null, AUE_WRITE, aus_null, /* 240 send */
696 - auf_send, 0,
697 -aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */
698 - auf_sendmsg, 0,
699 -aui_null, AUE_SENDTO, aus_null, /* 242 sendto */
700 - auf_sendto, 0,
701 -aui_null, AUE_NULL, aus_null, /* 243 getpeername */
702 - auf_null, 0,
703 -aui_null, AUE_NULL, aus_null, /* 244 getsockname */
704 - auf_null, 0,
705 -aui_null, AUE_NULL, aus_null, /* 245 getsockopt */
706 - auf_null, 0,
707 -aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */
708 - auf_setsockopt, 0,
709 -aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */
710 - auf_null, 0,
711 -aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */
712 - auf_null, 0,
713 -aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */
714 - auf_null, 0,
715 -aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */
716 - auf_null, 0,
717 -aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */
718 - auf_null, 0,
719 -aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */
720 - auf_null, 0,
721 -aui_null, AUE_NULL, aus_null, /* 253 cladm */
722 - auf_null, 0,
723 -aui_null, AUE_NULL, aus_null, /* 254 uucopy */
724 - auf_null, 0,
725 -aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */
726 - auf_null, 0
555 + auf_null, 0 },
556 + { aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */
557 + auf_null, 0 },
558 + { aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */
559 + auf_null, 0 },
560 + { aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */
561 + auf_null, 0 },
562 + { aui_null, AUE_READ, aus_null, /* 173 pread */
563 + auf_read, S2E_PUB },
564 + { aui_null, AUE_WRITE, aus_null, /* 174 pwrite */
565 + auf_write, 0 },
566 + { aui_null, AUE_NULL, aus_null, /* 175 llseek */
567 + auf_null, 0 },
568 + { aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) inst_sync */
569 + auf_null, 0 },
570 + { aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */
571 + auf_null, 0 },
572 + { aui_null, AUE_NULL, aus_null, /* 178 (loadable) kaio */
573 + auf_null, 0 },
574 + { aui_null, AUE_NULL, aus_null, /* 179 (loadable) cpc */
575 + auf_null, 0 },
576 + { aui_null, AUE_NULL, aus_null, /* 180 lgrpsys */
577 + auf_null, 0 },
578 + { aui_null, AUE_NULL, aus_null, /* 181 rusagesys */
579 + auf_null, 0 },
580 + { aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */
581 + auf_null, S2E_MLD },
582 + { aui_null, AUE_NULL, aus_null, /* 183 pollsys */
583 + auf_null, 0 },
584 + { aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */
585 + auf_null, 0 },
586 + { aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */
587 + auf_null, 0 },
588 + { aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */
589 + auf_null, 0 },
590 + { aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, /* 187 processor_bind */
591 + auf_null, 0 },
592 + { aui_null, AUE_NULL, aus_null, /* 188 processor_info */
593 + auf_null, 0 },
594 + { aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */
595 + auf_null, 0 },
596 + { aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */
597 + auf_null, 0 },
598 + { aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */
599 + auf_null, 0 },
600 + { aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */
601 + auf_null, 0 },
602 + { aui_null, AUE_NULL, aus_null, /* 193 clock_getres */
603 + auf_null, 0 },
604 + { aui_null, AUE_NULL, aus_null, /* 194 timer_create */
605 + auf_null, 0 },
606 + { aui_null, AUE_NULL, aus_null, /* 195 timer_delete */
607 + auf_null, 0 },
608 + { aui_null, AUE_NULL, aus_null, /* 196 timer_settime */
609 + auf_null, 0 },
610 + { aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */
611 + auf_null, 0 },
612 + { aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */
613 + auf_null, 0 },
614 + { aui_null, AUE_NULL, aus_null, /* 199 nanosleep */
615 + auf_null, 0 },
616 + { aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */
617 + auf_null, 0 },
618 + { aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */
619 + auf_null, 0 },
620 + { aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */
621 + auf_null, 0 },
622 + { aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */
623 + auf_null, 0 },
624 + { aui_null, AUE_NULL, aus_null, /* 204 install_utrap */
625 + auf_null, 0 },
626 + { aui_null, AUE_NULL, aus_null, /* 205 signotify */
627 + auf_null, 0 },
628 + { aui_null, AUE_NULL, aus_null, /* 206 schedctl */
629 + auf_null, 0 },
630 + { aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */
631 + auf_null, 0 },
632 + { aui_null, AUE_NULL, aus_null, /* 208 sparc_utrap_install */
633 + auf_null, 0 },
634 + { aui_null, AUE_NULL, aus_null, /* 209 resolvepath */
635 + auf_null, 0 },
636 + { aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */
637 + auf_null, 0 },
638 + { aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */
639 + auf_null, 0 },
640 + { aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */
641 + auf_null, 0 },
642 + { aui_null, AUE_NULL, aus_null, /* 213 getdents64 */
643 + auf_null, 0 },
644 + { aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */
645 + auf_null, 0 },
646 + { aui_null, AUE_STAT, aus_null, /* 215 stat64 */
647 + auf_null, S2E_PUB },
648 + { aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */
649 + auf_null, S2E_PUB },
650 + { aui_null, AUE_NULL, aus_null, /* 217 fstat64 */
651 + auf_null, 0 },
652 + { aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */
653 + auf_null, S2E_PUB },
654 + { aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */
655 + auf_null, 0 },
656 + { aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */
657 + auf_null, 0 },
658 + { aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */
659 + auf_null, 0 },
660 + { aui_null, AUE_READ, aus_null, /* 222 pread64 */
661 + auf_read, S2E_PUB },
662 + { aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */
663 + auf_write, 0 },
664 + { aui_null, AUE_NULL, aus_null, /* 224 (loadable) was creat64 */
665 + auf_null, 0 },
666 + { aui_open, AUE_OPEN, aus_open, /* 225 open64 */
667 + auf_null, S2E_SP },
668 + { aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */
669 + auf_null, 0 },
670 + { aui_null, AUE_NULL, aus_null, /* 227 zone */
671 + auf_null, 0 },
672 + { aui_null, AUE_NULL, aus_null, /* 228 (loadable) autofssys */
673 + auf_null, 0 },
674 + { aui_null, AUE_NULL, aus_null, /* 229 getcwd */
675 + auf_null, 0 },
676 + { aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */
677 + auf_null, 0 },
678 + { aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */
679 + auf_null, 0 },
680 + { aui_null, AUE_BIND, aus_null, /* 232 bind */
681 + auf_bind, 0 },
682 + { aui_null, AUE_NULL, aus_null, /* 233 listen */
683 + auf_null, 0 },
684 + { aui_null, AUE_ACCEPT, aus_null, /* 234 accept */
685 + auf_accept, 0 },
686 + { aui_null, AUE_CONNECT, aus_null, /* 235 connect */
687 + auf_connect, 0 },
688 + { aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */
689 + auf_null, 0 },
690 + { aui_null, AUE_READ, aus_null, /* 237 recv */
691 + auf_recv, 0 },
692 + { aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */
693 + auf_recvfrom, 0 },
694 + { aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */
695 + auf_recvmsg, 0 },
696 + { aui_null, AUE_WRITE, aus_null, /* 240 send */
697 + auf_send, 0 },
698 + { aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */
699 + auf_sendmsg, 0 },
700 + { aui_null, AUE_SENDTO, aus_null, /* 242 sendto */
701 + auf_sendto, 0 },
702 + { aui_null, AUE_NULL, aus_null, /* 243 getpeername */
703 + auf_null, 0 },
704 + { aui_null, AUE_NULL, aus_null, /* 244 getsockname */
705 + auf_null, 0 },
706 + { aui_null, AUE_NULL, aus_null, /* 245 getsockopt */
707 + auf_null, 0 },
708 + { aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */
709 + auf_setsockopt, 0 },
710 + { aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */
711 + auf_null, 0 },
712 + { aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */
713 + auf_null, 0 },
714 + { aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */
715 + auf_null, 0 },
716 + { aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */
717 + auf_null, 0 },
718 + { aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */
719 + auf_null, 0 },
720 + { aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */
721 + auf_null, 0 },
722 + { aui_null, AUE_NULL, aus_null, /* 253 cladm */
723 + auf_null, 0 },
724 + { aui_null, AUE_NULL, aus_null, /* 254 uucopy */
725 + auf_null, 0 },
726 + { aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */
727 + auf_null, 0 } /* END CSTYLED */
727 728 };
728 729
729 730 uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e);
730 731
731 732
732 733 /* exit start function */
733 734 /*ARGSUSED*/
734 735 static void
735 736 aus_exit(struct t_audit_data *tad)
736 737 {
737 738 uint32_t rval;
738 739 struct a {
739 740 long rval;
740 741 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
741 742
742 743 rval = (uint32_t)uap->rval;
743 744 au_uwrite(au_to_arg32(1, "exit status", rval));
744 745 }
745 746
746 747 /* acct start function */
747 748 /*ARGSUSED*/
748 749 static void
749 750 aus_acct(struct t_audit_data *tad)
750 751 {
751 752 klwp_t *clwp = ttolwp(curthread);
752 753 uintptr_t fname;
753 754
754 755 struct a {
755 756 long fname; /* char * */
756 757 } *uap = (struct a *)clwp->lwp_ap;
757 758
758 759 fname = (uintptr_t)uap->fname;
759 760
760 761 if (fname == 0)
761 762 au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0));
762 763 }
763 764
764 765 /* chown start function */
765 766 /*ARGSUSED*/
766 767 static void
767 768 aus_chown(struct t_audit_data *tad)
768 769 {
769 770 klwp_t *clwp = ttolwp(curthread);
770 771 uint32_t uid, gid;
771 772
772 773 struct a {
773 774 long fname; /* char * */
774 775 long uid;
775 776 long gid;
776 777 } *uap = (struct a *)clwp->lwp_ap;
777 778
778 779 uid = (uint32_t)uap->uid;
779 780 gid = (uint32_t)uap->gid;
780 781
781 782 au_uwrite(au_to_arg32(2, "new file uid", uid));
782 783 au_uwrite(au_to_arg32(3, "new file gid", gid));
783 784 }
784 785
785 786 /* fchown start function */
786 787 /*ARGSUSED*/
787 788 static void
788 789 aus_fchown(struct t_audit_data *tad)
789 790 {
790 791 klwp_t *clwp = ttolwp(curthread);
791 792 uint32_t uid, gid, fd;
792 793 struct file *fp;
793 794 struct vnode *vp;
794 795 struct f_audit_data *fad;
795 796
796 797 struct a {
797 798 long fd;
798 799 long uid;
799 800 long gid;
800 801 } *uap = (struct a *)clwp->lwp_ap;
801 802
802 803 fd = (uint32_t)uap->fd;
803 804 uid = (uint32_t)uap->uid;
804 805 gid = (uint32_t)uap->gid;
805 806
806 807 au_uwrite(au_to_arg32(2, "new file uid", uid));
807 808 au_uwrite(au_to_arg32(3, "new file gid", gid));
808 809
809 810 /*
810 811 * convert file pointer to file descriptor
811 812 * Note: fd ref count incremented here.
812 813 */
813 814 if ((fp = getf(fd)) == NULL)
814 815 return;
815 816
816 817 /* get path from file struct here */
817 818 fad = F2A(fp);
818 819 if (fad->fad_aupath != NULL) {
819 820 au_uwrite(au_to_path(fad->fad_aupath));
820 821 } else {
821 822 au_uwrite(au_to_arg32(1, "no path: fd", fd));
822 823 }
823 824
824 825 vp = fp->f_vnode;
825 826 audit_attributes(vp);
826 827
827 828 /* decrement file descriptor reference count */
828 829 releasef(fd);
829 830 }
830 831
831 832 /*ARGSUSED*/
832 833 static void
833 834 aus_lchown(struct t_audit_data *tad)
834 835 {
835 836 klwp_t *clwp = ttolwp(curthread);
836 837 uint32_t uid, gid;
837 838
838 839
839 840 struct a {
840 841 long fname; /* char * */
841 842 long uid;
842 843 long gid;
843 844 } *uap = (struct a *)clwp->lwp_ap;
844 845
845 846 uid = (uint32_t)uap->uid;
846 847 gid = (uint32_t)uap->gid;
847 848
848 849 au_uwrite(au_to_arg32(2, "new file uid", uid));
849 850 au_uwrite(au_to_arg32(3, "new file gid", gid));
850 851 }
851 852
852 853 static au_event_t
853 854 aui_fchownat(au_event_t e)
854 855 {
855 856 klwp_t *clwp = ttolwp(curthread);
856 857
857 858 struct a {
858 859 long fd;
859 860 long fname; /* char * */
860 861 long uid;
861 862 long gid;
862 863 long flags;
863 864 } *uap = (struct a *)clwp->lwp_ap;
864 865
865 866 if (uap->fname == NULL)
866 867 e = AUE_FCHOWN;
867 868 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
868 869 e = AUE_LCHOWN;
869 870 else
870 871 e = AUE_CHOWN;
871 872
872 873 return (e);
873 874 }
874 875
875 876 /*ARGSUSED*/
876 877 static void
877 878 aus_fchownat(struct t_audit_data *tad)
878 879 {
879 880 klwp_t *clwp = ttolwp(curthread);
880 881 uint32_t uid, gid;
881 882
882 883 struct a {
883 884 long fd;
884 885 long fname; /* char * */
885 886 long uid;
886 887 long gid;
887 888 long flags;
888 889 } *uap = (struct a *)clwp->lwp_ap;
889 890
890 891 uid = (uint32_t)uap->uid;
891 892 gid = (uint32_t)uap->gid;
892 893
893 894 au_uwrite(au_to_arg32(3, "new file uid", uid));
894 895 au_uwrite(au_to_arg32(4, "new file gid", gid));
895 896 }
896 897
897 898 /*ARGSUSED*/
898 899 static void
899 900 aus_chmod(struct t_audit_data *tad)
900 901 {
901 902 klwp_t *clwp = ttolwp(curthread);
902 903 uint32_t fmode;
903 904
904 905 struct a {
905 906 long fname; /* char * */
906 907 long fmode;
907 908 } *uap = (struct a *)clwp->lwp_ap;
908 909
909 910 fmode = (uint32_t)uap->fmode;
910 911
911 912 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
912 913 }
913 914
914 915 /*ARGSUSED*/
915 916 static void
916 917 aus_fchmod(struct t_audit_data *tad)
917 918 {
918 919 klwp_t *clwp = ttolwp(curthread);
919 920 uint32_t fmode, fd;
920 921 struct file *fp;
921 922 struct vnode *vp;
922 923 struct f_audit_data *fad;
923 924
924 925 struct a {
925 926 long fd;
926 927 long fmode;
927 928 } *uap = (struct a *)clwp->lwp_ap;
928 929
929 930 fd = (uint32_t)uap->fd;
930 931 fmode = (uint32_t)uap->fmode;
931 932
932 933 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
933 934
934 935 /*
935 936 * convert file pointer to file descriptor
936 937 * Note: fd ref count incremented here.
937 938 */
938 939 if ((fp = getf(fd)) == NULL)
939 940 return;
940 941
941 942 /* get path from file struct here */
942 943 fad = F2A(fp);
943 944 if (fad->fad_aupath != NULL) {
944 945 au_uwrite(au_to_path(fad->fad_aupath));
945 946 } else {
946 947 au_uwrite(au_to_arg32(1, "no path: fd", fd));
947 948 }
948 949
949 950 vp = fp->f_vnode;
950 951 audit_attributes(vp);
951 952
952 953 /* decrement file descriptor reference count */
953 954 releasef(fd);
954 955 }
955 956
956 957 static au_event_t
957 958 aui_fchmodat(au_event_t e)
958 959 {
959 960 klwp_t *clwp = ttolwp(curthread);
960 961
961 962 struct a {
962 963 long fd;
963 964 long fname; /* char * */
964 965 long fmode;
965 966 long flag;
966 967 } *uap = (struct a *)clwp->lwp_ap;
967 968
968 969 if (uap->fname == NULL)
969 970 e = AUE_FCHMOD;
970 971 else
971 972 e = AUE_CHMOD;
972 973
973 974 return (e);
974 975 }
975 976
976 977 /*ARGSUSED*/
977 978 static void
978 979 aus_fchmodat(struct t_audit_data *tad)
979 980 {
980 981 klwp_t *clwp = ttolwp(curthread);
981 982 uint32_t fmode;
982 983 uint32_t fd;
983 984 struct file *fp;
984 985 struct vnode *vp;
985 986 struct f_audit_data *fad;
986 987
987 988 struct a {
988 989 long fd;
989 990 long fname; /* char * */
990 991 long fmode;
991 992 long flag;
992 993 } *uap = (struct a *)clwp->lwp_ap;
993 994
994 995 fd = (uint32_t)uap->fd;
995 996 fmode = (uint32_t)uap->fmode;
996 997
997 998 au_uwrite(au_to_arg32(2, "new file mode", fmode&07777));
998 999
999 1000 if (fd == AT_FDCWD || uap->fname != NULL) /* same as chmod() */
1000 1001 return;
1001 1002
1002 1003 /*
1003 1004 * convert file pointer to file descriptor
1004 1005 * Note: fd ref count incremented here.
1005 1006 */
1006 1007 if ((fp = getf(fd)) == NULL)
1007 1008 return;
1008 1009
1009 1010 /* get path from file struct here */
1010 1011 fad = F2A(fp);
1011 1012 if (fad->fad_aupath != NULL) {
1012 1013 au_uwrite(au_to_path(fad->fad_aupath));
1013 1014 } else {
1014 1015 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1015 1016 }
1016 1017
1017 1018 vp = fp->f_vnode;
1018 1019 audit_attributes(vp);
1019 1020
1020 1021 /* decrement file descriptor reference count */
1021 1022 releasef(fd);
1022 1023 }
1023 1024
1024 1025 /*
1025 1026 * convert open mode to appropriate open event
1026 1027 */
1027 1028 au_event_t
1028 1029 open_event(uint_t fm)
1029 1030 {
1030 1031 au_event_t e;
1031 1032
1032 1033 switch (fm & (O_ACCMODE | O_CREAT | O_TRUNC)) {
1033 1034 case O_RDONLY:
1034 1035 e = AUE_OPEN_R;
1035 1036 break;
1036 1037 case O_RDONLY | O_CREAT:
1037 1038 e = AUE_OPEN_RC;
1038 1039 break;
1039 1040 case O_RDONLY | O_TRUNC:
1040 1041 e = AUE_OPEN_RT;
1041 1042 break;
1042 1043 case O_RDONLY | O_TRUNC | O_CREAT:
1043 1044 e = AUE_OPEN_RTC;
1044 1045 break;
1045 1046 case O_WRONLY:
1046 1047 e = AUE_OPEN_W;
1047 1048 break;
1048 1049 case O_WRONLY | O_CREAT:
1049 1050 e = AUE_OPEN_WC;
1050 1051 break;
1051 1052 case O_WRONLY | O_TRUNC:
1052 1053 e = AUE_OPEN_WT;
1053 1054 break;
1054 1055 case O_WRONLY | O_TRUNC | O_CREAT:
1055 1056 e = AUE_OPEN_WTC;
1056 1057 break;
1057 1058 case O_RDWR:
1058 1059 e = AUE_OPEN_RW;
1059 1060 break;
1060 1061 case O_RDWR | O_CREAT:
1061 1062 e = AUE_OPEN_RWC;
1062 1063 break;
1063 1064 case O_RDWR | O_TRUNC:
1064 1065 e = AUE_OPEN_RWT;
1065 1066 break;
1066 1067 case O_RDWR | O_TRUNC | O_CREAT:
1067 1068 e = AUE_OPEN_RWTC;
1068 1069 break;
1069 1070 case O_SEARCH:
1070 1071 e = AUE_OPEN_S;
1071 1072 break;
1072 1073 case O_EXEC:
1073 1074 e = AUE_OPEN_E;
1074 1075 break;
1075 1076 default:
1076 1077 e = AUE_NULL;
1077 1078 break;
1078 1079 }
1079 1080
1080 1081 return (e);
1081 1082 }
1082 1083
1083 1084 /* ARGSUSED */
1084 1085 static au_event_t
1085 1086 aui_open(au_event_t e)
1086 1087 {
1087 1088 klwp_t *clwp = ttolwp(curthread);
1088 1089 uint_t fm;
1089 1090
1090 1091 struct a {
1091 1092 long fnamep; /* char * */
1092 1093 long fmode;
1093 1094 long cmode;
1094 1095 } *uap = (struct a *)clwp->lwp_ap;
1095 1096
1096 1097 fm = (uint_t)uap->fmode;
1097 1098
1098 1099 return (open_event(fm));
1099 1100 }
1100 1101
1101 1102 static void
1102 1103 aus_open(struct t_audit_data *tad)
1103 1104 {
1104 1105 klwp_t *clwp = ttolwp(curthread);
1105 1106 uint_t fm;
1106 1107
1107 1108 struct a {
1108 1109 long fnamep; /* char * */
1109 1110 long fmode;
1110 1111 long cmode;
1111 1112 } *uap = (struct a *)clwp->lwp_ap;
1112 1113
1113 1114 fm = (uint_t)uap->fmode;
1114 1115
1115 1116 /* If no write, create, or trunc modes, mark as a public op */
1116 1117 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1117 1118 tad->tad_ctrl |= TAD_PUBLIC_EV;
1118 1119 }
1119 1120
1120 1121 /* ARGSUSED */
1121 1122 static au_event_t
1122 1123 aui_openat(au_event_t e)
1123 1124 {
1124 1125 t_audit_data_t *tad = T2A(curthread);
1125 1126 klwp_t *clwp = ttolwp(curthread);
1126 1127 uint_t fm;
1127 1128
1128 1129 struct a {
1129 1130 long filedes;
1130 1131 long fnamep; /* char * */
1131 1132 long fmode;
1132 1133 long cmode;
1133 1134 } *uap = (struct a *)clwp->lwp_ap;
1134 1135
1135 1136 fm = (uint_t)uap->fmode;
1136 1137
1137 1138 /*
1138 1139 * __openattrdirat() does an extra pathname lookup in order to
1139 1140 * enter the extended system attribute namespace of the referenced
1140 1141 * extended attribute filename.
1141 1142 */
1142 1143 if (fm & FXATTRDIROPEN)
1143 1144 tad->tad_ctrl |= TAD_MLD;
1144 1145
1145 1146 return (open_event(fm));
1146 1147 }
1147 1148
1148 1149 static void
1149 1150 aus_openat(struct t_audit_data *tad)
1150 1151 {
1151 1152 klwp_t *clwp = ttolwp(curthread);
1152 1153 uint_t fm;
1153 1154
1154 1155 struct a {
1155 1156 long filedes;
1156 1157 long fnamep; /* char * */
1157 1158 long fmode;
1158 1159 long cmode;
1159 1160 } *uap = (struct a *)clwp->lwp_ap;
1160 1161
1161 1162 fm = (uint_t)uap->fmode;
1162 1163
1163 1164 /* If no write, create, or trunc modes, mark as a public op */
1164 1165 if ((fm & (O_RDONLY|O_WRONLY|O_RDWR|O_CREAT|O_TRUNC)) == O_RDONLY)
1165 1166 tad->tad_ctrl |= TAD_PUBLIC_EV;
1166 1167 }
1167 1168
1168 1169 static au_event_t
1169 1170 aui_unlinkat(au_event_t e)
1170 1171 {
1171 1172 klwp_t *clwp = ttolwp(curthread);
1172 1173
1173 1174 struct a {
1174 1175 long filedes;
1175 1176 long fnamep; /* char * */
1176 1177 long flags;
1177 1178 } *uap = (struct a *)clwp->lwp_ap;
1178 1179
1179 1180 if (uap->flags & AT_REMOVEDIR)
1180 1181 e = AUE_RMDIR;
1181 1182 else
1182 1183 e = AUE_UNLINK;
1183 1184
1184 1185 return (e);
1185 1186 }
1186 1187
1187 1188 static au_event_t
1188 1189 aui_fstatat(au_event_t e)
1189 1190 {
1190 1191 klwp_t *clwp = ttolwp(curthread);
1191 1192
1192 1193 struct a {
1193 1194 long filedes;
1194 1195 long fnamep; /* char * */
1195 1196 long statb;
1196 1197 long flags;
1197 1198 } *uap = (struct a *)clwp->lwp_ap;
1198 1199
1199 1200 if (uap->fnamep == NULL)
1200 1201 e = AUE_FSTAT;
1201 1202 else if (uap->flags & AT_SYMLINK_NOFOLLOW)
1202 1203 e = AUE_LSTAT;
1203 1204 else
1204 1205 e = AUE_STAT;
1205 1206
1206 1207 return (e);
1207 1208 }
1208 1209
1209 1210 /* msgsys */
1210 1211 static au_event_t
1211 1212 aui_msgsys(au_event_t e)
1212 1213 {
1213 1214 klwp_t *clwp = ttolwp(curthread);
1214 1215 uint_t fm;
1215 1216
1216 1217 struct a {
1217 1218 long id; /* function code id */
1218 1219 long ap; /* arg pointer for recvmsg */
1219 1220 } *uap = (struct a *)clwp->lwp_ap;
1220 1221
1221 1222 struct b {
1222 1223 long msgid;
1223 1224 long cmd;
1224 1225 long buf; /* struct msqid_ds * */
1225 1226 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1226 1227
1227 1228 fm = (uint_t)uap->id;
1228 1229
1229 1230 switch (fm) {
1230 1231 case 0: /* msgget */
1231 1232 e = AUE_MSGGET;
1232 1233 break;
1233 1234 case 1: /* msgctl */
1234 1235 switch ((uint_t)uap1->cmd) {
1235 1236 case IPC_RMID:
1236 1237 e = AUE_MSGCTL_RMID;
1237 1238 break;
1238 1239 case IPC_SET:
1239 1240 e = AUE_MSGCTL_SET;
1240 1241 break;
1241 1242 case IPC_STAT:
1242 1243 e = AUE_MSGCTL_STAT;
1243 1244 break;
1244 1245 default:
1245 1246 e = AUE_MSGCTL;
1246 1247 break;
1247 1248 }
1248 1249 break;
1249 1250 case 2: /* msgrcv */
1250 1251 e = AUE_MSGRCV;
1251 1252 break;
1252 1253 case 3: /* msgsnd */
1253 1254 e = AUE_MSGSND;
1254 1255 break;
1255 1256 default: /* illegal system call */
1256 1257 e = AUE_NULL;
1257 1258 break;
1258 1259 }
1259 1260
1260 1261 return (e);
1261 1262 }
1262 1263
1263 1264
1264 1265 /* shmsys */
1265 1266 static au_event_t
1266 1267 aui_shmsys(au_event_t e)
1267 1268 {
1268 1269 klwp_t *clwp = ttolwp(curthread);
1269 1270 int fm;
1270 1271
1271 1272 struct a { /* shmsys */
1272 1273 long id; /* function code id */
1273 1274 } *uap = (struct a *)clwp->lwp_ap;
1274 1275
1275 1276 struct b { /* ctrl */
1276 1277 long shmid;
1277 1278 long cmd;
1278 1279 long arg; /* struct shmid_ds * */
1279 1280 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1280 1281 fm = (uint_t)uap->id;
1281 1282
1282 1283 switch (fm) {
1283 1284 case 0: /* shmat */
1284 1285 e = AUE_SHMAT;
1285 1286 break;
1286 1287 case 1: /* shmctl */
1287 1288 switch ((uint_t)uap1->cmd) {
1288 1289 case IPC_RMID:
1289 1290 e = AUE_SHMCTL_RMID;
1290 1291 break;
1291 1292 case IPC_SET:
1292 1293 e = AUE_SHMCTL_SET;
1293 1294 break;
1294 1295 case IPC_STAT:
1295 1296 e = AUE_SHMCTL_STAT;
1296 1297 break;
1297 1298 default:
1298 1299 e = AUE_SHMCTL;
1299 1300 break;
1300 1301 }
1301 1302 break;
1302 1303 case 2: /* shmdt */
1303 1304 e = AUE_SHMDT;
1304 1305 break;
1305 1306 case 3: /* shmget */
1306 1307 e = AUE_SHMGET;
1307 1308 break;
1308 1309 default: /* illegal system call */
1309 1310 e = AUE_NULL;
1310 1311 break;
1311 1312 }
1312 1313
1313 1314 return (e);
1314 1315 }
1315 1316
1316 1317
1317 1318 /* semsys */
1318 1319 static au_event_t
1319 1320 aui_semsys(au_event_t e)
1320 1321 {
1321 1322 klwp_t *clwp = ttolwp(curthread);
1322 1323 uint_t fm;
1323 1324
1324 1325 struct a { /* semsys */
1325 1326 long id;
1326 1327 } *uap = (struct a *)clwp->lwp_ap;
1327 1328
1328 1329 struct b { /* ctrl */
1329 1330 long semid;
1330 1331 long semnum;
1331 1332 long cmd;
1332 1333 long arg;
1333 1334 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1334 1335
1335 1336 fm = (uint_t)uap->id;
1336 1337
1337 1338 switch (fm) {
1338 1339 case 0: /* semctl */
1339 1340 switch ((uint_t)uap1->cmd) {
1340 1341 case IPC_RMID:
1341 1342 e = AUE_SEMCTL_RMID;
1342 1343 break;
1343 1344 case IPC_SET:
1344 1345 e = AUE_SEMCTL_SET;
1345 1346 break;
1346 1347 case IPC_STAT:
1347 1348 e = AUE_SEMCTL_STAT;
1348 1349 break;
1349 1350 case GETNCNT:
1350 1351 e = AUE_SEMCTL_GETNCNT;
1351 1352 break;
1352 1353 case GETPID:
1353 1354 e = AUE_SEMCTL_GETPID;
1354 1355 break;
1355 1356 case GETVAL:
1356 1357 e = AUE_SEMCTL_GETVAL;
1357 1358 break;
1358 1359 case GETALL:
1359 1360 e = AUE_SEMCTL_GETALL;
1360 1361 break;
1361 1362 case GETZCNT:
1362 1363 e = AUE_SEMCTL_GETZCNT;
1363 1364 break;
1364 1365 case SETVAL:
1365 1366 e = AUE_SEMCTL_SETVAL;
1366 1367 break;
1367 1368 case SETALL:
1368 1369 e = AUE_SEMCTL_SETALL;
1369 1370 break;
1370 1371 default:
1371 1372 e = AUE_SEMCTL;
1372 1373 break;
1373 1374 }
1374 1375 break;
1375 1376 case 1: /* semget */
1376 1377 e = AUE_SEMGET;
1377 1378 break;
1378 1379 case 2: /* semop */
1379 1380 e = AUE_SEMOP;
1380 1381 break;
1381 1382 default: /* illegal system call */
1382 1383 e = AUE_NULL;
1383 1384 break;
1384 1385 }
1385 1386
1386 1387 return (e);
1387 1388 }
1388 1389
1389 1390 /* utssys - uname(2), ustat(2), fusers(2) */
1390 1391 static au_event_t
1391 1392 aui_utssys(au_event_t e)
1392 1393 {
1393 1394 klwp_t *clwp = ttolwp(curthread);
1394 1395 uint_t type;
1395 1396
1396 1397 struct a {
1397 1398 union {
1398 1399 long cbuf; /* char * */
1399 1400 long ubuf; /* struct stat * */
1400 1401 } ub;
1401 1402 union {
1402 1403 long mv; /* for USTAT */
1403 1404 long flags; /* for FUSERS */
1404 1405 } un;
1405 1406 long type;
1406 1407 long outbp; /* char * for FUSERS */
1407 1408 } *uap = (struct a *)clwp->lwp_ap;
1408 1409
1409 1410 type = (uint_t)uap->type;
1410 1411
1411 1412 if (type == UTS_FUSERS)
1412 1413 return (e);
1413 1414 else
1414 1415 return ((au_event_t)AUE_NULL);
1415 1416 }
1416 1417
1417 1418 static au_event_t
1418 1419 aui_fcntl(au_event_t e)
1419 1420 {
1420 1421 klwp_t *clwp = ttolwp(curthread);
1421 1422 uint_t cmd;
1422 1423
1423 1424 struct a {
1424 1425 long fdes;
1425 1426 long cmd;
1426 1427 long arg;
1427 1428 } *uap = (struct a *)clwp->lwp_ap;
1428 1429
1429 1430 cmd = (uint_t)uap->cmd;
1430 1431
1431 1432 switch (cmd) {
1432 1433 case F_GETLK:
1433 1434 case F_SETLK:
1434 1435 case F_SETLKW:
1435 1436 break;
1436 1437 case F_SETFL:
1437 1438 case F_GETFL:
1438 1439 case F_GETFD:
1439 1440 break;
1440 1441 default:
1441 1442 e = (au_event_t)AUE_NULL;
1442 1443 break;
1443 1444 }
1444 1445 return ((au_event_t)e);
1445 1446 }
1446 1447
1447 1448 /* null function for now */
1448 1449 static au_event_t
1449 1450 aui_execve(au_event_t e)
1450 1451 {
1451 1452 return (e);
1452 1453 }
1453 1454
1454 1455 /*ARGSUSED*/
1455 1456 static void
1456 1457 aus_fcntl(struct t_audit_data *tad)
1457 1458 {
1458 1459 klwp_t *clwp = ttolwp(curthread);
1459 1460 uint32_t cmd, fd, flags;
1460 1461 struct file *fp;
1461 1462 struct vnode *vp;
1462 1463 struct f_audit_data *fad;
1463 1464
1464 1465 struct a {
1465 1466 long fd;
1466 1467 long cmd;
1467 1468 long arg;
1468 1469 } *uap = (struct a *)clwp->lwp_ap;
1469 1470
1470 1471 cmd = (uint32_t)uap->cmd;
1471 1472 fd = (uint32_t)uap->fd;
1472 1473 flags = (uint32_t)uap->arg;
1473 1474
1474 1475 au_uwrite(au_to_arg32(2, "cmd", cmd));
1475 1476
1476 1477 if (cmd == F_SETFL)
1477 1478 au_uwrite(au_to_arg32(3, "flags", flags));
1478 1479
1479 1480 /*
1480 1481 * convert file pointer to file descriptor
1481 1482 * Note: fd ref count incremented here.
1482 1483 */
1483 1484 if ((fp = getf(fd)) == NULL)
1484 1485 return;
1485 1486
1486 1487 /* get path from file struct here */
1487 1488 fad = F2A(fp);
1488 1489 if (fad->fad_aupath != NULL) {
1489 1490 au_uwrite(au_to_path(fad->fad_aupath));
1490 1491 } else {
1491 1492 au_uwrite(au_to_arg32(1, "no path: fd", fd));
1492 1493 }
1493 1494
1494 1495 vp = fp->f_vnode;
1495 1496 audit_attributes(vp);
1496 1497
1497 1498 /* decrement file descriptor reference count */
1498 1499 releasef(fd);
1499 1500 }
1500 1501
1501 1502 /*ARGSUSED*/
1502 1503 static void
1503 1504 aus_kill(struct t_audit_data *tad)
1504 1505 {
1505 1506 klwp_t *clwp = ttolwp(curthread);
1506 1507 struct proc *p;
1507 1508 uint32_t signo;
1508 1509 uid_t uid, ruid;
1509 1510 gid_t gid, rgid;
1510 1511 pid_t pid;
1511 1512 const auditinfo_addr_t *ainfo;
1512 1513 cred_t *cr;
1513 1514
1514 1515 struct a {
1515 1516 long pid;
1516 1517 long signo;
1517 1518 } *uap = (struct a *)clwp->lwp_ap;
1518 1519
1519 1520 pid = (pid_t)uap->pid;
1520 1521 signo = (uint32_t)uap->signo;
1521 1522
1522 1523 au_uwrite(au_to_arg32(2, "signal", signo));
1523 1524 if (pid > 0) {
1524 1525 mutex_enter(&pidlock);
1525 1526 if (((p = prfind(pid)) == (struct proc *)0) ||
1526 1527 (p->p_stat == SIDL)) {
1527 1528 mutex_exit(&pidlock);
1528 1529 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1529 1530 return;
1530 1531 }
1531 1532 mutex_enter(&p->p_lock); /* so process doesn't go away */
1532 1533 mutex_exit(&pidlock);
1533 1534
1534 1535 mutex_enter(&p->p_crlock);
1535 1536 crhold(cr = p->p_cred);
1536 1537 mutex_exit(&p->p_crlock);
1537 1538 mutex_exit(&p->p_lock);
1538 1539
1539 1540 ainfo = crgetauinfo(cr);
1540 1541 if (ainfo == NULL) {
1541 1542 crfree(cr);
1542 1543 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1543 1544 return;
1544 1545 }
1545 1546
1546 1547 uid = crgetuid(cr);
1547 1548 gid = crgetgid(cr);
1548 1549 ruid = crgetruid(cr);
1549 1550 rgid = crgetrgid(cr);
1550 1551 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
1551 1552 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
1552 1553
1553 1554 if (is_system_labeled())
1554 1555 au_uwrite(au_to_label(CR_SL(cr)));
1555 1556
1556 1557 crfree(cr);
1557 1558 }
1558 1559 else
1559 1560 au_uwrite(au_to_arg32(1, "process", (uint32_t)pid));
1560 1561 }
1561 1562
1562 1563 /*ARGSUSED*/
1563 1564 static void
1564 1565 aus_mkdir(struct t_audit_data *tad)
1565 1566 {
1566 1567 klwp_t *clwp = ttolwp(curthread);
1567 1568 uint32_t dmode;
1568 1569
1569 1570 struct a {
1570 1571 long dirnamep; /* char * */
1571 1572 long dmode;
1572 1573 } *uap = (struct a *)clwp->lwp_ap;
1573 1574
1574 1575 dmode = (uint32_t)uap->dmode;
1575 1576
1576 1577 au_uwrite(au_to_arg32(2, "mode", dmode));
1577 1578 }
1578 1579
1579 1580 /*ARGSUSED*/
1580 1581 static void
1581 1582 aus_mkdirat(struct t_audit_data *tad)
1582 1583 {
1583 1584 klwp_t *clwp = ttolwp(curthread);
1584 1585 uint32_t dmode;
1585 1586
1586 1587 struct a {
1587 1588 long fd;
1588 1589 long dirnamep; /* char * */
1589 1590 long dmode;
1590 1591 } *uap = (struct a *)clwp->lwp_ap;
1591 1592
1592 1593 dmode = (uint32_t)uap->dmode;
1593 1594
1594 1595 au_uwrite(au_to_arg32(2, "mode", dmode));
1595 1596 }
1596 1597
1597 1598 /*ARGSUSED*/
1598 1599 static void
1599 1600 aus_mknod(struct t_audit_data *tad)
1600 1601 {
1601 1602 klwp_t *clwp = ttolwp(curthread);
1602 1603 uint32_t fmode;
1603 1604 dev_t dev;
1604 1605
1605 1606 struct a {
1606 1607 long pnamep; /* char * */
1607 1608 long fmode;
1608 1609 long dev;
1609 1610 } *uap = (struct a *)clwp->lwp_ap;
1610 1611
1611 1612 fmode = (uint32_t)uap->fmode;
1612 1613 dev = (dev_t)uap->dev;
1613 1614
1614 1615 au_uwrite(au_to_arg32(2, "mode", fmode));
1615 1616 #ifdef _LP64
1616 1617 au_uwrite(au_to_arg64(3, "dev", dev));
1617 1618 #else
1618 1619 au_uwrite(au_to_arg32(3, "dev", dev));
1619 1620 #endif
1620 1621 }
1621 1622
1622 1623 /*ARGSUSED*/
1623 1624 static void
1624 1625 auf_mknod(struct t_audit_data *tad, int error, rval_t *rval)
1625 1626 {
1626 1627 klwp_t *clwp = ttolwp(curthread);
1627 1628 vnode_t *dvp;
1628 1629 caddr_t pnamep;
1629 1630
1630 1631 struct a {
1631 1632 long pnamep; /* char * */
1632 1633 long fmode;
1633 1634 long dev;
1634 1635 } *uap = (struct a *)clwp->lwp_ap;
1635 1636
1636 1637 /* no error, then already path token in audit record */
1637 1638 if (error != EPERM && error != EINVAL)
1638 1639 return;
1639 1640
1640 1641 /* do the lookup to force generation of path token */
1641 1642 pnamep = (caddr_t)uap->pnamep;
1642 1643 tad->tad_ctrl |= TAD_NOATTRB;
1643 1644 error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP);
1644 1645 if (error == 0)
1645 1646 VN_RELE(dvp);
1646 1647 }
1647 1648
1648 1649 /*ARGSUSED*/
1649 1650 static void
1650 1651 aus_mknodat(struct t_audit_data *tad)
1651 1652 {
1652 1653 klwp_t *clwp = ttolwp(curthread);
1653 1654 uint32_t fmode;
1654 1655 dev_t dev;
1655 1656
1656 1657 struct a {
1657 1658 long fd;
1658 1659 long pnamep; /* char * */
1659 1660 long fmode;
1660 1661 long dev;
1661 1662 } *uap = (struct a *)clwp->lwp_ap;
1662 1663
1663 1664 fmode = (uint32_t)uap->fmode;
1664 1665 dev = (dev_t)uap->dev;
1665 1666
1666 1667 au_uwrite(au_to_arg32(2, "mode", fmode));
1667 1668 #ifdef _LP64
1668 1669 au_uwrite(au_to_arg64(3, "dev", dev));
1669 1670 #else
1670 1671 au_uwrite(au_to_arg32(3, "dev", dev));
1671 1672 #endif
1672 1673 }
1673 1674
1674 1675 /*ARGSUSED*/
1675 1676 static void
1676 1677 auf_mknodat(struct t_audit_data *tad, int error, rval_t *rval)
1677 1678 {
1678 1679 klwp_t *clwp = ttolwp(curthread);
1679 1680 vnode_t *startvp;
1680 1681 vnode_t *dvp;
1681 1682 caddr_t pnamep;
1682 1683 int fd;
1683 1684
1684 1685 struct a {
1685 1686 long fd;
1686 1687 long pnamep; /* char * */
1687 1688 long fmode;
1688 1689 long dev;
1689 1690 } *uap = (struct a *)clwp->lwp_ap;
1690 1691
1691 1692 /* no error, then already path token in audit record */
1692 1693 if (error != EPERM && error != EINVAL)
1693 1694 return;
1694 1695
1695 1696 /* do the lookup to force generation of path token */
1696 1697 fd = (int)uap->fd;
1697 1698 pnamep = (caddr_t)uap->pnamep;
1698 1699 if (pnamep == NULL ||
1699 1700 fgetstartvp(fd, pnamep, &startvp) != 0)
1700 1701 return;
1701 1702 tad->tad_ctrl |= TAD_NOATTRB;
1702 1703 error = lookupnameat(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP,
1703 1704 startvp);
1704 1705 if (error == 0)
1705 1706 VN_RELE(dvp);
1706 1707 if (startvp != NULL)
1707 1708 VN_RELE(startvp);
1708 1709 }
1709 1710
1710 1711 /*ARGSUSED*/
1711 1712 static void
1712 1713 aus_mount(struct t_audit_data *tad)
1713 1714 { /* AUS_START */
1714 1715 klwp_t *clwp = ttolwp(curthread);
1715 1716 uint32_t flags;
1716 1717 uintptr_t u_fstype, dataptr;
1717 1718 STRUCT_DECL(nfs_args, nfsargs);
1718 1719 size_t len;
1719 1720 char *fstype, *hostname;
1720 1721
1721 1722 struct a {
1722 1723 long spec; /* char * */
1723 1724 long dir; /* char * */
1724 1725 long flags;
1725 1726 long fstype; /* char * */
1726 1727 long dataptr; /* char * */
1727 1728 long datalen;
1728 1729 } *uap = (struct a *)clwp->lwp_ap;
1729 1730
1730 1731 u_fstype = (uintptr_t)uap->fstype;
1731 1732 flags = (uint32_t)uap->flags;
1732 1733 dataptr = (uintptr_t)uap->dataptr;
1733 1734
1734 1735 fstype = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1735 1736 if (copyinstr((caddr_t)u_fstype, (caddr_t)fstype, MAXNAMELEN, &len))
1736 1737 goto mount_free_fstype;
1737 1738
1738 1739 au_uwrite(au_to_arg32(3, "flags", flags));
1739 1740 au_uwrite(au_to_text(fstype));
1740 1741
1741 1742 if (strncmp(fstype, "nfs", 3) == 0) {
1742 1743
1743 1744 STRUCT_INIT(nfsargs, get_udatamodel());
1744 1745 bzero(STRUCT_BUF(nfsargs), STRUCT_SIZE(nfsargs));
1745 1746
1746 1747 if (copyin((caddr_t)dataptr,
1747 1748 STRUCT_BUF(nfsargs),
1748 1749 MIN(uap->datalen, STRUCT_SIZE(nfsargs)))) {
1749 1750 /* DEBUG debug_enter((char *)NULL); */
1750 1751 goto mount_free_fstype;
1751 1752 }
1752 1753 hostname = kmem_alloc(MAXNAMELEN, KM_SLEEP);
1753 1754 if (copyinstr(STRUCT_FGETP(nfsargs, hostname),
1754 1755 (caddr_t)hostname,
1755 1756 MAXNAMELEN, &len)) {
1756 1757 goto mount_free_hostname;
1757 1758 }
1758 1759 au_uwrite(au_to_text(hostname));
1759 1760 au_uwrite(au_to_arg32(3, "internal flags",
1760 1761 (uint_t)STRUCT_FGET(nfsargs, flags)));
1761 1762
1762 1763 mount_free_hostname:
1763 1764 kmem_free(hostname, MAXNAMELEN);
1764 1765 }
1765 1766
1766 1767 mount_free_fstype:
1767 1768 kmem_free(fstype, MAXNAMELEN);
1768 1769 } /* AUS_MOUNT */
1769 1770
1770 1771 static void
1771 1772 aus_umount_path(caddr_t umount_dir)
1772 1773 {
1773 1774 char *dir_path;
1774 1775 struct audit_path *path;
1775 1776 size_t path_len, dir_len;
1776 1777
1777 1778 /* length alloc'd for two string pointers */
1778 1779 path_len = sizeof (struct audit_path) + sizeof (char *);
1779 1780 path = kmem_alloc(path_len, KM_SLEEP);
1780 1781 dir_path = kmem_alloc(MAXPATHLEN, KM_SLEEP);
1781 1782
1782 1783 if (copyinstr(umount_dir, (caddr_t)dir_path,
1783 1784 MAXPATHLEN, &dir_len))
1784 1785 goto umount2_free_dir;
1785 1786
1786 1787 /*
1787 1788 * the audit_path struct assumes that the buffer pointed to
1788 1789 * by audp_sect[n] contains string 0 immediatedly followed
1789 1790 * by string 1.
1790 1791 */
1791 1792 path->audp_sect[0] = dir_path;
1792 1793 path->audp_sect[1] = dir_path + strlen(dir_path) + 1;
1793 1794 path->audp_size = path_len;
1794 1795 path->audp_ref = 1; /* not used */
1795 1796 path->audp_cnt = 1; /* one path string */
1796 1797
1797 1798 au_uwrite(au_to_path(path));
1798 1799
1799 1800 umount2_free_dir:
1800 1801 kmem_free(dir_path, MAXPATHLEN);
1801 1802 kmem_free(path, path_len);
1802 1803 }
1803 1804
1804 1805 /*ARGSUSED*/
1805 1806 static void
1806 1807 aus_umount2(struct t_audit_data *tad)
1807 1808 {
1808 1809 klwp_t *clwp = ttolwp(curthread);
1809 1810 struct a {
1810 1811 long dir; /* char * */
1811 1812 long flags;
1812 1813 } *uap = (struct a *)clwp->lwp_ap;
1813 1814
1814 1815 aus_umount_path((caddr_t)uap->dir);
1815 1816
1816 1817 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
1817 1818 }
1818 1819
1819 1820 static void
1820 1821 aus_msgsys(struct t_audit_data *tad)
1821 1822 {
1822 1823 klwp_t *clwp = ttolwp(curthread);
1823 1824 uint32_t msgid;
1824 1825
1825 1826 struct b {
1826 1827 long msgid;
1827 1828 long cmd;
1828 1829 long buf; /* struct msqid_ds * */
1829 1830 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1830 1831
1831 1832 msgid = (uint32_t)uap1->msgid;
1832 1833
1833 1834
1834 1835 switch (tad->tad_event) {
1835 1836 case AUE_MSGGET: /* msgget */
1836 1837 au_uwrite(au_to_arg32(1, "msg key", msgid));
1837 1838 break;
1838 1839 case AUE_MSGCTL: /* msgctl */
1839 1840 case AUE_MSGCTL_RMID: /* msgctl */
1840 1841 case AUE_MSGCTL_SET: /* msgctl */
1841 1842 case AUE_MSGCTL_STAT: /* msgctl */
1842 1843 case AUE_MSGRCV: /* msgrcv */
1843 1844 case AUE_MSGSND: /* msgsnd */
1844 1845 au_uwrite(au_to_arg32(1, "msg ID", msgid));
1845 1846 break;
1846 1847 }
1847 1848 }
1848 1849
1849 1850 /*ARGSUSED*/
1850 1851 static void
1851 1852 auf_msgsys(struct t_audit_data *tad, int error, rval_t *rval)
1852 1853 {
1853 1854 int id;
1854 1855
1855 1856 if (error != 0)
1856 1857 return;
1857 1858 if (tad->tad_event == AUE_MSGGET) {
1858 1859 uint32_t scid;
1859 1860 uint32_t sy_flags;
1860 1861
1861 1862 /* need to determine type of executing binary */
1862 1863 scid = tad->tad_scid;
1863 1864 #ifdef _SYSCALL32_IMPL
1864 1865 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1865 1866 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1866 1867 else
1867 1868 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1868 1869 #else
1869 1870 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1870 1871 #endif
1871 1872 if (sy_flags == SE_32RVAL1)
1872 1873 id = rval->r_val1;
1873 1874 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1874 1875 id = rval->r_val1;
1875 1876 if (sy_flags == SE_64RVAL)
1876 1877 id = (int)rval->r_vals;
1877 1878
1878 1879 au_uwrite(au_to_ipc(AT_IPC_MSG, id));
1879 1880 }
1880 1881 }
1881 1882
1882 1883 static void
1883 1884 aus_semsys(struct t_audit_data *tad)
1884 1885 {
1885 1886 klwp_t *clwp = ttolwp(curthread);
1886 1887 uint32_t semid;
1887 1888
1888 1889 struct b { /* ctrl */
1889 1890 long semid;
1890 1891 long semnum;
1891 1892 long cmd;
1892 1893 long arg;
1893 1894 } *uap1 = (struct b *)&clwp->lwp_ap[1];
1894 1895
1895 1896 semid = (uint32_t)uap1->semid;
1896 1897
1897 1898 switch (tad->tad_event) {
1898 1899 case AUE_SEMCTL_RMID:
1899 1900 case AUE_SEMCTL_STAT:
1900 1901 case AUE_SEMCTL_GETNCNT:
1901 1902 case AUE_SEMCTL_GETPID:
1902 1903 case AUE_SEMCTL_GETVAL:
1903 1904 case AUE_SEMCTL_GETALL:
1904 1905 case AUE_SEMCTL_GETZCNT:
1905 1906 case AUE_SEMCTL_SET:
1906 1907 case AUE_SEMCTL_SETVAL:
1907 1908 case AUE_SEMCTL_SETALL:
1908 1909 case AUE_SEMCTL:
1909 1910 case AUE_SEMOP:
1910 1911 au_uwrite(au_to_arg32(1, "sem ID", semid));
1911 1912 break;
1912 1913 case AUE_SEMGET:
1913 1914 au_uwrite(au_to_arg32(1, "sem key", semid));
1914 1915 break;
1915 1916 }
1916 1917 }
1917 1918
1918 1919 /*ARGSUSED*/
1919 1920 static void
1920 1921 auf_semsys(struct t_audit_data *tad, int error, rval_t *rval)
1921 1922 {
1922 1923 int id;
1923 1924
1924 1925 if (error != 0)
1925 1926 return;
1926 1927 if (tad->tad_event == AUE_SEMGET) {
1927 1928 uint32_t scid;
1928 1929 uint32_t sy_flags;
1929 1930
1930 1931 /* need to determine type of executing binary */
1931 1932 scid = tad->tad_scid;
1932 1933 #ifdef _SYSCALL32_IMPL
1933 1934 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
1934 1935 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1935 1936 else
1936 1937 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
1937 1938 #else
1938 1939 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
1939 1940 #endif
1940 1941 if (sy_flags == SE_32RVAL1)
1941 1942 id = rval->r_val1;
1942 1943 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
1943 1944 id = rval->r_val1;
1944 1945 if (sy_flags == SE_64RVAL)
1945 1946 id = (int)rval->r_vals;
1946 1947
1947 1948 au_uwrite(au_to_ipc(AT_IPC_SEM, id));
1948 1949 }
1949 1950 }
1950 1951
1951 1952 /*ARGSUSED*/
1952 1953 static void
1953 1954 aus_close(struct t_audit_data *tad)
1954 1955 {
1955 1956 klwp_t *clwp = ttolwp(curthread);
1956 1957 uint32_t fd;
1957 1958 struct file *fp;
1958 1959 struct f_audit_data *fad;
1959 1960 struct vnode *vp;
1960 1961 struct vattr attr;
1961 1962 au_kcontext_t *kctx = GET_KCTX_PZ;
1962 1963
1963 1964 struct a {
1964 1965 long i;
1965 1966 } *uap = (struct a *)clwp->lwp_ap;
1966 1967
1967 1968 fd = (uint32_t)uap->i;
1968 1969
1969 1970 attr.va_mask = 0;
1970 1971 au_uwrite(au_to_arg32(1, "fd", fd));
1971 1972
1972 1973 /*
1973 1974 * convert file pointer to file descriptor
1974 1975 * Note: fd ref count incremented here.
1975 1976 */
1976 1977 if ((fp = getf(fd)) == NULL)
1977 1978 return;
1978 1979
1979 1980 fad = F2A(fp);
1980 1981 tad->tad_evmod = (au_emod_t)fad->fad_flags;
1981 1982 if (fad->fad_aupath != NULL) {
1982 1983 au_uwrite(au_to_path(fad->fad_aupath));
1983 1984 if ((vp = fp->f_vnode) != NULL) {
1984 1985 attr.va_mask = AT_ALL;
1985 1986 if (VOP_GETATTR(vp, &attr, 0, CRED(), NULL) == 0) {
1986 1987 /*
1987 1988 * When write was not used and the file can be
1988 1989 * considered public, skip the audit.
1989 1990 */
1990 1991 if (((fp->f_flag & FWRITE) == 0) &&
1991 1992 object_is_public(&attr)) {
1992 1993 tad->tad_flag = 0;
1993 1994 tad->tad_evmod = 0;
1994 1995 /* free any residual audit data */
1995 1996 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
1996 1997 releasef(fd);
1997 1998 return;
1998 1999 }
1999 2000 au_uwrite(au_to_attr(&attr));
2000 2001 audit_sec_attributes(&(u_ad), vp);
2001 2002 }
2002 2003 }
2003 2004 }
2004 2005
2005 2006 /* decrement file descriptor reference count */
2006 2007 releasef(fd);
2007 2008 }
2008 2009
2009 2010 /*ARGSUSED*/
2010 2011 static void
2011 2012 aus_fstatfs(struct t_audit_data *tad)
2012 2013 {
2013 2014 klwp_t *clwp = ttolwp(curthread);
2014 2015 uint32_t fd;
2015 2016 struct file *fp;
2016 2017 struct vnode *vp;
2017 2018 struct f_audit_data *fad;
2018 2019
2019 2020 struct a {
2020 2021 long fd;
2021 2022 long buf; /* struct statfs * */
2022 2023 } *uap = (struct a *)clwp->lwp_ap;
2023 2024
2024 2025 fd = (uint_t)uap->fd;
2025 2026
2026 2027 /*
2027 2028 * convert file pointer to file descriptor
2028 2029 * Note: fd ref count incremented here.
2029 2030 */
2030 2031 if ((fp = getf(fd)) == NULL)
2031 2032 return;
2032 2033
2033 2034 /* get path from file struct here */
2034 2035 fad = F2A(fp);
2035 2036 if (fad->fad_aupath != NULL) {
2036 2037 au_uwrite(au_to_path(fad->fad_aupath));
2037 2038 } else {
2038 2039 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2039 2040 }
2040 2041
2041 2042 vp = fp->f_vnode;
2042 2043 audit_attributes(vp);
2043 2044
2044 2045 /* decrement file descriptor reference count */
2045 2046 releasef(fd);
2046 2047 }
2047 2048
2048 2049 static au_event_t
2049 2050 aui_setpgrp(au_event_t e)
2050 2051 {
2051 2052 klwp_t *clwp = ttolwp(curthread);
2052 2053 int flag;
2053 2054
2054 2055 struct a {
2055 2056 long flag;
2056 2057 long pid;
2057 2058 long pgid;
2058 2059 } *uap = (struct a *)clwp->lwp_ap;
2059 2060
2060 2061 flag = (int)uap->flag;
2061 2062
2062 2063
2063 2064 switch (flag) {
2064 2065
2065 2066 case 1: /* setpgrp() */
2066 2067 e = AUE_SETPGRP;
2067 2068 break;
2068 2069
2069 2070 case 3: /* setsid() */
2070 2071 e = AUE_SETSID;
2071 2072 break;
2072 2073
2073 2074 case 5: /* setpgid() */
2074 2075 e = AUE_SETPGID;
2075 2076 break;
2076 2077
2077 2078 case 0: /* getpgrp() - not security relevant */
2078 2079 case 2: /* getsid() - not security relevant */
2079 2080 case 4: /* getpgid() - not security relevant */
2080 2081 e = AUE_NULL;
2081 2082 break;
2082 2083
2083 2084 default:
2084 2085 e = AUE_NULL;
2085 2086 break;
2086 2087 }
2087 2088
2088 2089 return (e);
2089 2090 }
2090 2091
2091 2092 /*ARGSUSED*/
2092 2093 static void
2093 2094 aus_setpgrp(struct t_audit_data *tad)
2094 2095 {
2095 2096 klwp_t *clwp = ttolwp(curthread);
2096 2097 pid_t pgid;
2097 2098 struct proc *p;
2098 2099 uid_t uid, ruid;
2099 2100 gid_t gid, rgid;
2100 2101 pid_t pid;
2101 2102 cred_t *cr;
2102 2103 int flag;
2103 2104 const auditinfo_addr_t *ainfo;
2104 2105
2105 2106 struct a {
2106 2107 long flag;
2107 2108 long pid;
2108 2109 long pgid;
2109 2110 } *uap = (struct a *)clwp->lwp_ap;
2110 2111
2111 2112 flag = (int)uap->flag;
2112 2113 pid = (pid_t)uap->pid;
2113 2114 pgid = (pid_t)uap->pgid;
2114 2115
2115 2116
2116 2117 switch (flag) {
2117 2118
2118 2119 case 0: /* getpgrp() */
2119 2120 case 1: /* setpgrp() */
2120 2121 case 2: /* getsid() */
2121 2122 case 3: /* setsid() */
2122 2123 case 4: /* getpgid() */
2123 2124 break;
2124 2125
2125 2126 case 5: /* setpgid() */
2126 2127
2127 2128 /* current process? */
2128 2129 if (pid == 0) {
2129 2130 return;
2130 2131 }
2131 2132
2132 2133 mutex_enter(&pidlock);
2133 2134 p = prfind(pid);
2134 2135 if (p == NULL || p->p_as == &kas ||
2135 2136 p->p_stat == SIDL || p->p_stat == SZOMB) {
2136 2137 mutex_exit(&pidlock);
2137 2138 return;
2138 2139 }
2139 2140 mutex_enter(&p->p_lock); /* so process doesn't go away */
2140 2141 mutex_exit(&pidlock);
2141 2142
2142 2143 mutex_enter(&p->p_crlock);
2143 2144 crhold(cr = p->p_cred);
2144 2145 mutex_exit(&p->p_crlock);
2145 2146 mutex_exit(&p->p_lock);
2146 2147
2147 2148 ainfo = crgetauinfo(cr);
2148 2149 if (ainfo == NULL) {
2149 2150 crfree(cr);
2150 2151 return;
2151 2152 }
2152 2153
2153 2154 uid = crgetuid(cr);
2154 2155 gid = crgetgid(cr);
2155 2156 ruid = crgetruid(cr);
2156 2157 rgid = crgetrgid(cr);
2157 2158 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
2158 2159 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
2159 2160 crfree(cr);
2160 2161 au_uwrite(au_to_arg32(2, "pgid", pgid));
2161 2162 break;
2162 2163
2163 2164 default:
2164 2165 break;
2165 2166 }
2166 2167 }
2167 2168
2168 2169
2169 2170 /*ARGSUSED*/
2170 2171 static void
2171 2172 aus_setregid(struct t_audit_data *tad)
2172 2173 {
2173 2174 klwp_t *clwp = ttolwp(curthread);
2174 2175 uint32_t rgid, egid;
2175 2176
2176 2177 struct a {
2177 2178 long rgid;
2178 2179 long egid;
2179 2180 } *uap = (struct a *)clwp->lwp_ap;
2180 2181
2181 2182 rgid = (uint32_t)uap->rgid;
2182 2183 egid = (uint32_t)uap->egid;
2183 2184
2184 2185 au_uwrite(au_to_arg32(1, "rgid", rgid));
2185 2186 au_uwrite(au_to_arg32(2, "egid", egid));
2186 2187 }
2187 2188
2188 2189 /*ARGSUSED*/
2189 2190 static void
2190 2191 aus_setgid(struct t_audit_data *tad)
2191 2192 {
2192 2193 klwp_t *clwp = ttolwp(curthread);
2193 2194 uint32_t gid;
2194 2195
2195 2196 struct a {
2196 2197 long gid;
2197 2198 } *uap = (struct a *)clwp->lwp_ap;
2198 2199
2199 2200 gid = (uint32_t)uap->gid;
2200 2201
2201 2202 au_uwrite(au_to_arg32(1, "gid", gid));
2202 2203 }
2203 2204
2204 2205
2205 2206 /*ARGSUSED*/
2206 2207 static void
2207 2208 aus_setreuid(struct t_audit_data *tad)
2208 2209 {
2209 2210 klwp_t *clwp = ttolwp(curthread);
2210 2211 uint32_t ruid, euid;
2211 2212
2212 2213 struct a {
2213 2214 long ruid;
2214 2215 long euid;
2215 2216 } *uap = (struct a *)clwp->lwp_ap;
2216 2217
2217 2218 ruid = (uint32_t)uap->ruid;
2218 2219 euid = (uint32_t)uap->euid;
2219 2220
2220 2221 au_uwrite(au_to_arg32(1, "ruid", ruid));
2221 2222 au_uwrite(au_to_arg32(2, "euid", euid));
2222 2223 }
2223 2224
2224 2225
2225 2226 /*ARGSUSED*/
2226 2227 static void
2227 2228 aus_setuid(struct t_audit_data *tad)
2228 2229 {
2229 2230 klwp_t *clwp = ttolwp(curthread);
2230 2231 uint32_t uid;
2231 2232
2232 2233 struct a {
2233 2234 long uid;
2234 2235 } *uap = (struct a *)clwp->lwp_ap;
2235 2236
2236 2237 uid = (uint32_t)uap->uid;
2237 2238
2238 2239 au_uwrite(au_to_arg32(1, "uid", uid));
2239 2240 }
2240 2241
2241 2242 /*ARGSUSED*/
2242 2243 static void
2243 2244 aus_shmsys(struct t_audit_data *tad)
2244 2245 {
2245 2246 klwp_t *clwp = ttolwp(curthread);
2246 2247 uint32_t id, cmd;
2247 2248
2248 2249 struct b {
2249 2250 long id;
2250 2251 long cmd;
2251 2252 long buf; /* struct shmid_ds * */
2252 2253 } *uap1 = (struct b *)&clwp->lwp_ap[1];
2253 2254
2254 2255 id = (uint32_t)uap1->id;
2255 2256 cmd = (uint32_t)uap1->cmd;
2256 2257
2257 2258 switch (tad->tad_event) {
2258 2259 case AUE_SHMGET: /* shmget */
2259 2260 au_uwrite(au_to_arg32(1, "shm key", id));
2260 2261 break;
2261 2262 case AUE_SHMCTL: /* shmctl */
2262 2263 case AUE_SHMCTL_RMID: /* shmctl */
2263 2264 case AUE_SHMCTL_STAT: /* shmctl */
2264 2265 case AUE_SHMCTL_SET: /* shmctl */
2265 2266 au_uwrite(au_to_arg32(1, "shm ID", id));
2266 2267 break;
2267 2268 case AUE_SHMDT: /* shmdt */
2268 2269 au_uwrite(au_to_arg32(1, "shm adr", id));
2269 2270 break;
2270 2271 case AUE_SHMAT: /* shmat */
2271 2272 au_uwrite(au_to_arg32(1, "shm ID", id));
2272 2273 au_uwrite(au_to_arg32(2, "shm adr", cmd));
2273 2274 break;
2274 2275 }
2275 2276 }
2276 2277
2277 2278 /*ARGSUSED*/
2278 2279 static void
2279 2280 auf_shmsys(struct t_audit_data *tad, int error, rval_t *rval)
2280 2281 {
2281 2282 int id;
2282 2283
2283 2284 if (error != 0)
2284 2285 return;
2285 2286 if (tad->tad_event == AUE_SHMGET) {
2286 2287 uint32_t scid;
2287 2288 uint32_t sy_flags;
2288 2289
2289 2290 /* need to determine type of executing binary */
2290 2291 scid = tad->tad_scid;
2291 2292 #ifdef _SYSCALL32_IMPL
2292 2293 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
2293 2294 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2294 2295 else
2295 2296 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
2296 2297 #else
2297 2298 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
2298 2299 #endif
2299 2300 if (sy_flags == SE_32RVAL1)
2300 2301 id = rval->r_val1;
2301 2302 if (sy_flags == (SE_32RVAL2|SE_32RVAL1))
2302 2303 id = rval->r_val1;
2303 2304 if (sy_flags == SE_64RVAL)
2304 2305 id = (int)rval->r_vals;
2305 2306 au_uwrite(au_to_ipc(AT_IPC_SHM, id));
2306 2307 }
2307 2308 }
2308 2309
2309 2310
2310 2311 /*ARGSUSED*/
2311 2312 static void
2312 2313 aus_ioctl(struct t_audit_data *tad)
2313 2314 {
2314 2315 klwp_t *clwp = ttolwp(curthread);
2315 2316 struct file *fp;
2316 2317 struct vnode *vp;
2317 2318 struct f_audit_data *fad;
2318 2319 uint32_t fd, cmd;
2319 2320 uintptr_t cmarg;
2320 2321
2321 2322 /* XX64 */
2322 2323 struct a {
2323 2324 long fd;
2324 2325 long cmd;
2325 2326 long cmarg; /* caddr_t */
2326 2327 } *uap = (struct a *)clwp->lwp_ap;
2327 2328
2328 2329 fd = (uint32_t)uap->fd;
2329 2330 cmd = (uint32_t)uap->cmd;
2330 2331 cmarg = (uintptr_t)uap->cmarg;
2331 2332
2332 2333 /*
2333 2334 * convert file pointer to file descriptor
2334 2335 * Note: fd ref count incremented here.
2335 2336 */
2336 2337 if ((fp = getf(fd)) == NULL) {
2337 2338 au_uwrite(au_to_arg32(1, "fd", fd));
2338 2339 au_uwrite(au_to_arg32(2, "cmd", cmd));
2339 2340 #ifndef _LP64
2340 2341 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2341 2342 #else
2342 2343 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2343 2344 #endif
2344 2345 return;
2345 2346 }
2346 2347
2347 2348 /* get path from file struct here */
2348 2349 fad = F2A(fp);
2349 2350 if (fad->fad_aupath != NULL) {
2350 2351 au_uwrite(au_to_path(fad->fad_aupath));
2351 2352 } else {
2352 2353 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2353 2354 }
2354 2355
2355 2356 vp = fp->f_vnode;
2356 2357 audit_attributes(vp);
2357 2358
2358 2359 /* decrement file descriptor reference count */
2359 2360 releasef(fd);
2360 2361
2361 2362 au_uwrite(au_to_arg32(2, "cmd", cmd));
2362 2363 #ifndef _LP64
2363 2364 au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg));
2364 2365 #else
2365 2366 au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg));
2366 2367 #endif
2367 2368 }
2368 2369
2369 2370 /*
2370 2371 * null function for memcntl for now. We might want to limit memcntl()
2371 2372 * auditing to commands: MC_LOCKAS, MC_LOCK, MC_UNLOCKAS, MC_UNLOCK which
2372 2373 * require privileges.
2373 2374 */
2374 2375 static au_event_t
2375 2376 aui_memcntl(au_event_t e)
2376 2377 {
2377 2378 return (e);
2378 2379 }
2379 2380
2380 2381 /*ARGSUSED*/
2381 2382 static au_event_t
2382 2383 aui_privsys(au_event_t e)
2383 2384 {
2384 2385 klwp_t *clwp = ttolwp(curthread);
2385 2386
2386 2387 struct a {
2387 2388 long opcode;
2388 2389 } *uap = (struct a *)clwp->lwp_ap;
2389 2390
2390 2391 switch (uap->opcode) {
2391 2392 case PRIVSYS_SETPPRIV:
2392 2393 return (AUE_SETPPRIV);
2393 2394 default:
2394 2395 return (AUE_NULL);
2395 2396 }
2396 2397 }
2397 2398
2398 2399 /*ARGSUSED*/
2399 2400 static void
2400 2401 aus_memcntl(struct t_audit_data *tad)
2401 2402 {
2402 2403 klwp_t *clwp = ttolwp(curthread);
2403 2404
2404 2405 struct a {
2405 2406 long addr;
2406 2407 long len;
2407 2408 long cmd;
2408 2409 long arg;
2409 2410 long attr;
2410 2411 long mask;
2411 2412 } *uap = (struct a *)clwp->lwp_ap;
2412 2413
2413 2414 #ifdef _LP64
2414 2415 au_uwrite(au_to_arg64(1, "base", (uint64_t)uap->addr));
2415 2416 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2416 2417 #else
2417 2418 au_uwrite(au_to_arg32(1, "base", (uint32_t)uap->addr));
2418 2419 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2419 2420 #endif
2420 2421 au_uwrite(au_to_arg32(3, "cmd", (uint_t)uap->cmd));
2421 2422 #ifdef _LP64
2422 2423 au_uwrite(au_to_arg64(4, "arg", (uint64_t)uap->arg));
2423 2424 #else
2424 2425 au_uwrite(au_to_arg32(4, "arg", (uint32_t)uap->arg));
2425 2426 #endif
2426 2427 au_uwrite(au_to_arg32(5, "attr", (uint_t)uap->attr));
2427 2428 au_uwrite(au_to_arg32(6, "mask", (uint_t)uap->mask));
2428 2429 }
2429 2430
2430 2431 /*ARGSUSED*/
2431 2432 static void
2432 2433 aus_mmap(struct t_audit_data *tad)
2433 2434 {
2434 2435 klwp_t *clwp = ttolwp(curthread);
2435 2436 struct file *fp;
2436 2437 struct f_audit_data *fad;
2437 2438 struct vnode *vp;
2438 2439 uint32_t fd;
2439 2440
2440 2441 struct a {
2441 2442 long addr;
2442 2443 long len;
2443 2444 long prot;
2444 2445 long flags;
2445 2446 long fd;
2446 2447 long pos;
2447 2448 } *uap = (struct a *)clwp->lwp_ap;
2448 2449
2449 2450 fd = (uint32_t)uap->fd;
2450 2451
2451 2452 #ifdef _LP64
2452 2453 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2453 2454 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2454 2455 #else
2455 2456 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2456 2457 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2457 2458 #endif
2458 2459
2459 2460 if ((fp = getf(fd)) == NULL) {
2460 2461 au_uwrite(au_to_arg32(5, "fd", (uint32_t)uap->fd));
2461 2462 return;
2462 2463 }
2463 2464
2464 2465 /*
2465 2466 * Mark in the tad if write access is NOT requested... if
2466 2467 * this is later detected (in audit_attributes) to be a
2467 2468 * public object, the mmap event may be discarded.
2468 2469 */
2469 2470 if (((uap->prot) & PROT_WRITE) == 0) {
2470 2471 tad->tad_ctrl |= TAD_PUBLIC_EV;
2471 2472 }
2472 2473
2473 2474 fad = F2A(fp);
2474 2475 if (fad->fad_aupath != NULL) {
2475 2476 au_uwrite(au_to_path(fad->fad_aupath));
2476 2477 } else {
2477 2478 au_uwrite(au_to_arg32(1, "no path: fd", fd));
2478 2479 }
2479 2480
2480 2481 vp = (struct vnode *)fp->f_vnode;
2481 2482 audit_attributes(vp);
2482 2483
2483 2484 /* mark READ/WRITE since we can't predict access */
2484 2485 if (uap->prot & PROT_READ)
2485 2486 fad->fad_flags |= FAD_READ;
2486 2487 if (uap->prot & PROT_WRITE)
2487 2488 fad->fad_flags |= FAD_WRITE;
2488 2489
2489 2490 /* decrement file descriptor reference count */
2490 2491 releasef(fd);
2491 2492
2492 2493 } /* AUS_MMAP */
2493 2494
2494 2495
2495 2496
2496 2497
2497 2498 /*ARGSUSED*/
2498 2499 static void
2499 2500 aus_munmap(struct t_audit_data *tad)
2500 2501 {
2501 2502 klwp_t *clwp = ttolwp(curthread);
2502 2503
2503 2504 struct a {
2504 2505 long addr;
2505 2506 long len;
2506 2507 } *uap = (struct a *)clwp->lwp_ap;
2507 2508
2508 2509 #ifdef _LP64
2509 2510 au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr));
2510 2511 au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len));
2511 2512 #else
2512 2513 au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr));
2513 2514 au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len));
2514 2515 #endif
2515 2516
2516 2517 } /* AUS_MUNMAP */
2517 2518
2518 2519
2519 2520
2520 2521
2521 2522
2522 2523
2523 2524
2524 2525 /*ARGSUSED*/
2525 2526 static void
2526 2527 aus_priocntlsys(struct t_audit_data *tad)
2527 2528 {
2528 2529 klwp_t *clwp = ttolwp(curthread);
2529 2530
2530 2531 struct a {
2531 2532 long pc_version;
2532 2533 long psp; /* procset_t */
2533 2534 long cmd;
2534 2535 long arg;
2535 2536 } *uap = (struct a *)clwp->lwp_ap;
2536 2537
2537 2538 au_uwrite(au_to_arg32(1, "pc_version", (uint32_t)uap->pc_version));
2538 2539 au_uwrite(au_to_arg32(3, "cmd", (uint32_t)uap->cmd));
2539 2540
2540 2541 } /* AUS_PRIOCNTLSYS */
2541 2542
2542 2543
2543 2544 /*ARGSUSED*/
2544 2545 static void
2545 2546 aus_setegid(struct t_audit_data *tad)
2546 2547 {
2547 2548 klwp_t *clwp = ttolwp(curthread);
2548 2549 uint32_t gid;
2549 2550
2550 2551 struct a {
2551 2552 long gid;
2552 2553 } *uap = (struct a *)clwp->lwp_ap;
2553 2554
2554 2555 gid = (uint32_t)uap->gid;
2555 2556
2556 2557 au_uwrite(au_to_arg32(1, "gid", gid));
2557 2558 } /* AUS_SETEGID */
2558 2559
2559 2560
2560 2561
2561 2562
2562 2563 /*ARGSUSED*/
2563 2564 static void
2564 2565 aus_setgroups(struct t_audit_data *tad)
2565 2566 {
2566 2567 klwp_t *clwp = ttolwp(curthread);
2567 2568 int i;
2568 2569 int gidsetsize;
2569 2570 uintptr_t gidset;
2570 2571 gid_t *gidlist;
2571 2572
2572 2573 struct a {
2573 2574 long gidsetsize;
2574 2575 long gidset;
2575 2576 } *uap = (struct a *)clwp->lwp_ap;
2576 2577
2577 2578 gidsetsize = (uint_t)uap->gidsetsize;
2578 2579 gidset = (uintptr_t)uap->gidset;
2579 2580
2580 2581 if ((gidsetsize > NGROUPS_MAX_DEFAULT) || (gidsetsize < 0))
2581 2582 return;
2582 2583 if (gidsetsize != 0) {
2583 2584 gidlist = kmem_alloc(gidsetsize * sizeof (gid_t),
2584 2585 KM_SLEEP);
2585 2586 if (copyin((caddr_t)gidset, gidlist,
2586 2587 gidsetsize * sizeof (gid_t)) == 0)
2587 2588 for (i = 0; i < gidsetsize; i++)
2588 2589 au_uwrite(au_to_arg32(1, "setgroups",
2589 2590 (uint32_t)gidlist[i]));
2590 2591 kmem_free(gidlist, gidsetsize * sizeof (gid_t));
2591 2592 } else
2592 2593 au_uwrite(au_to_arg32(1, "setgroups", (uint32_t)0));
2593 2594
2594 2595 } /* AUS_SETGROUPS */
2595 2596
2596 2597
2597 2598
2598 2599
2599 2600
2600 2601 /*ARGSUSED*/
2601 2602 static void
2602 2603 aus_seteuid(struct t_audit_data *tad)
2603 2604 {
2604 2605 klwp_t *clwp = ttolwp(curthread);
2605 2606 uint32_t uid;
2606 2607
2607 2608 struct a {
2608 2609 long uid;
2609 2610 } *uap = (struct a *)clwp->lwp_ap;
2610 2611
2611 2612 uid = (uint32_t)uap->uid;
2612 2613
2613 2614 au_uwrite(au_to_arg32(1, "euid", uid));
2614 2615
2615 2616 } /* AUS_SETEUID */
2616 2617
2617 2618 /*ARGSUSED*/
2618 2619 static void
2619 2620 aus_putmsg(struct t_audit_data *tad)
2620 2621 {
2621 2622 klwp_t *clwp = ttolwp(curthread);
2622 2623 uint32_t fd, pri;
2623 2624 struct file *fp;
2624 2625 struct f_audit_data *fad;
2625 2626
2626 2627 struct a {
2627 2628 long fdes;
2628 2629 long ctl; /* struct strbuf * */
2629 2630 long data; /* struct strbuf * */
2630 2631 long pri;
2631 2632 } *uap = (struct a *)clwp->lwp_ap;
2632 2633
2633 2634 fd = (uint32_t)uap->fdes;
2634 2635 pri = (uint32_t)uap->pri;
2635 2636
2636 2637 au_uwrite(au_to_arg32(1, "fd", fd));
2637 2638
2638 2639 if ((fp = getf(fd)) != NULL) {
2639 2640 fad = F2A(fp);
2640 2641
2641 2642 fad->fad_flags |= FAD_WRITE;
2642 2643
2643 2644 /* add path name to audit record */
2644 2645 if (fad->fad_aupath != NULL) {
2645 2646 au_uwrite(au_to_path(fad->fad_aupath));
2646 2647 }
2647 2648 audit_attributes(fp->f_vnode);
2648 2649
2649 2650 releasef(fd);
2650 2651 }
2651 2652
2652 2653 au_uwrite(au_to_arg32(4, "pri", pri));
2653 2654 }
2654 2655
2655 2656 /*ARGSUSED*/
2656 2657 static void
2657 2658 aus_putpmsg(struct t_audit_data *tad)
2658 2659 {
2659 2660 klwp_t *clwp = ttolwp(curthread);
2660 2661 uint32_t fd, pri, flags;
2661 2662 struct file *fp;
2662 2663 struct f_audit_data *fad;
2663 2664
2664 2665 struct a {
2665 2666 long fdes;
2666 2667 long ctl; /* struct strbuf * */
2667 2668 long data; /* struct strbuf * */
2668 2669 long pri;
2669 2670 long flags;
2670 2671 } *uap = (struct a *)clwp->lwp_ap;
2671 2672
2672 2673 fd = (uint32_t)uap->fdes;
2673 2674 pri = (uint32_t)uap->pri;
2674 2675 flags = (uint32_t)uap->flags;
2675 2676
2676 2677 au_uwrite(au_to_arg32(1, "fd", fd));
2677 2678
2678 2679 if ((fp = getf(fd)) != NULL) {
2679 2680 fad = F2A(fp);
2680 2681
2681 2682 fad->fad_flags |= FAD_WRITE;
2682 2683
2683 2684 /* add path name to audit record */
2684 2685 if (fad->fad_aupath != NULL) {
2685 2686 au_uwrite(au_to_path(fad->fad_aupath));
2686 2687 }
2687 2688 audit_attributes(fp->f_vnode);
2688 2689
2689 2690 releasef(fd);
2690 2691 }
2691 2692
2692 2693
2693 2694 au_uwrite(au_to_arg32(4, "pri", pri));
2694 2695 au_uwrite(au_to_arg32(5, "flags", flags));
2695 2696 }
2696 2697
2697 2698 /*ARGSUSED*/
2698 2699 static void
2699 2700 aus_getmsg(struct t_audit_data *tad)
2700 2701 {
2701 2702 klwp_t *clwp = ttolwp(curthread);
2702 2703 uint32_t fd, pri;
2703 2704 struct file *fp;
2704 2705 struct f_audit_data *fad;
2705 2706
2706 2707 struct a {
2707 2708 long fdes;
2708 2709 long ctl; /* struct strbuf * */
2709 2710 long data; /* struct strbuf * */
2710 2711 long pri;
2711 2712 } *uap = (struct a *)clwp->lwp_ap;
2712 2713
2713 2714 fd = (uint32_t)uap->fdes;
2714 2715 pri = (uint32_t)uap->pri;
2715 2716
2716 2717 au_uwrite(au_to_arg32(1, "fd", fd));
2717 2718
2718 2719 if ((fp = getf(fd)) != NULL) {
2719 2720 fad = F2A(fp);
2720 2721
2721 2722 /*
2722 2723 * read operation on this object
2723 2724 */
2724 2725 fad->fad_flags |= FAD_READ;
2725 2726
2726 2727 /* add path name to audit record */
2727 2728 if (fad->fad_aupath != NULL) {
2728 2729 au_uwrite(au_to_path(fad->fad_aupath));
2729 2730 }
2730 2731 audit_attributes(fp->f_vnode);
2731 2732
2732 2733 releasef(fd);
2733 2734 }
2734 2735
2735 2736 au_uwrite(au_to_arg32(4, "pri", pri));
2736 2737 }
2737 2738
2738 2739 /*ARGSUSED*/
2739 2740 static void
2740 2741 aus_getpmsg(struct t_audit_data *tad)
2741 2742 {
2742 2743 klwp_t *clwp = ttolwp(curthread);
2743 2744 uint32_t fd;
2744 2745 struct file *fp;
2745 2746 struct f_audit_data *fad;
2746 2747
2747 2748 struct a {
2748 2749 long fdes;
2749 2750 long ctl; /* struct strbuf * */
2750 2751 long data; /* struct strbuf * */
2751 2752 long pri;
2752 2753 long flags;
2753 2754 } *uap = (struct a *)clwp->lwp_ap;
2754 2755
2755 2756 fd = (uint32_t)uap->fdes;
2756 2757
2757 2758 au_uwrite(au_to_arg32(1, "fd", fd));
2758 2759
2759 2760 if ((fp = getf(fd)) != NULL) {
2760 2761 fad = F2A(fp);
2761 2762
2762 2763 /*
2763 2764 * read operation on this object
2764 2765 */
2765 2766 fad->fad_flags |= FAD_READ;
2766 2767
2767 2768 /* add path name to audit record */
2768 2769 if (fad->fad_aupath != NULL) {
2769 2770 au_uwrite(au_to_path(fad->fad_aupath));
2770 2771 }
2771 2772 audit_attributes(fp->f_vnode);
2772 2773
2773 2774 releasef(fd);
2774 2775 }
2775 2776 }
2776 2777
2777 2778 static au_event_t
2778 2779 aui_labelsys(au_event_t e)
2779 2780 {
2780 2781 klwp_t *clwp = ttolwp(curthread);
2781 2782 uint32_t code;
2782 2783 uint32_t cmd;
2783 2784
2784 2785 struct a {
2785 2786 long code;
2786 2787 long cmd;
2787 2788 } *uap = (struct a *)clwp->lwp_ap;
2788 2789
2789 2790 code = (uint32_t)uap->code;
2790 2791 cmd = (uint32_t)uap->cmd;
2791 2792
2792 2793 /* not security relevant if not changing kernel cache */
2793 2794 if (cmd == TNDB_GET)
2794 2795 return (AUE_NULL);
2795 2796
2796 2797 switch (code) {
2797 2798 case TSOL_TNRH:
2798 2799 e = AUE_LABELSYS_TNRH;
2799 2800 break;
2800 2801 case TSOL_TNRHTP:
2801 2802 e = AUE_LABELSYS_TNRHTP;
2802 2803 break;
2803 2804 case TSOL_TNMLP:
2804 2805 e = AUE_LABELSYS_TNMLP;
2805 2806 break;
2806 2807 default:
2807 2808 e = AUE_NULL;
2808 2809 break;
2809 2810 }
2810 2811
2811 2812 return (e);
2812 2813
2813 2814 }
2814 2815
2815 2816 static void
2816 2817 aus_labelsys(struct t_audit_data *tad)
2817 2818 {
2818 2819 klwp_t *clwp = ttolwp(curthread);
2819 2820 uint32_t cmd;
2820 2821 uintptr_t a2;
2821 2822
2822 2823 struct a {
2823 2824 long code;
2824 2825 long cmd;
2825 2826 long a2;
2826 2827 } *uap = (struct a *)clwp->lwp_ap;
2827 2828
2828 2829 cmd = (uint32_t)uap->cmd;
2829 2830 a2 = (uintptr_t)uap->a2;
2830 2831
2831 2832 switch (tad->tad_event) {
2832 2833 case AUE_LABELSYS_TNRH:
2833 2834 {
2834 2835 tsol_rhent_t *rhent;
2835 2836 tnaddr_t *rh_addr;
2836 2837
2837 2838 au_uwrite(au_to_arg32(1, "cmd", cmd));
2838 2839
2839 2840 /* Remaining args don't apply for FLUSH, so skip */
2840 2841 if (cmd == TNDB_FLUSH)
2841 2842 break;
2842 2843
2843 2844 rhent = kmem_alloc(sizeof (tsol_rhent_t), KM_SLEEP);
2844 2845 if (copyin((caddr_t)a2, rhent, sizeof (tsol_rhent_t))) {
2845 2846 kmem_free(rhent, sizeof (tsol_rhent_t));
2846 2847 return;
2847 2848 }
2848 2849
2849 2850 rh_addr = &rhent->rh_address;
2850 2851 if (rh_addr->ta_family == AF_INET) {
2851 2852 struct in_addr *ipaddr;
2852 2853
2853 2854 ipaddr = &(rh_addr->ta_addr_v4);
2854 2855 au_uwrite(au_to_in_addr(ipaddr));
2855 2856 } else if (rh_addr->ta_family == AF_INET6) {
2856 2857 int32_t *ipaddr;
2857 2858
2858 2859 ipaddr = (int32_t *)&(rh_addr->ta_addr_v6);
2859 2860 au_uwrite(au_to_in_addr_ex(ipaddr));
2860 2861 }
2861 2862 au_uwrite(au_to_arg32(2, "prefix len", rhent->rh_prefix));
2862 2863
2863 2864 kmem_free(rhent, sizeof (tsol_rhent_t));
2864 2865
2865 2866 break;
2866 2867 }
2867 2868 case AUE_LABELSYS_TNRHTP:
2868 2869 {
2869 2870 tsol_tpent_t *tpent;
2870 2871
2871 2872 au_uwrite(au_to_arg32(1, "cmd", cmd));
2872 2873
2873 2874 /* Remaining args don't apply for FLUSH, so skip */
2874 2875 if (cmd == TNDB_FLUSH)
2875 2876 break;
2876 2877
2877 2878 tpent = kmem_alloc(sizeof (tsol_tpent_t), KM_SLEEP);
2878 2879 if (copyin((caddr_t)a2, tpent, sizeof (tsol_tpent_t))) {
2879 2880 kmem_free(tpent, sizeof (tsol_tpent_t));
2880 2881 return;
2881 2882 }
2882 2883
2883 2884 /* Make sure that the template name is null-terminated. */
2884 2885 *(tpent->name + TNTNAMSIZ - 1) = '\0';
2885 2886
2886 2887 au_uwrite(au_to_text(tpent->name));
2887 2888 kmem_free(tpent, sizeof (tsol_tpent_t));
2888 2889
2889 2890 break;
2890 2891 }
2891 2892 case AUE_LABELSYS_TNMLP:
2892 2893 {
2893 2894 tsol_mlpent_t *mlpent;
2894 2895
2895 2896 au_uwrite(au_to_arg32(1, "cmd", cmd));
2896 2897
2897 2898 mlpent = kmem_alloc(sizeof (tsol_mlpent_t), KM_SLEEP);
2898 2899 if (copyin((caddr_t)a2, mlpent, sizeof (tsol_mlpent_t))) {
2899 2900 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2900 2901 return;
2901 2902 }
2902 2903
2903 2904 if (mlpent->tsme_flags & TSOL_MEF_SHARED) {
2904 2905 au_uwrite(au_to_text("shared"));
2905 2906 } else {
2906 2907 zone_t *zone;
2907 2908
2908 2909 zone = zone_find_by_id(mlpent->tsme_zoneid);
2909 2910 if (zone != NULL) {
2910 2911 au_uwrite(au_to_text(zone->zone_name));
2911 2912 zone_rele(zone);
2912 2913 }
2913 2914 }
2914 2915
2915 2916 /* Remaining args don't apply for FLUSH, so skip */
2916 2917 if (cmd == TNDB_FLUSH) {
2917 2918 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2918 2919 break;
2919 2920 }
2920 2921
2921 2922 au_uwrite(au_to_arg32(2, "proto num",
2922 2923 (uint32_t)mlpent->tsme_mlp.mlp_ipp));
2923 2924 au_uwrite(au_to_arg32(2, "mlp_port",
2924 2925 (uint32_t)mlpent->tsme_mlp.mlp_port));
2925 2926
2926 2927 if (mlpent->tsme_mlp.mlp_port_upper != 0)
2927 2928 au_uwrite(au_to_arg32(2, "mlp_port_upper",
2928 2929 (uint32_t)mlpent->tsme_mlp.mlp_port_upper));
2929 2930
2930 2931 kmem_free(mlpent, sizeof (tsol_mlpent_t));
2931 2932
2932 2933 break;
2933 2934 }
2934 2935 default:
2935 2936 break;
2936 2937 }
2937 2938 }
2938 2939
2939 2940
2940 2941 static au_event_t
2941 2942 aui_auditsys(au_event_t e)
2942 2943 {
2943 2944 klwp_t *clwp = ttolwp(curthread);
2944 2945 uint32_t code;
2945 2946
2946 2947 struct a {
2947 2948 long code;
2948 2949 long a1;
2949 2950 long a2;
2950 2951 long a3;
2951 2952 long a4;
2952 2953 long a5;
2953 2954 long a6;
2954 2955 long a7;
2955 2956 } *uap = (struct a *)clwp->lwp_ap;
2956 2957
2957 2958 code = (uint32_t)uap->code;
2958 2959
2959 2960 switch (code) {
2960 2961
2961 2962 case BSM_GETAUID:
2962 2963 e = AUE_GETAUID;
2963 2964 break;
2964 2965 case BSM_SETAUID:
2965 2966 e = AUE_SETAUID;
2966 2967 break;
2967 2968 case BSM_GETAUDIT:
2968 2969 e = AUE_GETAUDIT;
2969 2970 break;
2970 2971 case BSM_GETAUDIT_ADDR:
2971 2972 e = AUE_GETAUDIT_ADDR;
2972 2973 break;
2973 2974 case BSM_SETAUDIT:
2974 2975 e = AUE_SETAUDIT;
2975 2976 break;
2976 2977 case BSM_SETAUDIT_ADDR:
2977 2978 e = AUE_SETAUDIT_ADDR;
2978 2979 break;
2979 2980 case BSM_AUDIT:
2980 2981 e = AUE_AUDIT;
2981 2982 break;
2982 2983 case BSM_AUDITCTL:
2983 2984 switch ((uint_t)uap->a1) {
2984 2985
2985 2986 case A_GETPOLICY:
2986 2987 e = AUE_AUDITON_GPOLICY;
2987 2988 break;
2988 2989 case A_SETPOLICY:
2989 2990 e = AUE_AUDITON_SPOLICY;
2990 2991 break;
2991 2992 case A_GETAMASK:
2992 2993 e = AUE_AUDITON_GETAMASK;
2993 2994 break;
2994 2995 case A_SETAMASK:
2995 2996 e = AUE_AUDITON_SETAMASK;
2996 2997 break;
2997 2998 case A_GETKMASK:
2998 2999 e = AUE_AUDITON_GETKMASK;
2999 3000 break;
3000 3001 case A_SETKMASK:
3001 3002 e = AUE_AUDITON_SETKMASK;
3002 3003 break;
3003 3004 case A_GETQCTRL:
3004 3005 e = AUE_AUDITON_GQCTRL;
3005 3006 break;
3006 3007 case A_SETQCTRL:
3007 3008 e = AUE_AUDITON_SQCTRL;
3008 3009 break;
3009 3010 case A_GETCWD:
3010 3011 e = AUE_AUDITON_GETCWD;
3011 3012 break;
3012 3013 case A_GETCAR:
3013 3014 e = AUE_AUDITON_GETCAR;
3014 3015 break;
3015 3016 case A_GETSTAT:
3016 3017 e = AUE_AUDITON_GETSTAT;
3017 3018 break;
3018 3019 case A_SETSTAT:
3019 3020 e = AUE_AUDITON_SETSTAT;
3020 3021 break;
3021 3022 case A_SETUMASK:
3022 3023 e = AUE_AUDITON_SETUMASK;
3023 3024 break;
3024 3025 case A_SETSMASK:
3025 3026 e = AUE_AUDITON_SETSMASK;
3026 3027 break;
3027 3028 case A_GETCOND:
3028 3029 e = AUE_AUDITON_GETCOND;
3029 3030 break;
3030 3031 case A_SETCOND:
3031 3032 e = AUE_AUDITON_SETCOND;
3032 3033 break;
3033 3034 case A_GETCLASS:
3034 3035 e = AUE_AUDITON_GETCLASS;
3035 3036 break;
3036 3037 case A_SETCLASS:
3037 3038 e = AUE_AUDITON_SETCLASS;
3038 3039 break;
3039 3040 default:
3040 3041 e = AUE_NULL;
3041 3042 break;
3042 3043 }
3043 3044 break;
3044 3045 default:
3045 3046 e = AUE_NULL;
3046 3047 break;
3047 3048 }
3048 3049
3049 3050 return (e);
3050 3051
3051 3052 } /* AUI_AUDITSYS */
3052 3053
3053 3054
3054 3055 static void
3055 3056 aus_auditsys(struct t_audit_data *tad)
3056 3057 {
3057 3058 klwp_t *clwp = ttolwp(curthread);
3058 3059 uintptr_t a1, a2;
3059 3060 STRUCT_DECL(auditinfo, ainfo);
3060 3061 STRUCT_DECL(auditinfo_addr, ainfo_addr);
3061 3062 au_evclass_map_t event;
3062 3063 au_mask_t mask;
3063 3064 int auditstate, policy;
3064 3065 au_id_t auid;
3065 3066
3066 3067
3067 3068 struct a {
3068 3069 long code;
3069 3070 long a1;
3070 3071 long a2;
3071 3072 long a3;
3072 3073 long a4;
3073 3074 long a5;
3074 3075 long a6;
3075 3076 long a7;
3076 3077 } *uap = (struct a *)clwp->lwp_ap;
3077 3078
3078 3079 a1 = (uintptr_t)uap->a1;
3079 3080 a2 = (uintptr_t)uap->a2;
3080 3081
3081 3082 switch (tad->tad_event) {
3082 3083 case AUE_SETAUID:
3083 3084 if (copyin((caddr_t)a1, &auid, sizeof (au_id_t)))
3084 3085 return;
3085 3086 au_uwrite(au_to_arg32(2, "setauid", auid));
3086 3087 break;
3087 3088 case AUE_SETAUDIT:
3088 3089 STRUCT_INIT(ainfo, get_udatamodel());
3089 3090 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo),
3090 3091 STRUCT_SIZE(ainfo))) {
3091 3092 return;
3092 3093 }
3093 3094 au_uwrite(au_to_arg32((char)1, "setaudit:auid",
3094 3095 (uint32_t)STRUCT_FGET(ainfo, ai_auid)));
3095 3096 #ifdef _LP64
3096 3097 au_uwrite(au_to_arg64((char)1, "setaudit:port",
3097 3098 (uint64_t)STRUCT_FGET(ainfo, ai_termid.port)));
3098 3099 #else
3099 3100 au_uwrite(au_to_arg32((char)1, "setaudit:port",
3100 3101 (uint32_t)STRUCT_FGET(ainfo, ai_termid.port)));
3101 3102 #endif
3102 3103 au_uwrite(au_to_arg32((char)1, "setaudit:machine",
3103 3104 (uint32_t)STRUCT_FGET(ainfo, ai_termid.machine)));
3104 3105 au_uwrite(au_to_arg32((char)1, "setaudit:as_success",
3105 3106 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3106 3107 au_uwrite(au_to_arg32((char)1, "setaudit:as_failure",
3107 3108 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3108 3109 au_uwrite(au_to_arg32((char)1, "setaudit:asid",
3109 3110 (uint32_t)STRUCT_FGET(ainfo, ai_asid)));
3110 3111 break;
3111 3112 case AUE_SETAUDIT_ADDR:
3112 3113 STRUCT_INIT(ainfo_addr, get_udatamodel());
3113 3114 if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
3114 3115 STRUCT_SIZE(ainfo_addr))) {
3115 3116 return;
3116 3117 }
3117 3118 au_uwrite(au_to_arg32((char)1, "auid",
3118 3119 (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
3119 3120 #ifdef _LP64
3120 3121 au_uwrite(au_to_arg64((char)1, "port",
3121 3122 (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3122 3123 #else
3123 3124 au_uwrite(au_to_arg32((char)1, "port",
3124 3125 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
3125 3126 #endif
3126 3127 au_uwrite(au_to_arg32((char)1, "type",
3127 3128 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
3128 3129 if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
3129 3130 AU_IPv4) {
3130 3131 au_uwrite(au_to_in_addr(
3131 3132 (struct in_addr *)STRUCT_FGETP(ainfo_addr,
3132 3133 ai_termid.at_addr)));
3133 3134 } else {
3134 3135 au_uwrite(au_to_in_addr_ex(
3135 3136 (int32_t *)STRUCT_FGETP(ainfo_addr,
3136 3137 ai_termid.at_addr)));
3137 3138 }
3138 3139 au_uwrite(au_to_arg32((char)1, "as_success",
3139 3140 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
3140 3141 au_uwrite(au_to_arg32((char)1, "as_failure",
3141 3142 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
3142 3143 au_uwrite(au_to_arg32((char)1, "asid",
3143 3144 (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
3144 3145 break;
3145 3146 case AUE_AUDITON_SETAMASK:
3146 3147 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3147 3148 return;
3148 3149 au_uwrite(au_to_arg32(
3149 3150 2, "setamask:as_success", (uint32_t)mask.as_success));
3150 3151 au_uwrite(au_to_arg32(
3151 3152 2, "setamask:as_failure", (uint32_t)mask.as_failure));
3152 3153 break;
3153 3154 case AUE_AUDITON_SETKMASK:
3154 3155 if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t)))
3155 3156 return;
3156 3157 au_uwrite(au_to_arg32(
3157 3158 2, "setkmask:as_success", (uint32_t)mask.as_success));
3158 3159 au_uwrite(au_to_arg32(
3159 3160 2, "setkmask:as_failure", (uint32_t)mask.as_failure));
3160 3161 break;
3161 3162 case AUE_AUDITON_SPOLICY:
3162 3163 if (copyin((caddr_t)a2, &policy, sizeof (int)))
3163 3164 return;
3164 3165 au_uwrite(au_to_arg32(3, "setpolicy", (uint32_t)policy));
3165 3166 break;
3166 3167 case AUE_AUDITON_SQCTRL: {
3167 3168 STRUCT_DECL(au_qctrl, qctrl);
3168 3169 model_t model;
3169 3170
3170 3171 model = get_udatamodel();
3171 3172 STRUCT_INIT(qctrl, model);
3172 3173 if (copyin((caddr_t)a2, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl)))
3173 3174 return;
3174 3175 if (model == DATAMODEL_ILP32) {
3175 3176 au_uwrite(au_to_arg32(
3176 3177 3, "setqctrl:aq_hiwater",
3177 3178 (uint32_t)STRUCT_FGET(qctrl, aq_hiwater)));
3178 3179 au_uwrite(au_to_arg32(
3179 3180 3, "setqctrl:aq_lowater",
3180 3181 (uint32_t)STRUCT_FGET(qctrl, aq_lowater)));
3181 3182 au_uwrite(au_to_arg32(
3182 3183 3, "setqctrl:aq_bufsz",
3183 3184 (uint32_t)STRUCT_FGET(qctrl, aq_bufsz)));
3184 3185 au_uwrite(au_to_arg32(
3185 3186 3, "setqctrl:aq_delay",
3186 3187 (uint32_t)STRUCT_FGET(qctrl, aq_delay)));
3187 3188 } else {
3188 3189 au_uwrite(au_to_arg64(
3189 3190 3, "setqctrl:aq_hiwater",
3190 3191 (uint64_t)STRUCT_FGET(qctrl, aq_hiwater)));
3191 3192 au_uwrite(au_to_arg64(
3192 3193 3, "setqctrl:aq_lowater",
3193 3194 (uint64_t)STRUCT_FGET(qctrl, aq_lowater)));
3194 3195 au_uwrite(au_to_arg64(
3195 3196 3, "setqctrl:aq_bufsz",
3196 3197 (uint64_t)STRUCT_FGET(qctrl, aq_bufsz)));
3197 3198 au_uwrite(au_to_arg64(
3198 3199 3, "setqctrl:aq_delay",
3199 3200 (uint64_t)STRUCT_FGET(qctrl, aq_delay)));
3200 3201 }
3201 3202 break;
3202 3203 }
3203 3204 case AUE_AUDITON_SETUMASK:
3204 3205 STRUCT_INIT(ainfo, get_udatamodel());
3205 3206 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3206 3207 STRUCT_SIZE(ainfo))) {
3207 3208 return;
3208 3209 }
3209 3210 au_uwrite(au_to_arg32(3, "setumask:as_success",
3210 3211 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3211 3212 au_uwrite(au_to_arg32(3, "setumask:as_failure",
3212 3213 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3213 3214 break;
3214 3215 case AUE_AUDITON_SETSMASK:
3215 3216 STRUCT_INIT(ainfo, get_udatamodel());
3216 3217 if (copyin((caddr_t)uap->a2, STRUCT_BUF(ainfo),
3217 3218 STRUCT_SIZE(ainfo))) {
3218 3219 return;
3219 3220 }
3220 3221 au_uwrite(au_to_arg32(3, "setsmask:as_success",
3221 3222 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success)));
3222 3223 au_uwrite(au_to_arg32(3, "setsmask:as_failure",
3223 3224 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure)));
3224 3225 break;
3225 3226 case AUE_AUDITON_SETCOND:
3226 3227 if (copyin((caddr_t)a2, &auditstate, sizeof (int)))
3227 3228 return;
3228 3229 au_uwrite(au_to_arg32(3, "setcond", (uint32_t)auditstate));
3229 3230 break;
3230 3231 case AUE_AUDITON_SETCLASS:
3231 3232 if (copyin((caddr_t)a2, &event, sizeof (au_evclass_map_t)))
3232 3233 return;
3233 3234 au_uwrite(au_to_arg32(
3234 3235 2, "setclass:ec_event", (uint32_t)event.ec_number));
3235 3236 au_uwrite(au_to_arg32(
3236 3237 3, "setclass:ec_class", (uint32_t)event.ec_class));
3237 3238 break;
3238 3239 case AUE_GETAUID:
3239 3240 case AUE_GETAUDIT:
3240 3241 case AUE_GETAUDIT_ADDR:
3241 3242 case AUE_AUDIT:
3242 3243 case AUE_AUDITON_GPOLICY:
3243 3244 case AUE_AUDITON_GQCTRL:
3244 3245 case AUE_AUDITON_GETAMASK:
3245 3246 case AUE_AUDITON_GETKMASK:
3246 3247 case AUE_AUDITON_GETCWD:
3247 3248 case AUE_AUDITON_GETCAR:
3248 3249 case AUE_AUDITON_GETSTAT:
3249 3250 case AUE_AUDITON_SETSTAT:
3250 3251 case AUE_AUDITON_GETCOND:
3251 3252 case AUE_AUDITON_GETCLASS:
3252 3253 break;
3253 3254 default:
3254 3255 break;
3255 3256 }
3256 3257
3257 3258 } /* AUS_AUDITSYS */
3258 3259
3259 3260
3260 3261 /* only audit privileged operations for systeminfo(2) system call */
3261 3262 static au_event_t
3262 3263 aui_sysinfo(au_event_t e)
3263 3264 {
3264 3265 klwp_t *clwp = ttolwp(curthread);
3265 3266 uint32_t command;
3266 3267
3267 3268 struct a {
3268 3269 long command;
3269 3270 long buf; /* char * */
3270 3271 long count;
3271 3272 } *uap = (struct a *)clwp->lwp_ap;
3272 3273
3273 3274 command = (uint32_t)uap->command;
3274 3275
3275 3276 switch (command) {
3276 3277 case SI_SET_HOSTNAME:
3277 3278 case SI_SET_SRPC_DOMAIN:
3278 3279 e = (au_event_t)AUE_SYSINFO;
3279 3280 break;
3280 3281 default:
3281 3282 e = (au_event_t)AUE_NULL;
3282 3283 break;
3283 3284 }
3284 3285 return (e);
3285 3286 }
3286 3287
3287 3288 /*ARGSUSED*/
3288 3289 static void
3289 3290 aus_sysinfo(struct t_audit_data *tad)
3290 3291 {
3291 3292 klwp_t *clwp = ttolwp(curthread);
3292 3293 uint32_t command;
3293 3294 size_t len, maxlen;
3294 3295 char *name;
3295 3296 uintptr_t buf;
3296 3297
3297 3298 struct a {
3298 3299 long command;
3299 3300 long buf; /* char * */
3300 3301 long count;
3301 3302 } *uap = (struct a *)clwp->lwp_ap;
3302 3303
3303 3304 command = (uint32_t)uap->command;
3304 3305 buf = (uintptr_t)uap->buf;
3305 3306
3306 3307 au_uwrite(au_to_arg32(1, "cmd", command));
3307 3308
3308 3309 switch (command) {
3309 3310 case SI_SET_HOSTNAME:
3310 3311 {
3311 3312 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3312 3313 return;
3313 3314
3314 3315 maxlen = SYS_NMLN;
3315 3316 name = kmem_alloc(maxlen, KM_SLEEP);
3316 3317 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3317 3318 break;
3318 3319
3319 3320 /*
3320 3321 * Must be non-NULL string and string
3321 3322 * must be less than SYS_NMLN chars.
3322 3323 */
3323 3324 if (len < 2 || (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0'))
3324 3325 break;
3325 3326
3326 3327 au_uwrite(au_to_text(name));
3327 3328 break;
3328 3329 }
3329 3330
3330 3331 case SI_SET_SRPC_DOMAIN:
3331 3332 {
3332 3333 if (secpolicy_sys_config(CRED(), B_TRUE) != 0)
3333 3334 return;
3334 3335
3335 3336 maxlen = SYS_NMLN;
3336 3337 name = kmem_alloc(maxlen, KM_SLEEP);
3337 3338 if (copyinstr((caddr_t)buf, name, SYS_NMLN, &len))
3338 3339 break;
3339 3340
3340 3341 /*
3341 3342 * If string passed in is longer than length
3342 3343 * allowed for domain name, fail.
3343 3344 */
3344 3345 if (len == SYS_NMLN && name[SYS_NMLN - 1] != '\0')
3345 3346 break;
3346 3347
3347 3348 au_uwrite(au_to_text(name));
3348 3349 break;
3349 3350 }
3350 3351
3351 3352 default:
3352 3353 return;
3353 3354 }
3354 3355
3355 3356 kmem_free(name, maxlen);
3356 3357 }
3357 3358
3358 3359 static au_event_t
3359 3360 aui_modctl(au_event_t e)
3360 3361 {
3361 3362 klwp_t *clwp = ttolwp(curthread);
3362 3363 uint_t cmd;
3363 3364
3364 3365 struct a {
3365 3366 long cmd;
3366 3367 } *uap = (struct a *)clwp->lwp_ap;
3367 3368
3368 3369 cmd = (uint_t)uap->cmd;
3369 3370
3370 3371 switch (cmd) {
3371 3372 case MODLOAD:
3372 3373 e = AUE_MODLOAD;
3373 3374 break;
3374 3375 case MODUNLOAD:
3375 3376 e = AUE_MODUNLOAD;
3376 3377 break;
3377 3378 case MODADDMAJBIND:
3378 3379 e = AUE_MODADDMAJ;
3379 3380 break;
3380 3381 case MODSETDEVPOLICY:
3381 3382 e = AUE_MODDEVPLCY;
3382 3383 break;
3383 3384 case MODALLOCPRIV:
3384 3385 e = AUE_MODADDPRIV;
3385 3386 break;
3386 3387 default:
3387 3388 e = AUE_NULL;
3388 3389 break;
3389 3390 }
3390 3391 return (e);
3391 3392 }
3392 3393
3393 3394
3394 3395 /*ARGSUSED*/
3395 3396 static void
3396 3397 aus_modctl(struct t_audit_data *tad)
3397 3398 {
3398 3399 klwp_t *clwp = ttolwp(curthread);
3399 3400 void *a = clwp->lwp_ap;
3400 3401 uint_t use_path;
3401 3402
3402 3403 switch (tad->tad_event) {
3403 3404 case AUE_MODLOAD: {
3404 3405 typedef struct {
3405 3406 long cmd;
3406 3407 long use_path;
3407 3408 long filename; /* char * */
3408 3409 } modloada_t;
3409 3410
3410 3411 char *filenamep;
3411 3412 uintptr_t fname;
3412 3413 extern char *default_path;
3413 3414
3414 3415 fname = (uintptr_t)((modloada_t *)a)->filename;
3415 3416 use_path = (uint_t)((modloada_t *)a)->use_path;
3416 3417
3417 3418 /* space to hold path */
3418 3419 filenamep = kmem_alloc(MOD_MAXPATH, KM_SLEEP);
3419 3420 /* get string */
3420 3421 if (copyinstr((caddr_t)fname, filenamep, MOD_MAXPATH, 0)) {
3421 3422 /* free allocated path */
3422 3423 kmem_free(filenamep, MOD_MAXPATH);
3423 3424 return;
3424 3425 }
3425 3426 /* ensure it's null terminated */
3426 3427 filenamep[MOD_MAXPATH - 1] = 0;
3427 3428
3428 3429 if (use_path)
3429 3430 au_uwrite(au_to_text(default_path));
3430 3431 au_uwrite(au_to_text(filenamep));
3431 3432
3432 3433 /* release temporary memory */
3433 3434 kmem_free(filenamep, MOD_MAXPATH);
3434 3435 break;
3435 3436 }
3436 3437 case AUE_MODUNLOAD: {
3437 3438 typedef struct {
3438 3439 long cmd;
3439 3440 long id;
3440 3441 } modunloada_t;
3441 3442
3442 3443 uint32_t id = (uint32_t)((modunloada_t *)a)->id;
3443 3444
3444 3445 au_uwrite(au_to_arg32(1, "id", id));
3445 3446 break;
3446 3447 }
3447 3448 case AUE_MODADDMAJ: {
3448 3449 STRUCT_DECL(modconfig, mc);
3449 3450 typedef struct {
3450 3451 long cmd;
3451 3452 long subcmd;
3452 3453 long data; /* int * */
3453 3454 } modconfiga_t;
3454 3455
3455 3456 STRUCT_DECL(aliases, alias);
3456 3457 caddr_t ap;
3457 3458 int i, num_aliases;
3458 3459 char *drvname, *mc_drvname;
3459 3460 char *name;
3460 3461 extern char *ddi_major_to_name(major_t);
3461 3462 model_t model;
3462 3463
3463 3464 uintptr_t data = (uintptr_t)((modconfiga_t *)a)->data;
3464 3465
3465 3466 model = get_udatamodel();
3466 3467 STRUCT_INIT(mc, model);
3467 3468 /* sanitize buffer */
3468 3469 bzero((caddr_t)STRUCT_BUF(mc), STRUCT_SIZE(mc));
3469 3470 /* get user arguments */
3470 3471 if (copyin((caddr_t)data, (caddr_t)STRUCT_BUF(mc),
3471 3472 STRUCT_SIZE(mc)) != 0)
3472 3473 return;
3473 3474
3474 3475 mc_drvname = STRUCT_FGET(mc, drvname);
3475 3476 if ((drvname = ddi_major_to_name(
3476 3477 (major_t)STRUCT_FGET(mc, major))) != NULL &&
3477 3478 strncmp(drvname, mc_drvname, MAXMODCONFNAME) != 0) {
3478 3479 /* safety */
3479 3480 if (mc_drvname[0] != '\0') {
3480 3481 mc_drvname[MAXMODCONFNAME-1] = '\0';
3481 3482 au_uwrite(au_to_text(mc_drvname));
3482 3483 }
3483 3484 /* drvname != NULL from test above */
3484 3485 au_uwrite(au_to_text(drvname));
3485 3486 return;
3486 3487 }
3487 3488
3488 3489 if (mc_drvname[0] != '\0') {
3489 3490 /* safety */
3490 3491 mc_drvname[MAXMODCONFNAME-1] = '\0';
3491 3492 au_uwrite(au_to_text(mc_drvname));
3492 3493 } else
3493 3494 au_uwrite(au_to_text("no drvname"));
3494 3495
3495 3496 num_aliases = STRUCT_FGET(mc, num_aliases);
3496 3497 au_uwrite(au_to_arg32(5, "", (uint32_t)num_aliases));
3497 3498 ap = (caddr_t)STRUCT_FGETP(mc, ap);
3498 3499 name = kmem_alloc(MAXMODCONFNAME, KM_SLEEP);
3499 3500 STRUCT_INIT(alias, model);
3500 3501 for (i = 0; i < num_aliases; i++) {
3501 3502 bzero((caddr_t)STRUCT_BUF(alias),
3502 3503 STRUCT_SIZE(alias));
3503 3504 if (copyin((caddr_t)ap, (caddr_t)STRUCT_BUF(alias),
3504 3505 STRUCT_SIZE(alias)) != 0)
3505 3506 break;
3506 3507 if (copyinstr(STRUCT_FGETP(alias, a_name), name,
3507 3508 MAXMODCONFNAME, NULL) != 0) {
3508 3509 break;
3509 3510 }
3510 3511
3511 3512 au_uwrite(au_to_text(name));
3512 3513 ap = (caddr_t)STRUCT_FGETP(alias, a_next);
3513 3514 }
3514 3515 kmem_free(name, MAXMODCONFNAME);
3515 3516 break;
3516 3517 }
3517 3518 default:
3518 3519 break;
3519 3520 }
3520 3521 }
3521 3522
3522 3523
3523 3524 /*ARGSUSED*/
3524 3525 static void
3525 3526 auf_accept(
3526 3527 struct t_audit_data *tad,
3527 3528 int error,
3528 3529 rval_t *rval)
3529 3530 {
3530 3531 uint32_t scid;
3531 3532 uint32_t sy_flags;
3532 3533 int fd;
3533 3534 struct sonode *so;
3534 3535 char so_laddr[sizeof (struct sockaddr_in6)];
3535 3536 char so_faddr[sizeof (struct sockaddr_in6)];
3536 3537 int err;
3537 3538 short so_family, so_type;
3538 3539 int add_sock_token = 0;
3539 3540
3540 3541 /* need to determine type of executing binary */
3541 3542 scid = tad->tad_scid;
3542 3543 #ifdef _SYSCALL32_IMPL
3543 3544 if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE)
3544 3545 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3545 3546 else
3546 3547 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK;
3547 3548 #else
3548 3549 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK;
3549 3550 #endif
3550 3551 switch (sy_flags) {
3551 3552 case SE_32RVAL1:
3552 3553 /* FALLTHRU */
3553 3554 case SE_32RVAL2|SE_32RVAL1:
3554 3555 fd = rval->r_val1;
3555 3556 break;
3556 3557 case SE_64RVAL:
3557 3558 fd = (int)rval->r_vals;
3558 3559 break;
3559 3560 default:
3560 3561 /*
3561 3562 * should never happen, seems to be an internal error
3562 3563 * in sysent => no fd, nothing to audit here, returning
3563 3564 */
3564 3565 return;
3565 3566 }
3566 3567
3567 3568 if (error) {
3568 3569 /* can't trust socket contents. Just return */
3569 3570 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3570 3571 return;
3571 3572 }
3572 3573
3573 3574 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3574 3575 /*
3575 3576 * not security relevant if doing a accept from non socket
3576 3577 * so no extra tokens. Should probably turn off audit record
3577 3578 * generation here.
3578 3579 */
3579 3580 return;
3580 3581 }
3581 3582
3582 3583 so_family = so->so_family;
3583 3584 so_type = so->so_type;
3584 3585
3585 3586 switch (so_family) {
3586 3587 case AF_INET:
3587 3588 case AF_INET6:
3588 3589 /*
3589 3590 * XXX - what about other socket types for AF_INET (e.g. DGRAM)
3590 3591 */
3591 3592 if (so->so_type == SOCK_STREAM) {
3592 3593 socklen_t len;
3593 3594
3594 3595 bzero((void *)so_laddr, sizeof (so_laddr));
3595 3596 bzero((void *)so_faddr, sizeof (so_faddr));
3596 3597
3597 3598 len = sizeof (so_laddr);
3598 3599 (void) socket_getsockname(so,
3599 3600 (struct sockaddr *)so_laddr, &len, CRED());
3600 3601 len = sizeof (so_faddr);
3601 3602 (void) socket_getpeername(so,
3602 3603 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3603 3604
3604 3605 add_sock_token = 1;
3605 3606 }
3606 3607 break;
3607 3608
3608 3609 default:
3609 3610 /* AF_UNIX, AF_ROUTE, AF_KEY do not support accept */
3610 3611 break;
3611 3612 }
3612 3613
3613 3614 releasef(fd);
3614 3615
3615 3616 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3616 3617
3617 3618 if (add_sock_token == 0) {
3618 3619 au_uwrite(au_to_arg32(0, "family", (uint32_t)(so_family)));
3619 3620 au_uwrite(au_to_arg32(0, "type", (uint32_t)(so_type)));
3620 3621 return;
3621 3622 }
3622 3623
3623 3624 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3624 3625
3625 3626 }
3626 3627
3627 3628 /*ARGSUSED*/
3628 3629 static void
3629 3630 auf_bind(struct t_audit_data *tad, int error, rval_t *rvp)
3630 3631 {
3631 3632 struct a {
3632 3633 long fd;
3633 3634 long addr;
3634 3635 long len;
3635 3636 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3636 3637
3637 3638 struct sonode *so;
3638 3639 char so_laddr[sizeof (struct sockaddr_in6)];
3639 3640 char so_faddr[sizeof (struct sockaddr_in6)];
3640 3641 int err, fd;
3641 3642 socklen_t len;
3642 3643 short so_family, so_type;
3643 3644 int add_sock_token = 0;
3644 3645
3645 3646 fd = (int)uap->fd;
3646 3647
3647 3648 /*
3648 3649 * bind failed, then nothing extra to add to audit record.
3649 3650 */
3650 3651 if (error) {
3651 3652 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3652 3653 /* XXX may want to add failed address some day */
3653 3654 return;
3654 3655 }
3655 3656
3656 3657 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3657 3658 /*
3658 3659 * not security relevant if doing a bind from non socket
3659 3660 * so no extra tokens. Should probably turn off audit record
3660 3661 * generation here.
3661 3662 */
3662 3663 return;
3663 3664 }
3664 3665
3665 3666 so_family = so->so_family;
3666 3667 so_type = so->so_type;
3667 3668
3668 3669 switch (so_family) {
3669 3670 case AF_INET:
3670 3671 case AF_INET6:
3671 3672
3672 3673 bzero(so_faddr, sizeof (so_faddr));
3673 3674 len = sizeof (so_faddr);
3674 3675
3675 3676 (void) socket_getpeername(so,
3676 3677 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3677 3678 add_sock_token = 1;
3678 3679
3679 3680 break;
3680 3681
3681 3682 case AF_UNIX:
3682 3683 /* token added by lookup */
3683 3684 break;
3684 3685 default:
3685 3686 /* AF_ROUTE, AF_KEY do not support accept */
3686 3687 break;
3687 3688 }
3688 3689
3689 3690 releasef(fd);
3690 3691
3691 3692 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3692 3693
3693 3694 if (add_sock_token == 0) {
3694 3695 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3695 3696 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3696 3697 return;
3697 3698 }
3698 3699
3699 3700 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3700 3701
3701 3702 }
3702 3703
3703 3704 /*ARGSUSED*/
3704 3705 static void
3705 3706 auf_connect(struct t_audit_data *tad, int error, rval_t *rval)
3706 3707 {
3707 3708 struct a {
3708 3709 long fd;
3709 3710 long addr;
3710 3711 long len;
3711 3712 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3712 3713
3713 3714 struct sonode *so;
3714 3715 char so_laddr[sizeof (struct sockaddr_in6)];
3715 3716 char so_faddr[sizeof (struct sockaddr_in6)];
3716 3717 int err, fd;
3717 3718 socklen_t len;
3718 3719 short so_family, so_type;
3719 3720 int add_sock_token = 0;
3720 3721
3721 3722 fd = (int)uap->fd;
3722 3723
3723 3724
3724 3725 if ((so = getsonode(fd, &err, NULL)) == NULL) {
3725 3726 /*
3726 3727 * not security relevant if doing a connect from non socket
3727 3728 * so no extra tokens. Should probably turn off audit record
3728 3729 * generation here.
3729 3730 */
3730 3731 return;
3731 3732 }
3732 3733
3733 3734 so_family = so->so_family;
3734 3735 so_type = so->so_type;
3735 3736
3736 3737 switch (so_family) {
3737 3738 case AF_INET:
3738 3739 case AF_INET6:
3739 3740
3740 3741 bzero(so_laddr, sizeof (so_laddr));
3741 3742 bzero(so_faddr, sizeof (so_faddr));
3742 3743
3743 3744 len = sizeof (so_laddr);
3744 3745 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3745 3746 &len, CRED());
3746 3747 if (error) {
3747 3748 if (uap->addr == NULL)
3748 3749 break;
3749 3750 if (uap->len <= 0)
3750 3751 break;
3751 3752 len = min(uap->len, sizeof (so_faddr));
3752 3753 if (copyin((caddr_t)(uap->addr), so_faddr, len) != 0)
3753 3754 break;
3754 3755 #ifdef NOTYET
3755 3756 au_uwrite(au_to_data(AUP_HEX, AUR_CHAR, len, so_faddr));
3756 3757 #endif
3757 3758 } else {
3758 3759 /* sanity check on length */
3759 3760 len = sizeof (so_faddr);
3760 3761 (void) socket_getpeername(so,
3761 3762 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3762 3763 }
3763 3764
3764 3765 add_sock_token = 1;
3765 3766
3766 3767 break;
3767 3768
3768 3769 case AF_UNIX:
3769 3770 /* does a lookup on name */
3770 3771 break;
3771 3772
3772 3773 default:
3773 3774 /* AF_ROUTE, AF_KEY do not support accept */
3774 3775 break;
3775 3776 }
3776 3777
3777 3778 releasef(fd);
3778 3779
3779 3780 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3780 3781
3781 3782 if (add_sock_token == 0) {
3782 3783 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3783 3784 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3784 3785 return;
3785 3786 }
3786 3787
3787 3788 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3788 3789
3789 3790 }
3790 3791
3791 3792 /*ARGSUSED*/
3792 3793 static void
3793 3794 aus_shutdown(struct t_audit_data *tad)
3794 3795 {
3795 3796 struct a {
3796 3797 long fd;
3797 3798 long how;
3798 3799 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3799 3800
3800 3801 struct sonode *so;
3801 3802 char so_laddr[sizeof (struct sockaddr_in6)];
3802 3803 char so_faddr[sizeof (struct sockaddr_in6)];
3803 3804 int err, fd;
3804 3805 socklen_t len;
3805 3806 short so_family, so_type;
3806 3807 int add_sock_token = 0;
3807 3808 file_t *fp; /* unix domain sockets */
3808 3809 struct f_audit_data *fad; /* unix domain sockets */
3809 3810
3810 3811 fd = (int)uap->fd;
3811 3812
3812 3813 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3813 3814 /*
3814 3815 * not security relevant if doing a shutdown using non socket
3815 3816 * so no extra tokens. Should probably turn off audit record
3816 3817 * generation here.
3817 3818 */
3818 3819 return;
3819 3820 }
3820 3821
3821 3822 so_family = so->so_family;
3822 3823 so_type = so->so_type;
3823 3824
3824 3825 switch (so_family) {
3825 3826 case AF_INET:
3826 3827 case AF_INET6:
3827 3828
3828 3829 bzero(so_laddr, sizeof (so_laddr));
3829 3830 bzero(so_faddr, sizeof (so_faddr));
3830 3831
3831 3832 len = sizeof (so_laddr);
3832 3833 (void) socket_getsockname(so,
3833 3834 (struct sockaddr *)so_laddr, &len, CRED());
3834 3835 len = sizeof (so_faddr);
3835 3836 (void) socket_getpeername(so,
3836 3837 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
3837 3838
3838 3839 add_sock_token = 1;
3839 3840
3840 3841 break;
3841 3842
3842 3843 case AF_UNIX:
3843 3844
3844 3845 /* get path from file struct here */
3845 3846 fad = F2A(fp);
3846 3847 ASSERT(fad);
3847 3848
3848 3849 if (fad->fad_aupath != NULL) {
3849 3850 au_uwrite(au_to_path(fad->fad_aupath));
3850 3851 } else {
3851 3852 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3852 3853 }
3853 3854
3854 3855 audit_attributes(fp->f_vnode);
3855 3856
3856 3857 break;
3857 3858
3858 3859 default:
3859 3860 /*
3860 3861 * AF_KEY and AF_ROUTE support shutdown. No socket token
3861 3862 * added.
3862 3863 */
3863 3864 break;
3864 3865 }
3865 3866
3866 3867 releasef(fd);
3867 3868
3868 3869 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3869 3870
3870 3871 if (add_sock_token == 0) {
3871 3872 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3872 3873 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3873 3874 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3874 3875 return;
3875 3876 }
3876 3877
3877 3878 au_uwrite(au_to_arg32(2, "how", (uint32_t)(uap->how)));
3878 3879
3879 3880 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3880 3881
3881 3882 }
3882 3883
3883 3884 /*ARGSUSED*/
3884 3885 static void
3885 3886 auf_setsockopt(struct t_audit_data *tad, int error, rval_t *rval)
3886 3887 {
3887 3888 struct a {
3888 3889 long fd;
3889 3890 long level;
3890 3891 long optname;
3891 3892 long *optval;
3892 3893 long optlen;
3893 3894 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
3894 3895
3895 3896 struct sonode *so;
3896 3897 char so_laddr[sizeof (struct sockaddr_in6)];
3897 3898 char so_faddr[sizeof (struct sockaddr_in6)];
3898 3899 char val[AU_BUFSIZE];
3899 3900 int err, fd;
3900 3901 socklen_t len;
3901 3902 short so_family, so_type;
3902 3903 int add_sock_token = 0;
3903 3904 file_t *fp; /* unix domain sockets */
3904 3905 struct f_audit_data *fad; /* unix domain sockets */
3905 3906
3906 3907 fd = (int)uap->fd;
3907 3908
3908 3909 if (error) {
3909 3910 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3910 3911 au_uwrite(au_to_arg32(2, "level", (uint32_t)uap->level));
3911 3912 /* XXX may want to include other arguments */
3912 3913 return;
3913 3914 }
3914 3915
3915 3916 if ((so = getsonode(fd, &err, &fp)) == NULL) {
3916 3917 /*
3917 3918 * not security relevant if doing a setsockopt from non socket
3918 3919 * so no extra tokens. Should probably turn off audit record
3919 3920 * generation here.
3920 3921 */
3921 3922 return;
3922 3923 }
3923 3924
3924 3925 so_family = so->so_family;
3925 3926 so_type = so->so_type;
3926 3927
3927 3928 switch (so_family) {
3928 3929 case AF_INET:
3929 3930 case AF_INET6:
3930 3931 bzero((void *)so_laddr, sizeof (so_laddr));
3931 3932 bzero((void *)so_faddr, sizeof (so_faddr));
3932 3933
3933 3934 /* get local and foreign addresses */
3934 3935 len = sizeof (so_laddr);
3935 3936 (void) socket_getsockname(so, (struct sockaddr *)so_laddr,
3936 3937 &len, CRED());
3937 3938 len = sizeof (so_faddr);
3938 3939 (void) socket_getpeername(so, (struct sockaddr *)so_faddr,
3939 3940 &len, B_FALSE, CRED());
3940 3941
3941 3942 add_sock_token = 1;
3942 3943
3943 3944 break;
3944 3945
3945 3946 case AF_UNIX:
3946 3947
3947 3948 /* get path from file struct here */
3948 3949 fad = F2A(fp);
3949 3950 ASSERT(fad);
3950 3951
3951 3952 if (fad->fad_aupath != NULL) {
3952 3953 au_uwrite(au_to_path(fad->fad_aupath));
3953 3954 } else {
3954 3955 au_uwrite(au_to_arg32(1, "no path: fd", fd));
3955 3956 }
3956 3957
3957 3958 audit_attributes(fp->f_vnode);
3958 3959
3959 3960 break;
3960 3961
3961 3962 default:
3962 3963 /*
3963 3964 * AF_KEY and AF_ROUTE support setsockopt. No socket token
3964 3965 * added.
3965 3966 */
3966 3967 break;
3967 3968 }
3968 3969
3969 3970 releasef(fd);
3970 3971
3971 3972 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
3972 3973
3973 3974 if (add_sock_token == 0) {
3974 3975 au_uwrite(au_to_arg32(1, "family", (uint32_t)(so_family)));
3975 3976 au_uwrite(au_to_arg32(1, "type", (uint32_t)(so_type)));
3976 3977 }
3977 3978 au_uwrite(au_to_arg32(2, "level", (uint32_t)(uap->level)));
3978 3979 au_uwrite(au_to_arg32(3, "optname", (uint32_t)(uap->optname)));
3979 3980
3980 3981 bzero(val, sizeof (val));
3981 3982 len = min(uap->optlen, sizeof (val));
3982 3983 if ((len > 0) &&
3983 3984 (copyin((caddr_t)(uap->optval), (caddr_t)val, len) == 0)) {
3984 3985 au_uwrite(au_to_arg32(5, "optlen", (uint32_t)(uap->optlen)));
3985 3986 au_uwrite(au_to_data(AUP_HEX, AUR_BYTE, len, val));
3986 3987 }
3987 3988
3988 3989 if (add_sock_token == 0)
3989 3990 return;
3990 3991
3991 3992 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
3992 3993
3993 3994 }
3994 3995
3995 3996 /*ARGSUSED*/
3996 3997 static void
3997 3998 aus_sockconfig(tad)
3998 3999 struct t_audit_data *tad;
3999 4000 {
4000 4001 struct a {
4001 4002 long cmd;
4002 4003 long arg1;
4003 4004 long arg2;
4004 4005 long arg3;
4005 4006 long arg4;
4006 4007 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4007 4008
4008 4009 char *buf;
4009 4010 int buflen;
4010 4011 size_t size;
4011 4012
4012 4013 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4013 4014 switch (uap->cmd) {
4014 4015 case SOCKCONFIG_ADD_SOCK:
4015 4016 case SOCKCONFIG_REMOVE_SOCK:
4016 4017 au_uwrite(au_to_arg32(2, "domain", (uint32_t)uap->arg1));
4017 4018 au_uwrite(au_to_arg32(3, "type", (uint32_t)uap->arg2));
4018 4019 au_uwrite(au_to_arg32(4, "protocol", (uint32_t)uap->arg3));
4019 4020
4020 4021 if (uap->arg4 == 0) {
4021 4022 au_uwrite(au_to_arg32(5, "devpath", (uint32_t)0));
4022 4023 } else {
4023 4024 buflen = MAXPATHLEN + 1;
4024 4025 buf = kmem_alloc(buflen, KM_SLEEP);
4025 4026 if (copyinstr((caddr_t)uap->arg4, buf, buflen,
4026 4027 &size)) {
4027 4028 kmem_free(buf, buflen);
4028 4029 return;
4029 4030 }
4030 4031
4031 4032 if (size > MAXPATHLEN) {
4032 4033 kmem_free(buf, buflen);
4033 4034 return;
4034 4035 }
4035 4036
4036 4037 au_uwrite(au_to_text(buf));
4037 4038 kmem_free(buf, buflen);
4038 4039 }
4039 4040 break;
4040 4041 case SOCKCONFIG_ADD_FILTER:
4041 4042 case SOCKCONFIG_REMOVE_FILTER:
4042 4043 buflen = FILNAME_MAX;
4043 4044 buf = kmem_alloc(buflen, KM_SLEEP);
4044 4045
4045 4046 if (copyinstr((caddr_t)uap->arg1, buf, buflen, &size)) {
4046 4047 kmem_free(buf, buflen);
4047 4048 return;
4048 4049 }
4049 4050
4050 4051 au_uwrite(au_to_text(buf));
4051 4052 kmem_free(buf, buflen);
4052 4053 break;
4053 4054 default:
4054 4055 break;
4055 4056 }
4056 4057 }
4057 4058
4058 4059 /*
4059 4060 * only audit recvmsg when the system call represents the creation of a new
4060 4061 * circuit. This effectively occurs for all UDP packets and may occur for
4061 4062 * special TCP situations where the local host has not set a local address
4062 4063 * in the socket structure.
4063 4064 */
4064 4065 /*ARGSUSED*/
4065 4066 static void
4066 4067 auf_recvmsg(
4067 4068 struct t_audit_data *tad,
4068 4069 int error,
4069 4070 rval_t *rvp)
4070 4071 {
4071 4072 struct a {
4072 4073 long fd;
4073 4074 long msg; /* struct msghdr */
4074 4075 long flags;
4075 4076 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4076 4077
4077 4078 struct sonode *so;
4078 4079 STRUCT_DECL(msghdr, msg);
4079 4080 caddr_t msg_name;
4080 4081 socklen_t msg_namelen;
4081 4082 int fd;
4082 4083 int err;
4083 4084 char so_laddr[sizeof (struct sockaddr_in6)];
4084 4085 char so_faddr[sizeof (struct sockaddr_in6)];
4085 4086 socklen_t len;
4086 4087 file_t *fp; /* unix domain sockets */
4087 4088 struct f_audit_data *fad; /* unix domain sockets */
4088 4089 short so_family, so_type;
4089 4090 int add_sock_token = 0;
4090 4091 au_kcontext_t *kctx = GET_KCTX_PZ;
4091 4092
4092 4093 fd = (int)uap->fd;
4093 4094
4094 4095 /* bail if an error */
4095 4096 if (error) {
4096 4097 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4097 4098 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4098 4099 return;
4099 4100 }
4100 4101
4101 4102 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4102 4103 /*
4103 4104 * not security relevant if doing a recvmsg from non socket
4104 4105 * so no extra tokens. Should probably turn off audit record
4105 4106 * generation here.
4106 4107 */
4107 4108 return;
4108 4109 }
4109 4110
4110 4111 so_family = so->so_family;
4111 4112 so_type = so->so_type;
4112 4113
4113 4114 /*
4114 4115 * only putout SOCKET_EX token if INET/INET6 family.
4115 4116 * XXX - what do we do about other families?
4116 4117 */
4117 4118
4118 4119 switch (so_family) {
4119 4120 case AF_INET:
4120 4121 case AF_INET6:
4121 4122
4122 4123 /*
4123 4124 * if datagram type socket, then just use what is in
4124 4125 * socket structure for local address.
4125 4126 * XXX - what do we do for other types?
4126 4127 */
4127 4128 if ((so->so_type == SOCK_DGRAM) ||
4128 4129 (so->so_type == SOCK_RAW)) {
4129 4130 add_sock_token = 1;
4130 4131
4131 4132 bzero((void *)so_laddr, sizeof (so_laddr));
4132 4133 bzero((void *)so_faddr, sizeof (so_faddr));
4133 4134
4134 4135 /* get local address */
4135 4136 len = sizeof (so_laddr);
4136 4137 (void) socket_getsockname(so,
4137 4138 (struct sockaddr *)so_laddr, &len, CRED());
4138 4139
4139 4140 /* get peer address */
4140 4141 STRUCT_INIT(msg, get_udatamodel());
4141 4142
4142 4143 if (copyin((caddr_t)(uap->msg),
4143 4144 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4144 4145 break;
4145 4146 }
4146 4147 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4147 4148 if (msg_name == NULL) {
4148 4149 break;
4149 4150 }
4150 4151
4151 4152 /* length is value from recvmsg - sanity check */
4152 4153 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4153 4154 if (msg_namelen == 0) {
4154 4155 break;
4155 4156 }
4156 4157 if (copyin(msg_name, so_faddr,
4157 4158 sizeof (so_faddr)) != 0) {
4158 4159 break;
4159 4160 }
4160 4161
4161 4162 } else if (so->so_type == SOCK_STREAM) {
4162 4163
4163 4164 /* get path from file struct here */
4164 4165 fad = F2A(fp);
4165 4166 ASSERT(fad);
4166 4167
4167 4168 /*
4168 4169 * already processed this file for read attempt
4169 4170 */
4170 4171 if (fad->fad_flags & FAD_READ) {
4171 4172 /* don't want to audit every recvmsg attempt */
4172 4173 tad->tad_flag = 0;
4173 4174 /* free any residual audit data */
4174 4175 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4175 4176 releasef(fd);
4176 4177 return;
4177 4178 }
4178 4179 /*
4179 4180 * mark things so we know what happened and don't
4180 4181 * repeat things
4181 4182 */
4182 4183 fad->fad_flags |= FAD_READ;
4183 4184
4184 4185 bzero((void *)so_laddr, sizeof (so_laddr));
4185 4186 bzero((void *)so_faddr, sizeof (so_faddr));
4186 4187
4187 4188 /* get local and foreign addresses */
4188 4189 len = sizeof (so_laddr);
4189 4190 (void) socket_getsockname(so,
4190 4191 (struct sockaddr *)so_laddr, &len, CRED());
4191 4192 len = sizeof (so_faddr);
4192 4193 (void) socket_getpeername(so,
4193 4194 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4194 4195
4195 4196 add_sock_token = 1;
4196 4197 }
4197 4198
4198 4199 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4199 4200
4200 4201 break;
4201 4202
4202 4203 case AF_UNIX:
4203 4204 /*
4204 4205 * first check if this is first time through. Too much
4205 4206 * duplicate code to put this in an aui_ routine.
4206 4207 */
4207 4208
4208 4209 /* get path from file struct here */
4209 4210 fad = F2A(fp);
4210 4211 ASSERT(fad);
4211 4212
4212 4213 /*
4213 4214 * already processed this file for read attempt
4214 4215 */
4215 4216 if (fad->fad_flags & FAD_READ) {
4216 4217 releasef(fd);
4217 4218 /* don't want to audit every recvmsg attempt */
4218 4219 tad->tad_flag = 0;
4219 4220 /* free any residual audit data */
4220 4221 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4221 4222 return;
4222 4223 }
4223 4224 /*
4224 4225 * mark things so we know what happened and don't
4225 4226 * repeat things
4226 4227 */
4227 4228 fad->fad_flags |= FAD_READ;
4228 4229
4229 4230 if (fad->fad_aupath != NULL) {
4230 4231 au_uwrite(au_to_path(fad->fad_aupath));
4231 4232 } else {
4232 4233 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4233 4234 }
4234 4235
4235 4236 audit_attributes(fp->f_vnode);
4236 4237
4237 4238 releasef(fd);
4238 4239
4239 4240 return;
4240 4241
4241 4242 default:
4242 4243 break;
4243 4244
4244 4245 }
4245 4246
4246 4247 releasef(fd);
4247 4248
4248 4249 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4249 4250
4250 4251 if (add_sock_token == 0) {
4251 4252 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4252 4253 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4253 4254 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4254 4255 return;
4255 4256 }
4256 4257
4257 4258 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4258 4259
4259 4260 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4260 4261
4261 4262 }
4262 4263
4263 4264 /*ARGSUSED*/
4264 4265 static void
4265 4266 auf_recvfrom(
4266 4267 struct t_audit_data *tad,
4267 4268 int error,
4268 4269 rval_t *rvp)
4269 4270 {
4270 4271
4271 4272 struct a {
4272 4273 long fd;
4273 4274 long msg; /* char */
4274 4275 long len;
4275 4276 long flags;
4276 4277 long from; /* struct sockaddr */
4277 4278 long fromlen;
4278 4279 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4279 4280
4280 4281 socklen_t fromlen;
4281 4282 struct sonode *so;
4282 4283 char so_laddr[sizeof (struct sockaddr_in6)];
4283 4284 char so_faddr[sizeof (struct sockaddr_in6)];
4284 4285 int fd;
4285 4286 short so_family, so_type;
4286 4287 int add_sock_token = 0;
4287 4288 socklen_t len;
4288 4289 int err;
4289 4290 struct file *fp;
4290 4291 struct f_audit_data *fad; /* unix domain sockets */
4291 4292 au_kcontext_t *kctx = GET_KCTX_PZ;
4292 4293
4293 4294 fd = (int)uap->fd;
4294 4295
4295 4296 /* bail if an error */
4296 4297 if (error) {
4297 4298 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4298 4299 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4299 4300 return;
4300 4301 }
4301 4302
4302 4303 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4303 4304 /*
4304 4305 * not security relevant if doing a recvmsg from non socket
4305 4306 * so no extra tokens. Should probably turn off audit record
4306 4307 * generation here.
4307 4308 */
4308 4309 return;
4309 4310 }
4310 4311
4311 4312 so_family = so->so_family;
4312 4313 so_type = so->so_type;
4313 4314
4314 4315 /*
4315 4316 * only putout SOCKET_EX token if INET/INET6 family.
4316 4317 * XXX - what do we do about other families?
4317 4318 */
4318 4319
4319 4320 switch (so_family) {
4320 4321 case AF_INET:
4321 4322 case AF_INET6:
4322 4323
4323 4324 /*
4324 4325 * if datagram type socket, then just use what is in
4325 4326 * socket structure for local address.
4326 4327 * XXX - what do we do for other types?
4327 4328 */
4328 4329 if ((so->so_type == SOCK_DGRAM) ||
4329 4330 (so->so_type == SOCK_RAW)) {
4330 4331 add_sock_token = 1;
4331 4332
4332 4333 /* get local address */
4333 4334 len = sizeof (so_laddr);
4334 4335 (void) socket_getsockname(so,
4335 4336 (struct sockaddr *)so_laddr, &len, CRED());
4336 4337
4337 4338 /* get peer address */
4338 4339 bzero((void *)so_faddr, sizeof (so_faddr));
4339 4340
4340 4341 /* sanity check */
4341 4342 if (uap->from == NULL)
4342 4343 break;
4343 4344
4344 4345 /* sanity checks */
4345 4346 if (uap->fromlen == 0)
4346 4347 break;
4347 4348
4348 4349 if (copyin((caddr_t)(uap->fromlen), (caddr_t)&fromlen,
4349 4350 sizeof (fromlen)) != 0)
4350 4351 break;
4351 4352
4352 4353 if (fromlen == 0)
4353 4354 break;
4354 4355
4355 4356 /* enforce maximum size */
4356 4357 if (fromlen > sizeof (so_faddr))
4357 4358 fromlen = sizeof (so_faddr);
4358 4359
4359 4360 if (copyin((caddr_t)(uap->from), so_faddr,
4360 4361 fromlen) != 0)
4361 4362 break;
4362 4363
4363 4364 } else if (so->so_type == SOCK_STREAM) {
4364 4365
4365 4366 /* get path from file struct here */
4366 4367 fad = F2A(fp);
4367 4368 ASSERT(fad);
4368 4369
4369 4370 /*
4370 4371 * already processed this file for read attempt
4371 4372 */
4372 4373 if (fad->fad_flags & FAD_READ) {
4373 4374 /* don't want to audit every recvfrom attempt */
4374 4375 tad->tad_flag = 0;
4375 4376 /* free any residual audit data */
4376 4377 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4377 4378 releasef(fd);
4378 4379 return;
4379 4380 }
4380 4381 /*
4381 4382 * mark things so we know what happened and don't
4382 4383 * repeat things
4383 4384 */
4384 4385 fad->fad_flags |= FAD_READ;
4385 4386
4386 4387 bzero((void *)so_laddr, sizeof (so_laddr));
4387 4388 bzero((void *)so_faddr, sizeof (so_faddr));
4388 4389
4389 4390 /* get local and foreign addresses */
4390 4391 len = sizeof (so_laddr);
4391 4392 (void) socket_getsockname(so,
4392 4393 (struct sockaddr *)so_laddr, &len, CRED());
4393 4394 len = sizeof (so_faddr);
4394 4395 (void) socket_getpeername(so,
4395 4396 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4396 4397
4397 4398 add_sock_token = 1;
4398 4399 }
4399 4400
4400 4401 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4401 4402
4402 4403 break;
4403 4404
4404 4405 case AF_UNIX:
4405 4406 /*
4406 4407 * first check if this is first time through. Too much
4407 4408 * duplicate code to put this in an aui_ routine.
4408 4409 */
4409 4410
4410 4411 /* get path from file struct here */
4411 4412 fad = F2A(fp);
4412 4413 ASSERT(fad);
4413 4414
4414 4415 /*
4415 4416 * already processed this file for read attempt
4416 4417 */
4417 4418 if (fad->fad_flags & FAD_READ) {
4418 4419 /* don't want to audit every recvfrom attempt */
4419 4420 tad->tad_flag = 0;
4420 4421 /* free any residual audit data */
4421 4422 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4422 4423 releasef(fd);
4423 4424 return;
4424 4425 }
4425 4426 /*
4426 4427 * mark things so we know what happened and don't
4427 4428 * repeat things
4428 4429 */
4429 4430 fad->fad_flags |= FAD_READ;
4430 4431
4431 4432 if (fad->fad_aupath != NULL) {
4432 4433 au_uwrite(au_to_path(fad->fad_aupath));
4433 4434 } else {
4434 4435 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4435 4436 }
4436 4437
4437 4438 audit_attributes(fp->f_vnode);
4438 4439
4439 4440 releasef(fd);
4440 4441
4441 4442 return;
4442 4443
4443 4444 default:
4444 4445 break;
4445 4446
4446 4447 }
4447 4448
4448 4449 releasef(fd);
4449 4450
4450 4451 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4451 4452
4452 4453 if (add_sock_token == 0) {
4453 4454 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4454 4455 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4455 4456 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4456 4457 return;
4457 4458 }
4458 4459
4459 4460 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4460 4461
4461 4462 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4462 4463 }
4463 4464
4464 4465 /*ARGSUSED*/
4465 4466 static void
4466 4467 auf_sendmsg(struct t_audit_data *tad, int error, rval_t *rval)
4467 4468 {
4468 4469 struct a {
4469 4470 long fd;
4470 4471 long msg; /* struct msghdr */
4471 4472 long flags;
4472 4473 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4473 4474
4474 4475 struct sonode *so;
4475 4476 char so_laddr[sizeof (struct sockaddr_in6)];
4476 4477 char so_faddr[sizeof (struct sockaddr_in6)];
4477 4478 int err;
4478 4479 int fd;
4479 4480 short so_family, so_type;
4480 4481 int add_sock_token = 0;
4481 4482 socklen_t len;
4482 4483 struct file *fp;
4483 4484 struct f_audit_data *fad;
4484 4485 caddr_t msg_name;
4485 4486 socklen_t msg_namelen;
4486 4487 STRUCT_DECL(msghdr, msg);
4487 4488 au_kcontext_t *kctx = GET_KCTX_PZ;
4488 4489
4489 4490 fd = (int)uap->fd;
4490 4491
4491 4492 /* bail if an error */
4492 4493 if (error) {
4493 4494 /* XXX include destination address from system call arguments */
4494 4495 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4495 4496 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4496 4497 return;
4497 4498 }
4498 4499
4499 4500 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4500 4501 /*
4501 4502 * not security relevant if doing a sendmsg from non socket
4502 4503 * so no extra tokens. Should probably turn off audit record
4503 4504 * generation here.
4504 4505 */
4505 4506 return;
4506 4507 }
4507 4508
4508 4509 so_family = so->so_family;
4509 4510 so_type = so->so_type;
4510 4511
4511 4512 switch (so_family) {
4512 4513 case AF_INET:
4513 4514 case AF_INET6:
4514 4515 /*
4515 4516 * if datagram type socket, then just use what is in
4516 4517 * socket structure for local address.
4517 4518 * XXX - what do we do for other types?
4518 4519 */
4519 4520 if ((so->so_type == SOCK_DGRAM) ||
4520 4521 (so->so_type == SOCK_RAW)) {
4521 4522
4522 4523 bzero((void *)so_laddr, sizeof (so_laddr));
4523 4524 bzero((void *)so_faddr, sizeof (so_faddr));
4524 4525
4525 4526 /* get local address */
4526 4527 len = sizeof (so_laddr);
4527 4528 (void) socket_getsockname(so,
4528 4529 (struct sockaddr *)so_laddr, &len, CRED());
4529 4530
4530 4531 /* get peer address */
4531 4532 STRUCT_INIT(msg, get_udatamodel());
4532 4533
4533 4534 if (copyin((caddr_t)(uap->msg),
4534 4535 (caddr_t)STRUCT_BUF(msg), STRUCT_SIZE(msg)) != 0) {
4535 4536 break;
4536 4537 }
4537 4538 msg_name = (caddr_t)STRUCT_FGETP(msg, msg_name);
4538 4539 if (msg_name == NULL)
4539 4540 break;
4540 4541
4541 4542 msg_namelen = (socklen_t)STRUCT_FGET(msg, msg_namelen);
4542 4543 /* length is value from recvmsg - sanity check */
4543 4544 if (msg_namelen == 0)
4544 4545 break;
4545 4546
4546 4547 if (copyin(msg_name, so_faddr,
4547 4548 sizeof (so_faddr)) != 0)
4548 4549 break;
4549 4550
4550 4551 add_sock_token = 1;
4551 4552
4552 4553 } else if (so->so_type == SOCK_STREAM) {
4553 4554
4554 4555 /* get path from file struct here */
4555 4556 fad = F2A(fp);
4556 4557 ASSERT(fad);
4557 4558
4558 4559 /*
4559 4560 * already processed this file for write attempt
4560 4561 */
4561 4562 if (fad->fad_flags & FAD_WRITE) {
4562 4563 releasef(fd);
4563 4564 /* don't want to audit every sendmsg attempt */
4564 4565 tad->tad_flag = 0;
4565 4566 /* free any residual audit data */
4566 4567 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4567 4568 return;
4568 4569 }
4569 4570
4570 4571 /*
4571 4572 * mark things so we know what happened and don't
4572 4573 * repeat things
4573 4574 */
4574 4575 fad->fad_flags |= FAD_WRITE;
4575 4576
4576 4577 bzero((void *)so_laddr, sizeof (so_laddr));
4577 4578 bzero((void *)so_faddr, sizeof (so_faddr));
4578 4579
4579 4580 /* get local and foreign addresses */
4580 4581 len = sizeof (so_laddr);
4581 4582 (void) socket_getsockname(so,
4582 4583 (struct sockaddr *)so_laddr, &len, CRED());
4583 4584 len = sizeof (so_faddr);
4584 4585 (void) socket_getpeername(so,
4585 4586 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4586 4587
4587 4588 add_sock_token = 1;
4588 4589 }
4589 4590
4590 4591 /* XXX - what about SOCK_RAW/SOCK_RDM/SOCK_SEQPACKET ??? */
4591 4592
4592 4593 break;
4593 4594
4594 4595 case AF_UNIX:
4595 4596 /*
4596 4597 * first check if this is first time through. Too much
4597 4598 * duplicate code to put this in an aui_ routine.
4598 4599 */
4599 4600
4600 4601 /* get path from file struct here */
4601 4602 fad = F2A(fp);
4602 4603 ASSERT(fad);
4603 4604
4604 4605 /*
4605 4606 * already processed this file for write attempt
4606 4607 */
4607 4608 if (fad->fad_flags & FAD_WRITE) {
4608 4609 releasef(fd);
4609 4610 /* don't want to audit every sendmsg attempt */
4610 4611 tad->tad_flag = 0;
4611 4612 /* free any residual audit data */
4612 4613 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4613 4614 return;
4614 4615 }
4615 4616 /*
4616 4617 * mark things so we know what happened and don't
4617 4618 * repeat things
4618 4619 */
4619 4620 fad->fad_flags |= FAD_WRITE;
4620 4621
4621 4622 if (fad->fad_aupath != NULL) {
4622 4623 au_uwrite(au_to_path(fad->fad_aupath));
4623 4624 } else {
4624 4625 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4625 4626 }
4626 4627
4627 4628 audit_attributes(fp->f_vnode);
4628 4629
4629 4630 releasef(fd);
4630 4631
4631 4632 return;
4632 4633
4633 4634 default:
4634 4635 break;
4635 4636 }
4636 4637
4637 4638 releasef(fd);
4638 4639
4639 4640 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4640 4641
4641 4642 if (add_sock_token == 0) {
4642 4643 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4643 4644 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4644 4645 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4645 4646 return;
4646 4647 }
4647 4648
4648 4649 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4649 4650
4650 4651 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4651 4652 }
4652 4653
4653 4654 /*ARGSUSED*/
4654 4655 static void
4655 4656 auf_sendto(struct t_audit_data *tad, int error, rval_t *rval)
4656 4657 {
4657 4658 struct a {
4658 4659 long fd;
4659 4660 long msg; /* char */
4660 4661 long len;
4661 4662 long flags;
4662 4663 long to; /* struct sockaddr */
4663 4664 long tolen;
4664 4665 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4665 4666
4666 4667 struct sonode *so;
4667 4668 char so_laddr[sizeof (struct sockaddr_in6)];
4668 4669 char so_faddr[sizeof (struct sockaddr_in6)];
4669 4670 socklen_t tolen;
4670 4671 int err;
4671 4672 int fd;
4672 4673 socklen_t len;
4673 4674 short so_family, so_type;
4674 4675 int add_sock_token = 0;
4675 4676 struct file *fp;
4676 4677 struct f_audit_data *fad;
4677 4678 au_kcontext_t *kctx = GET_KCTX_PZ;
4678 4679
4679 4680 fd = (int)uap->fd;
4680 4681
4681 4682 /* bail if an error */
4682 4683 if (error) {
4683 4684 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4684 4685 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4685 4686 /* XXX include destination address from system call arguments */
4686 4687 return;
4687 4688 }
4688 4689
4689 4690 if ((so = getsonode(fd, &err, &fp)) == NULL) {
4690 4691 /*
4691 4692 * not security relevant if doing a sendto using non socket
4692 4693 * so no extra tokens. Should probably turn off audit record
4693 4694 * generation here.
4694 4695 */
4695 4696 return;
4696 4697 }
4697 4698
4698 4699 so_family = so->so_family;
4699 4700 so_type = so->so_type;
4700 4701
4701 4702 /*
4702 4703 * only putout SOCKET_EX token if INET/INET6 family.
4703 4704 * XXX - what do we do about other families?
4704 4705 */
4705 4706
4706 4707 switch (so_family) {
4707 4708 case AF_INET:
4708 4709 case AF_INET6:
4709 4710
4710 4711 /*
4711 4712 * if datagram type socket, then just use what is in
4712 4713 * socket structure for local address.
4713 4714 * XXX - what do we do for other types?
4714 4715 */
4715 4716 if ((so->so_type == SOCK_DGRAM) ||
4716 4717 (so->so_type == SOCK_RAW)) {
4717 4718
4718 4719 bzero((void *)so_laddr, sizeof (so_laddr));
4719 4720 bzero((void *)so_faddr, sizeof (so_faddr));
4720 4721
4721 4722 /* get local address */
4722 4723 len = sizeof (so_laddr);
4723 4724 (void) socket_getsockname(so,
4724 4725 (struct sockaddr *)so_laddr, &len, CRED());
4725 4726
4726 4727 /* get peer address */
4727 4728
4728 4729 /* sanity check */
4729 4730 if (uap->to == NULL)
4730 4731 break;
4731 4732
4732 4733 /* sanity checks */
4733 4734 if (uap->tolen == 0)
4734 4735 break;
4735 4736
4736 4737 tolen = (socklen_t)uap->tolen;
4737 4738
4738 4739 /* enforce maximum size */
4739 4740 if (tolen > sizeof (so_faddr))
4740 4741 tolen = sizeof (so_faddr);
4741 4742
4742 4743 if (copyin((caddr_t)(uap->to), so_faddr, tolen) != 0)
4743 4744 break;
4744 4745
4745 4746 add_sock_token = 1;
4746 4747 } else {
4747 4748 /*
4748 4749 * check if this is first time through.
4749 4750 */
4750 4751
4751 4752 /* get path from file struct here */
4752 4753 fad = F2A(fp);
4753 4754 ASSERT(fad);
4754 4755
4755 4756 /*
4756 4757 * already processed this file for write attempt
4757 4758 */
4758 4759 if (fad->fad_flags & FAD_WRITE) {
4759 4760 /* don't want to audit every sendto attempt */
4760 4761 tad->tad_flag = 0;
4761 4762 /* free any residual audit data */
4762 4763 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4763 4764 releasef(fd);
4764 4765 return;
4765 4766 }
4766 4767 /*
4767 4768 * mark things so we know what happened and don't
4768 4769 * repeat things
4769 4770 */
4770 4771 fad->fad_flags |= FAD_WRITE;
4771 4772
4772 4773 bzero((void *)so_laddr, sizeof (so_laddr));
4773 4774 bzero((void *)so_faddr, sizeof (so_faddr));
4774 4775
4775 4776 /* get local and foreign addresses */
4776 4777 len = sizeof (so_laddr);
4777 4778 (void) socket_getsockname(so,
4778 4779 (struct sockaddr *)so_laddr, &len, CRED());
4779 4780 len = sizeof (so_faddr);
4780 4781 (void) socket_getpeername(so,
4781 4782 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
4782 4783
4783 4784 add_sock_token = 1;
4784 4785 }
4785 4786
4786 4787 /* XXX - what about SOCK_RDM/SOCK_SEQPACKET ??? */
4787 4788
4788 4789 break;
4789 4790
4790 4791 case AF_UNIX:
4791 4792 /*
4792 4793 * first check if this is first time through. Too much
4793 4794 * duplicate code to put this in an aui_ routine.
4794 4795 */
4795 4796
4796 4797 /* get path from file struct here */
4797 4798 fad = F2A(fp);
4798 4799 ASSERT(fad);
4799 4800
4800 4801 /*
4801 4802 * already processed this file for write attempt
4802 4803 */
4803 4804 if (fad->fad_flags & FAD_WRITE) {
4804 4805 /* don't want to audit every sendto attempt */
4805 4806 tad->tad_flag = 0;
4806 4807 /* free any residual audit data */
4807 4808 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
4808 4809 releasef(fd);
4809 4810 return;
4810 4811 }
4811 4812 /*
4812 4813 * mark things so we know what happened and don't
4813 4814 * repeat things
4814 4815 */
4815 4816 fad->fad_flags |= FAD_WRITE;
4816 4817
4817 4818 if (fad->fad_aupath != NULL) {
4818 4819 au_uwrite(au_to_path(fad->fad_aupath));
4819 4820 } else {
4820 4821 au_uwrite(au_to_arg32(1, "no path: fd", fd));
4821 4822 }
4822 4823
4823 4824 audit_attributes(fp->f_vnode);
4824 4825
4825 4826 releasef(fd);
4826 4827
4827 4828 return;
4828 4829
4829 4830 default:
4830 4831 break;
4831 4832
4832 4833 }
4833 4834
4834 4835 releasef(fd);
4835 4836
4836 4837 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
4837 4838
4838 4839 if (add_sock_token == 0) {
4839 4840 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
4840 4841 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
4841 4842 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4842 4843 return;
4843 4844 }
4844 4845
4845 4846 au_uwrite(au_to_arg32(3, "flags", (uint32_t)(uap->flags)));
4846 4847
4847 4848 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
4848 4849
4849 4850 }
4850 4851
4851 4852 /*
4852 4853 * XXX socket(2) may be equivalent to open(2) on a unix domain
4853 4854 * socket. This needs investigation.
4854 4855 */
4855 4856
4856 4857 /*ARGSUSED*/
4857 4858 static void
4858 4859 aus_socket(struct t_audit_data *tad)
4859 4860 {
4860 4861 struct a {
4861 4862 long domain;
4862 4863 long type;
4863 4864 long protocol;
4864 4865 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4865 4866
4866 4867 au_uwrite(au_to_arg32(1, "domain", (uint32_t)uap->domain));
4867 4868 au_uwrite(au_to_arg32(2, "type", (uint32_t)uap->type));
4868 4869 au_uwrite(au_to_arg32(3, "protocol", (uint32_t)uap->protocol));
4869 4870 }
4870 4871
4871 4872 /*ARGSUSED*/
4872 4873 static void
4873 4874 aus_sigqueue(struct t_audit_data *tad)
4874 4875 {
4875 4876 struct a {
4876 4877 long pid;
4877 4878 long signo;
4878 4879 long *val;
4879 4880 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4880 4881 struct proc *p;
4881 4882 uid_t uid, ruid;
4882 4883 gid_t gid, rgid;
4883 4884 pid_t pid;
4884 4885 const auditinfo_addr_t *ainfo;
4885 4886 cred_t *cr;
4886 4887
4887 4888 pid = (pid_t)uap->pid;
4888 4889
4889 4890 au_uwrite(au_to_arg32(2, "signal", (uint32_t)uap->signo));
4890 4891 if (pid > 0) {
4891 4892 mutex_enter(&pidlock);
4892 4893 if ((p = prfind(pid)) == (struct proc *)0) {
4893 4894 mutex_exit(&pidlock);
4894 4895 return;
4895 4896 }
4896 4897 mutex_enter(&p->p_lock); /* so process doesn't go away */
4897 4898 mutex_exit(&pidlock);
4898 4899
4899 4900 mutex_enter(&p->p_crlock);
4900 4901 crhold(cr = p->p_cred);
4901 4902 mutex_exit(&p->p_crlock);
4902 4903 mutex_exit(&p->p_lock);
4903 4904
4904 4905 ainfo = crgetauinfo(cr);
4905 4906 if (ainfo == NULL) {
4906 4907 crfree(cr);
4907 4908 return;
4908 4909 }
4909 4910
4910 4911 uid = crgetuid(cr);
4911 4912 gid = crgetgid(cr);
4912 4913 ruid = crgetruid(cr);
4913 4914 rgid = crgetrgid(cr);
4914 4915 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
4915 4916 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
4916 4917 crfree(cr);
4917 4918 }
4918 4919 else
4919 4920 au_uwrite(au_to_arg32(1, "process ID", (uint32_t)pid));
4920 4921 }
4921 4922
4922 4923 /*ARGSUSED*/
4923 4924 static void
4924 4925 aus_inst_sync(struct t_audit_data *tad)
4925 4926 {
4926 4927 struct a {
4927 4928 long name; /* char */
4928 4929 long flags;
4929 4930 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4930 4931
4931 4932 au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags));
4932 4933 }
4933 4934
4934 4935 /*ARGSUSED*/
4935 4936 static void
4936 4937 aus_brandsys(struct t_audit_data *tad)
4937 4938 {
4938 4939 klwp_t *clwp = ttolwp(curthread);
4939 4940
4940 4941 struct a {
4941 4942 long cmd;
4942 4943 long arg1;
4943 4944 long arg2;
4944 4945 long arg3;
4945 4946 long arg4;
4946 4947 long arg5;
4947 4948 long arg6;
4948 4949 } *uap = (struct a *)clwp->lwp_ap;
4949 4950
4950 4951 au_uwrite(au_to_arg32(1, "cmd", (uint_t)uap->cmd));
4951 4952 #ifdef _LP64
4952 4953 au_uwrite(au_to_arg64(2, "arg1", (uint64_t)uap->arg1));
4953 4954 au_uwrite(au_to_arg64(3, "arg2", (uint64_t)uap->arg2));
4954 4955 au_uwrite(au_to_arg64(4, "arg3", (uint64_t)uap->arg3));
4955 4956 au_uwrite(au_to_arg64(5, "arg4", (uint64_t)uap->arg4));
4956 4957 au_uwrite(au_to_arg64(6, "arg5", (uint64_t)uap->arg5));
4957 4958 au_uwrite(au_to_arg64(7, "arg6", (uint64_t)uap->arg6));
4958 4959 #else
4959 4960 au_uwrite(au_to_arg32(2, "arg1", (uint32_t)uap->arg1));
4960 4961 au_uwrite(au_to_arg32(3, "arg2", (uint32_t)uap->arg2));
4961 4962 au_uwrite(au_to_arg32(4, "arg3", (uint32_t)uap->arg3));
4962 4963 au_uwrite(au_to_arg32(5, "arg4", (uint32_t)uap->arg4));
4963 4964 au_uwrite(au_to_arg32(6, "arg5", (uint32_t)uap->arg5));
4964 4965 au_uwrite(au_to_arg32(7, "arg6", (uint32_t)uap->arg6));
4965 4966 #endif
4966 4967 }
4967 4968
4968 4969 /*ARGSUSED*/
4969 4970 static void
4970 4971 aus_p_online(struct t_audit_data *tad)
4971 4972 {
4972 4973 struct a {
4973 4974 long processor_id;
4974 4975 long flag;
4975 4976 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
4976 4977
4977 4978 struct flags {
4978 4979 int flag;
4979 4980 char *cflag;
4980 4981 } aflags[6] = {
4981 4982 { P_ONLINE, "P_ONLINE"},
4982 4983 { P_OFFLINE, "P_OFFLINE"},
4983 4984 { P_NOINTR, "P_NOINTR"},
4984 4985 { P_SPARE, "P_SPARE"},
4985 4986 { P_FAULTED, "P_FAULTED"},
4986 4987 { P_STATUS, "P_STATUS"}
4987 4988 };
4988 4989 int i;
4989 4990 char *cflag;
4990 4991
4991 4992 au_uwrite(au_to_arg32(1, "processor ID", (uint32_t)uap->processor_id));
4992 4993 au_uwrite(au_to_arg32(2, "flag", (uint32_t)uap->flag));
4993 4994
4994 4995 for (i = 0; i < 6; i++) {
4995 4996 if (aflags[i].flag == uap->flag)
4996 4997 break;
4997 4998 }
4998 4999 cflag = (i == 6) ? "bad flag":aflags[i].cflag;
4999 5000
5000 5001 au_uwrite(au_to_text(cflag));
5001 5002 }
5002 5003
5003 5004 /*ARGSUSED*/
5004 5005 static void
5005 5006 aus_processor_bind(struct t_audit_data *tad)
5006 5007 {
5007 5008 struct a {
5008 5009 long id_type;
5009 5010 long id;
5010 5011 long processor_id;
5011 5012 long obind;
5012 5013 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5013 5014
5014 5015 struct proc *p;
5015 5016 int lwpcnt;
5016 5017 uid_t uid, ruid;
5017 5018 gid_t gid, rgid;
5018 5019 pid_t pid;
5019 5020 const auditinfo_addr_t *ainfo;
5020 5021 cred_t *cr;
5021 5022
5022 5023 au_uwrite(au_to_arg32(1, "ID type", (uint32_t)uap->id_type));
5023 5024 au_uwrite(au_to_arg32(2, "ID", (uint32_t)uap->id));
5024 5025 if (uap->processor_id == PBIND_NONE)
5025 5026 au_uwrite(au_to_text("PBIND_NONE"));
5026 5027 else
5027 5028 au_uwrite(au_to_arg32(3, "processor_id",
5028 5029 (uint32_t)uap->processor_id));
5029 5030
5030 5031 switch (uap->id_type) {
5031 5032 case P_MYID:
5032 5033 case P_LWPID:
5033 5034 mutex_enter(&pidlock);
5034 5035 p = ttoproc(curthread);
5035 5036 if (p == NULL || p->p_as == &kas) {
5036 5037 mutex_exit(&pidlock);
5037 5038 return;
5038 5039 }
5039 5040 mutex_enter(&p->p_lock);
5040 5041 mutex_exit(&pidlock);
5041 5042 lwpcnt = p->p_lwpcnt;
5042 5043 pid = p->p_pid;
5043 5044
5044 5045 mutex_enter(&p->p_crlock);
5045 5046 crhold(cr = p->p_cred);
5046 5047 mutex_exit(&p->p_crlock);
5047 5048 mutex_exit(&p->p_lock);
5048 5049
5049 5050 ainfo = crgetauinfo(cr);
5050 5051 if (ainfo == NULL) {
5051 5052 crfree(cr);
5052 5053 return;
5053 5054 }
5054 5055
5055 5056 uid = crgetuid(cr);
5056 5057 gid = crgetgid(cr);
5057 5058 ruid = crgetruid(cr);
5058 5059 rgid = crgetrgid(cr);
5059 5060 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5060 5061 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5061 5062 crfree(cr);
5062 5063 break;
5063 5064 case P_PID:
5064 5065 mutex_enter(&pidlock);
5065 5066 p = prfind(uap->id);
5066 5067 if (p == NULL || p->p_as == &kas) {
5067 5068 mutex_exit(&pidlock);
5068 5069 return;
5069 5070 }
5070 5071 mutex_enter(&p->p_lock);
5071 5072 mutex_exit(&pidlock);
5072 5073 lwpcnt = p->p_lwpcnt;
5073 5074 pid = p->p_pid;
5074 5075
5075 5076 mutex_enter(&p->p_crlock);
5076 5077 crhold(cr = p->p_cred);
5077 5078 mutex_exit(&p->p_crlock);
5078 5079 mutex_exit(&p->p_lock);
5079 5080
5080 5081 ainfo = crgetauinfo(cr);
5081 5082 if (ainfo == NULL) {
5082 5083 crfree(cr);
5083 5084 return;
5084 5085 }
5085 5086
5086 5087 uid = crgetuid(cr);
5087 5088 gid = crgetgid(cr);
5088 5089 ruid = crgetruid(cr);
5089 5090 rgid = crgetrgid(cr);
5090 5091 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5091 5092 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5092 5093 crfree(cr);
5093 5094
5094 5095 break;
5095 5096 default:
5096 5097 return;
5097 5098 }
5098 5099
5099 5100 if (uap->processor_id == PBIND_NONE &&
5100 5101 (!(uap->id_type == P_LWPID && lwpcnt > 1)))
5101 5102 au_uwrite(au_to_text("PBIND_NONE for process"));
5102 5103 else
5103 5104 au_uwrite(au_to_arg32(3, "processor_id",
5104 5105 (uint32_t)uap->processor_id));
5105 5106 }
5106 5107
5107 5108 /*ARGSUSED*/
5108 5109 static au_event_t
5109 5110 aui_doorfs(au_event_t e)
5110 5111 {
5111 5112 uint32_t code;
5112 5113
5113 5114 struct a { /* doorfs */
5114 5115 long a1;
5115 5116 long a2;
5116 5117 long a3;
5117 5118 long a4;
5118 5119 long a5;
5119 5120 long code;
5120 5121 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5121 5122
5122 5123 /*
5123 5124 * audit formats for several of the
5124 5125 * door calls have not yet been determined
5125 5126 */
5126 5127 code = (uint32_t)uap->code;
5127 5128 switch (code) {
5128 5129 case DOOR_CALL:
5129 5130 e = AUE_DOORFS_DOOR_CALL;
5130 5131 break;
5131 5132 case DOOR_RETURN:
5132 5133 e = AUE_NULL;
5133 5134 break;
5134 5135 case DOOR_CREATE:
5135 5136 e = AUE_DOORFS_DOOR_CREATE;
5136 5137 break;
5137 5138 case DOOR_REVOKE:
5138 5139 e = AUE_DOORFS_DOOR_REVOKE;
5139 5140 break;
5140 5141 case DOOR_INFO:
5141 5142 e = AUE_NULL;
5142 5143 break;
5143 5144 case DOOR_UCRED:
5144 5145 e = AUE_NULL;
5145 5146 break;
5146 5147 case DOOR_BIND:
5147 5148 e = AUE_NULL;
5148 5149 break;
5149 5150 case DOOR_UNBIND:
5150 5151 e = AUE_NULL;
5151 5152 break;
5152 5153 case DOOR_GETPARAM:
5153 5154 e = AUE_NULL;
5154 5155 break;
5155 5156 case DOOR_SETPARAM:
5156 5157 e = AUE_NULL;
5157 5158 break;
5158 5159 default: /* illegal system call */
5159 5160 e = AUE_NULL;
5160 5161 break;
5161 5162 }
5162 5163
5163 5164 return (e);
5164 5165 }
5165 5166
5166 5167 static door_node_t *
5167 5168 au_door_lookup(int did)
5168 5169 {
5169 5170 vnode_t *vp;
5170 5171 file_t *fp;
5171 5172
5172 5173 if ((fp = getf(did)) == NULL)
5173 5174 return (NULL);
5174 5175 /*
5175 5176 * Use the underlying vnode (we may be namefs mounted)
5176 5177 */
5177 5178 if (VOP_REALVP(fp->f_vnode, &vp, NULL))
5178 5179 vp = fp->f_vnode;
5179 5180
5180 5181 if (vp == NULL || vp->v_type != VDOOR) {
5181 5182 releasef(did);
5182 5183 return (NULL);
5183 5184 }
5184 5185
5185 5186 return (VTOD(vp));
5186 5187 }
5187 5188
5188 5189 /*ARGSUSED*/
5189 5190 static void
5190 5191 aus_doorfs(struct t_audit_data *tad)
5191 5192 {
5192 5193
5193 5194 struct a { /* doorfs */
5194 5195 long a1;
5195 5196 long a2;
5196 5197 long a3;
5197 5198 long a4;
5198 5199 long a5;
5199 5200 long code;
5200 5201 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5201 5202
5202 5203 door_node_t *dp;
5203 5204 struct proc *p;
5204 5205 uint32_t did;
5205 5206 uid_t uid, ruid;
5206 5207 gid_t gid, rgid;
5207 5208 pid_t pid;
5208 5209 const auditinfo_addr_t *ainfo;
5209 5210 cred_t *cr;
5210 5211
5211 5212 did = (uint32_t)uap->a1;
5212 5213
5213 5214 switch (tad->tad_event) {
5214 5215 case AUE_DOORFS_DOOR_CALL:
5215 5216 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5216 5217 if ((dp = au_door_lookup(did)) == NULL)
5217 5218 break;
5218 5219
5219 5220 if (DOOR_INVALID(dp)) {
5220 5221 releasef(did);
5221 5222 break;
5222 5223 }
5223 5224
5224 5225 if ((p = dp->door_target) == NULL) {
5225 5226 releasef(did);
5226 5227 break;
5227 5228 }
5228 5229 mutex_enter(&p->p_lock);
5229 5230 releasef(did);
5230 5231
5231 5232 pid = p->p_pid;
5232 5233
5233 5234 mutex_enter(&p->p_crlock);
5234 5235 crhold(cr = p->p_cred);
5235 5236 mutex_exit(&p->p_crlock);
5236 5237 mutex_exit(&p->p_lock);
5237 5238
5238 5239 ainfo = crgetauinfo(cr);
5239 5240 if (ainfo == NULL) {
5240 5241 crfree(cr);
5241 5242 return;
5242 5243 }
5243 5244 uid = crgetuid(cr);
5244 5245 gid = crgetgid(cr);
5245 5246 ruid = crgetruid(cr);
5246 5247 rgid = crgetrgid(cr);
5247 5248 au_uwrite(au_to_process(uid, gid, ruid, rgid, pid,
5248 5249 ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid));
5249 5250 crfree(cr);
5250 5251 break;
5251 5252 case AUE_DOORFS_DOOR_RETURN:
5252 5253 /*
5253 5254 * We may want to write information about
5254 5255 * all doors (if any) which will be copied
5255 5256 * by this call to the user space
5256 5257 */
5257 5258 break;
5258 5259 case AUE_DOORFS_DOOR_CREATE:
5259 5260 au_uwrite(au_to_arg32(3, "door attr", (uint32_t)uap->a3));
5260 5261 break;
5261 5262 case AUE_DOORFS_DOOR_REVOKE:
5262 5263 au_uwrite(au_to_arg32(1, "door ID", (uint32_t)did));
5263 5264 break;
5264 5265 case AUE_DOORFS_DOOR_INFO:
5265 5266 break;
5266 5267 case AUE_DOORFS_DOOR_CRED:
5267 5268 break;
5268 5269 case AUE_DOORFS_DOOR_BIND:
5269 5270 break;
5270 5271 case AUE_DOORFS_DOOR_UNBIND: {
5271 5272 break;
5272 5273 }
5273 5274 default: /* illegal system call */
5274 5275 break;
5275 5276 }
5276 5277 }
5277 5278
5278 5279 /*ARGSUSED*/
5279 5280 static au_event_t
5280 5281 aui_acl(au_event_t e)
5281 5282 {
5282 5283 struct a {
5283 5284 union {
5284 5285 long name; /* char */
5285 5286 long fd;
5286 5287 } obj;
5287 5288
5288 5289 long cmd;
5289 5290 long nentries;
5290 5291 long arg; /* aclent_t */
5291 5292 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5292 5293
5293 5294 switch (uap->cmd) {
5294 5295 case SETACL:
5295 5296 case ACE_SETACL:
5296 5297 /*
5297 5298 * acl(SETACL/ACE_SETACL, ...) and facl(SETACL/ACE_SETACL, ...)
5298 5299 * are expected.
5299 5300 */
5300 5301 break;
5301 5302 case GETACL:
5302 5303 case GETACLCNT:
5303 5304 case ACE_GETACL:
5304 5305 case ACE_GETACLCNT:
5305 5306 /* do nothing for these four values. */
5306 5307 e = AUE_NULL;
5307 5308 break;
5308 5309 default:
5309 5310 /* illegal system call */
5310 5311 break;
5311 5312 }
5312 5313
5313 5314 return (e);
5314 5315 }
5315 5316
5316 5317 static void
5317 5318 au_acl(int cmd, int nentries, caddr_t bufp)
5318 5319 {
5319 5320 size_t a_size;
5320 5321 aclent_t *aclbufp;
5321 5322 ace_t *acebufp;
5322 5323 int i;
5323 5324
5324 5325 switch (cmd) {
5325 5326 case GETACL:
5326 5327 case GETACLCNT:
5327 5328 break;
5328 5329 case SETACL:
5329 5330 if (nentries < 3)
5330 5331 break;
5331 5332
5332 5333 a_size = nentries * sizeof (aclent_t);
5333 5334
5334 5335 if ((aclbufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5335 5336 break;
5336 5337 if (copyin(bufp, aclbufp, a_size)) {
5337 5338 kmem_free(aclbufp, a_size);
5338 5339 break;
5339 5340 }
5340 5341 for (i = 0; i < nentries; i++) {
5341 5342 au_uwrite(au_to_acl(aclbufp + i));
5342 5343 }
5343 5344 kmem_free(aclbufp, a_size);
5344 5345 break;
5345 5346
5346 5347 case ACE_SETACL:
5347 5348 if (nentries < 1 || nentries > MAX_ACL_ENTRIES)
5348 5349 break;
5349 5350
5350 5351 a_size = nentries * sizeof (ace_t);
5351 5352 if ((acebufp = kmem_alloc(a_size, KM_SLEEP)) == NULL)
5352 5353 break;
5353 5354 if (copyin(bufp, acebufp, a_size)) {
5354 5355 kmem_free(acebufp, a_size);
5355 5356 break;
5356 5357 }
5357 5358 for (i = 0; i < nentries; i++) {
5358 5359 au_uwrite(au_to_ace(acebufp + i));
5359 5360 }
5360 5361 kmem_free(acebufp, a_size);
5361 5362 break;
5362 5363 default:
5363 5364 break;
5364 5365 }
5365 5366 }
5366 5367
5367 5368 /*ARGSUSED*/
5368 5369 static void
5369 5370 aus_acl(struct t_audit_data *tad)
5370 5371 {
5371 5372 struct a {
5372 5373 long fname;
5373 5374 long cmd;
5374 5375 long nentries;
5375 5376 long aclbufp;
5376 5377 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5377 5378
5378 5379 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5379 5380 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5380 5381
5381 5382 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5382 5383 }
5383 5384
5384 5385 /*ARGSUSED*/
5385 5386 static void
5386 5387 aus_facl(struct t_audit_data *tad)
5387 5388 {
5388 5389 struct a {
5389 5390 long fd;
5390 5391 long cmd;
5391 5392 long nentries;
5392 5393 long aclbufp;
5393 5394 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5394 5395 struct file *fp;
5395 5396 struct vnode *vp;
5396 5397 struct f_audit_data *fad;
5397 5398 int fd;
5398 5399
5399 5400 au_uwrite(au_to_arg32(2, "cmd", (uint32_t)uap->cmd));
5400 5401 au_uwrite(au_to_arg32(3, "nentries", (uint32_t)uap->nentries));
5401 5402
5402 5403 fd = (int)uap->fd;
5403 5404
5404 5405 if ((fp = getf(fd)) == NULL)
5405 5406 return;
5406 5407
5407 5408 /* get path from file struct here */
5408 5409 fad = F2A(fp);
5409 5410 if (fad->fad_aupath != NULL) {
5410 5411 au_uwrite(au_to_path(fad->fad_aupath));
5411 5412 } else {
5412 5413 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5413 5414 }
5414 5415
5415 5416 vp = fp->f_vnode;
5416 5417 audit_attributes(vp);
5417 5418
5418 5419 /* decrement file descriptor reference count */
5419 5420 releasef(fd);
5420 5421
5421 5422 au_acl(uap->cmd, uap->nentries, (caddr_t)uap->aclbufp);
5422 5423 }
5423 5424
5424 5425 /*ARGSUSED*/
5425 5426 static void
5426 5427 auf_read(tad, error, rval)
5427 5428 struct t_audit_data *tad;
5428 5429 int error;
5429 5430 rval_t *rval;
5430 5431 {
5431 5432 struct file *fp;
5432 5433 struct f_audit_data *fad;
5433 5434 int fd;
5434 5435 register struct a {
5435 5436 long fd;
5436 5437 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5437 5438 au_kcontext_t *kctx = GET_KCTX_PZ;
5438 5439
5439 5440 fd = (int)uap->fd;
5440 5441
5441 5442 /*
5442 5443 * convert file pointer to file descriptor
5443 5444 * Note: fd ref count incremented here.
5444 5445 */
5445 5446 if ((fp = getf(fd)) == NULL)
5446 5447 return;
5447 5448
5448 5449 /* get path from file struct here */
5449 5450 fad = F2A(fp);
5450 5451 ASSERT(fad);
5451 5452
5452 5453 /*
5453 5454 * already processed this file for read attempt
5454 5455 *
5455 5456 * XXX might be better to turn off auditing in a aui_read() routine.
5456 5457 */
5457 5458 if (fad->fad_flags & FAD_READ) {
5458 5459 /* don't really want to audit every read attempt */
5459 5460 tad->tad_flag = 0;
5460 5461 /* free any residual audit data */
5461 5462 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5462 5463 releasef(fd);
5463 5464 return;
5464 5465 }
5465 5466 /* mark things so we know what happened and don't repeat things */
5466 5467 fad->fad_flags |= FAD_READ;
5467 5468
5468 5469 if (fad->fad_aupath != NULL) {
5469 5470 au_uwrite(au_to_path(fad->fad_aupath));
5470 5471 } else {
5471 5472 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5472 5473 }
5473 5474
5474 5475 /* include attributes */
5475 5476 audit_attributes(fp->f_vnode);
5476 5477
5477 5478 /* decrement file descriptor reference count */
5478 5479 releasef(fd);
5479 5480 }
5480 5481
5481 5482 /*ARGSUSED*/
5482 5483 static void
5483 5484 auf_write(tad, error, rval)
5484 5485 struct t_audit_data *tad;
5485 5486 int error;
5486 5487 rval_t *rval;
5487 5488 {
5488 5489 struct file *fp;
5489 5490 struct f_audit_data *fad;
5490 5491 int fd;
5491 5492 register struct a {
5492 5493 long fd;
5493 5494 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5494 5495 au_kcontext_t *kctx = GET_KCTX_PZ;
5495 5496
5496 5497 fd = (int)uap->fd;
5497 5498
5498 5499 /*
5499 5500 * convert file pointer to file descriptor
5500 5501 * Note: fd ref count incremented here.
5501 5502 */
5502 5503 if ((fp = getf(fd)) == NULL)
5503 5504 return;
5504 5505
5505 5506 /* get path from file struct here */
5506 5507 fad = F2A(fp);
5507 5508 ASSERT(fad);
5508 5509
5509 5510 /*
5510 5511 * already processed this file for write attempt
5511 5512 *
5512 5513 * XXX might be better to turn off auditing in a aus_write() routine.
5513 5514 */
5514 5515 if (fad->fad_flags & FAD_WRITE) {
5515 5516 /* don't really want to audit every write attempt */
5516 5517 tad->tad_flag = 0;
5517 5518 /* free any residual audit data */
5518 5519 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5519 5520 releasef(fd);
5520 5521 return;
5521 5522 }
5522 5523 /* mark things so we know what happened and don't repeat things */
5523 5524 fad->fad_flags |= FAD_WRITE;
5524 5525
5525 5526 if (fad->fad_aupath != NULL) {
5526 5527 au_uwrite(au_to_path(fad->fad_aupath));
5527 5528 } else {
5528 5529 au_uwrite(au_to_arg32(1, "no path: fd", (uint32_t)fd));
5529 5530 }
5530 5531
5531 5532 /* include attributes */
5532 5533 audit_attributes(fp->f_vnode);
5533 5534
5534 5535 /* decrement file descriptor reference count */
5535 5536 releasef(fd);
5536 5537 }
5537 5538
5538 5539 /*ARGSUSED*/
5539 5540 static void
5540 5541 auf_recv(tad, error, rval)
5541 5542 struct t_audit_data *tad;
5542 5543 int error;
5543 5544 rval_t *rval;
5544 5545 {
5545 5546 struct sonode *so;
5546 5547 char so_laddr[sizeof (struct sockaddr_in6)];
5547 5548 char so_faddr[sizeof (struct sockaddr_in6)];
5548 5549 struct file *fp;
5549 5550 struct f_audit_data *fad;
5550 5551 int fd;
5551 5552 int err;
5552 5553 socklen_t len;
5553 5554 short so_family, so_type;
5554 5555 register struct a {
5555 5556 long fd;
5556 5557 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5557 5558 au_kcontext_t *kctx = GET_KCTX_PZ;
5558 5559
5559 5560 /*
5560 5561 * If there was an error, then nothing to do. Only generate
5561 5562 * audit record on first successful recv.
5562 5563 */
5563 5564 if (error) {
5564 5565 /* Turn off audit record generation here. */
5565 5566 tad->tad_flag = 0;
5566 5567 /* free any residual audit data */
5567 5568 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5568 5569 return;
5569 5570 }
5570 5571
5571 5572 fd = (int)uap->fd;
5572 5573
5573 5574 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5574 5575 /* Turn off audit record generation here. */
5575 5576 tad->tad_flag = 0;
5576 5577 /* free any residual audit data */
5577 5578 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5578 5579 return;
5579 5580 }
5580 5581
5581 5582 /* get path from file struct here */
5582 5583 fad = F2A(fp);
5583 5584 ASSERT(fad);
5584 5585
5585 5586 /*
5586 5587 * already processed this file for read attempt
5587 5588 */
5588 5589 if (fad->fad_flags & FAD_READ) {
5589 5590 releasef(fd);
5590 5591 /* don't really want to audit every recv call */
5591 5592 tad->tad_flag = 0;
5592 5593 /* free any residual audit data */
5593 5594 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5594 5595 return;
5595 5596 }
5596 5597
5597 5598 /* mark things so we know what happened and don't repeat things */
5598 5599 fad->fad_flags |= FAD_READ;
5599 5600
5600 5601 so_family = so->so_family;
5601 5602 so_type = so->so_type;
5602 5603
5603 5604 switch (so_family) {
5604 5605 case AF_INET:
5605 5606 case AF_INET6:
5606 5607 /*
5607 5608 * Only for connections.
5608 5609 * XXX - do we need to worry about SOCK_DGRAM or other types???
5609 5610 */
5610 5611 if (so->so_state & SS_ISBOUND) {
5611 5612
5612 5613 bzero((void *)so_laddr, sizeof (so_laddr));
5613 5614 bzero((void *)so_faddr, sizeof (so_faddr));
5614 5615
5615 5616 /* get local and foreign addresses */
5616 5617 len = sizeof (so_laddr);
5617 5618 (void) socket_getsockname(so,
5618 5619 (struct sockaddr *)so_laddr, &len, CRED());
5619 5620 len = sizeof (so_faddr);
5620 5621 (void) socket_getpeername(so,
5621 5622 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5622 5623
5623 5624 /*
5624 5625 * only way to drop out of switch. Note that we
5625 5626 * we release fd below.
5626 5627 */
5627 5628
5628 5629 break;
5629 5630 }
5630 5631
5631 5632 releasef(fd);
5632 5633
5633 5634 /* don't really want to audit every recv call */
5634 5635 tad->tad_flag = 0;
5635 5636 /* free any residual audit data */
5636 5637 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5637 5638
5638 5639 return;
5639 5640
5640 5641 case AF_UNIX:
5641 5642
5642 5643 if (fad->fad_aupath != NULL) {
5643 5644 au_uwrite(au_to_path(fad->fad_aupath));
5644 5645 } else {
5645 5646 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5646 5647 }
5647 5648
5648 5649 audit_attributes(fp->f_vnode);
5649 5650
5650 5651 releasef(fd);
5651 5652
5652 5653 return;
5653 5654
5654 5655 default:
5655 5656 releasef(fd);
5656 5657
5657 5658 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5658 5659 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5659 5660 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5660 5661
5661 5662 return;
5662 5663 }
5663 5664
5664 5665 releasef(fd);
5665 5666
5666 5667 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5667 5668
5668 5669 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5669 5670
5670 5671 }
5671 5672
5672 5673 /*ARGSUSED*/
5673 5674 static void
5674 5675 auf_send(tad, error, rval)
5675 5676 struct t_audit_data *tad;
5676 5677 int error;
5677 5678 rval_t *rval;
5678 5679 {
5679 5680 struct sonode *so;
5680 5681 char so_laddr[sizeof (struct sockaddr_in6)];
5681 5682 char so_faddr[sizeof (struct sockaddr_in6)];
5682 5683 struct file *fp;
5683 5684 struct f_audit_data *fad;
5684 5685 int fd;
5685 5686 int err;
5686 5687 socklen_t len;
5687 5688 short so_family, so_type;
5688 5689 register struct a {
5689 5690 long fd;
5690 5691 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5691 5692 au_kcontext_t *kctx = GET_KCTX_PZ;
5692 5693
5693 5694 fd = (int)uap->fd;
5694 5695
5695 5696 /*
5696 5697 * If there was an error, then nothing to do. Only generate
5697 5698 * audit record on first successful send.
5698 5699 */
5699 5700 if (error != 0) {
5700 5701 /* Turn off audit record generation here. */
5701 5702 tad->tad_flag = 0;
5702 5703 /* free any residual audit data */
5703 5704 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5704 5705 return;
5705 5706 }
5706 5707
5707 5708 fd = (int)uap->fd;
5708 5709
5709 5710 if ((so = getsonode(fd, &err, &fp)) == NULL) {
5710 5711 /* Turn off audit record generation here. */
5711 5712 tad->tad_flag = 0;
5712 5713 /* free any residual audit data */
5713 5714 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5714 5715 return;
5715 5716 }
5716 5717
5717 5718 /* get path from file struct here */
5718 5719 fad = F2A(fp);
5719 5720 ASSERT(fad);
5720 5721
5721 5722 /*
5722 5723 * already processed this file for write attempt
5723 5724 */
5724 5725 if (fad->fad_flags & FAD_WRITE) {
5725 5726 releasef(fd);
5726 5727 /* don't really want to audit every send call */
5727 5728 tad->tad_flag = 0;
5728 5729 /* free any residual audit data */
5729 5730 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5730 5731 return;
5731 5732 }
5732 5733
5733 5734 /* mark things so we know what happened and don't repeat things */
5734 5735 fad->fad_flags |= FAD_WRITE;
5735 5736
5736 5737 so_family = so->so_family;
5737 5738 so_type = so->so_type;
5738 5739
5739 5740 switch (so_family) {
5740 5741 case AF_INET:
5741 5742 case AF_INET6:
5742 5743 /*
5743 5744 * Only for connections.
5744 5745 * XXX - do we need to worry about SOCK_DGRAM or other types???
5745 5746 */
5746 5747 if (so->so_state & SS_ISBOUND) {
5747 5748
5748 5749 bzero((void *)so_laddr, sizeof (so_laddr));
5749 5750 bzero((void *)so_faddr, sizeof (so_faddr));
5750 5751
5751 5752 /* get local and foreign addresses */
5752 5753 len = sizeof (so_laddr);
5753 5754 (void) socket_getsockname(so,
5754 5755 (struct sockaddr *)so_laddr, &len, CRED());
5755 5756 len = sizeof (so_faddr);
5756 5757 (void) socket_getpeername(so,
5757 5758 (struct sockaddr *)so_faddr, &len, B_FALSE, CRED());
5758 5759
5759 5760 /*
5760 5761 * only way to drop out of switch. Note that we
5761 5762 * we release fd below.
5762 5763 */
5763 5764
5764 5765 break;
5765 5766 }
5766 5767
5767 5768 releasef(fd);
5768 5769 /* don't really want to audit every send call */
5769 5770 tad->tad_flag = 0;
5770 5771 /* free any residual audit data */
5771 5772 au_close(kctx, &(u_ad), 0, 0, 0, NULL);
5772 5773
5773 5774 return;
5774 5775
5775 5776 case AF_UNIX:
5776 5777
5777 5778 if (fad->fad_aupath != NULL) {
5778 5779 au_uwrite(au_to_path(fad->fad_aupath));
5779 5780 } else {
5780 5781 au_uwrite(au_to_arg32(1, "no path: fd", fd));
5781 5782 }
5782 5783
5783 5784 audit_attributes(fp->f_vnode);
5784 5785
5785 5786 releasef(fd);
5786 5787
5787 5788 return;
5788 5789
5789 5790 default:
5790 5791 releasef(fd);
5791 5792
5792 5793 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5793 5794 au_uwrite(au_to_arg32(1, "family", (uint32_t)so_family));
5794 5795 au_uwrite(au_to_arg32(1, "type", (uint32_t)so_type));
5795 5796
5796 5797 return;
5797 5798 }
5798 5799
5799 5800 releasef(fd);
5800 5801
5801 5802 au_uwrite(au_to_arg32(1, "so", (uint32_t)fd));
5802 5803
5803 5804 au_uwrite(au_to_socket_ex(so_family, so_type, so_laddr, so_faddr));
5804 5805 }
5805 5806
5806 5807 static au_event_t
5807 5808 aui_forksys(au_event_t e)
5808 5809 {
5809 5810 struct a {
5810 5811 long subcode;
5811 5812 long flags;
5812 5813 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5813 5814
5814 5815 switch ((uint_t)uap->subcode) {
5815 5816 case 0:
5816 5817 e = AUE_FORK1;
5817 5818 break;
5818 5819 case 1:
5819 5820 e = AUE_FORKALL;
5820 5821 break;
5821 5822 case 2:
5822 5823 e = AUE_VFORK;
5823 5824 break;
5824 5825 default:
5825 5826 e = AUE_NULL;
5826 5827 break;
5827 5828 }
5828 5829
5829 5830 return (e);
5830 5831 }
5831 5832
5832 5833 /*ARGSUSED*/
5833 5834 static au_event_t
5834 5835 aui_portfs(au_event_t e)
5835 5836 {
5836 5837 struct a { /* portfs */
5837 5838 long a1;
5838 5839 long a2;
5839 5840 long a3;
5840 5841 } *uap = (struct a *)ttolwp(curthread)->lwp_ap;
5841 5842
5842 5843 /*
5843 5844 * check opcode
5844 5845 */
5845 5846 switch (((uint_t)uap->a1) & PORT_CODE_MASK) {
5846 5847 case PORT_ASSOCIATE:
5847 5848 /* check source */
5848 5849 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5849 5850 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5850 5851 e = AUE_PORTFS_ASSOCIATE;
5851 5852 } else {
5852 5853 e = AUE_NULL;
5853 5854 }
5854 5855 break;
5855 5856 case PORT_DISSOCIATE:
5856 5857 /* check source */
5857 5858 if (((uint_t)uap->a3 == PORT_SOURCE_FILE) ||
5858 5859 ((uint_t)uap->a3 == PORT_SOURCE_FD)) {
5859 5860 e = AUE_PORTFS_DISSOCIATE;
5860 5861 } else {
5861 5862 e = AUE_NULL;
5862 5863 }
5863 5864 break;
5864 5865 default:
5865 5866 e = AUE_NULL;
5866 5867 }
5867 5868 return (e);
5868 5869 }
|
↓ open down ↓ |
5132 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX