1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * This file contains the auditing system call code. 28 * 29 */ 30 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/user.h> 35 #include <sys/vnode.h> 36 #include <sys/vfs.h> 37 #include <sys/session.h> /* for session structure (auditctl(2) */ 38 #include <sys/kmem.h> /* for KM_SLEEP */ 39 #include <sys/cred.h> 40 #include <sys/types.h> 41 #include <sys/proc.h> 42 #include <sys/uio.h> 43 #include <sys/file.h> 44 #include <sys/stat.h> 45 #include <sys/pathname.h> 46 #include <sys/acct.h> 47 #include <sys/stropts.h> 48 #include <sys/exec.h> 49 #include <sys/thread.h> 50 #include <sys/cmn_err.h> 51 #include <sys/debug.h> 52 #include <sys/disp.h> 53 #include <sys/kobj.h> 54 #include <sys/sysmacros.h> 55 #include <sys/policy.h> 56 #include <sys/taskq.h> 57 #include <sys/zone.h> 58 59 #include <c2/audit.h> 60 #include <c2/audit_kernel.h> 61 #include <c2/audit_record.h> 62 63 #define CLEAR_VAL -1 64 65 #define HEADER_SIZE64 1; 66 #define HEADER_SIZE32 0; 67 #define AU_MIN_FILE_SZ 0x80000 /* minumum audit file size */ 68 #define AUDIT_REC_SIZE 0x8000 /* maximum user audit record size */ 69 70 extern kmutex_t pidlock; 71 72 extern pri_t minclsyspri; /* priority for taskq */ 73 74 extern int audit_load; /* defined in audit_start.c */ 75 76 int au_auditstate = AUC_UNSET; /* global audit state */ 77 int audit_policy; /* global audit policies in force */ 78 static clock_t au_resid = 15; /* wait .15 sec before droping a rec */ 79 80 static int getauid(caddr_t); 81 static int setauid(caddr_t); 82 static int getaudit(caddr_t); 83 static int getaudit_addr(caddr_t, int); 84 static int setaudit(caddr_t); 85 static int setaudit_addr(caddr_t, int); 86 static int auditdoor(int); 87 static int auditctl(int, caddr_t, int); 88 static int audit_modsysent(char *, int, int (*)()); 89 static void au_output_thread(); 90 /* 91 * This is the loadable module wrapper. 92 */ 93 #include <sys/modctl.h> 94 #include "sys/syscall.h" 95 96 static struct sysent auditsysent = { 97 6, 98 0, 99 _auditsys 100 }; 101 102 /* 103 * Module linkage information for the kernel. 104 */ 105 extern struct mod_ops mod_syscallops; 106 107 static struct modlsys modlsys = { 108 &mod_syscallops, "C2 system call", &auditsysent 109 }; 110 111 static struct modlinkage modlinkage = { 112 MODREV_1, (void *)&modlsys, 0 113 }; 114 115 int 116 _init() 117 { 118 int retval; 119 120 if (audit_load == 0) 121 return (-1); 122 123 /* 124 * We are going to do an ugly thing here. 125 * Because auditsys is already defined as a regular 126 * syscall we have to change the definition for syscall 127 * auditsys. Basically or in the SE_LOADABLE flag for 128 * auditsys. We no have a static loadable syscall. Also 129 * create an rw_lock. 130 */ 131 132 if ((audit_modsysent("c2audit", SE_LOADABLE|SE_NOUNLOAD, 133 _auditsys)) == -1) 134 return (-1); 135 136 if ((retval = mod_install(&modlinkage)) != 0) 137 return (retval); 138 139 return (0); 140 } 141 142 int 143 _fini() 144 { 145 return (EBUSY); 146 } 147 148 int 149 _info(struct modinfo *modinfop) 150 { 151 return (mod_info(&modlinkage, modinfop)); 152 } 153 154 /* 155 * when auditing is updated to allow enable/disable without 156 * reboot (and when the audit stubs are removed) *most* of these 157 * calls should return an error when auditing is off -- some 158 * for local zones only. 159 */ 160 161 int 162 _auditsys(struct auditcalls *uap, rval_t *rvp) 163 { 164 int result = 0; 165 166 switch (uap->code) { 167 case BSM_GETAUID: 168 result = getauid((caddr_t)uap->a1); 169 break; 170 case BSM_SETAUID: 171 result = setauid((caddr_t)uap->a1); 172 break; 173 case BSM_GETAUDIT: 174 result = getaudit((caddr_t)uap->a1); 175 break; 176 case BSM_GETAUDIT_ADDR: 177 178 result = getaudit_addr((caddr_t)uap->a1, (int)uap->a2); 179 break; 180 case BSM_SETAUDIT: 181 result = setaudit((caddr_t)uap->a1); 182 break; 183 case BSM_SETAUDIT_ADDR: 184 result = setaudit_addr((caddr_t)uap->a1, (int)uap->a2); 185 break; 186 case BSM_AUDIT: 187 result = audit((caddr_t)uap->a1, (int)uap->a2); 188 break; 189 case BSM_AUDITDOOR: 190 result = auditdoor((int)uap->a1); 191 break; 192 case BSM_AUDITCTL: 193 result = auditctl((int)uap->a1, (caddr_t)uap->a2, (int)uap->a3); 194 break; 195 default: 196 result = EINVAL; 197 } 198 rvp->r_vals = result; 199 return (result); 200 } 201 202 /* 203 * Return the audit user ID for the current process. Currently only 204 * the privileged processes may see the audit id. That may change. 205 * If copyout is unsucessful return EFAULT. 206 */ 207 static int 208 getauid(caddr_t auid_p) 209 { 210 const auditinfo_addr_t *ainfo; 211 212 if (secpolicy_audit_getattr(CRED()) != 0) 213 return (EPERM); 214 215 ainfo = crgetauinfo(CRED()); 216 if (ainfo == NULL) 217 return (EINVAL); 218 219 if (copyout(&ainfo->ai_auid, auid_p, sizeof (au_id_t))) 220 return (EFAULT); 221 222 return (0); 223 } 224 225 /* 226 * Set the audit userid, for a process. This can only be changed by 227 * privileged processes. The audit userid is inherited across forks & execs. 228 * Passed in is a pointer to the au_id_t; if copyin unsuccessful return EFAULT. 229 */ 230 static int 231 setauid(caddr_t auid_p) 232 { 233 proc_t *p; 234 au_id_t auid; 235 cred_t *newcred; 236 auditinfo_addr_t *auinfo; 237 238 if (secpolicy_audit_config(CRED()) != 0) 239 return (EPERM); 240 241 if (copyin(auid_p, &auid, sizeof (au_id_t))) { 242 return (EFAULT); 243 } 244 245 newcred = cralloc(); 246 if ((auinfo = crgetauinfo_modifiable(newcred)) == NULL) { 247 crfree(newcred); 248 return (EINVAL); 249 } 250 251 /* grab p_crlock and switch to new cred */ 252 p = curproc; 253 mutex_enter(&p->p_crlock); 254 crcopy_to(p->p_cred, newcred); 255 p->p_cred = newcred; 256 257 auinfo->ai_auid = auid; /* update the auid */ 258 259 /* unlock and broadcast the cred changes */ 260 mutex_exit(&p->p_crlock); 261 crset(p, newcred); 262 263 return (0); 264 } 265 266 /* 267 * Get the audit state information from the current process. 268 * Return EFAULT if copyout fails. 269 */ 270 static int 271 getaudit(caddr_t info_p) 272 { 273 STRUCT_DECL(auditinfo, info); 274 const auditinfo_addr_t *ainfo; 275 model_t model; 276 277 if (secpolicy_audit_getattr(CRED()) != 0) 278 return (EPERM); 279 280 model = get_udatamodel(); 281 STRUCT_INIT(info, model); 282 283 ainfo = crgetauinfo(CRED()); 284 if (ainfo == NULL) 285 return (EINVAL); 286 287 /* trying to read a process with an IPv6 address? */ 288 if (ainfo->ai_termid.at_type == AU_IPv6) 289 return (EOVERFLOW); 290 291 STRUCT_FSET(info, ai_auid, ainfo->ai_auid); 292 STRUCT_FSET(info, ai_mask, ainfo->ai_mask); 293 #ifdef _LP64 294 if (model == DATAMODEL_ILP32) { 295 dev32_t dev; 296 /* convert internal 64 bit form to 32 bit version */ 297 if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) { 298 return (EOVERFLOW); 299 } 300 STRUCT_FSET(info, ai_termid.port, dev); 301 } else 302 STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port); 303 #else 304 STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port); 305 #endif 306 STRUCT_FSET(info, ai_termid.machine, ainfo->ai_termid.at_addr[0]); 307 STRUCT_FSET(info, ai_asid, ainfo->ai_asid); 308 309 if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info))) 310 return (EFAULT); 311 312 return (0); 313 } 314 315 /* 316 * Get the audit state information from the current process. 317 * Return EFAULT if copyout fails. 318 */ 319 static int 320 getaudit_addr(caddr_t info_p, int len) 321 { 322 STRUCT_DECL(auditinfo_addr, info); 323 const auditinfo_addr_t *ainfo; 324 model_t model; 325 326 if (secpolicy_audit_getattr(CRED()) != 0) 327 return (EPERM); 328 329 model = get_udatamodel(); 330 STRUCT_INIT(info, model); 331 332 if (len < STRUCT_SIZE(info)) 333 return (EOVERFLOW); 334 335 ainfo = crgetauinfo(CRED()); 336 337 if (ainfo == NULL) 338 return (EINVAL); 339 340 STRUCT_FSET(info, ai_auid, ainfo->ai_auid); 341 STRUCT_FSET(info, ai_mask, ainfo->ai_mask); 342 #ifdef _LP64 343 if (model == DATAMODEL_ILP32) { 344 dev32_t dev; 345 /* convert internal 64 bit form to 32 bit version */ 346 if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) { 347 return (EOVERFLOW); 348 } 349 STRUCT_FSET(info, ai_termid.at_port, dev); 350 } else 351 STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port); 352 #else 353 STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port); 354 #endif 355 STRUCT_FSET(info, ai_termid.at_type, ainfo->ai_termid.at_type); 356 STRUCT_FSET(info, ai_termid.at_addr[0], ainfo->ai_termid.at_addr[0]); 357 STRUCT_FSET(info, ai_termid.at_addr[1], ainfo->ai_termid.at_addr[1]); 358 STRUCT_FSET(info, ai_termid.at_addr[2], ainfo->ai_termid.at_addr[2]); 359 STRUCT_FSET(info, ai_termid.at_addr[3], ainfo->ai_termid.at_addr[3]); 360 STRUCT_FSET(info, ai_asid, ainfo->ai_asid); 361 362 if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info))) 363 return (EFAULT); 364 365 return (0); 366 } 367 368 /* 369 * Set the audit state information for the current process. 370 * Return EFAULT if copyout fails. 371 */ 372 static int 373 setaudit(caddr_t info_p) 374 { 375 STRUCT_DECL(auditinfo, info); 376 proc_t *p; 377 cred_t *newcred; 378 model_t model; 379 auditinfo_addr_t *ainfo; 380 381 if (secpolicy_audit_config(CRED()) != 0) 382 return (EPERM); 383 384 model = get_udatamodel(); 385 STRUCT_INIT(info, model); 386 387 if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info))) 388 return (EFAULT); 389 390 newcred = cralloc(); 391 if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) { 392 crfree(newcred); 393 return (EINVAL); 394 } 395 396 /* grab p_crlock and switch to new cred */ 397 p = curproc; 398 mutex_enter(&p->p_crlock); 399 crcopy_to(p->p_cred, newcred); 400 p->p_cred = newcred; 401 402 /* Set audit mask, id, termid and session id as specified */ 403 ainfo->ai_auid = STRUCT_FGET(info, ai_auid); 404 #ifdef _LP64 405 /* only convert to 64 bit if coming from a 32 bit binary */ 406 if (model == DATAMODEL_ILP32) 407 ainfo->ai_termid.at_port = 408 DEVEXPL(STRUCT_FGET(info, ai_termid.port)); 409 else 410 ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port); 411 #else 412 ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.port); 413 #endif 414 ainfo->ai_termid.at_type = AU_IPv4; 415 ainfo->ai_termid.at_addr[0] = STRUCT_FGET(info, ai_termid.machine); 416 ainfo->ai_asid = STRUCT_FGET(info, ai_asid); 417 ainfo->ai_mask = STRUCT_FGET(info, ai_mask); 418 419 /* unlock and broadcast the cred changes */ 420 mutex_exit(&p->p_crlock); 421 crset(p, newcred); 422 423 return (0); 424 } 425 426 /* 427 * Set the audit state information for the current process. 428 * Return EFAULT if copyin fails. 429 */ 430 static int 431 setaudit_addr(caddr_t info_p, int len) 432 { 433 STRUCT_DECL(auditinfo_addr, info); 434 proc_t *p; 435 cred_t *newcred; 436 model_t model; 437 int i; 438 int type; 439 auditinfo_addr_t *ainfo; 440 441 if (secpolicy_audit_config(CRED()) != 0) 442 return (EPERM); 443 444 model = get_udatamodel(); 445 STRUCT_INIT(info, model); 446 447 if (len < STRUCT_SIZE(info)) 448 return (EOVERFLOW); 449 450 if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info))) 451 return (EFAULT); 452 453 type = STRUCT_FGET(info, ai_termid.at_type); 454 if ((type != AU_IPv4) && (type != AU_IPv6)) 455 return (EINVAL); 456 457 newcred = cralloc(); 458 if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) { 459 crfree(newcred); 460 return (EINVAL); 461 } 462 463 /* grab p_crlock and switch to new cred */ 464 p = curproc; 465 mutex_enter(&p->p_crlock); 466 crcopy_to(p->p_cred, newcred); 467 p->p_cred = newcred; 468 469 /* Set audit mask, id, termid and session id as specified */ 470 ainfo->ai_auid = STRUCT_FGET(info, ai_auid); 471 ainfo->ai_mask = STRUCT_FGET(info, ai_mask); 472 #ifdef _LP64 473 /* only convert to 64 bit if coming from a 32 bit binary */ 474 if (model == DATAMODEL_ILP32) 475 ainfo->ai_termid.at_port = 476 DEVEXPL(STRUCT_FGET(info, ai_termid.at_port)); 477 else 478 ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port); 479 #else 480 ainfo->ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port); 481 #endif 482 ainfo->ai_termid.at_type = type; 483 bzero(&ainfo->ai_termid.at_addr[0], sizeof (ainfo->ai_termid.at_addr)); 484 for (i = 0; i < (type/sizeof (int)); i++) 485 ainfo->ai_termid.at_addr[i] = 486 STRUCT_FGET(info, ai_termid.at_addr[i]); 487 488 if (ainfo->ai_termid.at_type == AU_IPv6 && 489 IN6_IS_ADDR_V4MAPPED(((in6_addr_t *)ainfo->ai_termid.at_addr))) { 490 ainfo->ai_termid.at_type = AU_IPv4; 491 ainfo->ai_termid.at_addr[0] = ainfo->ai_termid.at_addr[3]; 492 ainfo->ai_termid.at_addr[1] = 0; 493 ainfo->ai_termid.at_addr[2] = 0; 494 ainfo->ai_termid.at_addr[3] = 0; 495 } 496 497 ainfo->ai_asid = STRUCT_FGET(info, ai_asid); 498 499 /* unlock and broadcast the cred changes */ 500 mutex_exit(&p->p_crlock); 501 crset(p, newcred); 502 503 return (0); 504 } 505 506 /* 507 * The audit system call. Trust what the user has sent down and save it 508 * away in the audit file. User passes a complete audit record and its 509 * length. We will fill in the time stamp, check the header and the length 510 * Put a trailer and a sequence token if policy requires. 511 * In the future length might become size_t instead of an int. 512 * 513 * The call is valid whether or not AUDIT_PERZONE is set (think of 514 * login to a zone). When the local audit state (auk_auditstate) is 515 * AUC_INIT_AUDIT, records are accepted even though auditd isn't 516 * running. 517 */ 518 int 519 audit(caddr_t record, int length) 520 { 521 char c; 522 int count, l; 523 token_t *m, *n, *s, *ad; 524 int hdrlen, delta; 525 adr_t hadr; 526 adr_t sadr; 527 int size; /* 0: 32 bit utility 1: 64 bit utility */ 528 int host_len; 529 size_t zlen; 530 au_kcontext_t *kctx = GET_KCTX_PZ; 531 532 /* if auditing not enabled, then don't generate an audit record */ 533 if (kctx->auk_auditstate != AUC_AUDITING && 534 kctx->auk_auditstate != AUC_INIT_AUDIT) 535 return (0); 536 537 /* Only privileged processes can audit */ 538 if (secpolicy_audit_modify(CRED()) != 0) 539 return (EPERM); 540 541 /* Max user record size is 32K */ 542 if (length > AUDIT_REC_SIZE) 543 return (E2BIG); 544 545 /* 546 * The specified length must be at least as big as the smallest 547 * possible header token. Later after beginning to scan the 548 * header we'll determine the true minimum length according to 549 * the header type and attributes. 550 */ 551 #define AU_MIN_HEADER_LEN (sizeof (char) + sizeof (int32_t) + \ 552 sizeof (char) + sizeof (short) + sizeof (short) + \ 553 (sizeof (int32_t) * 2)) 554 555 if (length < AU_MIN_HEADER_LEN) 556 return (EINVAL); 557 558 /* Read in user's audit record */ 559 count = length; 560 m = n = s = ad = NULL; 561 while (count) { 562 m = au_getclr(); 563 if (!s) 564 s = n = m; 565 else { 566 n->next_buf = m; 567 n = m; 568 } 569 l = MIN(count, AU_BUFSIZE); 570 if (copyin(record, memtod(m, caddr_t), (size_t)l)) { 571 /* copyin failed release au_membuf */ 572 au_free_rec(s); 573 return (EFAULT); 574 } 575 record += l; 576 count -= l; 577 m->len = (uchar_t)l; 578 } 579 580 /* Now attach the entire thing to ad */ 581 au_write((caddr_t *)&(ad), s); 582 583 /* validate header token type. trust everything following it */ 584 adr_start(&hadr, memtod(s, char *)); 585 (void) adr_getchar(&hadr, &c); 586 switch (c) { 587 case AUT_HEADER32: 588 /* size vers+event_ID+event_modifier fields */ 589 delta = 1 + 2 + 2; 590 hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2); 591 size = HEADER_SIZE32; 592 break; 593 594 #ifdef _LP64 595 case AUT_HEADER64: 596 /* size vers+event_ID+event_modifier fields */ 597 delta = 1 + 2 + 2; 598 hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2); 599 size = HEADER_SIZE64; 600 break; 601 #endif 602 603 case AUT_HEADER32_EX: 604 /* 605 * Skip over the length/version/type/mod fields and 606 * grab the host address type (length), then rewind. 607 * This is safe per the previous minimum length check. 608 */ 609 hadr.adr_now += 9; 610 (void) adr_getint32(&hadr, &host_len); 611 hadr.adr_now -= 9 + sizeof (int32_t); 612 613 /* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */ 614 delta = 1 + 2 + 2 + 4 + host_len; 615 hdrlen = 1 + 4 + delta + (sizeof (int32_t) * 2); 616 size = HEADER_SIZE32; 617 break; 618 619 #ifdef _LP64 620 case AUT_HEADER64_EX: 621 /* 622 * Skip over the length/version/type/mod fields and grab 623 * the host address type (length), then rewind. 624 * This is safe per the previous minimum length check. 625 */ 626 hadr.adr_now += 9; 627 (void) adr_getint32(&hadr, &host_len); 628 hadr.adr_now -= 9 + sizeof (int32_t); 629 630 /* size: vers+event_ID+event_modifier+IP_type+IP_addr_array */ 631 delta = 1 + 2 + 2 + 4 + host_len; 632 hdrlen = 1 + 4 + delta + (sizeof (int64_t) * 2); 633 size = HEADER_SIZE64; 634 break; 635 #endif 636 637 default: 638 /* Header is wrong, reject message */ 639 au_free_rec(s); 640 return (EINVAL); 641 } 642 643 if (length < hdrlen) { 644 au_free_rec(s); 645 return (0); 646 } 647 648 /* advance over header token length field */ 649 hadr.adr_now += 4; 650 651 /* validate version */ 652 (void) adr_getchar(&hadr, &c); 653 if (c != TOKEN_VERSION) { 654 /* version is wrong, reject message */ 655 au_free_rec(s); 656 return (EINVAL); 657 } 658 659 /* backup to header length field (including version field) */ 660 hadr.adr_now -= 5; 661 662 /* 663 * add on the zonename token if policy AUDIT_ZONENAME is set 664 */ 665 if (kctx->auk_policy & AUDIT_ZONENAME) { 666 zlen = au_zonename_length(NULL); 667 if (zlen > 0) { 668 length += zlen; 669 m = au_to_zonename(zlen, NULL); 670 (void) au_append_rec(ad, m, AU_PACK); 671 } 672 } 673 /* Add an (optional) sequence token. NULL offset if none */ 674 if (kctx->auk_policy & AUDIT_SEQ) { 675 /* get the sequnce token */ 676 m = au_to_seq(); 677 678 /* sequence token 5 bytes long */ 679 length += 5; 680 681 /* link to audit record (i.e. don't pack the data) */ 682 (void) au_append_rec(ad, m, AU_LINK); 683 684 /* advance to count field of token */ 685 adr_start(&sadr, memtod(m, char *)); 686 sadr.adr_now += 1; 687 } else 688 sadr.adr_now = (char *)NULL; 689 690 /* add the (optional) trailer token */ 691 if (kctx->auk_policy & AUDIT_TRAIL) { 692 /* trailer token is 7 bytes long */ 693 length += 7; 694 695 /* append to audit record */ 696 (void) au_append_rec(ad, au_to_trailer(length), AU_PACK); 697 } 698 699 /* audit record completely assembled. set the length */ 700 adr_int32(&hadr, (int32_t *)&length, 1); 701 702 /* advance to date/time field of header */ 703 hadr.adr_now += delta; 704 705 /* We are done put it on the queue */ 706 AS_INC(as_generated, 1, kctx); 707 AS_INC(as_audit, 1, kctx); 708 709 au_enqueue(kctx, s, &hadr, &sadr, size, 0); 710 711 AS_INC(as_totalsize, length, kctx); 712 713 return (0); 714 } 715 716 static void 717 audit_dont_stop(void *kctx) 718 { 719 720 if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) || 721 (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT)) 722 return; 723 724 mutex_enter(&(((au_kcontext_t *)kctx)->auk_queue.lock)); 725 cv_broadcast(&(((au_kcontext_t *)kctx)->auk_queue.write_cv)); 726 mutex_exit(&(((au_kcontext_t *)kctx)->auk_queue.lock)); 727 } 728 729 /* 730 * auditdoor starts a kernel thread to generate output from the audit 731 * queue. The thread terminates when it detects auditing being turned 732 * off, such as when auditd exits with a SIGTERM. If a subsequent 733 * auditdoor arrives while the thread is running, the door descriptor 734 * of the last auditdoor in will be used for output. auditd is responsible 735 * for insuring that multiple copies are not running. 736 */ 737 738 static int 739 auditdoor(int fd) 740 { 741 struct file *fp; 742 struct vnode *vp; 743 int do_create = 0; 744 au_kcontext_t *kctx; 745 746 if (secpolicy_audit_config(CRED()) != 0) 747 return (EPERM); 748 749 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 750 return (EINVAL); 751 752 kctx = GET_KCTX_NGZ; 753 754 /* 755 * convert file pointer to file descriptor 756 * Note: fd ref count incremented here. 757 */ 758 if ((fp = (struct file *)getf(fd)) == NULL) { 759 return (EBADF); 760 } 761 vp = fp->f_vnode; 762 if (vp->v_type != VDOOR) { 763 cmn_err(CE_WARN, 764 "auditdoor() did not get the expected door descriptor\n"); 765 releasef(fd); 766 return (EINVAL); 767 } 768 /* 769 * If the output thread is already running, then replace the 770 * door descriptor with the new one and continue; otherwise 771 * create the thread too. Since au_output_thread makes a call 772 * to au_doorio() which also does 773 * mutex_lock(&(kctx->auk_svc_lock)), the create/dispatch is 774 * done after the unlock... 775 */ 776 mutex_enter(&(kctx->auk_svc_lock)); 777 778 if (kctx->auk_current_vp != NULL) 779 VN_RELE(kctx->auk_current_vp); 780 781 kctx->auk_current_vp = vp; 782 VN_HOLD(kctx->auk_current_vp); 783 releasef(fd); 784 785 if (!kctx->auk_output_active) { 786 kctx->auk_output_active = 1; 787 do_create = 1; 788 } 789 mutex_exit(&(kctx->auk_svc_lock)); 790 if (do_create) { 791 kctx->auk_taskq = 792 taskq_create("output_master", 1, minclsyspri, 1, 1, 0); 793 (void) taskq_dispatch(kctx->auk_taskq, 794 (task_func_t *)au_output_thread, 795 kctx, TQ_SLEEP); 796 } 797 return (0); 798 } 799 800 /* 801 * au_queue_kick -- wake up the output queue after delay ticks 802 */ 803 static void 804 au_queue_kick(void *kctx) 805 { 806 /* 807 * wakeup reader if its not running and there is something 808 * to do. It also helps that kctx still be valid... 809 */ 810 811 if ((((au_kcontext_t *)kctx)->auk_valid != AUK_VALID) || 812 (((au_kcontext_t *)kctx)->auk_auditstate == AUC_NOAUDIT)) 813 return; 814 815 if (((au_kcontext_t *)kctx)->auk_queue.cnt && 816 ((au_kcontext_t *)kctx)->auk_queue.rd_block) 817 cv_broadcast(&((au_kcontext_t *)kctx)->auk_queue.read_cv); 818 819 /* fire off timeout event to kick audit queue awake */ 820 (void) timeout(au_queue_kick, kctx, 821 ((au_kcontext_t *)kctx)->auk_queue.delay); 822 } 823 824 /* 825 * output thread 826 * 827 * this runs "forever" where "forever" means until either auk_auditstate 828 * changes from AUC_AUDITING or if the door descriptor becomes invalid. 829 * 830 * there is one thread per active zone if AUC_PERZONE is set. Since 831 * there is the possibility that a zone may go down without auditd 832 * terminating properly, a zone shutdown kills its au_output_thread() 833 * via taskq_destroy(). 834 */ 835 836 static void 837 au_output_thread(au_kcontext_t *kctx) 838 { 839 int error = 0; 840 841 (void) timeout(au_queue_kick, kctx, kctx->auk_queue.delay); 842 843 /* 844 * Wait for work, until a signal arrives, 845 * or until auditing is disabled. 846 */ 847 848 while (!error) { 849 if (kctx->auk_auditstate == AUC_AUDITING) { 850 mutex_enter(&(kctx->auk_queue.lock)); 851 while (kctx->auk_queue.head == NULL) { 852 /* safety check. kick writer awake */ 853 if (kctx->auk_queue.wt_block) { 854 cv_broadcast(&(kctx-> 855 auk_queue.write_cv)); 856 } 857 858 kctx->auk_queue.rd_block = 1; 859 AS_INC(as_rblocked, 1, kctx); 860 861 cv_wait(&(kctx->auk_queue.read_cv), 862 &(kctx->auk_queue.lock)); 863 kctx->auk_queue.rd_block = 0; 864 865 if (kctx->auk_auditstate != AUC_AUDITING) { 866 mutex_exit(&(kctx->auk_queue.lock)); 867 (void) timeout(audit_dont_stop, kctx, 868 au_resid); 869 goto output_exit; 870 } 871 kctx->auk_queue.rd_block = 0; 872 } 873 mutex_exit(&(kctx->auk_queue.lock)); 874 /* 875 * au_doorio() calls au_door_upcall which holds 876 * auk_svc_lock; au_doorio empties the queue before 877 * returning. 878 */ 879 880 error = au_doorio(kctx); 881 } else { 882 /* auditing turned off while we slept */ 883 break; 884 } 885 } 886 output_exit: 887 mutex_enter(&(kctx->auk_svc_lock)); 888 889 VN_RELE(kctx->auk_current_vp); 890 kctx->auk_current_vp = NULL; 891 892 kctx->auk_output_active = 0; 893 894 mutex_exit(&(kctx->auk_svc_lock)); 895 } 896 897 898 /* 899 * Get the global policy flag 900 */ 901 902 static int 903 getpolicy(caddr_t data) 904 { 905 int policy; 906 au_kcontext_t *kctx = GET_KCTX_PZ; 907 908 policy = audit_policy | kctx->auk_policy; 909 910 if (copyout(&policy, data, sizeof (int))) 911 return (EFAULT); 912 return (0); 913 } 914 915 /* 916 * Set the global and local policy flags 917 * 918 * The global flags only make sense from the global zone; 919 * the local flags depend on the AUDIT_PERZONE policy: 920 * if the perzone policy is set, then policy is set separately 921 * per zone, else held only in the global zone. 922 * 923 * The initial value of a local zone's policy flag is determined 924 * by the value of the global zone's flags at the time the 925 * local zone is created. 926 * 927 * While auditconfig(1M) allows setting and unsetting policies one bit 928 * at a time, the mask passed in from auditconfig() is created by a 929 * syscall to getpolicy and then modified based on the auditconfig() 930 * cmd line, so the input policy value is used to replace the existing 931 * policy. 932 */ 933 934 935 static int 936 setpolicy(caddr_t data) 937 { 938 int policy; 939 au_kcontext_t *kctx; 940 941 if (copyin(data, &policy, sizeof (int))) 942 return (EFAULT); 943 944 kctx = GET_KCTX_NGZ; 945 946 if (INGLOBALZONE(curproc)) { 947 if (policy & ~(AUDIT_GLOBAL | AUDIT_LOCAL)) 948 return (EINVAL); 949 950 audit_policy = policy & AUDIT_GLOBAL; 951 } else { 952 if (!(audit_policy & AUDIT_PERZONE)) 953 return (EINVAL); 954 955 if (policy & ~AUDIT_LOCAL) /* global bits are a no-no */ 956 return (EINVAL); 957 } 958 kctx->auk_policy = policy & AUDIT_LOCAL; 959 960 /* 961 * auk_current_vp is NULL before auditd starts (or during early 962 * auditd starup) or if auditd is halted; in either case, 963 * notification of a policy change is not needed, since auditd 964 * reads policy as it comes up. The error return from au_doormsg() 965 * is ignored to avoid a race condition -- for example if auditd 966 * segv's, the audit state may be "auditing" but the door may 967 * be closed. Returning an error if the door is open makes it 968 * impossible for Greenline to restart auditd. 969 */ 970 if (kctx->auk_current_vp != NULL) 971 (void) au_doormsg(kctx, AU_DBUF_POLICY, &policy); 972 973 /* 974 * Wake up anyone who might have blocked on full audit 975 * partitions. audit daemons need to set AUDIT_FULL when no 976 * space so we can tell if we should start dropping records. 977 */ 978 mutex_enter(&(kctx->auk_queue.lock)); 979 980 if ((policy & (AUDIT_CNT | AUDIT_SCNT) && 981 (kctx->auk_queue.cnt >= kctx->auk_queue.hiwater))) 982 cv_broadcast(&(kctx->auk_queue.write_cv)); 983 984 mutex_exit(&(kctx->auk_queue.lock)); 985 986 return (0); 987 } 988 989 static int 990 getkmask(caddr_t data) 991 { 992 au_kcontext_t *kctx; 993 994 kctx = GET_KCTX_PZ; 995 996 if (copyout(&kctx->auk_info.ai_mask, data, sizeof (au_mask_t))) 997 return (EFAULT); 998 return (0); 999 } 1000 1001 static int 1002 setkmask(caddr_t data) 1003 { 1004 au_mask_t mask; 1005 au_kcontext_t *kctx; 1006 1007 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 1008 return (EINVAL); 1009 1010 kctx = GET_KCTX_NGZ; 1011 1012 if (copyin(data, &mask, sizeof (au_mask_t))) 1013 return (EFAULT); 1014 1015 kctx->auk_info.ai_mask = mask; 1016 return (0); 1017 } 1018 1019 static int 1020 getkaudit(caddr_t info_p, int len) 1021 { 1022 STRUCT_DECL(auditinfo_addr, info); 1023 model_t model; 1024 au_kcontext_t *kctx = GET_KCTX_PZ; 1025 1026 model = get_udatamodel(); 1027 STRUCT_INIT(info, model); 1028 1029 if (len < STRUCT_SIZE(info)) 1030 return (EOVERFLOW); 1031 1032 STRUCT_FSET(info, ai_auid, kctx->auk_info.ai_auid); 1033 STRUCT_FSET(info, ai_mask, kctx->auk_info.ai_mask); 1034 #ifdef _LP64 1035 if (model == DATAMODEL_ILP32) { 1036 dev32_t dev; 1037 /* convert internal 64 bit form to 32 bit version */ 1038 if (cmpldev(&dev, kctx->auk_info.ai_termid.at_port) == 0) { 1039 return (EOVERFLOW); 1040 } 1041 STRUCT_FSET(info, ai_termid.at_port, dev); 1042 } else { 1043 STRUCT_FSET(info, ai_termid.at_port, 1044 kctx->auk_info.ai_termid.at_port); 1045 } 1046 #else 1047 STRUCT_FSET(info, ai_termid.at_port, 1048 kctx->auk_info.ai_termid.at_port); 1049 #endif 1050 STRUCT_FSET(info, ai_termid.at_type, 1051 kctx->auk_info.ai_termid.at_type); 1052 STRUCT_FSET(info, ai_termid.at_addr[0], 1053 kctx->auk_info.ai_termid.at_addr[0]); 1054 STRUCT_FSET(info, ai_termid.at_addr[1], 1055 kctx->auk_info.ai_termid.at_addr[1]); 1056 STRUCT_FSET(info, ai_termid.at_addr[2], 1057 kctx->auk_info.ai_termid.at_addr[2]); 1058 STRUCT_FSET(info, ai_termid.at_addr[3], 1059 kctx->auk_info.ai_termid.at_addr[3]); 1060 STRUCT_FSET(info, ai_asid, kctx->auk_info.ai_asid); 1061 1062 if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info))) 1063 return (EFAULT); 1064 1065 return (0); 1066 } 1067 1068 /* 1069 * the host address for AUDIT_PERZONE == 0 is that of the global 1070 * zone and for local zones it is of the current zone. 1071 */ 1072 1073 static int 1074 setkaudit(caddr_t info_p, int len) 1075 { 1076 STRUCT_DECL(auditinfo_addr, info); 1077 model_t model; 1078 au_kcontext_t *kctx; 1079 1080 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 1081 return (EINVAL); 1082 1083 kctx = GET_KCTX_NGZ; 1084 1085 model = get_udatamodel(); 1086 STRUCT_INIT(info, model); 1087 1088 if (len < STRUCT_SIZE(info)) 1089 return (EOVERFLOW); 1090 1091 if (copyin(info_p, STRUCT_BUF(info), STRUCT_SIZE(info))) 1092 return (EFAULT); 1093 1094 if ((STRUCT_FGET(info, ai_termid.at_type) != AU_IPv4) && 1095 (STRUCT_FGET(info, ai_termid.at_type) != AU_IPv6)) 1096 return (EINVAL); 1097 1098 /* Set audit mask, termid and session id as specified */ 1099 kctx->auk_info.ai_auid = STRUCT_FGET(info, ai_auid); 1100 kctx->auk_info.ai_mask = STRUCT_FGET(info, ai_mask); 1101 #ifdef _LP64 1102 /* only convert to 64 bit if coming from a 32 bit binary */ 1103 if (model == DATAMODEL_ILP32) 1104 kctx->auk_info.ai_termid.at_port = 1105 DEVEXPL(STRUCT_FGET(info, ai_termid.at_port)); 1106 else 1107 kctx->auk_info.ai_termid.at_port = 1108 STRUCT_FGET(info, ai_termid.at_port); 1109 #else 1110 kctx->auk_info.ai_termid.at_port = STRUCT_FGET(info, ai_termid.at_port); 1111 #endif 1112 kctx->auk_info.ai_termid.at_type = STRUCT_FGET(info, ai_termid.at_type); 1113 bzero(&kctx->auk_info.ai_termid.at_addr[0], 1114 sizeof (kctx->auk_info.ai_termid.at_addr)); 1115 kctx->auk_info.ai_termid.at_addr[0] = 1116 STRUCT_FGET(info, ai_termid.at_addr[0]); 1117 kctx->auk_info.ai_termid.at_addr[1] = 1118 STRUCT_FGET(info, ai_termid.at_addr[1]); 1119 kctx->auk_info.ai_termid.at_addr[2] = 1120 STRUCT_FGET(info, ai_termid.at_addr[2]); 1121 kctx->auk_info.ai_termid.at_addr[3] = 1122 STRUCT_FGET(info, ai_termid.at_addr[3]); 1123 kctx->auk_info.ai_asid = STRUCT_FGET(info, ai_asid); 1124 1125 if (kctx->auk_info.ai_termid.at_type == AU_IPv6 && 1126 IN6_IS_ADDR_V4MAPPED( 1127 ((in6_addr_t *)kctx->auk_info.ai_termid.at_addr))) { 1128 kctx->auk_info.ai_termid.at_type = AU_IPv4; 1129 kctx->auk_info.ai_termid.at_addr[0] = 1130 kctx->auk_info.ai_termid.at_addr[3]; 1131 kctx->auk_info.ai_termid.at_addr[1] = 0; 1132 kctx->auk_info.ai_termid.at_addr[2] = 0; 1133 kctx->auk_info.ai_termid.at_addr[3] = 0; 1134 } 1135 if (kctx->auk_info.ai_termid.at_type == AU_IPv6) 1136 kctx->auk_hostaddr_valid = IN6_IS_ADDR_UNSPECIFIED( 1137 (in6_addr_t *)kctx->auk_info.ai_termid.at_addr) ? 0 : 1; 1138 else 1139 kctx->auk_hostaddr_valid = 1140 (kctx->auk_info.ai_termid.at_addr[0] == 1141 htonl(INADDR_ANY)) ? 0 : 1; 1142 1143 return (0); 1144 } 1145 1146 static int 1147 getqctrl(caddr_t data) 1148 { 1149 au_kcontext_t *kctx = GET_KCTX_PZ; 1150 STRUCT_DECL(au_qctrl, qctrl); 1151 STRUCT_INIT(qctrl, get_udatamodel()); 1152 1153 mutex_enter(&(kctx->auk_queue.lock)); 1154 STRUCT_FSET(qctrl, aq_hiwater, kctx->auk_queue.hiwater); 1155 STRUCT_FSET(qctrl, aq_lowater, kctx->auk_queue.lowater); 1156 STRUCT_FSET(qctrl, aq_bufsz, kctx->auk_queue.bufsz); 1157 STRUCT_FSET(qctrl, aq_delay, kctx->auk_queue.delay); 1158 mutex_exit(&(kctx->auk_queue.lock)); 1159 1160 if (copyout(STRUCT_BUF(qctrl), data, STRUCT_SIZE(qctrl))) 1161 return (EFAULT); 1162 1163 return (0); 1164 } 1165 1166 static int 1167 setqctrl(caddr_t data) 1168 { 1169 au_kcontext_t *kctx; 1170 struct au_qctrl qctrl_tmp; 1171 STRUCT_DECL(au_qctrl, qctrl); 1172 STRUCT_INIT(qctrl, get_udatamodel()); 1173 1174 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 1175 return (EINVAL); 1176 kctx = GET_KCTX_NGZ; 1177 1178 if (copyin(data, STRUCT_BUF(qctrl), STRUCT_SIZE(qctrl))) 1179 return (EFAULT); 1180 1181 qctrl_tmp.aq_hiwater = (size_t)STRUCT_FGET(qctrl, aq_hiwater); 1182 qctrl_tmp.aq_lowater = (size_t)STRUCT_FGET(qctrl, aq_lowater); 1183 qctrl_tmp.aq_bufsz = (size_t)STRUCT_FGET(qctrl, aq_bufsz); 1184 qctrl_tmp.aq_delay = (clock_t)STRUCT_FGET(qctrl, aq_delay); 1185 1186 /* enforce sane values */ 1187 1188 if (qctrl_tmp.aq_hiwater <= qctrl_tmp.aq_lowater) 1189 return (EINVAL); 1190 1191 if (qctrl_tmp.aq_hiwater < AQ_LOWATER) 1192 return (EINVAL); 1193 1194 if (qctrl_tmp.aq_hiwater > AQ_MAXHIGH) 1195 return (EINVAL); 1196 1197 if (qctrl_tmp.aq_bufsz < AQ_BUFSZ) 1198 return (EINVAL); 1199 1200 if (qctrl_tmp.aq_bufsz > AQ_MAXBUFSZ) 1201 return (EINVAL); 1202 1203 if (qctrl_tmp.aq_delay == 0) 1204 return (EINVAL); 1205 1206 if (qctrl_tmp.aq_delay > AQ_MAXDELAY) 1207 return (EINVAL); 1208 1209 /* update everything at once so things are consistant */ 1210 mutex_enter(&(kctx->auk_queue.lock)); 1211 kctx->auk_queue.hiwater = qctrl_tmp.aq_hiwater; 1212 kctx->auk_queue.lowater = qctrl_tmp.aq_lowater; 1213 kctx->auk_queue.bufsz = qctrl_tmp.aq_bufsz; 1214 kctx->auk_queue.delay = qctrl_tmp.aq_delay; 1215 1216 if (kctx->auk_queue.rd_block && 1217 kctx->auk_queue.cnt > kctx->auk_queue.lowater) 1218 cv_broadcast(&(kctx->auk_queue.read_cv)); 1219 1220 if (kctx->auk_queue.wt_block && 1221 kctx->auk_queue.cnt < kctx->auk_queue.hiwater) 1222 cv_broadcast(&(kctx->auk_queue.write_cv)); 1223 1224 mutex_exit(&(kctx->auk_queue.lock)); 1225 1226 return (0); 1227 } 1228 1229 static int 1230 getcwd(caddr_t data, int length) 1231 { 1232 struct p_audit_data *pad; 1233 struct audit_path *app; 1234 int pathlen; 1235 1236 pad = P2A(curproc); 1237 ASSERT(pad != NULL); 1238 1239 mutex_enter(&(pad->pad_lock)); 1240 app = pad->pad_cwd; 1241 au_pathhold(app); 1242 mutex_exit(&(pad->pad_lock)); 1243 1244 pathlen = app->audp_sect[1] - app->audp_sect[0]; 1245 if (pathlen > length) { 1246 au_pathrele(app); 1247 return (E2BIG); 1248 } 1249 1250 if (copyout(app->audp_sect[0], data, pathlen)) { 1251 au_pathrele(app); 1252 return (EFAULT); 1253 } 1254 1255 au_pathrele(app); 1256 return (0); 1257 } 1258 1259 static int 1260 getcar(caddr_t data, int length) 1261 { 1262 struct p_audit_data *pad; 1263 struct audit_path *app; 1264 int pathlen; 1265 1266 pad = P2A(curproc); 1267 ASSERT(pad != NULL); 1268 1269 mutex_enter(&(pad->pad_lock)); 1270 app = pad->pad_root; 1271 au_pathhold(app); 1272 mutex_exit(&(pad->pad_lock)); 1273 1274 pathlen = app->audp_sect[1] - app->audp_sect[0]; 1275 if (pathlen > length) { 1276 au_pathrele(app); 1277 return (E2BIG); 1278 } 1279 1280 if (copyout(app->audp_sect[0], data, pathlen)) { 1281 au_pathrele(app); 1282 return (EFAULT); 1283 } 1284 1285 au_pathrele(app); 1286 return (0); 1287 } 1288 1289 static int 1290 getstat(caddr_t data) 1291 { 1292 au_kcontext_t *kctx = GET_KCTX_PZ; 1293 1294 membar_consumer(); 1295 1296 if (copyout((caddr_t)&(kctx->auk_statistics), data, sizeof (au_stat_t))) 1297 return (EFAULT); 1298 return (0); 1299 } 1300 1301 1302 static int 1303 setstat(caddr_t data) 1304 { 1305 au_kcontext_t *kctx = GET_KCTX_PZ; 1306 au_stat_t au_stat; 1307 1308 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 1309 return (EINVAL); 1310 1311 if (copyin(data, &au_stat, sizeof (au_stat_t))) 1312 return (EFAULT); 1313 1314 if (au_stat.as_generated == CLEAR_VAL) 1315 kctx->auk_statistics.as_generated = 0; 1316 if (au_stat.as_nonattrib == CLEAR_VAL) 1317 kctx->auk_statistics.as_nonattrib = 0; 1318 if (au_stat.as_kernel == CLEAR_VAL) 1319 kctx->auk_statistics.as_kernel = 0; 1320 if (au_stat.as_audit == CLEAR_VAL) 1321 kctx->auk_statistics.as_audit = 0; 1322 if (au_stat.as_auditctl == CLEAR_VAL) 1323 kctx->auk_statistics.as_auditctl = 0; 1324 if (au_stat.as_enqueue == CLEAR_VAL) 1325 kctx->auk_statistics.as_enqueue = 0; 1326 if (au_stat.as_written == CLEAR_VAL) 1327 kctx->auk_statistics.as_written = 0; 1328 if (au_stat.as_wblocked == CLEAR_VAL) 1329 kctx->auk_statistics.as_wblocked = 0; 1330 if (au_stat.as_rblocked == CLEAR_VAL) 1331 kctx->auk_statistics.as_rblocked = 0; 1332 if (au_stat.as_dropped == CLEAR_VAL) 1333 kctx->auk_statistics.as_dropped = 0; 1334 if (au_stat.as_totalsize == CLEAR_VAL) 1335 kctx->auk_statistics.as_totalsize = 0; 1336 1337 membar_producer(); 1338 1339 return (0); 1340 1341 } 1342 1343 static int 1344 setumask(caddr_t data) 1345 { 1346 STRUCT_DECL(auditinfo, user_info); 1347 struct proc *p; 1348 const auditinfo_addr_t *ainfo; 1349 model_t model; 1350 1351 /* setumask not applicable in non-global zones without perzone policy */ 1352 if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc))) 1353 return (EINVAL); 1354 1355 model = get_udatamodel(); 1356 STRUCT_INIT(user_info, model); 1357 1358 if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info))) 1359 return (EFAULT); 1360 1361 mutex_enter(&pidlock); /* lock the process queue against updates */ 1362 for (p = practive; p != NULL; p = p->p_next) { 1363 cred_t *cr; 1364 1365 /* if in non-global zone only modify processes in same zone */ 1366 if (!HASZONEACCESS(curproc, p->p_zone->zone_id)) 1367 continue; 1368 1369 mutex_enter(&p->p_lock); /* so process doesn't go away */ 1370 1371 /* skip system processes and ones being created or going away */ 1372 if (p->p_stat == SIDL || p->p_stat == SZOMB || 1373 (p->p_flag & (SSYS | SEXITING | SEXITLWPS))) { 1374 mutex_exit(&p->p_lock); 1375 continue; 1376 } 1377 1378 mutex_enter(&p->p_crlock); 1379 crhold(cr = p->p_cred); 1380 mutex_exit(&p->p_crlock); 1381 ainfo = crgetauinfo(cr); 1382 if (ainfo == NULL) { 1383 mutex_exit(&p->p_lock); 1384 crfree(cr); 1385 continue; 1386 } 1387 1388 if (ainfo->ai_auid == STRUCT_FGET(user_info, ai_auid)) { 1389 au_mask_t mask; 1390 int err; 1391 1392 /* 1393 * Here's a process which matches the specified auid. 1394 * If its mask doesn't already match the new mask, 1395 * save the new mask in the pad, to be picked up 1396 * next syscall. 1397 */ 1398 mask = STRUCT_FGET(user_info, ai_mask); 1399 err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t)); 1400 crfree(cr); 1401 if (err != 0) { 1402 struct p_audit_data *pad = P2A(p); 1403 ASSERT(pad != NULL); 1404 1405 mutex_enter(&(pad->pad_lock)); 1406 pad->pad_flags |= PAD_SETMASK; 1407 pad->pad_newmask = mask; 1408 mutex_exit(&(pad->pad_lock)); 1409 1410 /* 1411 * No need to call set_proc_pre_sys(), since 1412 * t_pre_sys is ALWAYS on when audit is 1413 * enabled...due to syscall auditing. 1414 */ 1415 } 1416 } else { 1417 crfree(cr); 1418 } 1419 mutex_exit(&p->p_lock); 1420 } 1421 mutex_exit(&pidlock); 1422 1423 return (0); 1424 } 1425 1426 static int 1427 setsmask(caddr_t data) 1428 { 1429 STRUCT_DECL(auditinfo, user_info); 1430 struct proc *p; 1431 const auditinfo_addr_t *ainfo; 1432 model_t model; 1433 1434 /* setsmask not applicable in non-global zones without perzone policy */ 1435 if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc))) 1436 return (EINVAL); 1437 1438 model = get_udatamodel(); 1439 STRUCT_INIT(user_info, model); 1440 1441 if (copyin(data, STRUCT_BUF(user_info), STRUCT_SIZE(user_info))) 1442 return (EFAULT); 1443 1444 mutex_enter(&pidlock); /* lock the process queue against updates */ 1445 for (p = practive; p != NULL; p = p->p_next) { 1446 cred_t *cr; 1447 1448 /* if in non-global zone only modify processes in same zone */ 1449 if (!HASZONEACCESS(curproc, p->p_zone->zone_id)) 1450 continue; 1451 1452 mutex_enter(&p->p_lock); /* so process doesn't go away */ 1453 1454 /* skip system processes and ones being created or going away */ 1455 if (p->p_stat == SIDL || p->p_stat == SZOMB || 1456 (p->p_flag & (SSYS | SEXITING | SEXITLWPS))) { 1457 mutex_exit(&p->p_lock); 1458 continue; 1459 } 1460 1461 mutex_enter(&p->p_crlock); 1462 crhold(cr = p->p_cred); 1463 mutex_exit(&p->p_crlock); 1464 ainfo = crgetauinfo(cr); 1465 if (ainfo == NULL) { 1466 mutex_exit(&p->p_lock); 1467 crfree(cr); 1468 continue; 1469 } 1470 1471 if (ainfo->ai_asid == STRUCT_FGET(user_info, ai_asid)) { 1472 au_mask_t mask; 1473 int err; 1474 1475 /* 1476 * Here's a process which matches the specified asid. 1477 * If its mask doesn't already match the new mask, 1478 * save the new mask in the pad, to be picked up 1479 * next syscall. 1480 */ 1481 mask = STRUCT_FGET(user_info, ai_mask); 1482 err = bcmp(&mask, &ainfo->ai_mask, sizeof (au_mask_t)); 1483 crfree(cr); 1484 if (err != 0) { 1485 struct p_audit_data *pad = P2A(p); 1486 ASSERT(pad != NULL); 1487 1488 mutex_enter(&(pad->pad_lock)); 1489 pad->pad_flags |= PAD_SETMASK; 1490 pad->pad_newmask = mask; 1491 mutex_exit(&(pad->pad_lock)); 1492 1493 /* 1494 * No need to call set_proc_pre_sys(), since 1495 * t_pre_sys is ALWAYS on when audit is 1496 * enabled...due to syscall auditing. 1497 */ 1498 } 1499 } else { 1500 crfree(cr); 1501 } 1502 mutex_exit(&p->p_lock); 1503 } 1504 mutex_exit(&pidlock); 1505 1506 return (0); 1507 } 1508 1509 /* 1510 * Get the current audit state of the system 1511 */ 1512 static int 1513 getcond(caddr_t data) 1514 { 1515 au_kcontext_t *kctx; 1516 1517 if (au_auditstate == AUC_DISABLED) 1518 if (copyout(&au_auditstate, data, sizeof (int))) 1519 return (EFAULT); 1520 1521 kctx = GET_KCTX_PZ; 1522 1523 if (copyout(&(kctx->auk_auditstate), data, sizeof (int))) 1524 return (EFAULT); 1525 1526 return (0); 1527 } 1528 1529 /* 1530 * Set the current audit state of the system to on (AUC_AUDITING) or 1531 * off (AUC_NOAUDIT). 1532 */ 1533 /* ARGSUSED */ 1534 static int 1535 setcond(caddr_t data) 1536 { 1537 int auditstate; 1538 au_kcontext_t *kctx; 1539 1540 if (!(audit_policy & AUDIT_PERZONE) && (!INGLOBALZONE(curproc))) 1541 return (EINVAL); 1542 1543 kctx = GET_KCTX_NGZ; 1544 1545 if (copyin(data, &auditstate, sizeof (int))) 1546 return (EFAULT); 1547 1548 switch (auditstate) { 1549 case AUC_AUDITING: /* Turn auditing on */ 1550 kctx->auk_auditstate = AUC_AUDITING; 1551 au_auditstate = AUC_ENABLED; 1552 break; 1553 1554 case AUC_NOAUDIT: /* Turn auditing off */ 1555 if (kctx->auk_auditstate == AUC_NOAUDIT) 1556 break; 1557 kctx->auk_auditstate = AUC_NOAUDIT; 1558 1559 /* clear out the audit queue */ 1560 1561 mutex_enter(&(kctx->auk_queue.lock)); 1562 if (kctx->auk_queue.wt_block) 1563 cv_broadcast(&(kctx->auk_queue.write_cv)); 1564 1565 /* unblock au_output_thread */ 1566 cv_broadcast(&(kctx->auk_queue.read_cv)); 1567 1568 mutex_exit(&(kctx->auk_queue.lock)); 1569 break; 1570 1571 default: 1572 return (EINVAL); 1573 } 1574 1575 return (0); 1576 } 1577 1578 static int 1579 getclass(caddr_t data) 1580 { 1581 au_evclass_map_t event; 1582 au_kcontext_t *kctx = GET_KCTX_PZ; 1583 1584 if (copyin(data, &event, sizeof (au_evclass_map_t))) 1585 return (EFAULT); 1586 1587 if (event.ec_number > MAX_KEVENTS) 1588 return (EINVAL); 1589 1590 event.ec_class = kctx->auk_ets[event.ec_number]; 1591 1592 if (copyout(&event, data, sizeof (au_evclass_map_t))) 1593 return (EFAULT); 1594 1595 return (0); 1596 } 1597 1598 static int 1599 setclass(caddr_t data) 1600 { 1601 au_evclass_map_t event; 1602 au_kcontext_t *kctx; 1603 1604 if (!(audit_policy & AUDIT_PERZONE) && !INGLOBALZONE(curproc)) 1605 return (EINVAL); 1606 1607 kctx = GET_KCTX_NGZ; 1608 1609 if (copyin(data, &event, sizeof (au_evclass_map_t))) 1610 return (EFAULT); 1611 1612 if (event.ec_number > MAX_KEVENTS) 1613 return (EINVAL); 1614 1615 kctx->auk_ets[event.ec_number] = event.ec_class; 1616 1617 return (0); 1618 } 1619 1620 static int 1621 getpinfo(caddr_t data) 1622 { 1623 STRUCT_DECL(auditpinfo, apinfo); 1624 proc_t *proc; 1625 const auditinfo_addr_t *ainfo; 1626 model_t model; 1627 cred_t *cr, *newcred; 1628 1629 model = get_udatamodel(); 1630 STRUCT_INIT(apinfo, model); 1631 1632 if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo))) 1633 return (EFAULT); 1634 1635 newcred = cralloc(); 1636 1637 mutex_enter(&pidlock); 1638 if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) { 1639 mutex_exit(&pidlock); 1640 crfree(newcred); 1641 return (ESRCH); /* no such process */ 1642 } 1643 mutex_enter(&proc->p_lock); /* so process doesn't go away */ 1644 mutex_exit(&pidlock); 1645 1646 audit_update_context(proc, newcred); /* make sure it's up-to-date */ 1647 1648 mutex_enter(&proc->p_crlock); 1649 crhold(cr = proc->p_cred); 1650 mutex_exit(&proc->p_crlock); 1651 mutex_exit(&proc->p_lock); 1652 1653 ainfo = crgetauinfo(cr); 1654 if (ainfo == NULL) { 1655 crfree(cr); 1656 return (EINVAL); 1657 } 1658 1659 /* designated process has an ipv6 address? */ 1660 if (ainfo->ai_termid.at_type == AU_IPv6) { 1661 crfree(cr); 1662 return (EOVERFLOW); 1663 } 1664 1665 STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid); 1666 STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid); 1667 #ifdef _LP64 1668 if (model == DATAMODEL_ILP32) { 1669 dev32_t dev; 1670 /* convert internal 64 bit form to 32 bit version */ 1671 if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) { 1672 crfree(cr); 1673 return (EOVERFLOW); 1674 } 1675 STRUCT_FSET(apinfo, ap_termid.port, dev); 1676 } else 1677 STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port); 1678 #else 1679 STRUCT_FSET(apinfo, ap_termid.port, ainfo->ai_termid.at_port); 1680 #endif 1681 STRUCT_FSET(apinfo, ap_termid.machine, ainfo->ai_termid.at_addr[0]); 1682 STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask); 1683 1684 crfree(cr); 1685 1686 if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo))) 1687 return (EFAULT); 1688 1689 return (0); 1690 } 1691 1692 static int 1693 getpinfo_addr(caddr_t data, int len) 1694 { 1695 STRUCT_DECL(auditpinfo_addr, apinfo); 1696 proc_t *proc; 1697 const auditinfo_addr_t *ainfo; 1698 model_t model; 1699 cred_t *cr, *newcred; 1700 1701 model = get_udatamodel(); 1702 STRUCT_INIT(apinfo, model); 1703 1704 if (len < STRUCT_SIZE(apinfo)) 1705 return (EOVERFLOW); 1706 1707 if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo))) 1708 return (EFAULT); 1709 1710 newcred = cralloc(); 1711 1712 mutex_enter(&pidlock); 1713 if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) { 1714 mutex_exit(&pidlock); 1715 crfree(newcred); 1716 return (ESRCH); 1717 } 1718 mutex_enter(&proc->p_lock); /* so process doesn't go away */ 1719 mutex_exit(&pidlock); 1720 1721 audit_update_context(proc, newcred); /* make sure it's up-to-date */ 1722 1723 mutex_enter(&proc->p_crlock); 1724 crhold(cr = proc->p_cred); 1725 mutex_exit(&proc->p_crlock); 1726 mutex_exit(&proc->p_lock); 1727 1728 ainfo = crgetauinfo(cr); 1729 if (ainfo == NULL) { 1730 crfree(cr); 1731 return (EINVAL); 1732 } 1733 1734 STRUCT_FSET(apinfo, ap_auid, ainfo->ai_auid); 1735 STRUCT_FSET(apinfo, ap_asid, ainfo->ai_asid); 1736 #ifdef _LP64 1737 if (model == DATAMODEL_ILP32) { 1738 dev32_t dev; 1739 /* convert internal 64 bit form to 32 bit version */ 1740 if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) { 1741 crfree(cr); 1742 return (EOVERFLOW); 1743 } 1744 STRUCT_FSET(apinfo, ap_termid.at_port, dev); 1745 } else 1746 STRUCT_FSET(apinfo, ap_termid.at_port, 1747 ainfo->ai_termid.at_port); 1748 #else 1749 STRUCT_FSET(apinfo, ap_termid.at_port, ainfo->ai_termid.at_port); 1750 #endif 1751 STRUCT_FSET(apinfo, ap_termid.at_type, ainfo->ai_termid.at_type); 1752 STRUCT_FSET(apinfo, ap_termid.at_addr[0], ainfo->ai_termid.at_addr[0]); 1753 STRUCT_FSET(apinfo, ap_termid.at_addr[1], ainfo->ai_termid.at_addr[1]); 1754 STRUCT_FSET(apinfo, ap_termid.at_addr[2], ainfo->ai_termid.at_addr[2]); 1755 STRUCT_FSET(apinfo, ap_termid.at_addr[3], ainfo->ai_termid.at_addr[3]); 1756 STRUCT_FSET(apinfo, ap_mask, ainfo->ai_mask); 1757 1758 crfree(cr); 1759 1760 if (copyout(STRUCT_BUF(apinfo), data, STRUCT_SIZE(apinfo))) 1761 return (EFAULT); 1762 1763 return (0); 1764 } 1765 1766 static int 1767 setpmask(caddr_t data) 1768 { 1769 STRUCT_DECL(auditpinfo, apinfo); 1770 proc_t *proc; 1771 cred_t *newcred; 1772 auditinfo_addr_t *ainfo; 1773 struct p_audit_data *pad; 1774 1775 model_t model; 1776 1777 model = get_udatamodel(); 1778 STRUCT_INIT(apinfo, model); 1779 1780 if (copyin(data, STRUCT_BUF(apinfo), STRUCT_SIZE(apinfo))) 1781 return (EFAULT); 1782 1783 mutex_enter(&pidlock); 1784 if ((proc = prfind(STRUCT_FGET(apinfo, ap_pid))) == NULL) { 1785 mutex_exit(&pidlock); 1786 return (ESRCH); 1787 } 1788 mutex_enter(&proc->p_lock); /* so process doesn't go away */ 1789 mutex_exit(&pidlock); 1790 1791 newcred = cralloc(); 1792 if ((ainfo = crgetauinfo_modifiable(newcred)) == NULL) { 1793 mutex_exit(&proc->p_lock); 1794 crfree(newcred); 1795 return (EINVAL); 1796 } 1797 1798 mutex_enter(&proc->p_crlock); 1799 crcopy_to(proc->p_cred, newcred); 1800 proc->p_cred = newcred; 1801 1802 ainfo->ai_mask = STRUCT_FGET(apinfo, ap_mask); 1803 1804 /* 1805 * Unlock. No need to broadcast changes via set_proc_pre_sys(), 1806 * since t_pre_sys is ALWAYS on when audit is enabled... due to 1807 * syscall auditing. 1808 */ 1809 crfree(newcred); 1810 mutex_exit(&proc->p_crlock); 1811 1812 /* Reset flag for any previous pending mask change; this supercedes */ 1813 pad = P2A(proc); 1814 ASSERT(pad != NULL); 1815 mutex_enter(&(pad->pad_lock)); 1816 pad->pad_flags &= ~PAD_SETMASK; 1817 mutex_exit(&(pad->pad_lock)); 1818 1819 mutex_exit(&proc->p_lock); 1820 1821 return (0); 1822 } 1823 1824 /* 1825 * The out of control system call 1826 * This is audit kitchen sink aka auditadm, aka auditon 1827 */ 1828 static int 1829 auditctl( 1830 int cmd, 1831 caddr_t data, 1832 int length) 1833 { 1834 int result; 1835 1836 if (!audit_active) 1837 return (EINVAL); 1838 1839 switch (cmd) { 1840 case A_GETCOND: 1841 case A_GETCAR: 1842 case A_GETCLASS: 1843 case A_GETCWD: 1844 case A_GETKAUDIT: 1845 case A_GETKMASK: 1846 case A_GETPINFO: 1847 case A_GETPINFO_ADDR: 1848 case A_GETPOLICY: 1849 case A_GETQCTRL: 1850 case A_GETSTAT: 1851 if (secpolicy_audit_getattr(CRED()) != 0) 1852 return (EPERM); 1853 break; 1854 default: 1855 if (secpolicy_audit_config(CRED()) != 0) 1856 return (EPERM); 1857 break; 1858 } 1859 1860 switch (cmd) { 1861 case A_GETPOLICY: 1862 result = getpolicy(data); 1863 break; 1864 case A_SETPOLICY: 1865 result = setpolicy(data); 1866 break; 1867 case A_GETKMASK: 1868 result = getkmask(data); 1869 break; 1870 case A_SETKMASK: 1871 result = setkmask(data); 1872 break; 1873 case A_GETKAUDIT: 1874 result = getkaudit(data, length); 1875 break; 1876 case A_SETKAUDIT: 1877 result = setkaudit(data, length); 1878 break; 1879 case A_GETQCTRL: 1880 result = getqctrl(data); 1881 break; 1882 case A_SETQCTRL: 1883 result = setqctrl(data); 1884 break; 1885 case A_GETCWD: 1886 result = getcwd(data, length); 1887 break; 1888 case A_GETCAR: 1889 result = getcar(data, length); 1890 break; 1891 case A_GETSTAT: 1892 result = getstat(data); 1893 break; 1894 case A_SETSTAT: 1895 result = setstat(data); 1896 break; 1897 case A_SETUMASK: 1898 result = setumask(data); 1899 break; 1900 case A_SETSMASK: 1901 result = setsmask(data); 1902 break; 1903 case A_GETCOND: 1904 result = getcond(data); 1905 break; 1906 case A_SETCOND: 1907 result = setcond(data); 1908 break; 1909 case A_GETCLASS: 1910 result = getclass(data); 1911 break; 1912 case A_SETCLASS: 1913 result = setclass(data); 1914 break; 1915 case A_GETPINFO: 1916 result = getpinfo(data); 1917 break; 1918 case A_GETPINFO_ADDR: 1919 result = getpinfo_addr(data, length); 1920 break; 1921 case A_SETPMASK: 1922 result = setpmask(data); 1923 break; 1924 default: 1925 result = EINVAL; 1926 break; 1927 } 1928 return (result); 1929 } 1930 1931 static int 1932 audit_modsysent(char *modname, int flags, int (*func)()) 1933 { 1934 struct sysent *sysp; 1935 int sysnum; 1936 krwlock_t *kl; 1937 1938 if ((sysnum = mod_getsysnum(modname)) == -1) { 1939 cmn_err(CE_WARN, "system call missing from bind file"); 1940 return (-1); 1941 } 1942 1943 kl = (krwlock_t *)kobj_zalloc(sizeof (krwlock_t), KM_SLEEP); 1944 1945 sysp = &sysent[sysnum]; 1946 sysp->sy_narg = auditsysent.sy_narg; 1947 #ifdef _LP64 1948 sysp->sy_flags = (unsigned short)flags; 1949 #else 1950 sysp->sy_flags = (unsigned char)flags; 1951 #endif 1952 sysp->sy_call = func; 1953 sysp->sy_lock = kl; 1954 1955 #ifdef _SYSCALL32_IMPL 1956 sysp = &sysent32[sysnum]; 1957 sysp->sy_narg = auditsysent.sy_narg; 1958 sysp->sy_flags = (unsigned short)flags; 1959 sysp->sy_call = func; 1960 sysp->sy_lock = kl; 1961 #endif 1962 1963 rw_init(sysp->sy_lock, NULL, RW_DEFAULT, NULL); 1964 1965 return (0); 1966 } 1967