1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* 28 * This file contains the audit hook support code for auditing. 29 */ 30 31 #pragma ident "%Z%%M% %I% %E% SMI" 32 33 #include <sys/types.h> 34 #include <sys/proc.h> 35 #include <sys/vnode.h> 36 #include <sys/vfs.h> 37 #include <sys/file.h> 38 #include <sys/user.h> 39 #include <sys/stropts.h> 40 #include <sys/systm.h> 41 #include <sys/pathname.h> 42 #include <sys/syscall.h> 43 #include <sys/fcntl.h> 44 #include <sys/ipc_impl.h> 45 #include <sys/msg_impl.h> 46 #include <sys/sem_impl.h> 47 #include <sys/shm_impl.h> 48 #include <sys/kmem.h> /* for KM_SLEEP */ 49 #include <sys/socket.h> 50 #include <sys/cmn_err.h> /* snprintf... */ 51 #include <sys/debug.h> 52 #include <sys/thread.h> 53 #include <netinet/in.h> 54 #include <c2/audit.h> /* needs to be included before user.h */ 55 #include <c2/audit_kernel.h> /* for M_DONTWAIT */ 56 #include <c2/audit_kevents.h> 57 #include <c2/audit_record.h> 58 #include <sys/strsubr.h> 59 #include <sys/tihdr.h> 60 #include <sys/tiuser.h> 61 #include <sys/timod.h> 62 #include <sys/model.h> /* for model_t */ 63 #include <sys/disp.h> /* for servicing_interrupt() */ 64 #include <sys/devpolicy.h> 65 #include <sys/crypto/ioctladmin.h> 66 67 static void add_return_token(caddr_t *, unsigned int scid, int err, int rval); 68 69 static void audit_pathbuild(struct pathname *pnp); 70 71 /* 72 * ROUTINE: AUDIT_NEWPROC 73 * PURPOSE: initialize the child p_audit_data structure 74 * CALLBY: GETPROC 75 * NOTE: All threads for the parent process are locked at this point. 76 * We are essentially running singled threaded for this reason. 77 * GETPROC is called when system creates a new process. 78 * By the time AUDIT_NEWPROC is called, the child proc 79 * structure has already been initialized. What we need 80 * to do is to allocate the child p_audit_data and 81 * initialize it with the content of current parent process. 82 */ 83 84 void 85 audit_newproc(struct proc *cp) /* initialized child proc structure */ 86 { 87 p_audit_data_t *pad; /* child process audit data */ 88 p_audit_data_t *opad; /* parent process audit data */ 89 90 pad = kmem_cache_alloc(au_pad_cache, KM_SLEEP); 91 92 P2A(cp) = pad; 93 94 opad = P2A(curproc); 95 96 /* 97 * copy the audit data. Note that all threads of current 98 * process have been "held". Thus there is no race condition 99 * here with mutiple threads trying to alter the cwrd 100 * structure (such as releasing it). 101 * 102 * The audit context in the cred is "duplicated" for the new 103 * proc by elsewhere crhold'ing the parent's cred which it shares. 104 * 105 * We still want to hold things since auditon() [A_SETUMASK, 106 * A_SETSMASK] could be walking through the processes to 107 * update things. 108 */ 109 mutex_enter(&opad->pad_lock); /* lock opad structure during copy */ 110 pad->pad_data = opad->pad_data; /* copy parent's process audit data */ 111 au_pathhold(pad->pad_root); 112 au_pathhold(pad->pad_cwd); 113 mutex_exit(&opad->pad_lock); /* current proc will keep cwrd open */ 114 115 /* 116 * finish auditing of parent here so that it will be done 117 * before child has a chance to run. We include the child 118 * pid since the return value in the return token is a dummy 119 * one and contains no useful information (it is included to 120 * make the audit record structure consistant). 121 * 122 * tad_flag is set if auditing is on 123 */ 124 if (((t_audit_data_t *)T2A(curthread))->tad_flag) 125 au_uwrite(au_to_arg32(0, "child PID", (uint32_t)cp->p_pid)); 126 127 /* 128 * finish up audit record generation here because child process 129 * is set to run before parent process. We distinguish here 130 * between FORK, FORK1, or VFORK by the saved system call ID. 131 */ 132 audit_finish(0, ((t_audit_data_t *)T2A(curthread))->tad_scid, 0, 0); 133 } 134 135 /* 136 * ROUTINE: AUDIT_PFREE 137 * PURPOSE: deallocate the per-process udit data structure 138 * CALLBY: EXIT 139 * FORK_FAIL 140 * NOTE: all lwp except current one have stopped in SEXITLWPS 141 * why we are single threaded? 142 * . all lwp except current one have stopped in SEXITLWPS. 143 */ 144 void 145 audit_pfree(struct proc *p) /* proc structure to be freed */ 146 147 { /* AUDIT_PFREE */ 148 149 p_audit_data_t *pad; 150 151 pad = P2A(p); 152 153 /* better be a per process audit data structure */ 154 ASSERT(pad != (p_audit_data_t *)0); 155 156 if (pad == pad0) { 157 return; 158 } 159 160 /* deallocate all auditing resources for this process */ 161 au_pathrele(pad->pad_root); 162 au_pathrele(pad->pad_cwd); 163 164 /* 165 * Since the pad structure is completely overwritten after alloc, 166 * we don't bother to clear it. 167 */ 168 169 kmem_cache_free(au_pad_cache, pad); 170 } 171 172 /* 173 * ROUTINE: AUDIT_THREAD_CREATE 174 * PURPOSE: allocate per-process thread audit data structure 175 * CALLBY: THREAD_CREATE 176 * NOTE: This is called just after *t was bzero'd. 177 * We are single threaded in this routine. 178 * TODO: 179 * QUESTION: 180 */ 181 182 void 183 audit_thread_create(kthread_id_t t) 184 { 185 t_audit_data_t *tad; /* per-thread audit data */ 186 187 tad = kmem_zalloc(sizeof (struct t_audit_data), KM_SLEEP); 188 189 T2A(t) = tad; /* set up thread audit data ptr */ 190 tad->tad_thread = t; /* back ptr to thread: DEBUG */ 191 } 192 193 /* 194 * ROUTINE: AUDIT_THREAD_FREE 195 * PURPOSE: free the per-thread audit data structure 196 * CALLBY: THREAD_FREE 197 * NOTE: most thread data is clear after return 198 */ 199 void 200 audit_thread_free(kthread_t *t) 201 { 202 t_audit_data_t *tad; 203 au_defer_info_t *attr; 204 205 tad = T2A(t); 206 207 /* thread audit data must still be set */ 208 209 if (tad == tad0) { 210 return; 211 } 212 213 if (tad == NULL) { 214 return; 215 } 216 217 t->t_audit_data = 0; 218 219 /* must not have any audit record residual */ 220 ASSERT(tad->tad_ad == NULL); 221 222 /* saved path must be empty */ 223 ASSERT(tad->tad_aupath == NULL); 224 225 if (tad->tad_atpath) 226 au_pathrele(tad->tad_atpath); 227 228 attr = tad->tad_defer_head; 229 while (attr != NULL) { 230 au_defer_info_t *tmp_attr = attr; 231 232 au_free_rec(attr->audi_ad); 233 234 attr = attr->audi_next; 235 kmem_free(tmp_attr, sizeof (au_defer_info_t)); 236 } 237 238 kmem_free(tad, sizeof (*tad)); 239 } 240 241 /* 242 * ROUTINE: AUDIT_SAVEPATH 243 * PURPOSE: 244 * CALLBY: LOOKUPPN 245 * 246 * NOTE: We have reached the end of a path in fs/lookup.c. 247 * We get two pieces of information here: 248 * the vnode of the last component (vp) and 249 * the status of the last access (flag). 250 * TODO: 251 * QUESTION: 252 */ 253 254 /*ARGSUSED*/ 255 int 256 audit_savepath( 257 struct pathname *pnp, /* pathname to lookup */ 258 struct vnode *vp, /* vnode of the last component */ 259 int flag, /* status of the last access */ 260 cred_t *cr) /* cred of requestor */ 261 { 262 263 t_audit_data_t *tad; /* current thread */ 264 p_audit_data_t *pad; /* current process */ 265 au_kcontext_t *kctx = SET_KCTX_PZ; 266 267 if (kctx == NULL) { 268 zone_status_t zstate = zone_status_get(curproc->p_zone); 269 ASSERT(zstate != ZONE_IS_READY); 270 return (0); 271 } 272 273 tad = U2A(u); 274 ASSERT(tad != (t_audit_data_t *)0); 275 pad = P2A(curproc); 276 ASSERT(pad != (p_audit_data_t *)0); 277 278 /* 279 * this event being audited or do we need path information 280 * later? This might be for a chdir/chroot or open (add path 281 * to file pointer. If the path has already been found for an 282 * open/creat then we don't need to process the path. 283 * 284 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with 285 * chroot, chdir, open, creat system call processing. It determines 286 * if audit_savepath() will discard the path or we need it later. 287 * PAD_PATHFND means path already included in this audit record. It 288 * is used in cases where multiple path lookups are done per 289 * system call. The policy flag, AUDIT_PATH, controls if multiple 290 * paths are allowed. 291 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with 292 * exit processing to inhibit any paths that may be added due to 293 * closes. 294 */ 295 if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) || 296 ((tad->tad_ctrl & PAD_PATHFND) && 297 !(kctx->auk_policy & AUDIT_PATH)) || 298 (tad->tad_ctrl & PAD_NOPATH)) { 299 return (0); 300 } 301 302 audit_pathbuild(pnp); 303 tad->tad_vn = vp; 304 305 /* 306 * are we auditing only if error, or if it is not open or create 307 * otherwise audit_setf will do it 308 */ 309 310 if (tad->tad_flag) { 311 if (flag && (tad->tad_scid == SYS_open || 312 tad->tad_scid == SYS_open64 || 313 tad->tad_scid == SYS_creat || 314 tad->tad_scid == SYS_creat64 || 315 tad->tad_scid == SYS_fsat)) { 316 tad->tad_ctrl |= PAD_TRUE_CREATE; 317 } 318 319 /* add token to audit record for this name */ 320 au_uwrite(au_to_path(tad->tad_aupath)); 321 322 /* add the attributes of the object */ 323 if (vp) { 324 /* 325 * only capture attributes when there is no error 326 * lookup will not return the vnode of the failing 327 * component. 328 * 329 * if there was a lookup error, then don't add 330 * attribute. if lookup in vn_create(), 331 * then don't add attribute, 332 * it will be added at end of vn_create(). 333 */ 334 if (!flag && !(tad->tad_ctrl & PAD_NOATTRB)) 335 audit_attributes(vp); 336 } 337 } 338 339 /* free up space if we're not going to save path (open, crate) */ 340 if ((tad->tad_ctrl & PAD_SAVPATH) == 0) { 341 if (tad->tad_aupath != NULL) { 342 au_pathrele(tad->tad_aupath); 343 tad->tad_aupath = NULL; 344 tad->tad_vn = NULL; 345 } 346 } 347 if (tad->tad_ctrl & PAD_MLD) 348 tad->tad_ctrl |= PAD_PATHFND; 349 350 return (0); 351 } 352 353 static void 354 audit_pathbuild(struct pathname *pnp) 355 { 356 char *pp; /* pointer to path */ 357 int len; /* length of incoming segment */ 358 int newsect; /* path requires a new section */ 359 struct audit_path *pfxapp; /* prefix for path */ 360 struct audit_path *newapp; /* new audit_path */ 361 t_audit_data_t *tad; /* current thread */ 362 p_audit_data_t *pad; /* current process */ 363 364 tad = U2A(u); 365 ASSERT(tad != NULL); 366 pad = P2A(curproc); 367 ASSERT(pad != NULL); 368 369 len = (pnp->pn_path - pnp->pn_buf) + 1; /* +1 for terminator */ 370 ASSERT(len > 0); 371 372 /* adjust for path prefix: tad_aupath, ATPATH, CRD, or CWD */ 373 mutex_enter(&pad->pad_lock); 374 if (tad->tad_aupath != NULL) { 375 pfxapp = tad->tad_aupath; 376 } else if (tad->tad_scid == SYS_fsat && pnp->pn_buf[0] != '/') { 377 ASSERT(tad->tad_atpath != NULL); 378 pfxapp = tad->tad_atpath; 379 } else if (tad->tad_ctrl & PAD_ABSPATH) { 380 pfxapp = pad->pad_root; 381 } else { 382 pfxapp = pad->pad_cwd; 383 } 384 au_pathhold(pfxapp); 385 mutex_exit(&pad->pad_lock); 386 387 /* get an expanded buffer to hold the anchored path */ 388 newsect = tad->tad_ctrl & PAD_ATPATH; 389 newapp = au_pathdup(pfxapp, newsect, len); 390 au_pathrele(pfxapp); 391 392 pp = newapp->audp_sect[newapp->audp_cnt] - len; 393 if (!newsect) { 394 /* overlay previous NUL terminator */ 395 *(pp - 1) = '/'; 396 } 397 398 /* now add string of processed path */ 399 bcopy(pnp->pn_buf, pp, len); 400 pp[len - 1] = '\0'; 401 402 /* perform path simplification as necessary */ 403 audit_fixpath(newapp, len); 404 405 if (tad->tad_aupath) 406 au_pathrele(tad->tad_aupath); 407 tad->tad_aupath = newapp; 408 409 /* for case where multiple lookups in one syscall (rename) */ 410 tad->tad_ctrl &= ~(PAD_ABSPATH | PAD_ATPATH); 411 } 412 413 414 415 /*ARGSUSED*/ 416 417 /* 418 * ROUTINE: AUDIT_ADDCOMPONENT 419 * PURPOSE: extend the path by the component accepted 420 * CALLBY: LOOKUPPN 421 * NOTE: This function is called only when there is an error in 422 * parsing a path component 423 * TODO: Add the error component to audit record 424 * QUESTION: what is this for 425 */ 426 427 void 428 audit_addcomponent(struct pathname *pnp) 429 { 430 au_kcontext_t *kctx = SET_KCTX_PZ; 431 t_audit_data_t *tad; 432 433 if (kctx == NULL) { 434 zone_status_t zstate = zone_status_get(curproc->p_zone); 435 ASSERT(zstate != ZONE_IS_READY); 436 return; 437 } 438 439 tad = U2A(u); 440 /* 441 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with 442 * chroot, chdir, open, creat system call processing. It determines 443 * if audit_savepath() will discard the path or we need it later. 444 * PAD_PATHFND means path already included in this audit record. It 445 * is used in cases where multiple path lookups are done per 446 * system call. The policy flag, AUDIT_PATH, controls if multiple 447 * paths are allowed. 448 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with 449 * exit processing to inhibit any paths that may be added due to 450 * closes. 451 */ 452 if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) || 453 ((tad->tad_ctrl & PAD_PATHFND) && 454 !(kctx->auk_policy & AUDIT_PATH)) || 455 (tad->tad_ctrl & PAD_NOPATH)) { 456 return; 457 } 458 459 return; 460 461 } /* AUDIT_ADDCOMPONENT */ 462 463 464 465 466 467 468 469 470 /* 471 * ROUTINE: AUDIT_ANCHORPATH 472 * PURPOSE: 473 * CALLBY: LOOKUPPN 474 * NOTE: 475 * anchor path at "/". We have seen a symbolic link or entering for the 476 * first time we will throw away any saved path if path is anchored. 477 * 478 * flag = 0, path is relative. 479 * flag = 1, path is absolute. Free any saved path and set flag to PAD_ABSPATH. 480 * 481 * If the (new) path is absolute, then we have to throw away whatever we have 482 * already accumulated since it is being superceeded by new path which is 483 * anchored at the root. 484 * Note that if the path is relative, this function does nothing 485 * TODO: 486 * QUESTION: 487 */ 488 /*ARGSUSED*/ 489 void 490 audit_anchorpath(struct pathname *pnp, int flag) 491 { 492 au_kcontext_t *kctx = SET_KCTX_PZ; 493 t_audit_data_t *tad; 494 495 if (kctx == NULL) { 496 zone_status_t zstate = zone_status_get(curproc->p_zone); 497 ASSERT(zstate != ZONE_IS_READY); 498 return; 499 } 500 501 tad = U2A(u); 502 503 /* 504 * this event being audited or do we need path information 505 * later? This might be for a chdir/chroot or open (add path 506 * to file pointer. If the path has already been found for an 507 * open/creat then we don't need to process the path. 508 * 509 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with 510 * chroot, chdir, open, creat system call processing. It determines 511 * if audit_savepath() will discard the path or we need it later. 512 * PAD_PATHFND means path already included in this audit record. It 513 * is used in cases where multiple path lookups are done per 514 * system call. The policy flag, AUDIT_PATH, controls if multiple 515 * paths are allowed. 516 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with 517 * exit processing to inhibit any paths that may be added due to 518 * closes. 519 */ 520 if ((tad->tad_flag == 0 && !(tad->tad_ctrl & PAD_SAVPATH)) || 521 ((tad->tad_ctrl & PAD_PATHFND) && 522 !(kctx->auk_policy & AUDIT_PATH)) || 523 (tad->tad_ctrl & PAD_NOPATH)) { 524 return; 525 } 526 527 if (flag) { 528 tad->tad_ctrl |= PAD_ABSPATH; 529 if (tad->tad_aupath != NULL) { 530 au_pathrele(tad->tad_aupath); 531 tad->tad_aupath = NULL; 532 tad->tad_vn = NULL; 533 } 534 } 535 } 536 537 538 /* 539 * symbolic link. Save previous components. 540 * 541 * the path seen so far looks like this 542 * 543 * +-----------------------+----------------+ 544 * | path processed so far | remaining path | 545 * +-----------------------+----------------+ 546 * \-----------------------/ 547 * save this string if 548 * symbolic link relative 549 * (but don't include symlink component) 550 */ 551 552 /*ARGSUSED*/ 553 554 555 /* 556 * ROUTINE: AUDIT_SYMLINK 557 * PURPOSE: 558 * CALLBY: LOOKUPPN 559 * NOTE: 560 * TODO: 561 * QUESTION: 562 */ 563 void 564 audit_symlink(struct pathname *pnp, struct pathname *sympath) 565 { 566 char *sp; /* saved initial pp */ 567 char *cp; /* start of symlink path */ 568 uint_t len_path; /* processed path before symlink */ 569 t_audit_data_t *tad; 570 au_kcontext_t *kctx = SET_KCTX_PZ; 571 572 if (kctx == NULL) { 573 zone_status_t zstate = zone_status_get(curproc->p_zone); 574 ASSERT(zstate != ZONE_IS_READY); 575 return; 576 } 577 578 tad = U2A(u); 579 580 /* 581 * this event being audited or do we need path information 582 * later? This might be for a chdir/chroot or open (add path 583 * to file pointer. If the path has already been found for an 584 * open/creat then we don't need to process the path. 585 * 586 * S2E_SP (PAD_SAVPATH) flag comes from audit_s2e[].au_ctrl. Used with 587 * chroot, chdir, open, creat system call processing. It determines 588 * if audit_savepath() will discard the path or we need it later. 589 * PAD_PATHFND means path already included in this audit record. It 590 * is used in cases where multiple path lookups are done per 591 * system call. The policy flag, AUDIT_PATH, controls if multiple 592 * paths are allowed. 593 * S2E_NPT (PAD_NOPATH) flag comes from audit_s2e[].au_ctrl. Used with 594 * exit processing to inhibit any paths that may be added due to 595 * closes. 596 */ 597 if ((tad->tad_flag == 0 && 598 !(tad->tad_ctrl & PAD_SAVPATH)) || 599 ((tad->tad_ctrl & PAD_PATHFND) && 600 !(kctx->auk_policy & AUDIT_PATH)) || 601 (tad->tad_ctrl & PAD_NOPATH)) { 602 return; 603 } 604 605 /* 606 * if symbolic link is anchored at / then do nothing. 607 * When we cycle back to begin: in lookuppn() we will 608 * call audit_anchorpath() with a flag indicating if the 609 * path is anchored at / or is relative. We will release 610 * any saved path at that point. 611 * 612 * Note In the event that an error occurs in pn_combine then 613 * we want to remain pointing at the component that caused the 614 * path to overflow the pnp structure. 615 */ 616 if (sympath->pn_buf[0] == '/') 617 return; 618 619 /* backup over last component */ 620 sp = cp = pnp->pn_path; 621 while (*--cp != '/' && cp > pnp->pn_buf) 622 ; 623 624 len_path = cp - pnp->pn_buf; 625 626 /* is there anything to save? */ 627 if (len_path) { 628 pnp->pn_path = cp; 629 audit_pathbuild(pnp); 630 pnp->pn_path = sp; 631 } 632 } 633 634 /* 635 * file_is_public : determine whether events for the file (corresponding to 636 * the specified file attr) should be audited or ignored. 637 * 638 * returns: 1 - if audit policy and file attributes indicate that 639 * file is effectively public. read events for 640 * the file should not be audited. 641 * 0 - otherwise 642 * 643 * The required attributes to be considered a public object are: 644 * - owned by root, AND 645 * - world-readable (permissions for other include read), AND 646 * - NOT world-writeable (permissions for other don't 647 * include write) 648 * (mode doesn't need to be checked for symlinks) 649 */ 650 int 651 file_is_public(struct vattr *attr) 652 { 653 au_kcontext_t *kctx = SET_KCTX_PZ; 654 655 if (kctx == NULL) { 656 zone_status_t zstate = zone_status_get(curproc->p_zone); 657 ASSERT(zstate != ZONE_IS_READY); 658 return (0); 659 } 660 661 if (!(kctx->auk_policy & AUDIT_PUBLIC) && (attr->va_uid == 0) && 662 ((attr->va_type == VLNK) || 663 ((attr->va_mode & (VREAD>>6)) != 0) && 664 ((attr->va_mode & (VWRITE>>6)) == 0))) { 665 return (1); 666 } 667 return (0); 668 } 669 670 671 /* 672 * ROUTINE: AUDIT_ATTRIBUTES 673 * PURPOSE: Audit the attributes so we can tell why the error occured 674 * CALLBY: AUDIT_SAVEPATH 675 * AUDIT_VNCREATE_FINISH 676 * AUS_FCHOWN...audit_event.c...audit_path.c 677 * NOTE: 678 * TODO: 679 * QUESTION: 680 */ 681 void 682 audit_attributes(struct vnode *vp) 683 { 684 struct vattr attr; 685 struct t_audit_data *tad; 686 687 tad = U2A(u); 688 689 if (vp) { 690 attr.va_mask = AT_ALL; 691 if (VOP_GETATTR(vp, &attr, 0, CRED()) != 0) 692 return; 693 694 if (file_is_public(&attr) && (tad->tad_ctrl & PAD_PUBLIC_EV)) { 695 /* 696 * This is a public object and a "public" event 697 * (i.e., read only) -- either by definition 698 * (e.g., stat, access...) or by virtue of write access 699 * not being requested (e.g. mmap). 700 * Flag it in the tad to prevent this audit at the end. 701 */ 702 tad->tad_ctrl |= PAD_NOAUDIT; 703 } else { 704 au_uwrite(au_to_attr(&attr)); 705 } 706 } 707 } 708 709 710 /* 711 * ROUTINE: AUDIT_FALLOC 712 * PURPOSE: allocating a new file structure 713 * CALLBY: FALLOC 714 * NOTE: file structure already initialized 715 * TODO: 716 * QUESTION: 717 */ 718 719 void 720 audit_falloc(struct file *fp) 721 { /* AUDIT_FALLOC */ 722 723 f_audit_data_t *fad; 724 725 /* allocate per file audit structure if there a'int any */ 726 ASSERT(F2A(fp) == NULL); 727 728 fad = kmem_zalloc(sizeof (struct f_audit_data), KM_SLEEP); 729 730 F2A(fp) = fad; 731 732 fad->fad_thread = curthread; /* file audit data back ptr; DEBUG */ 733 } 734 735 /* 736 * ROUTINE: AUDIT_UNFALLOC 737 * PURPOSE: deallocate file audit data structure 738 * CALLBY: CLOSEF 739 * UNFALLOC 740 * NOTE: 741 * TODO: 742 * QUESTION: 743 */ 744 745 void 746 audit_unfalloc(struct file *fp) 747 { 748 f_audit_data_t *fad; 749 750 fad = F2A(fp); 751 752 if (!fad) { 753 return; 754 } 755 if (fad->fad_aupath != NULL) { 756 au_pathrele(fad->fad_aupath); 757 } 758 fp->f_audit_data = 0; 759 kmem_free(fad, sizeof (struct f_audit_data)); 760 } 761 762 /* 763 * ROUTINE: AUDIT_EXIT 764 * PURPOSE: 765 * CALLBY: EXIT 766 * NOTE: 767 * TODO: 768 * QUESTION: why cmw code as offset by 2 but not here 769 */ 770 /* ARGSUSED */ 771 void 772 audit_exit(int code, int what) 773 { 774 struct t_audit_data *tad; 775 tad = U2A(u); 776 777 /* 778 * tad_scid will be set by audit_start even if we are not auditing 779 * the event. 780 */ 781 if (tad->tad_scid == SYS_exit) { 782 /* 783 * if we are auditing the exit system call, then complete 784 * audit record generation (no return from system call). 785 */ 786 if (tad->tad_flag && tad->tad_event == AUE_EXIT) 787 audit_finish(0, SYS_exit, 0, 0); 788 return; 789 } 790 791 /* 792 * Anyone auditing the system call that was aborted? 793 */ 794 if (tad->tad_flag) { 795 au_uwrite(au_to_text("event aborted")); 796 audit_finish(0, tad->tad_scid, 0, 0); 797 } 798 799 /* 800 * Generate an audit record for process exit if preselected. 801 */ 802 (void) audit_start(0, SYS_exit, 0, 0); 803 audit_finish(0, SYS_exit, 0, 0); 804 } 805 806 /* 807 * ROUTINE: AUDIT_CORE_START 808 * PURPOSE: 809 * CALLBY: PSIG 810 * NOTE: 811 * TODO: 812 */ 813 void 814 audit_core_start(int sig) 815 { 816 au_event_t event; 817 au_state_t estate; 818 t_audit_data_t *tad; 819 au_kcontext_t *kctx; 820 821 tad = U2A(u); 822 823 ASSERT(tad != (t_audit_data_t *)0); 824 825 ASSERT(tad->tad_scid == 0); 826 ASSERT(tad->tad_event == 0); 827 ASSERT(tad->tad_evmod == 0); 828 ASSERT(tad->tad_ctrl == 0); 829 ASSERT(tad->tad_flag == 0); 830 ASSERT(tad->tad_aupath == NULL); 831 832 kctx = SET_KCTX_PZ; 833 834 if (kctx == NULL) { 835 zone_status_t zstate = zone_status_get(curproc->p_zone); 836 ASSERT(zstate != ZONE_IS_READY); 837 return; 838 } 839 840 /* get basic event for system call */ 841 event = AUE_CORE; 842 estate = kctx->auk_ets[event]; 843 844 if ((tad->tad_flag = auditme(kctx, tad, estate)) == 0) 845 return; 846 847 /* reset the flags for non-user attributable events */ 848 tad->tad_ctrl = PAD_CORE; 849 tad->tad_scid = 0; 850 851 /* if auditing not enabled, then don't generate an audit record */ 852 853 if (!((kctx->auk_auditstate == AUC_AUDITING || 854 kctx->auk_auditstate == AUC_INIT_AUDIT) || 855 kctx->auk_auditstate == AUC_NOSPACE)) { 856 tad->tad_flag = 0; 857 tad->tad_ctrl = 0; 858 return; 859 } 860 861 tad->tad_event = event; 862 tad->tad_evmod = 0; 863 864 ASSERT(tad->tad_ad == NULL); 865 866 au_write(&(u_ad), au_to_arg32(1, "signal", (uint32_t)sig)); 867 } 868 869 /* 870 * ROUTINE: AUDIT_CORE_FINISH 871 * PURPOSE: 872 * CALLBY: PSIG 873 * NOTE: 874 * TODO: 875 * QUESTION: 876 */ 877 878 /*ARGSUSED*/ 879 void 880 audit_core_finish(int code) 881 { 882 int flag; 883 t_audit_data_t *tad; 884 au_kcontext_t *kctx; 885 886 tad = U2A(u); 887 888 ASSERT(tad != (t_audit_data_t *)0); 889 890 if ((flag = tad->tad_flag) == 0) { 891 tad->tad_event = 0; 892 tad->tad_evmod = 0; 893 tad->tad_ctrl = 0; 894 ASSERT(tad->tad_aupath == NULL); 895 return; 896 } 897 tad->tad_flag = 0; 898 899 kctx = SET_KCTX_PZ; 900 if (kctx == NULL) { 901 zone_status_t zstate = zone_status_get(curproc->p_zone); 902 ASSERT(zstate != ZONE_IS_READY); 903 return; 904 } 905 906 /* kludge for error 0, should use `code==CLD_DUMPED' instead */ 907 if (flag = audit_success(kctx, tad, 0)) { 908 cred_t *cr = CRED(); 909 const auditinfo_addr_t *ainfo = crgetauinfo(cr); 910 911 ASSERT(ainfo != NULL); 912 913 /* 914 * Add a subject token (no locks since our private copy of 915 * credential 916 */ 917 AUDIT_SETSUBJ(&(u_ad), cr, ainfo); 918 919 /* Add an optional group token */ 920 AUDIT_SETGROUP(&(u_ad), cr, kctx); 921 922 /* Add a return token (should use f argument) */ 923 add_return_token((caddr_t *)&(u_ad), tad->tad_scid, 0, 0); 924 925 AS_INC(as_generated, 1, kctx); 926 AS_INC(as_kernel, 1, kctx); 927 } 928 929 /* Close up everything */ 930 au_close(kctx, &(u_ad), flag, tad->tad_event, tad->tad_evmod); 931 932 /* free up any space remaining with the path's */ 933 if (tad->tad_aupath != NULL) { 934 au_pathrele(tad->tad_aupath); 935 tad->tad_aupath = NULL; 936 tad->tad_vn = NULL; 937 } 938 tad->tad_event = 0; 939 tad->tad_evmod = 0; 940 tad->tad_ctrl = 0; 941 } 942 943 /*ARGSUSED*/ 944 void 945 audit_stropen(struct vnode *vp, dev_t *devp, int flag, cred_t *crp) 946 { 947 } 948 949 /*ARGSUSED*/ 950 void 951 audit_strclose(struct vnode *vp, int flag, cred_t *crp) 952 { 953 } 954 955 /*ARGSUSED*/ 956 void 957 audit_strioctl(struct vnode *vp, int cmd, intptr_t arg, int flag, 958 int copyflag, cred_t *crp, int *rvalp) 959 { 960 } 961 962 963 /*ARGSUSED*/ 964 void 965 audit_strgetmsg(struct vnode *vp, struct strbuf *mctl, struct strbuf *mdata, 966 unsigned char *pri, int *flag, int fmode) 967 { 968 struct stdata *stp; 969 t_audit_data_t *tad = U2A(u); 970 971 ASSERT(tad != (t_audit_data_t *)0); 972 973 stp = vp->v_stream; 974 975 /* lock stdata from audit_sock */ 976 mutex_enter(&stp->sd_lock); 977 978 /* proceed ONLY if user is being audited */ 979 if (!tad->tad_flag) { 980 /* 981 * this is so we will not add audit data onto 982 * a thread that is not being audited. 983 */ 984 stp->sd_t_audit_data = NULL; 985 mutex_exit(&stp->sd_lock); 986 return; 987 } 988 989 stp->sd_t_audit_data = (caddr_t)curthread; 990 mutex_exit(&stp->sd_lock); 991 } 992 993 /*ARGSUSED*/ 994 void 995 audit_strputmsg(struct vnode *vp, struct strbuf *mctl, struct strbuf *mdata, 996 unsigned char pri, int flag, int fmode) 997 { 998 struct stdata *stp; 999 t_audit_data_t *tad = U2A(u); 1000 1001 ASSERT(tad != (t_audit_data_t *)0); 1002 1003 stp = vp->v_stream; 1004 1005 /* lock stdata from audit_sock */ 1006 mutex_enter(&stp->sd_lock); 1007 1008 /* proceed ONLY if user is being audited */ 1009 if (!tad->tad_flag) { 1010 /* 1011 * this is so we will not add audit data onto 1012 * a thread that is not being audited. 1013 */ 1014 stp->sd_t_audit_data = NULL; 1015 mutex_exit(&stp->sd_lock); 1016 return; 1017 } 1018 1019 stp->sd_t_audit_data = (caddr_t)curthread; 1020 mutex_exit(&stp->sd_lock); 1021 } 1022 1023 /* 1024 * ROUTINE: AUDIT_CLOSEF 1025 * PURPOSE: 1026 * CALLBY: CLOSEF 1027 * NOTE: 1028 * release per file audit resources when file structure is being released. 1029 * 1030 * IMPORTANT NOTE: Since we generate an audit record here, we may sleep 1031 * on the audit queue if it becomes full. This means 1032 * audit_closef can not be called when f_count == 0. Since 1033 * f_count == 0 indicates the file structure is free, another 1034 * process could attempt to use the file while we were still 1035 * asleep waiting on the audit queue. This would cause the 1036 * per file audit data to be corrupted when we finally do 1037 * wakeup. 1038 * TODO: 1039 * QUESTION: 1040 */ 1041 1042 void 1043 audit_closef(struct file *fp) 1044 { /* AUDIT_CLOSEF */ 1045 f_audit_data_t *fad; 1046 t_audit_data_t *tad; 1047 int success; 1048 au_state_t estate; 1049 struct vnode *vp; 1050 token_t *ad = NULL; 1051 struct vattr attr; 1052 short evmod = 0; 1053 const auditinfo_addr_t *ainfo; 1054 int getattr_ret; 1055 cred_t *cr; 1056 au_kcontext_t *kctx = SET_KCTX_PZ; 1057 1058 if (kctx == NULL) { 1059 zone_status_t zstate = zone_status_get(curproc->p_zone); 1060 ASSERT(zstate != ZONE_IS_READY); 1061 return; 1062 } 1063 1064 fad = F2A(fp); 1065 estate = kctx->auk_ets[AUE_CLOSE]; 1066 tad = U2A(u); 1067 cr = CRED(); 1068 1069 /* audit record already generated by system call envelope */ 1070 if (tad->tad_event == AUE_CLOSE) { 1071 /* so close audit event will have bits set */ 1072 tad->tad_evmod |= (short)fad->fad_flags; 1073 return; 1074 } 1075 1076 /* if auditing not enabled, then don't generate an audit record */ 1077 if (!((kctx->auk_auditstate == AUC_AUDITING || 1078 kctx->auk_auditstate == AUC_INIT_AUDIT) || 1079 kctx->auk_auditstate == AUC_NOSPACE)) 1080 return; 1081 1082 ainfo = crgetauinfo(cr); 1083 if (ainfo == NULL) 1084 return; 1085 1086 success = ainfo->ai_mask.as_success & estate; 1087 1088 /* not selected for this event */ 1089 if (success == 0) 1090 return; 1091 1092 /* 1093 * can't use audit_attributes here since we use a private audit area 1094 * to build the audit record instead of the one off the thread. 1095 */ 1096 if ((vp = fp->f_vnode) != NULL) { 1097 attr.va_mask = AT_ALL; 1098 getattr_ret = VOP_GETATTR(vp, &attr, 0, CRED()); 1099 } 1100 1101 /* 1102 * When write was not used and the file can be considered public, 1103 * then skip the audit. 1104 */ 1105 if ((getattr_ret == 0) && ((fp->f_flag & FWRITE) == 0)) { 1106 if (file_is_public(&attr)) { 1107 return; 1108 } 1109 } 1110 1111 evmod = (short)fad->fad_flags; 1112 if (fad->fad_aupath != NULL) { 1113 au_write((caddr_t *)&(ad), au_to_path(fad->fad_aupath)); 1114 } else { 1115 #ifdef _LP64 1116 au_write((caddr_t *)&(ad), au_to_arg64( 1117 1, "no path: fp", (uint64_t)fp)); 1118 #else 1119 au_write((caddr_t *)&(ad), au_to_arg32( 1120 1, "no path: fp", (uint32_t)fp)); 1121 #endif 1122 } 1123 1124 if (getattr_ret == 0) { 1125 au_write((caddr_t *)&(ad), au_to_attr(&attr)); 1126 } 1127 1128 /* Add a subject token */ 1129 AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo); 1130 1131 /* add an optional group token */ 1132 AUDIT_SETGROUP((caddr_t *)&(ad), cr, kctx); 1133 1134 /* add a return token */ 1135 add_return_token((caddr_t *)&(ad), tad->tad_scid, 0, 0); 1136 1137 AS_INC(as_generated, 1, kctx); 1138 AS_INC(as_kernel, 1, kctx); 1139 1140 /* 1141 * Close up everything 1142 * Note: path space recovery handled by normal system 1143 * call envelope if not at last close. 1144 * Note there is no failure at this point since 1145 * this represents closes due to exit of process, 1146 * thus we always indicate successful closes. 1147 */ 1148 au_close(kctx, (caddr_t *)&(ad), AU_OK | AU_DEFER, 1149 AUE_CLOSE, evmod); 1150 } 1151 1152 /* 1153 * ROUTINE: AUDIT_SET 1154 * PURPOSE: Audit the file path and file attributes. 1155 * CALLBY: SETF 1156 * NOTE: SETF associate a file pointer with user area's open files. 1157 * TODO: 1158 * call audit_finish directly ??? 1159 * QUESTION: 1160 */ 1161 1162 /*ARGSUSED*/ 1163 void 1164 audit_setf(file_t *fp, int fd) 1165 { 1166 f_audit_data_t *fad; 1167 t_audit_data_t *tad; 1168 1169 if (fp == NULL) 1170 return; 1171 1172 tad = T2A(curthread); 1173 fad = F2A(fp); 1174 1175 if (!(tad->tad_scid == SYS_open || tad->tad_scid == SYS_creat || 1176 tad->tad_scid == SYS_open64 || tad->tad_scid == SYS_creat64 || 1177 tad->tad_scid == SYS_fsat)) 1178 return; 1179 1180 /* no path */ 1181 if (tad->tad_aupath == 0) 1182 return; 1183 1184 /* 1185 * assign path information associated with file audit data 1186 * use tad hold 1187 */ 1188 fad->fad_aupath = tad->tad_aupath; 1189 tad->tad_aupath = NULL; 1190 tad->tad_vn = NULL; 1191 1192 if (!(tad->tad_ctrl & PAD_TRUE_CREATE)) { 1193 /* adjust event type */ 1194 switch (tad->tad_event) { 1195 case AUE_OPEN_RC: 1196 tad->tad_event = AUE_OPEN_R; 1197 tad->tad_ctrl |= PAD_PUBLIC_EV; 1198 break; 1199 case AUE_OPEN_RTC: 1200 tad->tad_event = AUE_OPEN_RT; 1201 break; 1202 case AUE_OPEN_WC: 1203 tad->tad_event = AUE_OPEN_W; 1204 break; 1205 case AUE_OPEN_WTC: 1206 tad->tad_event = AUE_OPEN_WT; 1207 break; 1208 case AUE_OPEN_RWC: 1209 tad->tad_event = AUE_OPEN_RW; 1210 break; 1211 case AUE_OPEN_RWTC: 1212 tad->tad_event = AUE_OPEN_RWT; 1213 break; 1214 default: 1215 break; 1216 } 1217 } 1218 } 1219 1220 1221 /* 1222 * ROUTINE: AUDIT_COPEN 1223 * PURPOSE: 1224 * CALLBY: COPEN 1225 * NOTE: 1226 * TODO: 1227 * QUESTION: 1228 */ 1229 /*ARGSUSED*/ 1230 void 1231 audit_copen(int fd, file_t *fp, vnode_t *vp) 1232 { 1233 } 1234 1235 void 1236 audit_ipc(int type, int id, void *vp) 1237 { 1238 /* if not auditing this event, then do nothing */ 1239 if (ad_flag == 0) 1240 return; 1241 1242 switch (type) { 1243 case AT_IPC_MSG: 1244 au_uwrite(au_to_ipc(AT_IPC_MSG, id)); 1245 au_uwrite(au_to_ipc_perm(&(((kmsqid_t *)vp)->msg_perm))); 1246 break; 1247 case AT_IPC_SEM: 1248 au_uwrite(au_to_ipc(AT_IPC_SEM, id)); 1249 au_uwrite(au_to_ipc_perm(&(((ksemid_t *)vp)->sem_perm))); 1250 break; 1251 case AT_IPC_SHM: 1252 au_uwrite(au_to_ipc(AT_IPC_SHM, id)); 1253 au_uwrite(au_to_ipc_perm(&(((kshmid_t *)vp)->shm_perm))); 1254 break; 1255 } 1256 } 1257 1258 void 1259 audit_ipcget(int type, void *vp) 1260 { 1261 /* if not auditing this event, then do nothing */ 1262 if (ad_flag == 0) 1263 return; 1264 1265 switch (type) { 1266 case NULL: 1267 au_uwrite(au_to_ipc_perm((struct kipc_perm *)vp)); 1268 break; 1269 case AT_IPC_MSG: 1270 au_uwrite(au_to_ipc_perm(&(((kmsqid_t *)vp)->msg_perm))); 1271 break; 1272 case AT_IPC_SEM: 1273 au_uwrite(au_to_ipc_perm(&(((ksemid_t *)vp)->sem_perm))); 1274 break; 1275 case AT_IPC_SHM: 1276 au_uwrite(au_to_ipc_perm(&(((kshmid_t *)vp)->shm_perm))); 1277 break; 1278 } 1279 } 1280 1281 /* 1282 * ROUTINE: AUDIT_REBOOT 1283 * PURPOSE: 1284 * CALLBY: 1285 * NOTE: 1286 * At this point we know that the system call reboot will not return. We thus 1287 * have to complete the audit record generation and put it onto the queue. 1288 * This might be fairly useless if the auditing daemon is already dead.... 1289 * TODO: 1290 * QUESTION: who calls audit_reboot 1291 */ 1292 1293 void 1294 audit_reboot(void) 1295 { 1296 int flag; 1297 t_audit_data_t *tad; 1298 au_kcontext_t *kctx = SET_KCTX_PZ; 1299 1300 if (kctx == NULL) { 1301 zone_status_t zstate = zone_status_get(curproc->p_zone); 1302 ASSERT(zstate != ZONE_IS_READY); 1303 return; 1304 } 1305 1306 tad = U2A(u); 1307 1308 /* if not auditing this event, then do nothing */ 1309 if (tad->tad_flag == 0) 1310 return; 1311 1312 /* do preselection on success/failure */ 1313 if (flag = audit_success(kctx, tad, 0)) { 1314 /* add a process token */ 1315 1316 cred_t *cr = CRED(); 1317 const auditinfo_addr_t *ainfo = crgetauinfo(cr); 1318 1319 if (ainfo == NULL) 1320 return; 1321 1322 AUDIT_SETSUBJ(&(u_ad), cr, ainfo); 1323 1324 /* add an optional group token */ 1325 AUDIT_SETGROUP(&(u_ad), cr, kctx); 1326 1327 /* add a return token */ 1328 add_return_token((caddr_t *)&(u_ad), tad->tad_scid, 0, 0); 1329 1330 AS_INC(as_generated, 1, kctx); 1331 AS_INC(as_kernel, 1, kctx); 1332 } 1333 1334 /* 1335 * Flow control useless here since we're going 1336 * to drop everything in the queue anyway. Why 1337 * block and wait. There aint anyone left alive to 1338 * read the records remaining anyway. 1339 */ 1340 1341 /* Close up everything */ 1342 au_close(kctx, &(u_ad), flag | AU_DONTBLOCK, 1343 tad->tad_event, tad->tad_evmod); 1344 } 1345 1346 void 1347 audit_setfsat_path(int argnum) 1348 { 1349 klwp_id_t clwp = ttolwp(curthread); 1350 struct file *fp; 1351 uint32_t fd; 1352 t_audit_data_t *tad; 1353 struct f_audit_data *fad; 1354 p_audit_data_t *pad; /* current process */ 1355 1356 struct b { 1357 long arg1; 1358 long arg2; 1359 long arg3; 1360 long arg4; 1361 long arg5; 1362 } *uap1; 1363 1364 if (clwp == NULL) 1365 return; 1366 uap1 = (struct b *)&clwp->lwp_ap[1]; 1367 1368 tad = U2A(u); 1369 1370 ASSERT(tad != NULL); 1371 1372 if (tad->tad_scid != SYS_fsat) 1373 return; 1374 1375 switch (argnum) { 1376 case 1: 1377 fd = (uint32_t)uap1->arg1; 1378 break; 1379 case 2: 1380 fd = (uint32_t)uap1->arg2; 1381 break; 1382 case 3: 1383 fd = (uint32_t)uap1->arg3; 1384 break; 1385 case 4: 1386 fd = (uint32_t)uap1->arg4; 1387 break; 1388 case 5: 1389 fd = (uint32_t)uap1->arg5; 1390 break; 1391 default: 1392 return; 1393 } 1394 1395 if (tad->tad_atpath != NULL) { 1396 au_pathrele(tad->tad_atpath); 1397 tad->tad_atpath = NULL; 1398 } 1399 if (fd != AT_FDCWD) { 1400 if ((fp = getf(fd)) == NULL) 1401 return; 1402 1403 fad = F2A(fp); 1404 ASSERT(fad); 1405 au_pathhold(fad->fad_aupath); 1406 tad->tad_atpath = fad->fad_aupath; 1407 releasef(fd); 1408 } else { 1409 pad = P2A(curproc); 1410 mutex_enter(&pad->pad_lock); 1411 au_pathhold(pad->pad_cwd); 1412 tad->tad_atpath = pad->pad_cwd; 1413 mutex_exit(&pad->pad_lock); 1414 } 1415 } 1416 1417 void 1418 audit_symlink_create(vnode_t *dvp, char *sname, char *target, int error) 1419 { 1420 t_audit_data_t *tad; 1421 vnode_t *vp; 1422 1423 tad = U2A(u); 1424 1425 /* if not auditing this event, then do nothing */ 1426 if (tad->tad_flag == 0) 1427 return; 1428 1429 au_uwrite(au_to_text(target)); 1430 1431 if (error) 1432 return; 1433 1434 error = VOP_LOOKUP(dvp, sname, &vp, NULL, NO_FOLLOW, NULL, CRED()); 1435 if (error == 0) { 1436 audit_attributes(vp); 1437 VN_RELE(vp); 1438 } 1439 } 1440 1441 /* 1442 * ROUTINE: AUDIT_VNCREATE_START 1443 * PURPOSE: set flag so path name lookup in create will not add attribute 1444 * CALLBY: VN_CREATE 1445 * NOTE: 1446 * TODO: 1447 * QUESTION: 1448 */ 1449 1450 void 1451 audit_vncreate_start() 1452 { 1453 t_audit_data_t *tad; 1454 1455 tad = U2A(u); 1456 tad->tad_ctrl |= PAD_NOATTRB; 1457 } 1458 1459 /* 1460 * ROUTINE: AUDIT_VNCREATE_FINISH 1461 * PURPOSE: 1462 * CALLBY: VN_CREATE 1463 * NOTE: 1464 * TODO: 1465 * QUESTION: 1466 */ 1467 void 1468 audit_vncreate_finish(struct vnode *vp, int error) 1469 { 1470 t_audit_data_t *tad; 1471 1472 if (error) 1473 return; 1474 1475 tad = U2A(u); 1476 1477 /* if not auditing this event, then do nothing */ 1478 if (tad->tad_flag == 0) 1479 return; 1480 1481 if (tad->tad_ctrl & PAD_TRUE_CREATE) { 1482 audit_attributes(vp); 1483 } 1484 1485 if (tad->tad_ctrl & PAD_CORE) { 1486 audit_attributes(vp); 1487 tad->tad_ctrl &= ~PAD_CORE; 1488 } 1489 1490 if (!error && ((tad->tad_event == AUE_MKNOD) || 1491 (tad->tad_event == AUE_MKDIR))) { 1492 audit_attributes(vp); 1493 } 1494 1495 /* for case where multiple lookups in one syscall (rename) */ 1496 tad->tad_ctrl &= ~PAD_NOATTRB; 1497 } 1498 1499 1500 1501 1502 1503 1504 1505 1506 /* 1507 * ROUTINE: AUDIT_EXEC 1508 * PURPOSE: Records the function arguments and environment variables 1509 * CALLBY: EXEC_ARGS 1510 * NOTE: 1511 * TODO: 1512 * QUESTION: 1513 */ 1514 1515 /*ARGSUSED*/ 1516 void 1517 audit_exec( 1518 const char *argstr, /* argument strings */ 1519 const char *envstr, /* environment strings */ 1520 ssize_t argc, /* total # arguments */ 1521 ssize_t envc) /* total # environment variables */ 1522 { 1523 t_audit_data_t *tad; 1524 au_kcontext_t *kctx = SET_KCTX_PZ; 1525 1526 ASSERT(kctx != NULL); 1527 1528 tad = U2A(u); 1529 1530 /* if not auditing this event, then do nothing */ 1531 if (!tad->tad_flag) 1532 return; 1533 1534 /* return if not interested in argv or environment variables */ 1535 if (!(kctx->auk_policy & (AUDIT_ARGV|AUDIT_ARGE))) 1536 return; 1537 1538 if (kctx->auk_policy & AUDIT_ARGV) { 1539 au_uwrite(au_to_exec_args(argstr, argc)); 1540 } 1541 1542 if (kctx->auk_policy & AUDIT_ARGE) { 1543 au_uwrite(au_to_exec_env(envstr, envc)); 1544 } 1545 } 1546 1547 /* 1548 * ROUTINE: AUDIT_ENTERPROM 1549 * PURPOSE: 1550 * CALLBY: KBDINPUT 1551 * ZSA_XSINT 1552 * NOTE: 1553 * TODO: 1554 * QUESTION: 1555 */ 1556 void 1557 audit_enterprom(int flg) 1558 { 1559 token_t *rp = NULL; 1560 int sorf; 1561 1562 if (flg) 1563 sorf = AUM_SUCC; 1564 else 1565 sorf = AUM_FAIL; 1566 1567 AUDIT_ASYNC_START(rp, AUE_ENTERPROM, sorf); 1568 1569 au_write((caddr_t *)&(rp), au_to_text("kmdb")); 1570 1571 if (flg) 1572 au_write((caddr_t *)&(rp), au_to_return32(0, 0)); 1573 else 1574 au_write((caddr_t *)&(rp), au_to_return32(ECANCELED, 0)); 1575 1576 AUDIT_ASYNC_FINISH(rp, AUE_ENTERPROM, NULL); 1577 } 1578 1579 1580 /* 1581 * ROUTINE: AUDIT_EXITPROM 1582 * PURPOSE: 1583 * CALLBY: KBDINPUT 1584 * ZSA_XSINT 1585 * NOTE: 1586 * TODO: 1587 * QUESTION: 1588 */ 1589 void 1590 audit_exitprom(int flg) 1591 { 1592 int sorf; 1593 token_t *rp = NULL; 1594 1595 if (flg) 1596 sorf = AUM_SUCC; 1597 else 1598 sorf = AUM_FAIL; 1599 1600 AUDIT_ASYNC_START(rp, AUE_EXITPROM, sorf); 1601 1602 au_write((caddr_t *)&(rp), au_to_text("kmdb")); 1603 1604 if (flg) 1605 au_write((caddr_t *)&(rp), au_to_return32(0, 0)); 1606 else 1607 au_write((caddr_t *)&(rp), au_to_return32(ECANCELED, 0)); 1608 1609 AUDIT_ASYNC_FINISH(rp, AUE_EXITPROM, NULL); 1610 } 1611 1612 struct fcntla { 1613 int fdes; 1614 int cmd; 1615 intptr_t arg; 1616 }; 1617 1618 /* 1619 * ROUTINE: AUDIT_C2_REVOKE 1620 * PURPOSE: 1621 * CALLBY: FCNTL 1622 * NOTE: 1623 * TODO: 1624 * QUESTION: are we keeping this func 1625 */ 1626 1627 /*ARGSUSED*/ 1628 int 1629 audit_c2_revoke(struct fcntla *uap, rval_t *rvp) 1630 { 1631 return (0); 1632 } 1633 1634 1635 /* 1636 * ROUTINE: AUDIT_CHDIREC 1637 * PURPOSE: 1638 * CALLBY: CHDIREC 1639 * NOTE: The main function of CHDIREC 1640 * TODO: Move the audit_chdirec hook above the VN_RELE in vncalls.c 1641 * QUESTION: 1642 */ 1643 1644 /*ARGSUSED*/ 1645 void 1646 audit_chdirec(vnode_t *vp, vnode_t **vpp) 1647 { 1648 int chdir; 1649 int fchdir; 1650 struct audit_path **appp; 1651 struct file *fp; 1652 f_audit_data_t *fad; 1653 p_audit_data_t *pad = P2A(curproc); 1654 t_audit_data_t *tad = T2A(curthread); 1655 1656 struct a { 1657 long fd; 1658 } *uap = (struct a *)ttolwp(curthread)->lwp_ap; 1659 1660 if ((tad->tad_scid == SYS_chdir) || (tad->tad_scid == SYS_chroot)) { 1661 chdir = tad->tad_scid == SYS_chdir; 1662 if (tad->tad_aupath) { 1663 mutex_enter(&pad->pad_lock); 1664 if (chdir) 1665 appp = &(pad->pad_cwd); 1666 else 1667 appp = &(pad->pad_root); 1668 au_pathrele(*appp); 1669 /* use tad hold */ 1670 *appp = tad->tad_aupath; 1671 tad->tad_aupath = NULL; 1672 mutex_exit(&pad->pad_lock); 1673 } 1674 } else if ((tad->tad_scid == SYS_fchdir) || 1675 (tad->tad_scid == SYS_fchroot)) { 1676 fchdir = tad->tad_scid == SYS_fchdir; 1677 if ((fp = getf(uap->fd)) == NULL) 1678 return; 1679 fad = F2A(fp); 1680 if (fad->fad_aupath) { 1681 au_pathhold(fad->fad_aupath); 1682 mutex_enter(&pad->pad_lock); 1683 if (fchdir) 1684 appp = &(pad->pad_cwd); 1685 else 1686 appp = &(pad->pad_root); 1687 au_pathrele(*appp); 1688 *appp = fad->fad_aupath; 1689 mutex_exit(&pad->pad_lock); 1690 if (tad->tad_flag) { 1691 au_uwrite(au_to_path(fad->fad_aupath)); 1692 audit_attributes(fp->f_vnode); 1693 } 1694 } 1695 releasef(uap->fd); 1696 } 1697 } 1698 1699 /* 1700 * ROUTINE: AUDIT_GETF 1701 * PURPOSE: 1702 * CALLBY: GETF_INTERNAL 1703 * NOTE: The main function of GETF_INTERNAL is to associate a given 1704 * file descriptor with a file structure and increment the 1705 * file pointer reference count. 1706 * TODO: remove pass in of fpp. 1707 * increment a reference count so that even if a thread with same process delete 1708 * the same object, it will not panic our system 1709 * QUESTION: 1710 * where to decrement the f_count????????????????? 1711 * seems like I need to set a flag if f_count incrmented through audit_getf 1712 */ 1713 1714 /*ARGSUSED*/ 1715 int 1716 audit_getf(int fd) 1717 { 1718 #ifdef NOTYET 1719 t_audit_data_t *tad; 1720 1721 tad = T2A(curthread); 1722 1723 if (!(tad->tad_scid == SYS_open || tad->tad_scid == SYS_creat)) 1724 return; 1725 #endif 1726 return (0); 1727 } 1728 1729 /* 1730 * Audit hook for stream based socket and tli request. 1731 * Note that we do not have user context while executing 1732 * this code so we had to record them earlier during the 1733 * putmsg/getmsg to figure out which user we are dealing with. 1734 */ 1735 1736 /*ARGSUSED*/ 1737 void 1738 audit_sock( 1739 int type, /* type of tihdr.h header requests */ 1740 queue_t *q, /* contains the process and thread audit data */ 1741 mblk_t *mp, /* contains the tihdr.h header structures */ 1742 int from) /* timod or sockmod request */ 1743 { 1744 int32_t len; 1745 int32_t offset; 1746 struct sockaddr_in *sock_data; 1747 struct T_conn_req *conn_req; 1748 struct T_conn_ind *conn_ind; 1749 struct T_unitdata_req *unitdata_req; 1750 struct T_unitdata_ind *unitdata_ind; 1751 au_state_t estate; 1752 t_audit_data_t *tad; 1753 caddr_t saved_thread_ptr; 1754 au_mask_t amask; 1755 const auditinfo_addr_t *ainfo; 1756 au_kcontext_t *kctx; 1757 zone_status_t zstate; 1758 1759 if (q->q_stream == NULL) 1760 return; 1761 mutex_enter(&q->q_stream->sd_lock); 1762 /* are we being audited */ 1763 saved_thread_ptr = q->q_stream->sd_t_audit_data; 1764 /* no pointer to thread, nothing to do */ 1765 if (saved_thread_ptr == NULL) { 1766 mutex_exit(&q->q_stream->sd_lock); 1767 return; 1768 } 1769 /* only allow one addition of a record token */ 1770 q->q_stream->sd_t_audit_data = NULL; 1771 /* 1772 * thread is not the one being audited, then nothing to do 1773 * This could be the stream thread handling the module 1774 * service routine. In this case, the context for the audit 1775 * record can no longer be assumed. Simplest to just drop 1776 * the operation. 1777 */ 1778 if (curthread != (kthread_id_t)saved_thread_ptr) { 1779 mutex_exit(&q->q_stream->sd_lock); 1780 return; 1781 } 1782 if (curthread->t_sysnum >= SYS_so_socket && 1783 curthread->t_sysnum <= SYS_sockconfig) { 1784 mutex_exit(&q->q_stream->sd_lock); 1785 return; 1786 } 1787 mutex_exit(&q->q_stream->sd_lock); 1788 /* 1789 * we know that the thread that did the put/getmsg is the 1790 * one running. Now we can get the TAD and see if we should 1791 * add an audit token. 1792 */ 1793 tad = U2A(u); 1794 1795 kctx = SET_KCTX_PZ; 1796 if (kctx == NULL) { 1797 zstate = zone_status_get(curproc->p_zone); 1798 ASSERT(zstate != ZONE_IS_READY); 1799 return; 1800 } 1801 1802 /* proceed ONLY if user is being audited */ 1803 if (!tad->tad_flag) 1804 return; 1805 1806 ainfo = crgetauinfo(CRED()); 1807 if (ainfo == NULL) 1808 return; 1809 amask = ainfo->ai_mask; 1810 1811 /* 1812 * Figure out the type of stream networking request here. 1813 * Note that getmsg and putmsg are always preselected 1814 * because during the beginning of the system call we have 1815 * not yet figure out which of the socket or tli request 1816 * we are looking at until we are here. So we need to check 1817 * against that specific request and reset the type of event. 1818 */ 1819 switch (type) { 1820 case T_CONN_REQ: /* connection request */ 1821 conn_req = (struct T_conn_req *)mp->b_rptr; 1822 if (conn_req->DEST_offset < sizeof (struct T_conn_req)) 1823 return; 1824 offset = conn_req->DEST_offset; 1825 len = conn_req->DEST_length; 1826 estate = kctx->auk_ets[AUE_SOCKCONNECT]; 1827 if (amask.as_success & estate || amask.as_failure & estate) { 1828 tad->tad_event = AUE_SOCKCONNECT; 1829 break; 1830 } else { 1831 return; 1832 } 1833 case T_CONN_IND: /* connectionless receive request */ 1834 conn_ind = (struct T_conn_ind *)mp->b_rptr; 1835 if (conn_ind->SRC_offset < sizeof (struct T_conn_ind)) 1836 return; 1837 offset = conn_ind->SRC_offset; 1838 len = conn_ind->SRC_length; 1839 estate = kctx->auk_ets[AUE_SOCKACCEPT]; 1840 if (amask.as_success & estate || amask.as_failure & estate) { 1841 tad->tad_event = AUE_SOCKACCEPT; 1842 break; 1843 } else { 1844 return; 1845 } 1846 case T_UNITDATA_REQ: /* connectionless send request */ 1847 unitdata_req = (struct T_unitdata_req *)mp->b_rptr; 1848 if (unitdata_req->DEST_offset < sizeof (struct T_unitdata_req)) 1849 return; 1850 offset = unitdata_req->DEST_offset; 1851 len = unitdata_req->DEST_length; 1852 estate = kctx->auk_ets[AUE_SOCKSEND]; 1853 if (amask.as_success & estate || amask.as_failure & estate) { 1854 tad->tad_event = AUE_SOCKSEND; 1855 break; 1856 } else { 1857 return; 1858 } 1859 case T_UNITDATA_IND: /* connectionless receive request */ 1860 unitdata_ind = (struct T_unitdata_ind *)mp->b_rptr; 1861 if (unitdata_ind->SRC_offset < sizeof (struct T_unitdata_ind)) 1862 return; 1863 offset = unitdata_ind->SRC_offset; 1864 len = unitdata_ind->SRC_length; 1865 estate = kctx->auk_ets[AUE_SOCKRECEIVE]; 1866 if (amask.as_success & estate || amask.as_failure & estate) { 1867 tad->tad_event = AUE_SOCKRECEIVE; 1868 break; 1869 } else { 1870 return; 1871 } 1872 default: 1873 return; 1874 } 1875 1876 /* 1877 * we are only interested in tcp stream connections, 1878 * not unix domain stuff 1879 */ 1880 if ((len < 0) || (len > sizeof (struct sockaddr_in))) { 1881 tad->tad_event = AUE_GETMSG; 1882 return; 1883 } 1884 /* skip over TPI header and point to the ip address */ 1885 sock_data = (struct sockaddr_in *)((char *)mp->b_rptr + offset); 1886 1887 switch (sock_data->sin_family) { 1888 case AF_INET: 1889 au_write(&(tad->tad_ad), au_to_sock_inet(sock_data)); 1890 break; 1891 default: /* reset to AUE_PUTMSG if not a inet request */ 1892 tad->tad_event = AUE_GETMSG; 1893 break; 1894 } 1895 } 1896 1897 void 1898 audit_lookupname() 1899 { 1900 } 1901 1902 /*ARGSUSED*/ 1903 int 1904 audit_pathcomp(struct pathname *pnp, vnode_t *cvp, cred_t *cr) 1905 { 1906 return (0); 1907 } 1908 1909 static void 1910 add_return_token(caddr_t *ad, unsigned int scid, int err, int rval) 1911 { 1912 unsigned int sy_flags; 1913 1914 #ifdef _SYSCALL32_IMPL 1915 if (lwp_getdatamodel( 1916 ttolwp(curthread)) == DATAMODEL_NATIVE) 1917 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1918 else 1919 sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK; 1920 #else 1921 sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1922 #endif 1923 1924 if (sy_flags == SE_64RVAL) 1925 au_write(ad, au_to_return64(err, rval)); 1926 else 1927 au_write(ad, au_to_return32(err, rval)); 1928 1929 } 1930 1931 /*ARGSUSED*/ 1932 void 1933 audit_fdsend(fd, fp, error) 1934 int fd; 1935 struct file *fp; 1936 int error; /* ignore for now */ 1937 { 1938 t_audit_data_t *tad; /* current thread */ 1939 f_audit_data_t *fad; /* per file audit structure */ 1940 struct vnode *vp; /* for file attributes */ 1941 1942 /* is this system call being audited */ 1943 tad = U2A(u); 1944 ASSERT(tad != (t_audit_data_t *)0); 1945 if (!tad->tad_flag) 1946 return; 1947 1948 fad = F2A(fp); 1949 1950 /* add path and file attributes */ 1951 if (fad != NULL && fad->fad_aupath != NULL) { 1952 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd)); 1953 au_uwrite(au_to_path(fad->fad_aupath)); 1954 } else { 1955 au_uwrite(au_to_arg32(0, "send fd", (uint32_t)fd)); 1956 #ifdef _LP64 1957 au_uwrite(au_to_arg64(0, "no path", (uint64_t)fp)); 1958 #else 1959 au_uwrite(au_to_arg32(0, "no path", (uint32_t)fp)); 1960 #endif 1961 } 1962 vp = fp->f_vnode; /* include vnode attributes */ 1963 audit_attributes(vp); 1964 } 1965 1966 /* 1967 * Record privileges sucessfully used and we attempted to use but 1968 * didn't have. 1969 */ 1970 void 1971 audit_priv(int priv, const priv_set_t *set, int flag) 1972 { 1973 t_audit_data_t *tad; 1974 int sbit; 1975 priv_set_t *target; 1976 1977 /* Make sure this isn't being called in an interrupt context */ 1978 ASSERT(servicing_interrupt() == 0); 1979 1980 tad = U2A(u); 1981 1982 if (tad->tad_flag == 0) 1983 return; 1984 1985 target = flag ? &tad->tad_sprivs : &tad->tad_fprivs; 1986 sbit = flag ? PAD_SPRIVUSE : PAD_FPRIVUSE; 1987 1988 /* Tell audit_success() and audit_finish() that we saw this case */ 1989 if (!(tad->tad_evmod & sbit)) { 1990 /* Clear set first time around */ 1991 priv_emptyset(target); 1992 tad->tad_evmod |= sbit; 1993 } 1994 1995 /* Save the privileges in the tad */ 1996 if (priv == PRIV_ALL) { 1997 priv_fillset(target); 1998 } else { 1999 ASSERT(set != NULL || priv != PRIV_NONE); 2000 if (set != NULL) 2001 priv_union(set, target); 2002 if (priv != PRIV_NONE) 2003 priv_addset(target, priv); 2004 } 2005 } 2006 2007 /* 2008 * Audit the setpriv() system call; the operation, the set name and 2009 * the current value as well as the set argument are put in the 2010 * audit trail. 2011 */ 2012 void 2013 audit_setppriv(int op, int set, const priv_set_t *newpriv, const cred_t *ocr) 2014 { 2015 t_audit_data_t *tad; 2016 const priv_set_t *oldpriv; 2017 priv_set_t report; 2018 const char *setname; 2019 2020 tad = U2A(u); 2021 2022 if (tad->tad_flag == 0) 2023 return; 2024 2025 oldpriv = priv_getset(ocr, set); 2026 2027 /* Generate the actual record, include the before and after */ 2028 au_uwrite(au_to_arg32(2, "op", op)); 2029 setname = priv_getsetbynum(set); 2030 2031 switch (op) { 2032 case PRIV_OFF: 2033 /* Report privileges actually switched off */ 2034 report = *oldpriv; 2035 priv_intersect(newpriv, &report); 2036 au_uwrite(au_to_privset(setname, &report, AUT_PRIV, 0)); 2037 break; 2038 case PRIV_ON: 2039 /* Report privileges actually switched on */ 2040 report = *oldpriv; 2041 priv_inverse(&report); 2042 priv_intersect(newpriv, &report); 2043 au_uwrite(au_to_privset(setname, &report, AUT_PRIV, 0)); 2044 break; 2045 case PRIV_SET: 2046 /* Report before and after */ 2047 au_uwrite(au_to_privset(setname, oldpriv, AUT_PRIV, 0)); 2048 au_uwrite(au_to_privset(setname, newpriv, AUT_PRIV, 0)); 2049 break; 2050 } 2051 } 2052 2053 /* 2054 * Dump the full device policy setting in the audit trail. 2055 */ 2056 void 2057 audit_devpolicy(int nitems, const devplcysys_t *items) 2058 { 2059 t_audit_data_t *tad; 2060 int i; 2061 2062 tad = U2A(u); 2063 2064 if (tad->tad_flag == 0) 2065 return; 2066 2067 for (i = 0; i < nitems; i++) { 2068 au_uwrite(au_to_arg32(2, "major", items[i].dps_maj)); 2069 if (items[i].dps_minornm[0] == '\0') { 2070 au_uwrite(au_to_arg32(2, "lomin", items[i].dps_lomin)); 2071 au_uwrite(au_to_arg32(2, "himin", items[i].dps_himin)); 2072 } else 2073 au_uwrite(au_to_text(items[i].dps_minornm)); 2074 2075 au_uwrite(au_to_privset("read", &items[i].dps_rdp, 2076 AUT_PRIV, 0)); 2077 au_uwrite(au_to_privset("write", &items[i].dps_wrp, 2078 AUT_PRIV, 0)); 2079 } 2080 } 2081 2082 /*ARGSUSED*/ 2083 void 2084 audit_fdrecv(fd, fp) 2085 int fd; 2086 struct file *fp; 2087 { 2088 t_audit_data_t *tad; /* current thread */ 2089 f_audit_data_t *fad; /* per file audit structure */ 2090 struct vnode *vp; /* for file attributes */ 2091 2092 /* is this system call being audited */ 2093 tad = U2A(u); 2094 ASSERT(tad != (t_audit_data_t *)0); 2095 if (!tad->tad_flag) 2096 return; 2097 2098 fad = F2A(fp); 2099 2100 /* add path and file attributes */ 2101 if (fad != NULL && fad->fad_aupath != NULL) { 2102 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd)); 2103 au_uwrite(au_to_path(fad->fad_aupath)); 2104 } else { 2105 au_uwrite(au_to_arg32(0, "recv fd", (uint32_t)fd)); 2106 #ifdef _LP64 2107 au_uwrite(au_to_arg64(0, "no path", (uint64_t)fp)); 2108 #else 2109 au_uwrite(au_to_arg32(0, "no path", (uint32_t)fp)); 2110 #endif 2111 } 2112 vp = fp->f_vnode; /* include vnode attributes */ 2113 audit_attributes(vp); 2114 } 2115 2116 /* 2117 * ROUTINE: AUDIT_CRYPTOADM 2118 * PURPOSE: Records arguments to administrative ioctls on /dev/cryptoadm 2119 * CALLBY: CRYPTO_LOAD_DEV_DISABLED, CRYPTO_LOAD_SOFT_DISABLED, 2120 * CRYPTO_UNLOAD_SOFT_MODULE, CRYPTO_LOAD_SOFT_CONFIG, 2121 * CRYPTO_POOL_CREATE, CRYPTO_POOL_WAIT, CRYPTO_POOL_RUN, 2122 * CRYPTO_LOAD_DOOR 2123 * NOTE: 2124 * TODO: 2125 * QUESTION: 2126 */ 2127 2128 void 2129 audit_cryptoadm(int cmd, char *module_name, crypto_mech_name_t *mech_names, 2130 uint_t mech_count, uint_t device_instance, uint32_t rv, int error) 2131 { 2132 boolean_t mech_list_required = B_FALSE; 2133 cred_t *cr = CRED(); 2134 t_audit_data_t *tad; 2135 token_t *ad = NULL; 2136 const auditinfo_addr_t *ainfo = crgetauinfo(cr); 2137 char buffer[MAXNAMELEN * 2]; 2138 au_kcontext_t *kctx = SET_KCTX_PZ; 2139 2140 ASSERT(kctx != NULL); 2141 2142 tad = U2A(u); 2143 if (tad == NULL) 2144 return; 2145 2146 if (ainfo == NULL) 2147 return; 2148 2149 tad->tad_event = AUE_CRYPTOADM; 2150 2151 if (audit_success(kctx, tad, error) != AU_OK) 2152 return; 2153 2154 /* Add a subject token */ 2155 AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo); 2156 2157 /* add an optional group token */ 2158 AUDIT_SETGROUP((caddr_t *)&(ad), cr, kctx); 2159 2160 switch (cmd) { 2161 case CRYPTO_LOAD_DEV_DISABLED: 2162 if (error == 0 && rv == CRYPTO_SUCCESS) { 2163 (void) snprintf(buffer, sizeof (buffer), 2164 "op=CRYPTO_LOAD_DEV_DISABLED, module=%s," 2165 " dev_instance=%d", 2166 module_name, device_instance); 2167 mech_list_required = B_TRUE; 2168 } else { 2169 (void) snprintf(buffer, sizeof (buffer), 2170 "op=CRYPTO_LOAD_DEV_DISABLED, return_val=%d", rv); 2171 } 2172 break; 2173 2174 case CRYPTO_LOAD_SOFT_DISABLED: 2175 if (error == 0 && rv == CRYPTO_SUCCESS) { 2176 (void) snprintf(buffer, sizeof (buffer), 2177 "op=CRYPTO_LOAD_SOFT_DISABLED, module=%s", 2178 module_name); 2179 mech_list_required = B_TRUE; 2180 } else { 2181 (void) snprintf(buffer, sizeof (buffer), 2182 "op=CRYPTO_LOAD_SOFT_DISABLED, return_val=%d", rv); 2183 } 2184 break; 2185 2186 case CRYPTO_UNLOAD_SOFT_MODULE: 2187 if (error == 0 && rv == CRYPTO_SUCCESS) { 2188 (void) snprintf(buffer, sizeof (buffer), 2189 "op=CRYPTO_UNLOAD_SOFT_MODULE, module=%s", 2190 module_name); 2191 } else { 2192 (void) snprintf(buffer, sizeof (buffer), 2193 "op=CRYPTO_UNLOAD_SOFT_MODULE, return_val=%d", rv); 2194 } 2195 break; 2196 2197 case CRYPTO_LOAD_SOFT_CONFIG: 2198 if (error == 0 && rv == CRYPTO_SUCCESS) { 2199 (void) snprintf(buffer, sizeof (buffer), 2200 "op=CRYPTO_LOAD_SOFT_CONFIG, module=%s", 2201 module_name); 2202 mech_list_required = B_TRUE; 2203 } else { 2204 (void) snprintf(buffer, sizeof (buffer), 2205 "op=CRYPTO_LOAD_SOFT_CONFIG, return_val=%d", rv); 2206 } 2207 break; 2208 2209 case CRYPTO_POOL_CREATE: 2210 (void) snprintf(buffer, sizeof (buffer), 2211 "op=CRYPTO_POOL_CREATE"); 2212 break; 2213 2214 case CRYPTO_POOL_WAIT: 2215 (void) snprintf(buffer, sizeof (buffer), "op=CRYPTO_POOL_WAIT"); 2216 break; 2217 2218 case CRYPTO_POOL_RUN: 2219 (void) snprintf(buffer, sizeof (buffer), "op=CRYPTO_POOL_RUN"); 2220 break; 2221 2222 case CRYPTO_LOAD_DOOR: 2223 if (error == 0 && rv == CRYPTO_SUCCESS) 2224 (void) snprintf(buffer, sizeof (buffer), 2225 "op=CRYPTO_LOAD_DOOR"); 2226 else 2227 (void) snprintf(buffer, sizeof (buffer), 2228 "op=CRYPTO_LOAD_DOOR, return_val=%d", rv); 2229 break; 2230 2231 default: 2232 return; 2233 } 2234 2235 au_write((caddr_t *)&ad, au_to_text(buffer)); 2236 2237 if (mech_list_required) { 2238 int i; 2239 2240 if (mech_count == 0) { 2241 au_write((caddr_t *)&ad, au_to_text("mech=list empty")); 2242 } else { 2243 char *pb = buffer; 2244 size_t l = sizeof (buffer); 2245 size_t n; 2246 char space[2] = ":"; 2247 2248 n = snprintf(pb, l, "mech="); 2249 2250 for (i = 0; i < mech_count; i++) { 2251 pb += n; 2252 l -= n; 2253 if (l < 0) 2254 l = 0; 2255 2256 if (i == mech_count - 1) 2257 (void) strcpy(space, ""); 2258 2259 n = snprintf(pb, l, "%s%s", mech_names[i], 2260 space); 2261 } 2262 au_write((caddr_t *)&ad, au_to_text(buffer)); 2263 } 2264 } 2265 2266 /* add a return token */ 2267 if (error || (rv != CRYPTO_SUCCESS)) 2268 add_return_token((caddr_t *)&ad, tad->tad_scid, -1, error); 2269 else 2270 add_return_token((caddr_t *)&ad, tad->tad_scid, 0, rv); 2271 2272 AS_INC(as_generated, 1, kctx); 2273 AS_INC(as_kernel, 1, kctx); 2274 2275 au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CRYPTOADM, 0); 2276 } 2277