4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
28 #include <netinet/in.h>
30 #include <sys/errno.h>
31 #include <sys/mutex.h>
32 #include <sys/param.h>
33 #include <sys/socket.h>
35 #include <sys/types.h>
40 #include <sys/smedia.h>
41 #include <tsol/label.h>
43 #include <bsm/audit.h>
44 #include <bsm/libbsm.h>
45 #include <bsm/audit_uevents.h>
46 #include <bsm/audit_record.h>
48 /* Private Functions */
49 static int selected(au_event_t
, au_mask_t
*, int);
51 static int audit_selected(door_data_t
*);
52 static int audit_na_selected(door_data_t
*);
53 static int audit_save_namask(door_data_t
*door_dp
);
54 static int audit_save_policy(door_data_t
*door_dp
);
58 * Return 1 if audit module is loaded.
65 static int auc
= AUC_UNSET
;
68 if (auditon(A_GETCOND
, (caddr_t
)&cond
, sizeof (cond
))) {
73 if (auc
== AUC_DISABLED
)
79 audit_save_policy(door_data_t
*door_dp
)
83 if (auditon(A_GETPOLICY
, (caddr_t
)&policy
, sizeof (policy
))) {
86 door_dp
->audit_policy
= policy
;
92 * Initialize variables.
95 audit_init(door_data_t
*door_dp
)
97 door_dp
->audit_auid
= (uid_t
)-1;
98 door_dp
->audit_uid
= (uid_t
)-1;
99 door_dp
->audit_euid
= (uid_t
)-1;
100 door_dp
->audit_gid
= (gid_t
)-1;
101 door_dp
->audit_egid
= (gid_t
)-1;
102 door_dp
->audit_pid
= -1;
103 door_dp
->audit_tid
.at_port
= 0;
104 door_dp
->audit_tid
.at_type
= 0;
105 door_dp
->audit_tid
.at_addr
[0] = 0;
106 door_dp
->audit_tid
.at_addr
[1] = 0;
107 door_dp
->audit_tid
.at_addr
[2] = 0;
108 door_dp
->audit_tid
.at_addr
[3] = 0;
109 door_dp
->audit_namask
.am_success
= (int)-1;
110 door_dp
->audit_namask
.am_failure
= (int)-1;
111 door_dp
->audit_event
= 0;
112 door_dp
->audit_sorf
= -2;
113 door_dp
->audit_user
= NULL
;
114 door_dp
->audit_text
[0] = NULL
;
115 door_dp
->audit_text1
[0] = NULL
;
116 door_dp
->audit_na
= 0;
117 door_dp
->audit_asid
= (au_asid_t
)(-1);
118 door_dp
->audit_path
= NULL
;
122 audit_save_me(door_data_t
*door_dp
)
124 door_cred_t client_cred
;
128 ret_val
= door_cred(&client_cred
);
131 door_dp
->audit_ap
.ap_pid
= client_cred
.dc_pid
;
132 ret_val
= auditon(A_GETPINFO_ADDR
, (caddr_t
)&door_dp
->audit_ap
,
133 sizeof (door_dp
->audit_ap
));
137 door_dp
->audit_auid
= door_dp
->audit_ap
.ap_auid
;
138 door_dp
->audit_euid
= client_cred
.dc_euid
;
139 door_dp
->audit_egid
= client_cred
.dc_egid
;
140 door_dp
->audit_uid
= client_cred
.dc_ruid
;
141 door_dp
->audit_gid
= client_cred
.dc_rgid
;
142 door_dp
->audit_pid
= client_cred
.dc_pid
;
143 door_dp
->audit_asid
= door_dp
->audit_ap
.ap_asid
;
144 door_dp
->audit_tid
.at_port
= door_dp
->audit_ap
.ap_termid
.at_port
;
145 door_dp
->audit_tid
.at_type
= door_dp
->audit_ap
.ap_termid
.at_type
;
146 for (i
= 0; i
< (door_dp
->audit_ap
.ap_termid
.at_type
/4); i
++)
147 door_dp
->audit_tid
.at_addr
[i
] =
148 door_dp
->audit_ap
.ap_termid
.at_addr
[i
];
149 (void) audit_save_policy(door_dp
);
154 * audit_save_namask():
155 * Save the namask using the naflags entry in the audit_control file.
156 * Return 0 if successful.
157 * Return -1, and don't change the namask, if failed.
158 * Side Effect: Sets audit_na to -1 if error, 1 if successful.
161 audit_save_namask(door_data_t
*door_dp
)
165 door_dp
->audit_na
= -1;
168 * get non-attributable system event mask from kernel.
170 if (auditon(A_GETKMASK
, (caddr_t
)&mask
, sizeof (mask
)) != 0) {
174 door_dp
->audit_namask
.am_success
= mask
.am_success
;
175 door_dp
->audit_namask
.am_failure
= mask
.am_failure
;
176 door_dp
->audit_na
= 1;
182 * Cut and audit record if it is selected.
183 * Return 0, if successfully written.
184 * Return 0, if not written, and not expected to write.
185 * Return -1, if not written because of unexpected error.
188 audit_audit(door_data_t
*door_dp
)
192 if (can_audit() == 0) {
196 if (door_dp
->audit_na
) {
197 if (!audit_na_selected(door_dp
)) {
200 } else if (!audit_selected(door_dp
)) {
204 if ((ad
= au_open()) == -1) {
208 (void) au_write(ad
, au_to_subject_ex(door_dp
->audit_auid
,
211 door_dp
->audit_uid
, door_dp
->audit_gid
, door_dp
->audit_pid
,
212 door_dp
->audit_asid
, &door_dp
->audit_tid
));
213 if (is_system_labeled())
214 (void) au_write(ad
, au_to_mylabel());
215 if (door_dp
->audit_policy
& AUDIT_GROUP
) {
218 int maxgrp
= getgroups(0, NULL
);
219 gid_t
*grplst
= alloca(maxgrp
* sizeof (gid_t
));
221 if ((ng
= getgroups(maxgrp
, grplst
))) {
222 (void) au_write(ad
, au_to_newgroups(ng
, grplst
));
225 if (strlen(door_dp
->audit_text
) != 0) {
226 (void) au_write(ad
, au_to_text(door_dp
->audit_text
));
228 if (strlen(door_dp
->audit_text1
) != 0) {
229 (void) au_write(ad
, au_to_text(door_dp
->audit_text1
));
231 if (door_dp
->audit_path
!= NULL
) {
232 (void) au_write(ad
, au_to_path(door_dp
->audit_path
));
235 (void) au_write(ad
, au_to_return64((door_dp
->audit_sorf
== 0) ? 0 : -1,
236 (int64_t)door_dp
->audit_sorf
));
238 (void) au_write(ad
, au_to_return32((door_dp
->audit_sorf
== 0) ? 0 : -1,
239 (int32_t)door_dp
->audit_sorf
));
241 if (au_close(ad
, 1, door_dp
->audit_event
) < 0) {
242 (void) au_close(ad
, 0, 0);
250 audit_na_selected(door_data_t
*door_dp
)
252 if (door_dp
->audit_na
== -1) {
256 return (selected(door_dp
->audit_event
,
257 &door_dp
->audit_namask
, door_dp
->audit_sorf
));
261 audit_selected(door_data_t
*door_dp
)
264 if (door_dp
->audit_uid
> MAXUID
) {
265 (void) audit_save_namask(door_dp
);
266 return (audit_na_selected(door_dp
));
269 return (selected(door_dp
->audit_event
,
270 &door_dp
->audit_ap
.ap_mask
, door_dp
->audit_sorf
));
274 selected(au_event_t e
, au_mask_t
*m
, int sorf
)
279 prs_sorf
= AU_PRS_SUCCESS
;
280 } else if (sorf
== -1) {
281 prs_sorf
= AU_PRS_FAILURE
;
283 prs_sorf
= AU_PRS_BOTH
;
286 return (au_preselect(e
, m
, prs_sorf
, AU_PRS_REREAD
));