1 0 stevel /* 2 0 stevel * CDDL HEADER START 3 0 stevel * 4 0 stevel * The contents of this file are subject to the terms of the 5 1676 jpk * Common Development and Distribution License (the "License"). 6 1676 jpk * You may not use this file except in compliance with the License. 7 0 stevel * 8 0 stevel * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 0 stevel * or http://www.opensolaris.org/os/licensing. 10 0 stevel * See the License for the specific language governing permissions 11 0 stevel * and limitations under the License. 12 0 stevel * 13 0 stevel * When distributing Covered Code, include this CDDL HEADER in each 14 0 stevel * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 0 stevel * If applicable, add the following below this CDDL HEADER, with the 16 0 stevel * fields enclosed by brackets "[]" replaced with your own identifying 17 0 stevel * information: Portions Copyright [yyyy] [name of copyright owner] 18 0 stevel * 19 0 stevel * CDDL HEADER END 20 0 stevel */ 21 3235 raf 22 0 stevel /* 23 9080 Jan * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 0 stevel * Use is subject to license terms. 25 0 stevel */ 26 0 stevel 27 0 stevel /* 28 0 stevel * This file contains the audit event table used to control the production 29 0 stevel * of audit records for each system call. 30 0 stevel */ 31 0 stevel 32 0 stevel #include <sys/policy.h> 33 0 stevel #include <sys/cred.h> 34 0 stevel #include <sys/types.h> 35 0 stevel #include <sys/systm.h> 36 0 stevel #include <sys/systeminfo.h> /* for sysinfo auditing */ 37 0 stevel #include <sys/utsname.h> /* for sysinfo auditing */ 38 0 stevel #include <sys/proc.h> 39 0 stevel #include <sys/vnode.h> 40 0 stevel #include <sys/mman.h> /* for mmap(2) auditing etc. */ 41 0 stevel #include <sys/fcntl.h> 42 0 stevel #include <sys/modctl.h> /* for modctl auditing */ 43 0 stevel #include <sys/vnode.h> 44 0 stevel #include <sys/user.h> 45 0 stevel #include <sys/types.h> 46 0 stevel #include <sys/processor.h> 47 0 stevel #include <sys/procset.h> 48 0 stevel #include <sys/acl.h> 49 0 stevel #include <sys/ipc.h> 50 0 stevel #include <sys/door.h> 51 0 stevel #include <sys/sem.h> 52 0 stevel #include <sys/msg.h> 53 0 stevel #include <sys/shm.h> 54 0 stevel #include <sys/kmem.h> 55 0 stevel #include <sys/file.h> /* for accept */ 56 0 stevel #include <sys/utssys.h> /* for fuser */ 57 1676 jpk #include <sys/tsol/label.h> 58 6688 rica #include <sys/tsol/tndb.h> 59 6688 rica #include <sys/tsol/tsyscall.h> 60 0 stevel #include <c2/audit.h> 61 0 stevel #include <c2/audit_kernel.h> 62 0 stevel #include <c2/audit_kevents.h> 63 0 stevel #include <c2/audit_record.h> 64 0 stevel #include <sys/procset.h> 65 0 stevel #include <nfs/mount.h> 66 0 stevel #include <sys/param.h> 67 0 stevel #include <sys/debug.h> 68 0 stevel #include <sys/sysmacros.h> 69 0 stevel #include <sys/stream.h> 70 0 stevel #include <sys/strsubr.h> 71 0 stevel #include <sys/stropts.h> 72 0 stevel #include <sys/tihdr.h> 73 0 stevel #include <sys/socket.h> 74 0 stevel #include <sys/socketvar.h> 75 8348 Eric #include <sys/vfs_opreg.h> 76 8348 Eric #include <fs/sockfs/sockcommon.h> 77 0 stevel #include <netinet/in.h> 78 0 stevel #include <sys/ddi.h> 79 4863 praks #include <sys/port_impl.h> 80 4863 praks 81 0 stevel 82 0 stevel char _depends_on[] = "fs/sockfs"; 83 0 stevel 84 0 stevel static au_event_t aui_open(au_event_t); 85 0 stevel static au_event_t aui_fsat(au_event_t); 86 0 stevel static au_event_t aui_msgsys(au_event_t); 87 0 stevel static au_event_t aui_shmsys(au_event_t); 88 0 stevel static au_event_t aui_semsys(au_event_t); 89 0 stevel static au_event_t aui_utssys(au_event_t); 90 0 stevel static au_event_t aui_fcntl(au_event_t); 91 0 stevel static au_event_t aui_execv(au_event_t); 92 0 stevel static au_event_t aui_execve(au_event_t); 93 0 stevel static au_event_t aui_memcntl(au_event_t); 94 0 stevel static au_event_t aui_sysinfo(au_event_t); 95 4863 praks static au_event_t aui_portfs(au_event_t); 96 0 stevel static au_event_t aui_auditsys(au_event_t); 97 0 stevel static au_event_t aui_modctl(au_event_t); 98 0 stevel static au_event_t aui_acl(au_event_t); 99 0 stevel static au_event_t aui_doorfs(au_event_t); 100 0 stevel static au_event_t aui_privsys(au_event_t); 101 3235 raf static au_event_t aui_forksys(au_event_t); 102 6688 rica static au_event_t aui_labelsys(au_event_t); 103 9100 Jan static au_event_t aui_setpgrp(au_event_t); 104 0 stevel 105 0 stevel static void aus_open(struct t_audit_data *); 106 0 stevel static void aus_acl(struct t_audit_data *); 107 0 stevel static void aus_acct(struct t_audit_data *); 108 0 stevel static void aus_chown(struct t_audit_data *); 109 0 stevel static void aus_fchown(struct t_audit_data *); 110 0 stevel static void aus_lchown(struct t_audit_data *); 111 0 stevel static void aus_chmod(struct t_audit_data *); 112 0 stevel static void aus_facl(struct t_audit_data *); 113 0 stevel static void aus_fchmod(struct t_audit_data *); 114 0 stevel static void aus_fcntl(struct t_audit_data *); 115 0 stevel static void aus_fsat(struct t_audit_data *); 116 0 stevel static void aus_mkdir(struct t_audit_data *); 117 0 stevel static void aus_mknod(struct t_audit_data *); 118 0 stevel static void aus_mount(struct t_audit_data *); 119 0 stevel static void aus_umount(struct t_audit_data *); 120 0 stevel static void aus_umount2(struct t_audit_data *); 121 0 stevel static void aus_msgsys(struct t_audit_data *); 122 0 stevel static void aus_semsys(struct t_audit_data *); 123 0 stevel static void aus_close(struct t_audit_data *); 124 0 stevel static void aus_fstatfs(struct t_audit_data *); 125 0 stevel static void aus_setgid(struct t_audit_data *); 126 9100 Jan static void aus_setpgrp(struct t_audit_data *); 127 0 stevel static void aus_setuid(struct t_audit_data *); 128 0 stevel static void aus_shmsys(struct t_audit_data *); 129 0 stevel static void aus_doorfs(struct t_audit_data *); 130 0 stevel static void aus_ioctl(struct t_audit_data *); 131 0 stevel static void aus_memcntl(struct t_audit_data *); 132 0 stevel static void aus_mmap(struct t_audit_data *); 133 0 stevel static void aus_munmap(struct t_audit_data *); 134 0 stevel static void aus_priocntlsys(struct t_audit_data *); 135 0 stevel static void aus_setegid(struct t_audit_data *); 136 0 stevel static void aus_setgroups(struct t_audit_data *); 137 0 stevel static void aus_seteuid(struct t_audit_data *); 138 0 stevel static void aus_putmsg(struct t_audit_data *); 139 0 stevel static void aus_putpmsg(struct t_audit_data *); 140 0 stevel static void aus_getmsg(struct t_audit_data *); 141 0 stevel static void aus_getpmsg(struct t_audit_data *); 142 0 stevel static void aus_auditsys(struct t_audit_data *); 143 0 stevel static void aus_sysinfo(struct t_audit_data *); 144 0 stevel static void aus_modctl(struct t_audit_data *); 145 0 stevel static void aus_kill(struct t_audit_data *); 146 0 stevel static void aus_xmknod(struct t_audit_data *); 147 0 stevel static void aus_setregid(struct t_audit_data *); 148 0 stevel static void aus_setreuid(struct t_audit_data *); 149 6688 rica static void aus_labelsys(struct t_audit_data *); 150 0 stevel 151 0 stevel static void auf_mknod(struct t_audit_data *, int, rval_t *); 152 0 stevel static void auf_msgsys(struct t_audit_data *, int, rval_t *); 153 0 stevel static void auf_semsys(struct t_audit_data *, int, rval_t *); 154 0 stevel static void auf_shmsys(struct t_audit_data *, int, rval_t *); 155 0 stevel static void auf_xmknod(struct t_audit_data *, int, rval_t *); 156 0 stevel static void auf_read(struct t_audit_data *, int, rval_t *); 157 0 stevel static void auf_write(struct t_audit_data *, int, rval_t *); 158 0 stevel 159 0 stevel static void aus_sigqueue(struct t_audit_data *); 160 0 stevel static void aus_p_online(struct t_audit_data *); 161 0 stevel static void aus_processor_bind(struct t_audit_data *); 162 0 stevel static void aus_inst_sync(struct t_audit_data *); 163 2712 nn35248 static void aus_brandsys(struct t_audit_data *); 164 0 stevel 165 0 stevel static void auf_accept(struct t_audit_data *, int, rval_t *); 166 0 stevel 167 0 stevel static void auf_bind(struct t_audit_data *, int, rval_t *); 168 0 stevel static void auf_connect(struct t_audit_data *, int, rval_t *); 169 0 stevel static void aus_shutdown(struct t_audit_data *); 170 0 stevel static void auf_setsockopt(struct t_audit_data *, int, rval_t *); 171 0 stevel static void aus_sockconfig(struct t_audit_data *); 172 0 stevel static void auf_recv(struct t_audit_data *, int, rval_t *); 173 0 stevel static void auf_recvmsg(struct t_audit_data *, int, rval_t *); 174 0 stevel static void auf_send(struct t_audit_data *, int, rval_t *); 175 0 stevel static void auf_sendmsg(struct t_audit_data *, int, rval_t *); 176 0 stevel static void auf_recvfrom(struct t_audit_data *, int, rval_t *); 177 0 stevel static void auf_sendto(struct t_audit_data *, int, rval_t *); 178 0 stevel static void aus_socket(struct t_audit_data *); 179 0 stevel /* 180 0 stevel * This table contains mapping information for converting system call numbers 181 0 stevel * to audit event IDs. In several cases it is necessary to map a single system 182 0 stevel * call to several events. 183 0 stevel */ 184 6207 gww 185 6207 gww #define aui_null NULL /* NULL initialize function */ 186 6207 gww #define aus_null NULL /* NULL start function */ 187 6207 gww #define auf_null NULL /* NULL finish function */ 188 0 stevel 189 0 stevel struct audit_s2e audit_s2e[] = 190 0 stevel { 191 0 stevel /* 192 0 stevel * ---------- ---------- ---------- ---------- 193 0 stevel * INITIAL AUDIT START SYSTEM 194 0 stevel * PROCESSING EVENT PROCESSING CALL 195 0 stevel * ---------- ---------- ---------- ----------- 196 0 stevel * FINISH EVENT 197 0 stevel * PROCESSING CONTROL 198 0 stevel * ---------------------------------------------------------- 199 0 stevel */ 200 0 stevel aui_null, AUE_NULL, aus_null, /* 0 unused (indirect) */ 201 0 stevel auf_null, 0, 202 0 stevel aui_null, AUE_EXIT, aus_null, /* 1 exit */ 203 0 stevel auf_null, S2E_NPT, 204 0 stevel aui_null, AUE_FORKALL, aus_null, /* 2 forkall */ 205 0 stevel auf_null, 0, 206 0 stevel aui_null, AUE_READ, aus_null, /* 3 read */ 207 0 stevel auf_read, S2E_PUB, 208 0 stevel aui_null, AUE_WRITE, aus_null, /* 4 write */ 209 0 stevel auf_write, 0, 210 0 stevel aui_open, AUE_OPEN, aus_open, /* 5 open */ 211 0 stevel auf_null, S2E_SP, 212 0 stevel aui_null, AUE_CLOSE, aus_close, /* 6 close */ 213 0 stevel auf_null, 0, 214 0 stevel aui_null, AUE_NULL, aus_null, /* 7 wait */ 215 0 stevel auf_null, 0, 216 0 stevel aui_null, AUE_CREAT, aus_null, /* 8 create */ 217 0 stevel auf_null, S2E_SP, 218 0 stevel aui_null, AUE_LINK, aus_null, /* 9 link */ 219 0 stevel auf_null, 0, 220 0 stevel aui_null, AUE_UNLINK, aus_null, /* 10 unlink */ 221 0 stevel auf_null, 0, 222 0 stevel aui_execv, AUE_EXEC, aus_null, /* 11 exec */ 223 0 stevel auf_null, S2E_MLD, 224 0 stevel aui_null, AUE_CHDIR, aus_null, /* 12 chdir */ 225 0 stevel auf_null, S2E_SP, 226 0 stevel aui_null, AUE_NULL, aus_null, /* 13 time */ 227 0 stevel auf_null, 0, 228 0 stevel aui_null, AUE_MKNOD, aus_mknod, /* 14 mknod */ 229 0 stevel auf_mknod, 0, 230 0 stevel aui_null, AUE_CHMOD, aus_chmod, /* 15 chmod */ 231 0 stevel auf_null, 0, 232 0 stevel aui_null, AUE_CHOWN, aus_chown, /* 16 chown */ 233 0 stevel auf_null, 0, 234 0 stevel aui_null, AUE_NULL, aus_null, /* 17 brk */ 235 0 stevel auf_null, 0, 236 0 stevel aui_null, AUE_STAT, aus_null, /* 18 stat */ 237 0 stevel auf_null, S2E_PUB, 238 0 stevel aui_null, AUE_NULL, aus_null, /* 19 lseek */ 239 0 stevel auf_null, 0, 240 0 stevel aui_null, AUE_NULL, aus_null, /* 20 getpid */ 241 0 stevel auf_null, 0, 242 0 stevel aui_null, AUE_MOUNT, aus_mount, /* 21 mount */ 243 0 stevel auf_null, S2E_MLD, 244 0 stevel aui_null, AUE_UMOUNT, aus_umount, /* 22 umount */ 245 0 stevel auf_null, 0, 246 0 stevel aui_null, AUE_SETUID, aus_setuid, /* 23 setuid */ 247 0 stevel auf_null, 0, 248 0 stevel aui_null, AUE_NULL, aus_null, /* 24 getuid */ 249 0 stevel auf_null, 0, 250 0 stevel aui_null, AUE_STIME, aus_null, /* 25 stime */ 251 0 stevel auf_null, 0, 252 0 stevel aui_null, AUE_NULL, aus_null, /* 26 (loadable) was ptrace */ 253 0 stevel auf_null, 0, 254 0 stevel aui_null, AUE_NULL, aus_null, /* 27 alarm */ 255 0 stevel auf_null, 0, 256 0 stevel aui_null, AUE_NULL, aus_null, /* 28 fstat */ 257 0 stevel auf_null, 0, 258 0 stevel aui_null, AUE_NULL, aus_null, /* 29 pause */ 259 0 stevel auf_null, 0, 260 0 stevel aui_null, AUE_UTIME, aus_null, /* 30 utime */ 261 0 stevel auf_null, 0, 262 0 stevel aui_null, AUE_NULL, aus_null, /* 31 stty (TIOCSETP-audit?) */ 263 0 stevel auf_null, 0, 264 0 stevel aui_null, AUE_NULL, aus_null, /* 32 gtty */ 265 0 stevel auf_null, 0, 266 0 stevel aui_null, AUE_ACCESS, aus_null, /* 33 access */ 267 0 stevel auf_null, S2E_PUB, 268 0 stevel aui_null, AUE_NICE, aus_null, /* 34 nice */ 269 0 stevel auf_null, 0, 270 0 stevel aui_null, AUE_STATFS, aus_null, /* 35 statfs */ 271 0 stevel auf_null, S2E_PUB, 272 0 stevel aui_null, AUE_NULL, aus_null, /* 36 sync */ 273 0 stevel auf_null, 0, 274 0 stevel aui_null, AUE_KILL, aus_kill, /* 37 kill */ 275 0 stevel auf_null, 0, 276 0 stevel aui_null, AUE_FSTATFS, aus_fstatfs, /* 38 fstatfs */ 277 0 stevel auf_null, S2E_PUB, 278 9100 Jan aui_setpgrp, AUE_SETPGRP, aus_setpgrp, /* 39 setpgrp */ 279 0 stevel auf_null, 0, 280 2712 nn35248 aui_null, AUE_NULL, aus_null, /* 40 uucopystr */ 281 0 stevel auf_null, 0, 282 0 stevel aui_null, AUE_NULL, aus_null, /* 41 dup */ 283 0 stevel auf_null, 0, 284 0 stevel aui_null, AUE_PIPE, aus_null, /* 42 pipe */ 285 0 stevel auf_null, 0, 286 0 stevel aui_null, AUE_NULL, aus_null, /* 43 times */ 287 0 stevel auf_null, 0, 288 0 stevel aui_null, AUE_NULL, aus_null, /* 44 profil */ 289 0 stevel auf_null, 0, 290 0 stevel aui_null, AUE_NULL, aus_null, /* 45 (loadable) */ 291 0 stevel /* was proc lock */ 292 0 stevel auf_null, 0, 293 0 stevel aui_null, AUE_SETGID, aus_setgid, /* 46 setgid */ 294 0 stevel auf_null, 0, 295 0 stevel aui_null, AUE_NULL, aus_null, /* 47 getgid */ 296 0 stevel auf_null, 0, 297 0 stevel aui_null, AUE_NULL, aus_null, /* 48 sig */ 298 0 stevel auf_null, 0, 299 0 stevel aui_msgsys, AUE_MSGSYS, aus_msgsys, /* 49 (loadable) was msgsys */ 300 0 stevel auf_msgsys, 0, 301 0 stevel #if defined(__x86) 302 0 stevel aui_null, AUE_NULL, aus_null, /* 50 sysi86 */ 303 0 stevel auf_null, 0, 304 0 stevel #else 305 0 stevel aui_null, AUE_NULL, aus_null, /* 50 (loadable) was sys3b */ 306 0 stevel auf_null, 0, 307 0 stevel #endif /* __x86 */ 308 0 stevel aui_null, AUE_ACCT, aus_acct, /* 51 acct */ 309 0 stevel auf_null, 0, 310 0 stevel aui_shmsys, AUE_SHMSYS, aus_shmsys, /* 52 shared memory */ 311 0 stevel auf_shmsys, 0, 312 0 stevel aui_semsys, AUE_SEMSYS, aus_semsys, /* 53 IPC semaphores */ 313 0 stevel auf_semsys, 0, 314 0 stevel aui_null, AUE_IOCTL, aus_ioctl, /* 54 ioctl */ 315 0 stevel auf_null, 0, 316 0 stevel aui_null, AUE_NULL, aus_null, /* 55 uadmin */ 317 0 stevel auf_null, 0, 318 0 stevel aui_null, AUE_NULL, aus_null, /* 56 (loadable) was uexch */ 319 0 stevel auf_null, 0, 320 0 stevel aui_utssys, AUE_FUSERS, aus_null, /* 57 utssys */ 321 0 stevel auf_null, 0, 322 0 stevel aui_null, AUE_NULL, aus_null, /* 58 fsync */ 323 0 stevel auf_null, 0, 324 0 stevel aui_execve, AUE_EXECVE, aus_null, /* 59 exece */ 325 0 stevel auf_null, S2E_MLD, 326 0 stevel aui_null, AUE_NULL, aus_null, /* 60 umask */ 327 0 stevel auf_null, 0, 328 0 stevel aui_null, AUE_CHROOT, aus_null, /* 61 chroot */ 329 0 stevel auf_null, S2E_SP, 330 0 stevel aui_fcntl, AUE_FCNTL, aus_fcntl, /* 62 fcntl */ 331 0 stevel auf_null, 0, 332 0 stevel aui_null, AUE_NULL, aus_null, /* 63 ulimit */ 333 0 stevel auf_null, 0, 334 0 stevel aui_null, AUE_NULL, aus_null, /* 64 (loadable) */ 335 0 stevel auf_null, 0, 336 0 stevel aui_null, AUE_NULL, aus_null, /* 65 (loadable) */ 337 0 stevel auf_null, 0, 338 0 stevel aui_null, AUE_NULL, aus_null, /* 66 (loadable) */ 339 0 stevel auf_null, 0, 340 0 stevel aui_null, AUE_NULL, aus_null, /* 67 (loadable) */ 341 0 stevel /* file locking call */ 342 0 stevel auf_null, 0, 343 0 stevel aui_null, AUE_NULL, aus_null, /* 68 (loadable) */ 344 0 stevel /* local system calls */ 345 0 stevel auf_null, 0, 346 0 stevel aui_null, AUE_NULL, aus_null, /* 69 (loadable) inode open */ 347 0 stevel auf_null, 0, 348 0 stevel aui_null, AUE_NULL, aus_null, /* 70 (loadable) was advfs */ 349 0 stevel auf_null, 0, 350 0 stevel aui_null, AUE_NULL, aus_null, /* 71 (loadable) was unadvfs */ 351 0 stevel auf_null, 0, 352 0 stevel aui_null, AUE_NULL, aus_null, /* 72 (loadable) was notused */ 353 0 stevel auf_null, 0, 354 0 stevel aui_null, AUE_NULL, aus_null, /* 73 (loadable) was notused */ 355 0 stevel auf_null, 0, 356 0 stevel aui_null, AUE_NULL, aus_null, /* 74 (loadable) was notused */ 357 0 stevel auf_null, 0, 358 4321 casper aui_null, AUE_NULL, aus_null, /* 75 sidsys */ 359 0 stevel /* was sigret (SunOS) */ 360 0 stevel auf_null, 0, 361 0 stevel aui_fsat, AUE_FSAT, aus_fsat, /* 76 fsat */ 362 0 stevel auf_null, 0, 363 0 stevel aui_null, AUE_NULL, aus_null, /* 77 (loadable) was rfstop */ 364 0 stevel auf_null, 0, 365 0 stevel aui_null, AUE_NULL, aus_null, /* 78 (loadable) was rfssys */ 366 0 stevel auf_null, 0, 367 0 stevel aui_null, AUE_RMDIR, aus_null, /* 79 rmdir */ 368 0 stevel auf_null, 0, 369 0 stevel aui_null, AUE_MKDIR, aus_mkdir, /* 80 mkdir */ 370 0 stevel auf_null, 0, 371 0 stevel aui_null, AUE_NULL, aus_null, /* 81 getdents */ 372 0 stevel auf_null, 0, 373 0 stevel aui_privsys, AUE_NULL, aus_null, /* 82 privsys */ 374 0 stevel /* was libattach */ 375 0 stevel auf_null, 0, 376 0 stevel aui_null, AUE_NULL, aus_null, /* 83 (loadable) */ 377 0 stevel /* was libdetach */ 378 0 stevel auf_null, 0, 379 0 stevel aui_null, AUE_NULL, aus_null, /* 84 sysfs */ 380 0 stevel auf_null, 0, 381 0 stevel aui_null, AUE_GETMSG, aus_getmsg, /* 85 getmsg */ 382 0 stevel auf_null, 0, 383 0 stevel aui_null, AUE_PUTMSG, aus_putmsg, /* 86 putmsg */ 384 0 stevel auf_null, 0, 385 0 stevel aui_null, AUE_NULL, aus_null, /* 87 poll */ 386 0 stevel auf_null, 0, 387 0 stevel aui_null, AUE_LSTAT, aus_null, /* 88 lstat */ 388 0 stevel auf_null, S2E_PUB, 389 0 stevel aui_null, AUE_SYMLINK, aus_null, /* 89 symlink */ 390 0 stevel auf_null, 0, 391 0 stevel aui_null, AUE_READLINK, aus_null, /* 90 readlink */ 392 0 stevel auf_null, S2E_PUB, 393 0 stevel aui_null, AUE_SETGROUPS, aus_setgroups, /* 91 setgroups */ 394 0 stevel auf_null, 0, 395 0 stevel aui_null, AUE_NULL, aus_null, /* 92 getgroups */ 396 0 stevel auf_null, 0, 397 0 stevel aui_null, AUE_FCHMOD, aus_fchmod, /* 93 fchmod */ 398 0 stevel auf_null, 0, 399 0 stevel aui_null, AUE_FCHOWN, aus_fchown, /* 94 fchown */ 400 0 stevel auf_null, 0, 401 0 stevel aui_null, AUE_NULL, aus_null, /* 95 sigprocmask */ 402 0 stevel auf_null, 0, 403 0 stevel aui_null, AUE_NULL, aus_null, /* 96 sigsuspend */ 404 0 stevel auf_null, 0, 405 0 stevel aui_null, AUE_NULL, aus_null, /* 97 sigaltstack */ 406 0 stevel auf_null, 0, 407 0 stevel aui_null, AUE_NULL, aus_null, /* 98 sigaction */ 408 0 stevel auf_null, 0, 409 0 stevel aui_null, AUE_NULL, aus_null, /* 99 sigpending */ 410 0 stevel auf_null, 0, 411 0 stevel aui_null, AUE_NULL, aus_null, /* 100 setcontext */ 412 0 stevel auf_null, 0, 413 0 stevel aui_null, AUE_NULL, aus_null, /* 101 (loadable) was evsys */ 414 0 stevel auf_null, 0, 415 0 stevel aui_null, AUE_NULL, aus_null, /* 102 (loadable) */ 416 0 stevel /* was evtrapret */ 417 0 stevel auf_null, 0, 418 0 stevel aui_null, AUE_STATVFS, aus_null, /* 103 statvfs */ 419 0 stevel auf_null, S2E_PUB, 420 0 stevel aui_null, AUE_NULL, aus_null, /* 104 fstatvfs */ 421 0 stevel auf_null, 0, 422 0 stevel aui_null, AUE_NULL, aus_null, /* 105 (loadable) */ 423 0 stevel auf_null, 0, 424 0 stevel aui_null, AUE_NULL, aus_null, /* 106 nfssys */ 425 0 stevel auf_null, 0, 426 0 stevel aui_null, AUE_NULL, aus_null, /* 107 waitset */ 427 0 stevel auf_null, 0, 428 0 stevel aui_null, AUE_NULL, aus_null, /* 108 sigsendset */ 429 0 stevel auf_null, 0, 430 0 stevel #if defined(__x86) 431 0 stevel aui_null, AUE_NULL, aus_null, /* 109 hrtsys */ 432 0 stevel auf_null, 0, 433 0 stevel #else 434 0 stevel aui_null, AUE_NULL, aus_null, /* 109 (loadable) */ 435 0 stevel auf_null, 0, 436 0 stevel #endif /* __x86 */ 437 0 stevel aui_null, AUE_NULL, aus_null, /* 110 (loadable) was acancel */ 438 0 stevel auf_null, 0, 439 0 stevel aui_null, AUE_NULL, aus_null, /* 111 (loadable) was async */ 440 0 stevel auf_null, 0, 441 0 stevel aui_null, AUE_PRIOCNTLSYS, aus_priocntlsys, 442 0 stevel auf_null, 0, /* 112 priocntlsys */ 443 0 stevel aui_null, AUE_PATHCONF, aus_null, /* 113 pathconf */ 444 0 stevel auf_null, S2E_PUB, 445 0 stevel aui_null, AUE_NULL, aus_null, /* 114 mincore */ 446 0 stevel auf_null, 0, 447 0 stevel aui_null, AUE_MMAP, aus_mmap, /* 115 mmap */ 448 0 stevel auf_null, 0, 449 0 stevel aui_null, AUE_NULL, aus_null, /* 116 mprotect */ 450 0 stevel auf_null, 0, 451 0 stevel aui_null, AUE_MUNMAP, aus_munmap, /* 117 munmap */ 452 0 stevel auf_null, 0, 453 0 stevel aui_null, AUE_NULL, aus_null, /* 118 fpathconf */ 454 0 stevel auf_null, 0, 455 0 stevel aui_null, AUE_VFORK, aus_null, /* 119 vfork */ 456 0 stevel auf_null, 0, 457 0 stevel aui_null, AUE_FCHDIR, aus_null, /* 120 fchdir */ 458 0 stevel auf_null, 0, 459 0 stevel aui_null, AUE_READ, aus_null, /* 121 readv */ 460 0 stevel auf_read, S2E_PUB, 461 0 stevel aui_null, AUE_WRITE, aus_null, /* 122 writev */ 462 0 stevel auf_write, 0, 463 0 stevel aui_null, AUE_STAT, aus_null, /* 123 xstat (x86) */ 464 0 stevel auf_null, S2E_PUB, 465 0 stevel aui_null, AUE_LSTAT, aus_null, /* 124 lxstat (x86) */ 466 0 stevel auf_null, S2E_PUB, 467 0 stevel aui_null, AUE_NULL, aus_null, /* 125 fxstat (x86) */ 468 0 stevel auf_null, 0, 469 0 stevel aui_null, AUE_MKNOD, aus_xmknod, /* 126 xmknod (x86) */ 470 0 stevel auf_xmknod, 0, 471 0 stevel aui_null, AUE_NULL, aus_null, /* 127 (loadable) was clocal */ 472 0 stevel auf_null, 0, 473 0 stevel aui_null, AUE_SETRLIMIT, aus_null, /* 128 setrlimit */ 474 0 stevel auf_null, 0, 475 0 stevel aui_null, AUE_NULL, aus_null, /* 129 getrlimit */ 476 0 stevel auf_null, 0, 477 0 stevel aui_null, AUE_LCHOWN, aus_lchown, /* 130 lchown */ 478 0 stevel auf_null, 0, 479 0 stevel aui_memcntl, AUE_MEMCNTL, aus_memcntl, /* 131 memcntl */ 480 0 stevel auf_null, 0, 481 0 stevel aui_null, AUE_GETPMSG, aus_getpmsg, /* 132 getpmsg */ 482 0 stevel auf_null, 0, 483 0 stevel aui_null, AUE_PUTPMSG, aus_putpmsg, /* 133 putpmsg */ 484 0 stevel auf_null, 0, 485 0 stevel aui_null, AUE_RENAME, aus_null, /* 134 rename */ 486 0 stevel auf_null, 0, 487 0 stevel aui_null, AUE_NULL, aus_null, /* 135 uname */ 488 0 stevel auf_null, 0, 489 0 stevel aui_null, AUE_SETEGID, aus_setegid, /* 136 setegid */ 490 0 stevel auf_null, 0, 491 0 stevel aui_null, AUE_NULL, aus_null, /* 137 sysconfig */ 492 0 stevel auf_null, 0, 493 0 stevel aui_null, AUE_ADJTIME, aus_null, /* 138 adjtime */ 494 0 stevel auf_null, 0, 495 0 stevel aui_sysinfo, AUE_SYSINFO, aus_sysinfo, /* 139 systeminfo */ 496 0 stevel auf_null, 0, 497 0 stevel aui_null, AUE_NULL, aus_null, /* 140 reserved */ 498 0 stevel auf_null, 0, 499 0 stevel aui_null, AUE_SETEUID, aus_seteuid, /* 141 seteuid */ 500 0 stevel auf_null, 0, 501 3235 raf aui_forksys, AUE_NULL, aus_null, /* 142 forksys */ 502 0 stevel auf_null, 0, 503 0 stevel aui_null, AUE_FORK1, aus_null, /* 143 fork1 */ 504 0 stevel auf_null, 0, 505 0 stevel aui_null, AUE_NULL, aus_null, /* 144 sigwait */ 506 0 stevel auf_null, 0, 507 0 stevel aui_null, AUE_NULL, aus_null, /* 145 lwp_info */ 508 0 stevel auf_null, 0, 509 0 stevel aui_null, AUE_NULL, aus_null, /* 146 yield */ 510 0 stevel auf_null, 0, 511 0 stevel aui_null, AUE_NULL, aus_null, /* 147 lwp_sema_wait */ 512 0 stevel auf_null, 0, 513 0 stevel aui_null, AUE_NULL, aus_null, /* 148 lwp_sema_post */ 514 0 stevel auf_null, 0, 515 0 stevel aui_null, AUE_NULL, aus_null, /* 149 lwp_sema_trywait */ 516 0 stevel auf_null, 0, 517 0 stevel aui_null, AUE_NULL, aus_null, /* 150 (loadable reserved) */ 518 0 stevel auf_null, 0, 519 0 stevel aui_null, AUE_NULL, aus_null, /* 151 (loadable reserved) */ 520 0 stevel auf_null, 0, 521 0 stevel aui_modctl, AUE_MODCTL, aus_modctl, /* 152 modctl */ 522 0 stevel auf_null, 0, 523 0 stevel aui_null, AUE_FCHROOT, aus_null, /* 153 fchroot */ 524 0 stevel auf_null, 0, 525 0 stevel aui_null, AUE_UTIMES, aus_null, /* 154 utimes */ 526 0 stevel auf_null, 0, 527 0 stevel aui_null, AUE_NULL, aus_null, /* 155 vhangup */ 528 0 stevel auf_null, 0, 529 0 stevel aui_null, AUE_NULL, aus_null, /* 156 gettimeofday */ 530 0 stevel auf_null, 0, 531 0 stevel aui_null, AUE_NULL, aus_null, /* 157 getitimer */ 532 0 stevel auf_null, 0, 533 0 stevel aui_null, AUE_NULL, aus_null, /* 158 setitimer */ 534 0 stevel auf_null, 0, 535 0 stevel aui_null, AUE_NULL, aus_null, /* 159 lwp_create */ 536 0 stevel auf_null, 0, 537 0 stevel aui_null, AUE_NULL, aus_null, /* 160 lwp_exit */ 538 0 stevel auf_null, 0, 539 0 stevel aui_null, AUE_NULL, aus_null, /* 161 lwp_suspend */ 540 0 stevel auf_null, 0, 541 0 stevel aui_null, AUE_NULL, aus_null, /* 162 lwp_continue */ 542 0 stevel auf_null, 0, 543 0 stevel aui_null, AUE_NULL, aus_null, /* 163 lwp_kill */ 544 0 stevel auf_null, 0, 545 0 stevel aui_null, AUE_NULL, aus_null, /* 164 lwp_self */ 546 0 stevel auf_null, 0, 547 0 stevel aui_null, AUE_NULL, aus_null, /* 165 (loadable) */ 548 0 stevel /* was lwp_setprivate */ 549 0 stevel auf_null, 0, 550 0 stevel aui_null, AUE_NULL, aus_null, /* 166 (loadable) */ 551 0 stevel /* was lwp_getprivate */ 552 0 stevel auf_null, 0, 553 0 stevel aui_null, AUE_NULL, aus_null, /* 167 lwp_wait */ 554 0 stevel auf_null, 0, 555 4574 raf aui_null, AUE_NULL, aus_null, /* 168 lwp_mutex_wakeup */ 556 0 stevel auf_null, 0, 557 0 stevel aui_null, AUE_NULL, aus_null, /* 169 lwp_mutex_lock */ 558 0 stevel auf_null, 0, 559 0 stevel aui_null, AUE_NULL, aus_null, /* 170 lwp_cond_wait */ 560 0 stevel auf_null, 0, 561 0 stevel aui_null, AUE_NULL, aus_null, /* 171 lwp_cond_signal */ 562 0 stevel auf_null, 0, 563 0 stevel aui_null, AUE_NULL, aus_null, /* 172 lwp_cond_broadcast */ 564 0 stevel auf_null, 0, 565 0 stevel aui_null, AUE_READ, aus_null, /* 173 pread */ 566 0 stevel auf_read, S2E_PUB, 567 0 stevel aui_null, AUE_WRITE, aus_null, /* 174 pwrite */ 568 0 stevel auf_write, 0, 569 0 stevel aui_null, AUE_NULL, aus_null, /* 175 llseek */ 570 0 stevel auf_null, 0, 571 0 stevel aui_null, AUE_INST_SYNC, aus_inst_sync, /* 176 (loadable) */ 572 0 stevel /* aus_inst_sync */ 573 0 stevel auf_null, 0, 574 2712 nn35248 aui_null, AUE_BRANDSYS, aus_brandsys, /* 177 brandsys */ 575 0 stevel auf_null, 0, 576 0 stevel aui_null, AUE_NULL, aus_null, /* 178 (loadable) */ 577 0 stevel auf_null, 0, 578 0 stevel aui_null, AUE_NULL, aus_null, /* 179 (loadable) */ 579 0 stevel auf_null, 0, 580 0 stevel aui_null, AUE_NULL, aus_null, /* 180 (loadable) kaio */ 581 0 stevel auf_null, 0, 582 0 stevel aui_null, AUE_NULL, aus_null, /* 181 (loadable) */ 583 0 stevel auf_null, 0, 584 4863 praks aui_portfs, AUE_PORTFS, aus_null, /* 182 (loadable) portfs */ 585 9080 Jan auf_null, S2E_MLD, 586 0 stevel aui_null, AUE_NULL, aus_null, /* 183 (loadable) */ 587 0 stevel auf_null, 0, 588 6688 rica aui_labelsys, AUE_NULL, aus_labelsys, /* 184 labelsys */ 589 0 stevel auf_null, 0, 590 0 stevel aui_acl, AUE_ACLSET, aus_acl, /* 185 acl */ 591 0 stevel auf_null, 0, 592 0 stevel aui_auditsys, AUE_AUDITSYS, aus_auditsys, /* 186 auditsys */ 593 0 stevel auf_null, 0, 594 0 stevel aui_null, AUE_PROCESSOR_BIND, aus_processor_bind, 595 0 stevel auf_null, 0, /* 187 processor_bind */ 596 0 stevel aui_null, AUE_NULL, aus_null, /* 188 processor_info */ 597 0 stevel auf_null, 0, 598 0 stevel aui_null, AUE_P_ONLINE, aus_p_online, /* 189 p_online */ 599 0 stevel auf_null, 0, 600 0 stevel aui_null, AUE_NULL, aus_sigqueue, /* 190 sigqueue */ 601 0 stevel auf_null, 0, 602 0 stevel aui_null, AUE_NULL, aus_null, /* 191 clock_gettime */ 603 0 stevel auf_null, 0, 604 0 stevel aui_null, AUE_CLOCK_SETTIME, aus_null, /* 192 clock_settime */ 605 0 stevel auf_null, 0, 606 0 stevel aui_null, AUE_NULL, aus_null, /* 193 clock_getres */ 607 0 stevel auf_null, 0, 608 0 stevel aui_null, AUE_NULL, aus_null, /* 194 timer_create */ 609 0 stevel auf_null, 0, 610 0 stevel aui_null, AUE_NULL, aus_null, /* 195 timer_delete */ 611 0 stevel auf_null, 0, 612 0 stevel aui_null, AUE_NULL, aus_null, /* 196 timer_settime */ 613 0 stevel auf_null, 0, 614 0 stevel aui_null, AUE_NULL, aus_null, /* 197 timer_gettime */ 615 0 stevel auf_null, 0, 616 0 stevel aui_null, AUE_NULL, aus_null, /* 198 timer_getoverrun */ 617 0 stevel auf_null, 0, 618 0 stevel aui_null, AUE_NULL, aus_null, /* 199 nanosleep */ 619 0 stevel auf_null, 0, 620 0 stevel aui_acl, AUE_FACLSET, aus_facl, /* 200 facl */ 621 0 stevel auf_null, 0, 622 0 stevel aui_doorfs, AUE_DOORFS, aus_doorfs, /* 201 (loadable) doorfs */ 623 0 stevel auf_null, 0, 624 0 stevel aui_null, AUE_SETREUID, aus_setreuid, /* 202 setreuid */ 625 0 stevel auf_null, 0, 626 0 stevel aui_null, AUE_SETREGID, aus_setregid, /* 203 setregid */ 627 0 stevel auf_null, 0, 628 0 stevel aui_null, AUE_NULL, aus_null, /* 204 install_utrap */ 629 0 stevel auf_null, 0, 630 0 stevel aui_null, AUE_NULL, aus_null, /* 205 signotify */ 631 0 stevel auf_null, 0, 632 0 stevel aui_null, AUE_NULL, aus_null, /* 206 schedctl */ 633 0 stevel auf_null, 0, 634 0 stevel aui_null, AUE_NULL, aus_null, /* 207 (loadable) pset */ 635 0 stevel auf_null, 0, 636 0 stevel aui_null, AUE_NULL, aus_null, /* 208 (loadable) */ 637 0 stevel auf_null, 0, 638 0 stevel aui_null, AUE_NULL, aus_null, /* 209 resolvepath */ 639 0 stevel auf_null, 0, 640 0 stevel aui_null, AUE_NULL, aus_null, /* 210 lwp_mutex_timedlock */ 641 0 stevel auf_null, 0, 642 0 stevel aui_null, AUE_NULL, aus_null, /* 211 lwp_sema_timedwait */ 643 0 stevel auf_null, 0, 644 0 stevel aui_null, AUE_NULL, aus_null, /* 212 lwp_rwlock_sys */ 645 0 stevel auf_null, 0, 646 0 stevel aui_null, AUE_NULL, aus_null, /* 213 getdents64 (__ppc) */ 647 0 stevel auf_null, 0, 648 0 stevel aui_null, AUE_MMAP, aus_mmap, /* 214 mmap64 */ 649 0 stevel auf_null, 0, 650 0 stevel aui_null, AUE_STAT, aus_null, /* 215 stat64 */ 651 0 stevel auf_null, S2E_PUB, 652 0 stevel aui_null, AUE_LSTAT, aus_null, /* 216 lstat64 */ 653 0 stevel auf_null, S2E_PUB, 654 0 stevel aui_null, AUE_NULL, aus_null, /* 217 fstat64 */ 655 0 stevel auf_null, 0, 656 0 stevel aui_null, AUE_STATVFS, aus_null, /* 218 statvfs64 */ 657 0 stevel auf_null, S2E_PUB, 658 0 stevel aui_null, AUE_NULL, aus_null, /* 219 fstatvfs64 */ 659 0 stevel auf_null, 0, 660 0 stevel aui_null, AUE_SETRLIMIT, aus_null, /* 220 setrlimit64 */ 661 0 stevel auf_null, 0, 662 0 stevel aui_null, AUE_NULL, aus_null, /* 221 getrlimit64 */ 663 0 stevel auf_null, 0, 664 0 stevel aui_null, AUE_READ, aus_null, /* 222 pread64 */ 665 0 stevel auf_read, S2E_PUB, 666 0 stevel aui_null, AUE_WRITE, aus_null, /* 223 pwrite64 */ 667 0 stevel auf_write, 0, 668 0 stevel aui_null, AUE_CREAT, aus_null, /* 224 creat64 */ 669 0 stevel auf_null, S2E_SP, 670 0 stevel aui_open, AUE_OPEN, aus_open, /* 225 open64 */ 671 0 stevel auf_null, S2E_SP, 672 0 stevel aui_null, AUE_NULL, aus_null, /* 226 (loadable) rpcsys */ 673 0 stevel auf_null, 0, 674 0 stevel aui_null, AUE_NULL, aus_null, /* 227 (loadable) */ 675 0 stevel auf_null, 0, 676 0 stevel aui_null, AUE_NULL, aus_null, /* 228 (loadable) */ 677 0 stevel auf_null, 0, 678 0 stevel aui_null, AUE_NULL, aus_null, /* 229 (loadable) */ 679 0 stevel auf_null, 0, 680 0 stevel aui_null, AUE_SOCKET, aus_socket, /* 230 so_socket */ 681 0 stevel auf_null, 0, 682 0 stevel aui_null, AUE_NULL, aus_null, /* 231 so_socketpair */ 683 0 stevel auf_null, 0, 684 0 stevel aui_null, AUE_BIND, aus_null, /* 232 bind */ 685 0 stevel auf_bind, 0, 686 0 stevel aui_null, AUE_NULL, aus_null, /* 233 listen */ 687 0 stevel auf_null, 0, 688 0 stevel aui_null, AUE_ACCEPT, aus_null, /* 234 accept */ 689 0 stevel auf_accept, 0, 690 0 stevel aui_null, AUE_CONNECT, aus_null, /* 235 connect */ 691 0 stevel auf_connect, 0, 692 0 stevel aui_null, AUE_SHUTDOWN, aus_shutdown, /* 236 shutdown */ 693 0 stevel auf_null, 0, 694 0 stevel aui_null, AUE_READ, aus_null, /* 237 recv */ 695 0 stevel auf_recv, 0, 696 0 stevel aui_null, AUE_RECVFROM, aus_null, /* 238 recvfrom */ 697 0 stevel auf_recvfrom, 0, 698 0 stevel aui_null, AUE_RECVMSG, aus_null, /* 239 recvmsg */ 699 0 stevel auf_recvmsg, 0, 700 0 stevel aui_null, AUE_WRITE, aus_null, /* 240 send */ 701 0 stevel auf_send, 0, 702 0 stevel aui_null, AUE_SENDMSG, aus_null, /* 241 sendmsg */ 703 0 stevel auf_sendmsg, 0, 704 0 stevel aui_null, AUE_SENDTO, aus_null, /* 242 sendto */ 705 0 stevel auf_sendto, 0, 706 0 stevel aui_null, AUE_NULL, aus_null, /* 243 getpeername */ 707 0 stevel auf_null, 0, 708 0 stevel aui_null, AUE_NULL, aus_null, /* 244 getsockname */ 709 0 stevel auf_null, 0, 710 0 stevel aui_null, AUE_NULL, aus_null, /* 245 getsockopt */ 711 0 stevel auf_null, 0, 712 0 stevel aui_null, AUE_SETSOCKOPT, aus_null, /* 246 setsockopt */ 713 0 stevel auf_setsockopt, 0, 714 0 stevel aui_null, AUE_SOCKCONFIG, aus_sockconfig, /* 247 sockconfig */ 715 0 stevel auf_null, 0, 716 0 stevel aui_null, AUE_NULL, aus_null, /* 248 ntp_gettime */ 717 0 stevel auf_null, 0, 718 0 stevel aui_null, AUE_NTP_ADJTIME, aus_null, /* 249 ntp_adjtime */ 719 0 stevel auf_null, 0, 720 0 stevel aui_null, AUE_NULL, aus_null, /* 250 lwp_mutex_unlock */ 721 0 stevel auf_null, 0, 722 0 stevel aui_null, AUE_NULL, aus_null, /* 251 lwp_mutex_trylock */ 723 0 stevel auf_null, 0, 724 4574 raf aui_null, AUE_NULL, aus_null, /* 252 lwp_mutex_register */ 725 0 stevel auf_null, 0, 726 0 stevel aui_null, AUE_NULL, aus_null, /* 253 cladm */ 727 0 stevel auf_null, 0, 728 2712 nn35248 aui_null, AUE_NULL, aus_null, /* 254 uucopy */ 729 0 stevel auf_null, 0, 730 0 stevel aui_null, AUE_UMOUNT2, aus_umount2, /* 255 umount2 */ 731 0 stevel auf_null, 0 732 0 stevel }; 733 0 stevel 734 0 stevel uint_t num_syscall = sizeof (audit_s2e) / sizeof (struct audit_s2e); 735 0 stevel 736 0 stevel 737 0 stevel /* acct start function */ 738 0 stevel /*ARGSUSED*/ 739 0 stevel static void 740 0 stevel aus_acct(struct t_audit_data *tad) 741 0 stevel { 742 0 stevel klwp_t *clwp = ttolwp(curthread); 743 0 stevel uintptr_t fname; 744 0 stevel 745 0 stevel struct a { 746 0 stevel long fname; /* char * */ 747 0 stevel } *uap = (struct a *)clwp->lwp_ap; 748 0 stevel 749 0 stevel fname = (uintptr_t)uap->fname; 750 0 stevel 751 0 stevel if (fname == 0) 752 0 stevel au_uwrite(au_to_arg32(1, "accounting off", (uint32_t)0)); 753 0 stevel } 754 0 stevel 755 0 stevel /* chown start function */ 756 0 stevel /*ARGSUSED*/ 757 0 stevel static void 758 0 stevel aus_chown(struct t_audit_data *tad) 759 0 stevel { 760 0 stevel klwp_t *clwp = ttolwp(curthread); 761 0 stevel uint32_t uid, gid; 762 0 stevel 763 0 stevel struct a { 764 0 stevel long fname; /* char * */ 765 0 stevel long uid; 766 0 stevel long gid; 767 0 stevel } *uap = (struct a *)clwp->lwp_ap; 768 0 stevel 769 0 stevel uid = (uint32_t)uap->uid; 770 0 stevel gid = (uint32_t)uap->gid; 771 0 stevel 772 0 stevel au_uwrite(au_to_arg32(2, "new file uid", uid)); 773 0 stevel au_uwrite(au_to_arg32(3, "new file gid", gid)); 774 0 stevel } 775 0 stevel 776 0 stevel /* fchown start function */ 777 0 stevel /*ARGSUSED*/ 778 0 stevel static void 779 0 stevel aus_fchown(struct t_audit_data *tad) 780 0 stevel { 781 0 stevel klwp_t *clwp = ttolwp(curthread); 782 0 stevel uint32_t uid, gid, fd; 783 0 stevel struct file *fp; 784 0 stevel struct vnode *vp; 785 0 stevel struct f_audit_data *fad; 786 0 stevel 787 0 stevel struct a { 788 0 stevel long fd; 789 0 stevel long uid; 790 0 stevel long gid; 791 0 stevel } *uap = (struct a *)clwp->lwp_ap; 792 0 stevel 793 0 stevel fd = (uint32_t)uap->fd; 794 0 stevel uid = (uint32_t)uap->uid; 795 0 stevel gid = (uint32_t)uap->gid; 796 0 stevel 797 0 stevel au_uwrite(au_to_arg32(2, "new file uid", uid)); 798 0 stevel au_uwrite(au_to_arg32(3, "new file gid", gid)); 799 0 stevel 800 0 stevel /* 801 0 stevel * convert file pointer to file descriptor 802 0 stevel * Note: fd ref count incremented here. 803 0 stevel */ 804 0 stevel if ((fp = getf(fd)) == NULL) 805 0 stevel return; 806 0 stevel 807 0 stevel /* get path from file struct here */ 808 0 stevel fad = F2A(fp); 809 0 stevel if (fad->fad_aupath != NULL) { 810 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 811 0 stevel } else { 812 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 813 0 stevel } 814 0 stevel 815 0 stevel vp = fp->f_vnode; 816 0 stevel audit_attributes(vp); 817 0 stevel 818 0 stevel /* decrement file descriptor reference count */ 819 0 stevel releasef(fd); 820 0 stevel } 821 0 stevel 822 0 stevel /*ARGSUSED*/ 823 0 stevel static void 824 0 stevel aus_lchown(struct t_audit_data *tad) 825 0 stevel { 826 0 stevel klwp_t *clwp = ttolwp(curthread); 827 0 stevel uint32_t uid, gid; 828 0 stevel 829 0 stevel 830 0 stevel struct a { 831 0 stevel long fname; /* char * */ 832 0 stevel long uid; 833 0 stevel long gid; 834 0 stevel } *uap = (struct a *)clwp->lwp_ap; 835 0 stevel 836 0 stevel uid = (uint32_t)uap->uid; 837 0 stevel gid = (uint32_t)uap->gid; 838 0 stevel 839 0 stevel au_uwrite(au_to_arg32(2, "new file uid", uid)); 840 0 stevel au_uwrite(au_to_arg32(3, "new file gid", gid)); 841 0 stevel } 842 0 stevel 843 0 stevel /* chmod start function */ 844 0 stevel /*ARGSUSED*/ 845 0 stevel static void 846 0 stevel aus_chmod(struct t_audit_data *tad) 847 0 stevel { 848 0 stevel klwp_t *clwp = ttolwp(curthread); 849 0 stevel uint32_t fmode; 850 0 stevel 851 0 stevel struct a { 852 0 stevel long fname; /* char * */ 853 0 stevel long fmode; 854 0 stevel } *uap = (struct a *)clwp->lwp_ap; 855 0 stevel 856 0 stevel fmode = (uint32_t)uap->fmode; 857 0 stevel 858 0 stevel au_uwrite(au_to_arg32(2, "new file mode", fmode&07777)); 859 0 stevel } 860 0 stevel 861 0 stevel /* chmod start function */ 862 0 stevel /*ARGSUSED*/ 863 0 stevel static void 864 0 stevel aus_fchmod(struct t_audit_data *tad) 865 0 stevel { 866 0 stevel klwp_t *clwp = ttolwp(curthread); 867 0 stevel uint32_t fmode, fd; 868 0 stevel struct file *fp; 869 0 stevel struct vnode *vp; 870 0 stevel struct f_audit_data *fad; 871 0 stevel 872 0 stevel struct a { 873 0 stevel long fd; 874 0 stevel long fmode; 875 0 stevel } *uap = (struct a *)clwp->lwp_ap; 876 0 stevel 877 0 stevel fd = (uint32_t)uap->fd; 878 0 stevel fmode = (uint32_t)uap->fmode; 879 0 stevel 880 0 stevel au_uwrite(au_to_arg32(2, "new file mode", fmode&07777)); 881 0 stevel 882 0 stevel /* 883 0 stevel * convert file pointer to file descriptor 884 0 stevel * Note: fd ref count incremented here. 885 0 stevel */ 886 0 stevel if ((fp = getf(fd)) == NULL) 887 0 stevel return; 888 0 stevel 889 0 stevel /* get path from file struct here */ 890 0 stevel fad = F2A(fp); 891 0 stevel if (fad->fad_aupath != NULL) { 892 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 893 0 stevel } else { 894 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 895 0 stevel } 896 0 stevel 897 0 stevel vp = fp->f_vnode; 898 0 stevel audit_attributes(vp); 899 0 stevel 900 0 stevel /* decrement file descriptor reference count */ 901 0 stevel releasef(fd); 902 0 stevel } 903 0 stevel 904 0 stevel 905 0 stevel /* convert open to appropriate event */ 906 0 stevel static au_event_t 907 0 stevel aui_open(au_event_t e) 908 0 stevel { 909 0 stevel klwp_t *clwp = ttolwp(curthread); 910 0 stevel uint_t fm; 911 0 stevel 912 0 stevel struct a { 913 0 stevel long fnamep; /* char * */ 914 0 stevel long fmode; 915 0 stevel long cmode; 916 0 stevel } *uap = (struct a *)clwp->lwp_ap; 917 0 stevel 918 0 stevel fm = (uint_t)uap->fmode; 919 0 stevel 920 0 stevel if (fm & O_WRONLY) 921 0 stevel e = AUE_OPEN_W; 922 0 stevel else if (fm & O_RDWR) 923 0 stevel e = AUE_OPEN_RW; 924 0 stevel else 925 0 stevel e = AUE_OPEN_R; 926 0 stevel 927 0 stevel if (fm & O_CREAT) 928 0 stevel e += 1; 929 0 stevel if (fm & O_TRUNC) 930 0 stevel e += 2; 931 0 stevel 932 0 stevel return (e); 933 0 stevel } 934 0 stevel 935 0 stevel /*ARGSUSED*/ 936 0 stevel static void 937 0 stevel aus_open(struct t_audit_data *tad) 938 0 stevel { 939 0 stevel klwp_t *clwp = ttolwp(curthread); 940 0 stevel uint_t fm; 941 0 stevel 942 0 stevel struct a { 943 0 stevel long fnamep; /* char * */ 944 0 stevel long fmode; 945 0 stevel long cmode; 946 0 stevel } *uap = (struct a *)clwp->lwp_ap; 947 0 stevel 948 0 stevel fm = (uint_t)uap->fmode; 949 0 stevel 950 0 stevel /* If no write, create, or trunc modes, mark as a public op */ 951 0 stevel if (!(fm & (O_WRONLY|O_RDWR|O_CREAT|O_TRUNC))) 952 0 stevel tad->tad_ctrl |= PAD_PUBLIC_EV; 953 0 stevel } 954 0 stevel 955 0 stevel /* convert openat(2) to appropriate event */ 956 0 stevel static au_event_t 957 0 stevel aui_fsat(au_event_t e) 958 0 stevel { 959 0 stevel t_audit_data_t *tad = U2A(u); 960 0 stevel klwp_t *clwp = ttolwp(curthread); 961 0 stevel uint_t fmcode, fm; 962 0 stevel struct a { 963 0 stevel long id; 964 0 stevel long arg1; 965 0 stevel long arg2; 966 0 stevel long arg3; 967 0 stevel long arg4; 968 0 stevel long arg5; 969 0 stevel } *uap = (struct a *)clwp->lwp_ap; 970 0 stevel 971 0 stevel fmcode = (uint_t)uap->id; 972 0 stevel 973 0 stevel switch (fmcode) { 974 0 stevel 975 0 stevel case 0: /* openat */ 976 0 stevel case 1: /* openat64 */ 977 0 stevel fm = (uint_t)uap->arg3; 978 0 stevel if (fm & O_WRONLY) 979 0 stevel e = AUE_OPENAT_W; 980 0 stevel else if (fm & O_RDWR) 981 0 stevel e = AUE_OPENAT_RW; 982 0 stevel else 983 0 stevel e = AUE_OPENAT_R; 984 0 stevel 985 0 stevel /* 986 0 stevel * openat modes are defined in the following order: 987 0 stevel * Read only 988 0 stevel * Read|Create 989 0 stevel * Read|Trunc 990 0 stevel * Read|Create|Trunc 991 0 stevel * Write Only 992 0 stevel * Write|Create 993 0 stevel * Write|Trunc 994 0 stevel * Write|Create|Trunc * RW Only 995 0 stevel * RW|Create 996 0 stevel * RW|Trunc 997 0 stevel * RW|Create|Trunc 998 0 stevel */ 999 0 stevel if (fm & O_CREAT) 1000 0 stevel e += 1; /* increment to include CREAT in mode */ 1001 0 stevel if (fm & O_TRUNC) 1002 0 stevel e += 2; /* increment to include TRUNC in mode */ 1003 0 stevel 1004 0 stevel /* convert to appropriate au_ctrl */ 1005 0 stevel tad->tad_ctrl |= PAD_SAVPATH; 1006 0 stevel if (fm & FXATTR) 1007 0 stevel tad->tad_ctrl |= PAD_ATPATH; 1008 0 stevel 1009 0 stevel 1010 0 stevel break; 1011 0 stevel case 2: /* fstatat64 */ 1012 0 stevel case 3: /* fstatat */ 1013 0 stevel e = AUE_FSTATAT; 1014 0 stevel break; 1015 0 stevel case 4: /* fchownat */ 1016 0 stevel e = AUE_FCHOWNAT; 1017 0 stevel break; 1018 0 stevel case 5: /* unlinkat */ 1019 0 stevel e = AUE_UNLINKAT; 1020 0 stevel break; 1021 0 stevel case 6: /* futimesat */ 1022 0 stevel e = AUE_FUTIMESAT; 1023 0 stevel break; 1024 0 stevel case 7: /* renameat */ 1025 0 stevel e = AUE_RENAMEAT; 1026 0 stevel break; 1027 9880 Sumanth case 8: /* faccessat */ 1028 9880 Sumanth e = AUE_FACCESSAT; 1029 9880 Sumanth break; 1030 5331 amw case 9: /* __openattrdirat */ 1031 5331 amw tad->tad_ctrl |= PAD_SAVPATH; 1032 5331 amw /*FALLTHROUGH*/ 1033 0 stevel default: 1034 0 stevel e = AUE_NULL; 1035 0 stevel break; 1036 0 stevel } 1037 0 stevel 1038 0 stevel return (e); 1039 0 stevel } 1040 0 stevel 1041 0 stevel /*ARGSUSED*/ 1042 0 stevel static void 1043 0 stevel aus_fsat(struct t_audit_data *tad) 1044 0 stevel { 1045 0 stevel klwp_t *clwp = ttolwp(curthread); 1046 0 stevel uint_t fmcode, fm; 1047 0 stevel struct a { 1048 0 stevel long id; 1049 0 stevel long arg1; 1050 0 stevel long arg2; 1051 0 stevel long arg3; 1052 0 stevel long arg4; 1053 0 stevel long arg5; 1054 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1055 0 stevel 1056 0 stevel fmcode = (uint_t)uap->id; 1057 0 stevel 1058 0 stevel switch (fmcode) { 1059 0 stevel 1060 0 stevel case 0: /* openat */ 1061 0 stevel case 1: /* openat64 */ 1062 0 stevel fm = (uint_t)uap->arg3; 1063 0 stevel /* If no write, create, or trunc modes, mark as a public op */ 1064 0 stevel if (!(fm & (O_WRONLY|O_RDWR|O_CREAT|O_TRUNC))) 1065 0 stevel tad->tad_ctrl |= PAD_PUBLIC_EV; 1066 0 stevel 1067 0 stevel break; 1068 0 stevel case 2: /* fstatat64 */ 1069 0 stevel case 3: /* fstatat */ 1070 0 stevel tad->tad_ctrl |= PAD_PUBLIC_EV; 1071 0 stevel break; 1072 0 stevel default: 1073 0 stevel break; 1074 0 stevel } 1075 0 stevel } 1076 0 stevel 1077 0 stevel /* msgsys */ 1078 0 stevel static au_event_t 1079 0 stevel aui_msgsys(au_event_t e) 1080 0 stevel { 1081 0 stevel klwp_t *clwp = ttolwp(curthread); 1082 0 stevel uint_t fm; 1083 0 stevel 1084 0 stevel struct a { 1085 0 stevel long id; /* function code id */ 1086 0 stevel long ap; /* arg pointer for recvmsg */ 1087 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1088 0 stevel 1089 0 stevel struct b { 1090 0 stevel long msgid; 1091 0 stevel long cmd; 1092 0 stevel long buf; /* struct msqid_ds * */ 1093 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 1094 0 stevel 1095 0 stevel fm = (uint_t)uap->id; 1096 0 stevel 1097 0 stevel switch (fm) { 1098 0 stevel case 0: /* msgget */ 1099 0 stevel e = AUE_MSGGET; 1100 0 stevel break; 1101 0 stevel case 1: /* msgctl */ 1102 0 stevel switch ((uint_t)uap1->cmd) { 1103 0 stevel case IPC_RMID: 1104 0 stevel e = AUE_MSGCTL_RMID; 1105 0 stevel break; 1106 0 stevel case IPC_SET: 1107 0 stevel e = AUE_MSGCTL_SET; 1108 0 stevel break; 1109 0 stevel case IPC_STAT: 1110 0 stevel e = AUE_MSGCTL_STAT; 1111 0 stevel break; 1112 0 stevel default: 1113 0 stevel e = AUE_MSGCTL; 1114 0 stevel break; 1115 0 stevel } 1116 0 stevel break; 1117 0 stevel case 2: /* msgrcv */ 1118 0 stevel e = AUE_MSGRCV; 1119 0 stevel break; 1120 0 stevel case 3: /* msgsnd */ 1121 0 stevel e = AUE_MSGSND; 1122 0 stevel break; 1123 0 stevel default: /* illegal system call */ 1124 0 stevel e = AUE_NULL; 1125 0 stevel break; 1126 0 stevel } 1127 0 stevel 1128 0 stevel return (e); 1129 0 stevel } 1130 0 stevel 1131 0 stevel 1132 0 stevel /* shmsys */ 1133 0 stevel static au_event_t 1134 0 stevel aui_shmsys(au_event_t e) 1135 0 stevel { 1136 0 stevel klwp_t *clwp = ttolwp(curthread); 1137 0 stevel int fm; 1138 0 stevel 1139 0 stevel struct a { /* shmsys */ 1140 0 stevel long id; /* function code id */ 1141 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1142 0 stevel 1143 0 stevel struct b { /* ctrl */ 1144 0 stevel long shmid; 1145 0 stevel long cmd; 1146 0 stevel long arg; /* struct shmid_ds * */ 1147 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 1148 0 stevel fm = (uint_t)uap->id; 1149 0 stevel 1150 0 stevel switch (fm) { 1151 0 stevel case 0: /* shmat */ 1152 0 stevel e = AUE_SHMAT; 1153 0 stevel break; 1154 0 stevel case 1: /* shmctl */ 1155 0 stevel switch ((uint_t)uap1->cmd) { 1156 0 stevel case IPC_RMID: 1157 0 stevel e = AUE_SHMCTL_RMID; 1158 0 stevel break; 1159 0 stevel case IPC_SET: 1160 0 stevel e = AUE_SHMCTL_SET; 1161 0 stevel break; 1162 0 stevel case IPC_STAT: 1163 0 stevel e = AUE_SHMCTL_STAT; 1164 0 stevel break; 1165 0 stevel default: 1166 0 stevel e = AUE_SHMCTL; 1167 0 stevel break; 1168 0 stevel } 1169 0 stevel break; 1170 0 stevel case 2: /* shmdt */ 1171 0 stevel e = AUE_SHMDT; 1172 0 stevel break; 1173 0 stevel case 3: /* shmget */ 1174 0 stevel e = AUE_SHMGET; 1175 0 stevel break; 1176 0 stevel default: /* illegal system call */ 1177 0 stevel e = AUE_NULL; 1178 0 stevel break; 1179 0 stevel } 1180 0 stevel 1181 0 stevel return (e); 1182 0 stevel } 1183 0 stevel 1184 0 stevel 1185 0 stevel /* semsys */ 1186 0 stevel static au_event_t 1187 0 stevel aui_semsys(au_event_t e) 1188 0 stevel { 1189 0 stevel klwp_t *clwp = ttolwp(curthread); 1190 0 stevel uint_t fm; 1191 0 stevel 1192 0 stevel struct a { /* semsys */ 1193 0 stevel long id; 1194 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1195 0 stevel 1196 0 stevel struct b { /* ctrl */ 1197 0 stevel long semid; 1198 0 stevel long semnum; 1199 0 stevel long cmd; 1200 0 stevel long arg; 1201 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 1202 0 stevel 1203 0 stevel fm = (uint_t)uap->id; 1204 0 stevel 1205 0 stevel switch (fm) { 1206 0 stevel case 0: /* semctl */ 1207 0 stevel switch ((uint_t)uap1->cmd) { 1208 0 stevel case IPC_RMID: 1209 0 stevel e = AUE_SEMCTL_RMID; 1210 0 stevel break; 1211 0 stevel case IPC_SET: 1212 0 stevel e = AUE_SEMCTL_SET; 1213 0 stevel break; 1214 0 stevel case IPC_STAT: 1215 0 stevel e = AUE_SEMCTL_STAT; 1216 0 stevel break; 1217 0 stevel case GETNCNT: 1218 0 stevel e = AUE_SEMCTL_GETNCNT; 1219 0 stevel break; 1220 0 stevel case GETPID: 1221 0 stevel e = AUE_SEMCTL_GETPID; 1222 0 stevel break; 1223 0 stevel case GETVAL: 1224 0 stevel e = AUE_SEMCTL_GETVAL; 1225 0 stevel break; 1226 0 stevel case GETALL: 1227 0 stevel e = AUE_SEMCTL_GETALL; 1228 0 stevel break; 1229 0 stevel case GETZCNT: 1230 0 stevel e = AUE_SEMCTL_GETZCNT; 1231 0 stevel break; 1232 0 stevel case SETVAL: 1233 0 stevel e = AUE_SEMCTL_SETVAL; 1234 0 stevel break; 1235 0 stevel case SETALL: 1236 0 stevel e = AUE_SEMCTL_SETALL; 1237 0 stevel break; 1238 0 stevel default: 1239 0 stevel e = AUE_SEMCTL; 1240 0 stevel break; 1241 0 stevel } 1242 0 stevel break; 1243 0 stevel case 1: /* semget */ 1244 0 stevel e = AUE_SEMGET; 1245 0 stevel break; 1246 0 stevel case 2: /* semop */ 1247 0 stevel e = AUE_SEMOP; 1248 0 stevel break; 1249 0 stevel default: /* illegal system call */ 1250 0 stevel e = AUE_NULL; 1251 0 stevel break; 1252 0 stevel } 1253 0 stevel 1254 0 stevel return (e); 1255 0 stevel } 1256 0 stevel 1257 0 stevel /* utssys - uname(2), ustat(2), fusers(2) */ 1258 0 stevel static au_event_t 1259 0 stevel aui_utssys(au_event_t e) 1260 0 stevel { 1261 0 stevel klwp_t *clwp = ttolwp(curthread); 1262 0 stevel uint_t type; 1263 0 stevel 1264 0 stevel struct a { 1265 0 stevel union { 1266 0 stevel long cbuf; /* char * */ 1267 0 stevel long ubuf; /* struct stat * */ 1268 0 stevel } ub; 1269 0 stevel union { 1270 0 stevel long mv; /* for USTAT */ 1271 0 stevel long flags; /* for FUSERS */ 1272 0 stevel } un; 1273 0 stevel long type; 1274 0 stevel long outbp; /* char * for FUSERS */ 1275 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1276 0 stevel 1277 0 stevel type = (uint_t)uap->type; 1278 0 stevel 1279 0 stevel if (type == UTS_FUSERS) 1280 0 stevel return (e); 1281 0 stevel else 1282 0 stevel return ((au_event_t)AUE_NULL); 1283 0 stevel } 1284 0 stevel 1285 0 stevel static au_event_t 1286 0 stevel aui_fcntl(au_event_t e) 1287 0 stevel { 1288 0 stevel klwp_t *clwp = ttolwp(curthread); 1289 0 stevel uint_t cmd; 1290 0 stevel 1291 0 stevel struct a { 1292 0 stevel long fdes; 1293 0 stevel long cmd; 1294 0 stevel long arg; 1295 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1296 0 stevel 1297 0 stevel cmd = (uint_t)uap->cmd; 1298 0 stevel 1299 0 stevel switch (cmd) { 1300 0 stevel case F_GETLK: 1301 0 stevel case F_SETLK: 1302 0 stevel case F_SETLKW: 1303 0 stevel break; 1304 0 stevel case F_SETFL: 1305 0 stevel case F_GETFL: 1306 0 stevel case F_GETFD: 1307 0 stevel break; 1308 0 stevel default: 1309 0 stevel e = (au_event_t)AUE_NULL; 1310 0 stevel break; 1311 0 stevel } 1312 0 stevel return ((au_event_t)e); 1313 0 stevel } 1314 0 stevel 1315 0 stevel /* null function for now */ 1316 0 stevel static au_event_t 1317 0 stevel aui_execv(au_event_t e) 1318 0 stevel { 1319 0 stevel return (e); 1320 0 stevel } 1321 0 stevel 1322 0 stevel /* null function for now */ 1323 0 stevel static au_event_t 1324 0 stevel aui_execve(au_event_t e) 1325 0 stevel { 1326 0 stevel return (e); 1327 0 stevel } 1328 0 stevel 1329 0 stevel /*ARGSUSED*/ 1330 0 stevel static void 1331 0 stevel aus_fcntl(struct t_audit_data *tad) 1332 0 stevel { 1333 0 stevel klwp_t *clwp = ttolwp(curthread); 1334 0 stevel uint32_t cmd, fd; 1335 0 stevel struct file *fp; 1336 0 stevel struct vnode *vp; 1337 0 stevel struct f_audit_data *fad; 1338 0 stevel 1339 0 stevel struct a { 1340 0 stevel long fd; 1341 0 stevel long cmd; 1342 0 stevel long arg; 1343 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1344 0 stevel 1345 0 stevel cmd = (uint32_t)uap->cmd; 1346 0 stevel fd = (uint32_t)uap->fd; 1347 0 stevel 1348 0 stevel au_uwrite(au_to_arg32(2, "cmd", cmd)); 1349 0 stevel 1350 0 stevel /* 1351 0 stevel * convert file pointer to file descriptor 1352 0 stevel * Note: fd ref count incremented here. 1353 0 stevel */ 1354 0 stevel if ((fp = getf(fd)) == NULL) 1355 0 stevel return; 1356 0 stevel 1357 0 stevel /* get path from file struct here */ 1358 0 stevel fad = F2A(fp); 1359 0 stevel if (fad->fad_aupath != NULL) { 1360 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 1361 0 stevel } else { 1362 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 1363 0 stevel } 1364 0 stevel 1365 0 stevel vp = fp->f_vnode; 1366 0 stevel audit_attributes(vp); 1367 0 stevel 1368 0 stevel /* decrement file descriptor reference count */ 1369 0 stevel releasef(fd); 1370 0 stevel } 1371 0 stevel 1372 0 stevel /*ARGSUSED*/ 1373 0 stevel static void 1374 0 stevel aus_kill(struct t_audit_data *tad) 1375 0 stevel { 1376 0 stevel klwp_t *clwp = ttolwp(curthread); 1377 0 stevel struct proc *p; 1378 0 stevel uint32_t signo; 1379 0 stevel uid_t uid, ruid; 1380 0 stevel gid_t gid, rgid; 1381 0 stevel pid_t pid; 1382 0 stevel const auditinfo_addr_t *ainfo; 1383 0 stevel cred_t *cr; 1384 0 stevel 1385 0 stevel struct a { 1386 0 stevel long pid; 1387 0 stevel long signo; 1388 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1389 0 stevel 1390 0 stevel pid = (pid_t)uap->pid; 1391 0 stevel signo = (uint32_t)uap->signo; 1392 0 stevel 1393 0 stevel au_uwrite(au_to_arg32(2, "signal", signo)); 1394 0 stevel if (pid > 0) { 1395 0 stevel mutex_enter(&pidlock); 1396 0 stevel if (((p = prfind(pid)) == (struct proc *)0) || 1397 0 stevel (p->p_stat == SIDL)) { 1398 0 stevel mutex_exit(&pidlock); 1399 0 stevel au_uwrite(au_to_arg32(1, "process", (uint32_t)pid)); 1400 0 stevel return; 1401 0 stevel } 1402 0 stevel mutex_enter(&p->p_lock); /* so process doesn't go away */ 1403 0 stevel mutex_exit(&pidlock); 1404 0 stevel 1405 0 stevel mutex_enter(&p->p_crlock); 1406 0 stevel crhold(cr = p->p_cred); 1407 0 stevel mutex_exit(&p->p_crlock); 1408 0 stevel mutex_exit(&p->p_lock); 1409 0 stevel 1410 0 stevel ainfo = crgetauinfo(cr); 1411 0 stevel if (ainfo == NULL) { 1412 0 stevel crfree(cr); 1413 0 stevel au_uwrite(au_to_arg32(1, "process", (uint32_t)pid)); 1414 0 stevel return; 1415 0 stevel } 1416 0 stevel 1417 0 stevel uid = crgetuid(cr); 1418 0 stevel gid = crgetgid(cr); 1419 0 stevel ruid = crgetruid(cr); 1420 0 stevel rgid = crgetrgid(cr); 1421 0 stevel au_uwrite(au_to_process(uid, gid, ruid, rgid, pid, 1422 0 stevel ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid)); 1423 1676 jpk 1424 1676 jpk if (is_system_labeled()) 1425 1676 jpk au_uwrite(au_to_label(CR_SL(cr))); 1426 1676 jpk 1427 0 stevel crfree(cr); 1428 0 stevel } 1429 0 stevel else 1430 0 stevel au_uwrite(au_to_arg32(1, "process", (uint32_t)pid)); 1431 0 stevel } 1432 0 stevel 1433 0 stevel /*ARGSUSED*/ 1434 0 stevel static void 1435 0 stevel aus_mkdir(struct t_audit_data *tad) 1436 0 stevel { 1437 0 stevel klwp_t *clwp = ttolwp(curthread); 1438 0 stevel uint32_t dmode; 1439 0 stevel 1440 0 stevel struct a { 1441 0 stevel long dirnamep; /* char * */ 1442 0 stevel long dmode; 1443 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1444 0 stevel 1445 0 stevel dmode = (uint32_t)uap->dmode; 1446 0 stevel 1447 0 stevel au_uwrite(au_to_arg32(2, "mode", dmode)); 1448 0 stevel } 1449 0 stevel 1450 0 stevel /*ARGSUSED*/ 1451 0 stevel static void 1452 0 stevel aus_mknod(struct t_audit_data *tad) 1453 0 stevel { 1454 0 stevel klwp_t *clwp = ttolwp(curthread); 1455 0 stevel uint32_t fmode; 1456 0 stevel dev_t dev; 1457 0 stevel 1458 0 stevel struct a { 1459 0 stevel long pnamep; /* char * */ 1460 0 stevel long fmode; 1461 0 stevel long dev; 1462 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1463 0 stevel 1464 0 stevel fmode = (uint32_t)uap->fmode; 1465 0 stevel dev = (dev_t)uap->dev; 1466 0 stevel 1467 0 stevel au_uwrite(au_to_arg32(2, "mode", fmode)); 1468 0 stevel #ifdef _LP64 1469 0 stevel au_uwrite(au_to_arg64(3, "dev", dev)); 1470 0 stevel #else 1471 0 stevel au_uwrite(au_to_arg32(3, "dev", dev)); 1472 0 stevel #endif 1473 0 stevel } 1474 0 stevel 1475 0 stevel /*ARGSUSED*/ 1476 0 stevel static void 1477 0 stevel aus_xmknod(struct t_audit_data *tad) 1478 0 stevel { 1479 0 stevel klwp_t *clwp = ttolwp(curthread); 1480 0 stevel uint32_t fmode; 1481 0 stevel dev_t dev; 1482 0 stevel 1483 0 stevel struct a { 1484 0 stevel long version; /* version */ 1485 0 stevel long pnamep; /* char * */ 1486 0 stevel long fmode; 1487 0 stevel long dev; 1488 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1489 0 stevel 1490 0 stevel fmode = (uint32_t)uap->fmode; 1491 0 stevel dev = (dev_t)uap->dev; 1492 0 stevel 1493 0 stevel au_uwrite(au_to_arg32(2, "mode", fmode)); 1494 0 stevel #ifdef _LP64 1495 0 stevel au_uwrite(au_to_arg64(3, "dev", dev)); 1496 0 stevel #else 1497 0 stevel au_uwrite(au_to_arg32(3, "dev", dev)); 1498 0 stevel #endif 1499 0 stevel } 1500 0 stevel 1501 0 stevel /*ARGSUSED*/ 1502 0 stevel static void 1503 0 stevel auf_mknod(struct t_audit_data *tad, int error, rval_t *rval) 1504 0 stevel { 1505 0 stevel klwp_t *clwp = ttolwp(curthread); 1506 0 stevel vnode_t *dvp; 1507 0 stevel caddr_t pnamep; 1508 0 stevel 1509 0 stevel struct a { 1510 0 stevel long pnamep; /* char * */ 1511 0 stevel long fmode; 1512 0 stevel long dev; 1513 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1514 0 stevel 1515 0 stevel /* no error, then already path token in audit record */ 1516 0 stevel if (error != EPERM) 1517 0 stevel return; 1518 0 stevel 1519 0 stevel /* not auditing this event, nothing then to do */ 1520 0 stevel if (tad->tad_flag == 0) 1521 0 stevel return; 1522 0 stevel 1523 0 stevel /* do the lookup to force generation of path token */ 1524 0 stevel pnamep = (caddr_t)uap->pnamep; 1525 0 stevel tad->tad_ctrl |= PAD_NOATTRB; 1526 0 stevel error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP); 1527 0 stevel if (error == 0) 1528 0 stevel VN_RELE(dvp); 1529 0 stevel } 1530 0 stevel 1531 0 stevel /*ARGSUSED*/ 1532 0 stevel static void 1533 0 stevel auf_xmknod(struct t_audit_data *tad, int error, rval_t *rval) 1534 0 stevel { 1535 0 stevel klwp_t *clwp = ttolwp(curthread); 1536 0 stevel vnode_t *dvp; 1537 0 stevel caddr_t pnamep; 1538 0 stevel 1539 0 stevel struct a { 1540 0 stevel long version; /* version */ 1541 0 stevel long pnamep; /* char * */ 1542 0 stevel long fmode; 1543 0 stevel long dev; 1544 0 stevel } *uap = (struct a *)clwp->lwp_arg; 1545 0 stevel 1546 0 stevel 1547 0 stevel /* no error, then already path token in audit record */ 1548 0 stevel if (error != EPERM) 1549 0 stevel return; 1550 0 stevel 1551 0 stevel /* not auditing this event, nothing then to do */ 1552 0 stevel if (tad->tad_flag == 0) 1553 0 stevel return; 1554 0 stevel 1555 0 stevel /* do the lookup to force generation of path token */ 1556 0 stevel pnamep = (caddr_t)uap->pnamep; 1557 0 stevel tad->tad_ctrl |= PAD_NOATTRB; 1558 0 stevel error = lookupname(pnamep, UIO_USERSPACE, NO_FOLLOW, &dvp, NULLVPP); 1559 0 stevel if (error == 0) 1560 0 stevel VN_RELE(dvp); 1561 0 stevel } 1562 0 stevel 1563 0 stevel /*ARGSUSED*/ 1564 0 stevel static void 1565 0 stevel aus_mount(struct t_audit_data *tad) 1566 0 stevel { /* AUS_START */ 1567 0 stevel klwp_t *clwp = ttolwp(curthread); 1568 0 stevel uint32_t flags; 1569 0 stevel uintptr_t u_fstype, dataptr; 1570 0 stevel STRUCT_DECL(nfs_args, nfsargs); 1571 0 stevel size_t len; 1572 0 stevel char *fstype, *hostname; 1573 0 stevel 1574 0 stevel struct a { 1575 0 stevel long spec; /* char * */ 1576 0 stevel long dir; /* char * */ 1577 0 stevel long flags; 1578 0 stevel long fstype; /* char * */ 1579 0 stevel long dataptr; /* char * */ 1580 0 stevel long datalen; 1581 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1582 0 stevel 1583 0 stevel u_fstype = (uintptr_t)uap->fstype; 1584 0 stevel flags = (uint32_t)uap->flags; 1585 0 stevel dataptr = (uintptr_t)uap->dataptr; 1586 0 stevel 1587 0 stevel fstype = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1588 0 stevel if (copyinstr((caddr_t)u_fstype, (caddr_t)fstype, MAXNAMELEN, &len)) 1589 0 stevel goto mount_free_fstype; 1590 0 stevel 1591 0 stevel au_uwrite(au_to_arg32(3, "flags", flags)); 1592 0 stevel au_uwrite(au_to_text(fstype)); 1593 0 stevel 1594 0 stevel if (strncmp(fstype, "nfs", 3) == 0) { 1595 0 stevel 1596 0 stevel STRUCT_INIT(nfsargs, get_udatamodel()); 1597 0 stevel bzero(STRUCT_BUF(nfsargs), STRUCT_SIZE(nfsargs)); 1598 0 stevel 1599 0 stevel if (copyin((caddr_t)dataptr, 1600 0 stevel STRUCT_BUF(nfsargs), 1601 0 stevel MIN(uap->datalen, STRUCT_SIZE(nfsargs)))) { 1602 0 stevel /* DEBUG debug_enter((char *)NULL); */ 1603 0 stevel goto mount_free_fstype; 1604 0 stevel } 1605 0 stevel hostname = kmem_alloc(MAXNAMELEN, KM_SLEEP); 1606 0 stevel if (copyinstr(STRUCT_FGETP(nfsargs, hostname), 1607 0 stevel (caddr_t)hostname, 1608 0 stevel MAXNAMELEN, &len)) { 1609 0 stevel goto mount_free_hostname; 1610 0 stevel } 1611 0 stevel au_uwrite(au_to_text(hostname)); 1612 0 stevel au_uwrite(au_to_arg32(3, "internal flags", 1613 0 stevel (uint_t)STRUCT_FGET(nfsargs, flags))); 1614 0 stevel 1615 0 stevel mount_free_hostname: 1616 0 stevel kmem_free(hostname, MAXNAMELEN); 1617 0 stevel } 1618 0 stevel 1619 0 stevel mount_free_fstype: 1620 0 stevel kmem_free(fstype, MAXNAMELEN); 1621 0 stevel } /* AUS_MOUNT */ 1622 0 stevel 1623 0 stevel static void 1624 0 stevel aus_umount_path(caddr_t umount_dir) 1625 0 stevel { 1626 0 stevel char *dir_path; 1627 0 stevel struct audit_path *path; 1628 0 stevel size_t path_len, dir_len; 1629 0 stevel 1630 0 stevel /* length alloc'd for two string pointers */ 1631 0 stevel path_len = sizeof (struct audit_path) + sizeof (char *); 1632 0 stevel path = kmem_alloc(path_len, KM_SLEEP); 1633 0 stevel dir_path = kmem_alloc(MAXPATHLEN, KM_SLEEP); 1634 0 stevel 1635 0 stevel if (copyinstr(umount_dir, (caddr_t)dir_path, 1636 0 stevel MAXPATHLEN, &dir_len)) 1637 0 stevel goto umount2_free_dir; 1638 0 stevel 1639 0 stevel /* 1640 0 stevel * the audit_path struct assumes that the buffer pointed to 1641 0 stevel * by audp_sect[n] contains string 0 immediatedly followed 1642 0 stevel * by string 1. 1643 0 stevel */ 1644 0 stevel path->audp_sect[0] = dir_path; 1645 0 stevel path->audp_sect[1] = dir_path + strlen(dir_path) + 1; 1646 0 stevel path->audp_size = path_len; 1647 0 stevel path->audp_ref = 1; /* not used */ 1648 0 stevel path->audp_cnt = 1; /* one path string */ 1649 0 stevel 1650 0 stevel au_uwrite(au_to_path(path)); 1651 0 stevel 1652 0 stevel umount2_free_dir: 1653 0 stevel kmem_free(dir_path, MAXPATHLEN); 1654 0 stevel kmem_free(path, path_len); 1655 0 stevel } 1656 0 stevel 1657 0 stevel /* 1658 0 stevel * the umount syscall is implemented as a call to umount2, but the args 1659 0 stevel * are different... 1660 0 stevel */ 1661 0 stevel 1662 0 stevel /*ARGSUSED*/ 1663 0 stevel static void 1664 0 stevel aus_umount(struct t_audit_data *tad) 1665 0 stevel { 1666 0 stevel klwp_t *clwp = ttolwp(curthread); 1667 0 stevel struct a { 1668 0 stevel long dir; /* char * */ 1669 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1670 0 stevel 1671 0 stevel aus_umount_path((caddr_t)uap->dir); 1672 0 stevel } 1673 0 stevel 1674 0 stevel /*ARGSUSED*/ 1675 0 stevel static void 1676 0 stevel aus_umount2(struct t_audit_data *tad) 1677 0 stevel { 1678 0 stevel klwp_t *clwp = ttolwp(curthread); 1679 0 stevel struct a { 1680 0 stevel long dir; /* char * */ 1681 0 stevel long flags; 1682 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1683 0 stevel 1684 0 stevel aus_umount_path((caddr_t)uap->dir); 1685 0 stevel 1686 0 stevel au_uwrite(au_to_arg32(2, "flags", (uint32_t)uap->flags)); 1687 0 stevel } 1688 0 stevel 1689 0 stevel static void 1690 0 stevel aus_msgsys(struct t_audit_data *tad) 1691 0 stevel { 1692 0 stevel klwp_t *clwp = ttolwp(curthread); 1693 0 stevel uint32_t msgid; 1694 0 stevel 1695 0 stevel struct b { 1696 0 stevel long msgid; 1697 0 stevel long cmd; 1698 0 stevel long buf; /* struct msqid_ds * */ 1699 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 1700 0 stevel 1701 0 stevel msgid = (uint32_t)uap1->msgid; 1702 0 stevel 1703 0 stevel 1704 0 stevel switch (tad->tad_event) { 1705 0 stevel case AUE_MSGGET: /* msgget */ 1706 0 stevel au_uwrite(au_to_arg32(1, "msg key", msgid)); 1707 0 stevel break; 1708 0 stevel case AUE_MSGCTL: /* msgctl */ 1709 0 stevel case AUE_MSGCTL_RMID: /* msgctl */ 1710 9096 Jan case AUE_MSGCTL_SET: /* msgctl */ 1711 0 stevel case AUE_MSGCTL_STAT: /* msgctl */ 1712 0 stevel case AUE_MSGRCV: /* msgrcv */ 1713 0 stevel case AUE_MSGSND: /* msgsnd */ 1714 0 stevel au_uwrite(au_to_arg32(1, "msg ID", msgid)); 1715 0 stevel break; 1716 0 stevel } 1717 0 stevel } 1718 0 stevel 1719 0 stevel /*ARGSUSED*/ 1720 0 stevel static void 1721 0 stevel auf_msgsys(struct t_audit_data *tad, int error, rval_t *rval) 1722 0 stevel { 1723 0 stevel int id; 1724 0 stevel 1725 0 stevel if (error != 0) 1726 0 stevel return; 1727 0 stevel if (tad->tad_event == AUE_MSGGET) { 1728 0 stevel uint32_t scid; 1729 0 stevel uint32_t sy_flags; 1730 0 stevel 1731 0 stevel /* need to determine type of executing binary */ 1732 0 stevel scid = tad->tad_scid; 1733 0 stevel #ifdef _SYSCALL32_IMPL 1734 0 stevel if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE) 1735 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1736 0 stevel else 1737 0 stevel sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK; 1738 0 stevel #else 1739 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1740 0 stevel #endif 1741 0 stevel if (sy_flags == SE_32RVAL1) 1742 0 stevel id = rval->r_val1; 1743 0 stevel if (sy_flags == (SE_32RVAL2|SE_32RVAL1)) 1744 0 stevel id = rval->r_val1; 1745 0 stevel if (sy_flags == SE_64RVAL) 1746 0 stevel id = (int)rval->r_vals; 1747 0 stevel 1748 0 stevel au_uwrite(au_to_ipc(AT_IPC_MSG, id)); 1749 0 stevel } 1750 0 stevel } 1751 0 stevel 1752 0 stevel static void 1753 0 stevel aus_semsys(struct t_audit_data *tad) 1754 0 stevel { 1755 0 stevel klwp_t *clwp = ttolwp(curthread); 1756 0 stevel uint32_t semid; 1757 0 stevel 1758 0 stevel struct b { /* ctrl */ 1759 0 stevel long semid; 1760 0 stevel long semnum; 1761 0 stevel long cmd; 1762 0 stevel long arg; 1763 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 1764 0 stevel 1765 0 stevel semid = (uint32_t)uap1->semid; 1766 0 stevel 1767 0 stevel switch (tad->tad_event) { 1768 0 stevel case AUE_SEMCTL_RMID: 1769 0 stevel case AUE_SEMCTL_STAT: 1770 0 stevel case AUE_SEMCTL_GETNCNT: 1771 0 stevel case AUE_SEMCTL_GETPID: 1772 0 stevel case AUE_SEMCTL_GETVAL: 1773 0 stevel case AUE_SEMCTL_GETALL: 1774 0 stevel case AUE_SEMCTL_GETZCNT: 1775 9096 Jan case AUE_SEMCTL_SET: 1776 0 stevel case AUE_SEMCTL_SETVAL: 1777 0 stevel case AUE_SEMCTL_SETALL: 1778 0 stevel case AUE_SEMCTL: 1779 0 stevel case AUE_SEMOP: 1780 0 stevel au_uwrite(au_to_arg32(1, "sem ID", semid)); 1781 0 stevel break; 1782 0 stevel case AUE_SEMGET: 1783 0 stevel au_uwrite(au_to_arg32(1, "sem key", semid)); 1784 0 stevel break; 1785 0 stevel } 1786 0 stevel } 1787 0 stevel 1788 0 stevel /*ARGSUSED*/ 1789 0 stevel static void 1790 0 stevel auf_semsys(struct t_audit_data *tad, int error, rval_t *rval) 1791 0 stevel { 1792 0 stevel int id; 1793 0 stevel 1794 0 stevel if (error != 0) 1795 0 stevel return; 1796 0 stevel if (tad->tad_event == AUE_SEMGET) { 1797 0 stevel uint32_t scid; 1798 0 stevel uint32_t sy_flags; 1799 0 stevel 1800 0 stevel /* need to determine type of executing binary */ 1801 0 stevel scid = tad->tad_scid; 1802 0 stevel #ifdef _SYSCALL32_IMPL 1803 0 stevel if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE) 1804 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1805 0 stevel else 1806 0 stevel sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK; 1807 0 stevel #else 1808 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 1809 0 stevel #endif 1810 0 stevel if (sy_flags == SE_32RVAL1) 1811 0 stevel id = rval->r_val1; 1812 0 stevel if (sy_flags == (SE_32RVAL2|SE_32RVAL1)) 1813 0 stevel id = rval->r_val1; 1814 0 stevel if (sy_flags == SE_64RVAL) 1815 0 stevel id = (int)rval->r_vals; 1816 0 stevel 1817 0 stevel au_uwrite(au_to_ipc(AT_IPC_SEM, id)); 1818 0 stevel } 1819 0 stevel } 1820 0 stevel 1821 0 stevel /*ARGSUSED*/ 1822 0 stevel static void 1823 0 stevel aus_close(struct t_audit_data *tad) 1824 0 stevel { 1825 0 stevel klwp_t *clwp = ttolwp(curthread); 1826 0 stevel uint32_t fd; 1827 0 stevel struct file *fp; 1828 0 stevel struct f_audit_data *fad; 1829 0 stevel struct vnode *vp; 1830 0 stevel struct vattr attr; 1831 4197 paulson au_kcontext_t *kctx = GET_KCTX_PZ; 1832 0 stevel 1833 0 stevel struct a { 1834 0 stevel long i; 1835 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1836 0 stevel 1837 0 stevel fd = (uint32_t)uap->i; 1838 0 stevel 1839 0 stevel attr.va_mask = 0; 1840 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 1841 0 stevel 1842 0 stevel /* 1843 0 stevel * convert file pointer to file descriptor 1844 0 stevel * Note: fd ref count incremented here. 1845 0 stevel */ 1846 0 stevel if ((fp = getf(fd)) == NULL) 1847 0 stevel return; 1848 0 stevel 1849 0 stevel fad = F2A(fp); 1850 7753 Ton tad->tad_evmod = (au_emod_t)fad->fad_flags; 1851 0 stevel if (fad->fad_aupath != NULL) { 1852 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 1853 0 stevel if ((vp = fp->f_vnode) != NULL) { 1854 0 stevel attr.va_mask = AT_ALL; 1855 5331 amw if (VOP_GETATTR(vp, &attr, 0, CRED(), NULL) == 0) { 1856 0 stevel /* 1857 0 stevel * When write was not used and the file can be 1858 0 stevel * considered public, skip the audit. 1859 0 stevel */ 1860 0 stevel if (((fp->f_flag & FWRITE) == 0) && 1861 0 stevel file_is_public(&attr)) { 1862 0 stevel tad->tad_flag = 0; 1863 0 stevel tad->tad_evmod = 0; 1864 0 stevel /* free any residual audit data */ 1865 0 stevel au_close(kctx, &(u_ad), 0, 0, 0); 1866 0 stevel releasef(fd); 1867 0 stevel return; 1868 0 stevel } 1869 1676 jpk au_uwrite(au_to_attr(&attr)); 1870 1676 jpk audit_sec_attributes(&(u_ad), vp); 1871 0 stevel } 1872 0 stevel } 1873 0 stevel } 1874 0 stevel 1875 0 stevel /* decrement file descriptor reference count */ 1876 0 stevel releasef(fd); 1877 0 stevel } 1878 0 stevel 1879 0 stevel /*ARGSUSED*/ 1880 0 stevel static void 1881 0 stevel aus_fstatfs(struct t_audit_data *tad) 1882 0 stevel { 1883 0 stevel klwp_t *clwp = ttolwp(curthread); 1884 0 stevel uint32_t fd; 1885 0 stevel struct file *fp; 1886 0 stevel struct vnode *vp; 1887 0 stevel struct f_audit_data *fad; 1888 0 stevel 1889 0 stevel struct a { 1890 0 stevel long fd; 1891 0 stevel long buf; /* struct statfs * */ 1892 0 stevel } *uap = (struct a *)clwp->lwp_ap; 1893 0 stevel 1894 0 stevel fd = (uint_t)uap->fd; 1895 0 stevel 1896 0 stevel /* 1897 0 stevel * convert file pointer to file descriptor 1898 0 stevel * Note: fd ref count incremented here. 1899 0 stevel */ 1900 0 stevel if ((fp = getf(fd)) == NULL) 1901 0 stevel return; 1902 0 stevel 1903 0 stevel /* get path from file struct here */ 1904 0 stevel fad = F2A(fp); 1905 0 stevel if (fad->fad_aupath != NULL) { 1906 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 1907 0 stevel } else { 1908 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 1909 0 stevel } 1910 0 stevel 1911 0 stevel vp = fp->f_vnode; 1912 0 stevel audit_attributes(vp); 1913 0 stevel 1914 0 stevel /* decrement file descriptor reference count */ 1915 0 stevel releasef(fd); 1916 0 stevel } 1917 0 stevel 1918 9100 Jan static au_event_t 1919 9100 Jan aui_setpgrp(au_event_t e) 1920 9100 Jan { 1921 9100 Jan klwp_t *clwp = ttolwp(curthread); 1922 9100 Jan int flag; 1923 9100 Jan 1924 9100 Jan struct a { 1925 9100 Jan long flag; 1926 9100 Jan long pid; 1927 9100 Jan long pgid; 1928 9100 Jan } *uap = (struct a *)clwp->lwp_ap; 1929 9100 Jan 1930 9100 Jan flag = (int)uap->flag; 1931 9100 Jan 1932 9100 Jan 1933 9100 Jan switch (flag) { 1934 9100 Jan 1935 9100 Jan case 1: /* setpgrp() */ 1936 9100 Jan e = AUE_SETPGRP; 1937 9100 Jan break; 1938 9100 Jan 1939 9100 Jan case 3: /* setsid() */ 1940 9100 Jan e = AUE_SETSID; 1941 9100 Jan break; 1942 9100 Jan 1943 9100 Jan case 5: /* setpgid() */ 1944 9100 Jan e = AUE_SETPGID; 1945 9100 Jan break; 1946 9100 Jan 1947 9100 Jan case 0: /* getpgrp() - not security relevant */ 1948 9100 Jan case 2: /* getsid() - not security relevant */ 1949 9100 Jan case 4: /* getpgid() - not security relevant */ 1950 9100 Jan e = AUE_NULL; 1951 9100 Jan break; 1952 9100 Jan 1953 9100 Jan default: 1954 9100 Jan e = AUE_NULL; 1955 9100 Jan break; 1956 9100 Jan } 1957 9100 Jan 1958 9100 Jan return (e); 1959 9100 Jan } 1960 9100 Jan 1961 9122 Jan /*ARGSUSED*/ 1962 0 stevel static void 1963 0 stevel aus_setpgrp(struct t_audit_data *tad) 1964 0 stevel { 1965 9100 Jan klwp_t *clwp = ttolwp(curthread); 1966 9100 Jan pid_t pgid; 1967 9100 Jan struct proc *p; 1968 9100 Jan uid_t uid, ruid; 1969 9100 Jan gid_t gid, rgid; 1970 9100 Jan pid_t pid; 1971 9100 Jan cred_t *cr; 1972 9100 Jan int flag; 1973 9100 Jan const auditinfo_addr_t *ainfo; 1974 9100 Jan 1975 9100 Jan struct a { 1976 9100 Jan long flag; 1977 0 stevel long pid; 1978 9100 Jan long pgid; 1979 9100 Jan } *uap = (struct a *)clwp->lwp_ap; 1980 9100 Jan 1981 9100 Jan flag = (int)uap->flag; 1982 0 stevel pid = (pid_t)uap->pid; 1983 9100 Jan pgid = (pid_t)uap->pgid; 1984 9100 Jan 1985 9100 Jan 1986 9100 Jan switch (flag) { 1987 9100 Jan 1988 9100 Jan case 0: /* getpgrp() */ 1989 9100 Jan case 1: /* setpgrp() */ 1990 9100 Jan case 2: /* getsid() */ 1991 9100 Jan case 3: /* setsid() */ 1992 9100 Jan case 4: /* getpgid() */ 1993 9100 Jan break; 1994 9100 Jan 1995 9100 Jan case 5: /* setpgid() */ 1996 0 stevel 1997 0 stevel /* current process? */ 1998 9100 Jan if (pid == 0) { 1999 9100 Jan return; 2000 9100 Jan } 2001 9100 Jan 2002 9100 Jan mutex_enter(&pidlock); 2003 9100 Jan p = prfind(pid); 2004 9100 Jan if (p == NULL || p->p_as == &kas || 2005 9100 Jan p->p_stat == SIDL || p->p_stat == SZOMB) { 2006 9100 Jan mutex_exit(&pidlock); 2007 9100 Jan return; 2008 9100 Jan } 2009 9100 Jan mutex_enter(&p->p_lock); /* so process doesn't go away */ 2010 0 stevel mutex_exit(&pidlock); 2011 9100 Jan 2012 9100 Jan mutex_enter(&p->p_crlock); 2013 9100 Jan crhold(cr = p->p_cred); 2014 9100 Jan mutex_exit(&p->p_crlock); 2015 9100 Jan mutex_exit(&p->p_lock); 2016 9100 Jan 2017 9100 Jan ainfo = crgetauinfo(cr); 2018 9100 Jan if (ainfo == NULL) { 2019 9100 Jan crfree(cr); 2020 9100 Jan return; 2021 9100 Jan } 2022 9100 Jan 2023 9100 Jan uid = crgetuid(cr); 2024 9100 Jan gid = crgetgid(cr); 2025 9100 Jan ruid = crgetruid(cr); 2026 9100 Jan rgid = crgetrgid(cr); 2027 9100 Jan au_uwrite(au_to_process(uid, gid, ruid, rgid, pid, 2028 9100 Jan ainfo->ai_auid, ainfo->ai_asid, &ainfo->ai_termid)); 2029 9100 Jan crfree(cr); 2030 9100 Jan au_uwrite(au_to_arg32(2, "pgid", pgid)); 2031 9100 Jan break; 2032 9100 Jan 2033 9100 Jan default: 2034 9100 Jan break; 2035 9100 Jan } 2036 9100 Jan } 2037 9100 Jan 2038 0 stevel 2039 0 stevel /*ARGSUSED*/ 2040 0 stevel static void 2041 0 stevel aus_setregid(struct t_audit_data *tad) 2042 0 stevel { 2043 0 stevel klwp_t *clwp = ttolwp(curthread); 2044 0 stevel uint32_t rgid, egid; 2045 0 stevel 2046 0 stevel struct a { 2047 0 stevel long rgid; 2048 0 stevel long egid; 2049 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2050 0 stevel 2051 0 stevel rgid = (uint32_t)uap->rgid; 2052 0 stevel egid = (uint32_t)uap->egid; 2053 0 stevel 2054 0 stevel au_uwrite(au_to_arg32(1, "rgid", rgid)); 2055 0 stevel au_uwrite(au_to_arg32(2, "egid", egid)); 2056 0 stevel } 2057 0 stevel 2058 0 stevel /*ARGSUSED*/ 2059 0 stevel static void 2060 0 stevel aus_setgid(struct t_audit_data *tad) 2061 0 stevel { 2062 0 stevel klwp_t *clwp = ttolwp(curthread); 2063 0 stevel uint32_t gid; 2064 0 stevel 2065 0 stevel struct a { 2066 0 stevel long gid; 2067 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2068 0 stevel 2069 0 stevel gid = (uint32_t)uap->gid; 2070 0 stevel 2071 0 stevel au_uwrite(au_to_arg32(1, "gid", gid)); 2072 0 stevel } 2073 0 stevel 2074 0 stevel 2075 0 stevel /*ARGSUSED*/ 2076 0 stevel static void 2077 0 stevel aus_setreuid(struct t_audit_data *tad) 2078 0 stevel { 2079 0 stevel klwp_t *clwp = ttolwp(curthread); 2080 0 stevel uint32_t ruid, euid; 2081 0 stevel 2082 0 stevel struct a { 2083 0 stevel long ruid; 2084 0 stevel long euid; 2085 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2086 0 stevel 2087 0 stevel ruid = (uint32_t)uap->ruid; 2088 0 stevel euid = (uint32_t)uap->euid; 2089 0 stevel 2090 0 stevel au_uwrite(au_to_arg32(1, "ruid", ruid)); 2091 0 stevel au_uwrite(au_to_arg32(2, "euid", euid)); 2092 0 stevel } 2093 0 stevel 2094 0 stevel 2095 0 stevel /*ARGSUSED*/ 2096 0 stevel static void 2097 0 stevel aus_setuid(struct t_audit_data *tad) 2098 0 stevel { 2099 0 stevel klwp_t *clwp = ttolwp(curthread); 2100 0 stevel uint32_t uid; 2101 0 stevel 2102 0 stevel struct a { 2103 0 stevel long uid; 2104 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2105 0 stevel 2106 0 stevel uid = (uint32_t)uap->uid; 2107 0 stevel 2108 0 stevel au_uwrite(au_to_arg32(1, "uid", uid)); 2109 0 stevel } 2110 0 stevel 2111 0 stevel /*ARGSUSED*/ 2112 0 stevel static void 2113 0 stevel aus_shmsys(struct t_audit_data *tad) 2114 0 stevel { 2115 0 stevel klwp_t *clwp = ttolwp(curthread); 2116 0 stevel uint32_t id, cmd; 2117 0 stevel 2118 0 stevel struct b { 2119 0 stevel long id; 2120 0 stevel long cmd; 2121 0 stevel long buf; /* struct shmid_ds * */ 2122 0 stevel } *uap1 = (struct b *)&clwp->lwp_ap[1]; 2123 0 stevel 2124 0 stevel id = (uint32_t)uap1->id; 2125 0 stevel cmd = (uint32_t)uap1->cmd; 2126 0 stevel 2127 0 stevel switch (tad->tad_event) { 2128 0 stevel case AUE_SHMGET: /* shmget */ 2129 0 stevel au_uwrite(au_to_arg32(1, "shm key", id)); 2130 0 stevel break; 2131 0 stevel case AUE_SHMCTL: /* shmctl */ 2132 0 stevel case AUE_SHMCTL_RMID: /* shmctl */ 2133 0 stevel case AUE_SHMCTL_STAT: /* shmctl */ 2134 0 stevel case AUE_SHMCTL_SET: /* shmctl */ 2135 0 stevel au_uwrite(au_to_arg32(1, "shm ID", id)); 2136 0 stevel break; 2137 0 stevel case AUE_SHMDT: /* shmdt */ 2138 0 stevel au_uwrite(au_to_arg32(1, "shm adr", id)); 2139 0 stevel break; 2140 0 stevel case AUE_SHMAT: /* shmat */ 2141 0 stevel au_uwrite(au_to_arg32(1, "shm ID", id)); 2142 0 stevel au_uwrite(au_to_arg32(2, "shm adr", cmd)); 2143 0 stevel break; 2144 0 stevel } 2145 0 stevel } 2146 0 stevel 2147 0 stevel /*ARGSUSED*/ 2148 0 stevel static void 2149 0 stevel auf_shmsys(struct t_audit_data *tad, int error, rval_t *rval) 2150 0 stevel { 2151 0 stevel int id; 2152 0 stevel 2153 0 stevel if (error != 0) 2154 0 stevel return; 2155 0 stevel if (tad->tad_event == AUE_SHMGET) { 2156 0 stevel uint32_t scid; 2157 0 stevel uint32_t sy_flags; 2158 0 stevel 2159 0 stevel /* need to determine type of executing binary */ 2160 0 stevel scid = tad->tad_scid; 2161 0 stevel #ifdef _SYSCALL32_IMPL 2162 0 stevel if (lwp_getdatamodel(ttolwp(curthread)) == DATAMODEL_NATIVE) 2163 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 2164 0 stevel else 2165 0 stevel sy_flags = sysent32[scid].sy_flags & SE_RVAL_MASK; 2166 0 stevel #else 2167 0 stevel sy_flags = sysent[scid].sy_flags & SE_RVAL_MASK; 2168 0 stevel #endif 2169 0 stevel if (sy_flags == SE_32RVAL1) 2170 0 stevel id = rval->r_val1; 2171 0 stevel if (sy_flags == (SE_32RVAL2|SE_32RVAL1)) 2172 0 stevel id = rval->r_val1; 2173 0 stevel if (sy_flags == SE_64RVAL) 2174 0 stevel id = (int)rval->r_vals; 2175 0 stevel au_uwrite(au_to_ipc(AT_IPC_SHM, id)); 2176 0 stevel } 2177 0 stevel } 2178 0 stevel 2179 0 stevel 2180 0 stevel /*ARGSUSED*/ 2181 0 stevel static void 2182 0 stevel aus_ioctl(struct t_audit_data *tad) 2183 0 stevel { 2184 0 stevel klwp_t *clwp = ttolwp(curthread); 2185 0 stevel struct file *fp; 2186 0 stevel struct vnode *vp; 2187 0 stevel struct f_audit_data *fad; 2188 0 stevel uint32_t fd, cmd; 2189 0 stevel uintptr_t cmarg; 2190 0 stevel 2191 0 stevel /* XX64 */ 2192 0 stevel struct a { 2193 0 stevel long fd; 2194 0 stevel long cmd; 2195 0 stevel long cmarg; /* caddr_t */ 2196 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2197 0 stevel 2198 0 stevel fd = (uint32_t)uap->fd; 2199 0 stevel cmd = (uint32_t)uap->cmd; 2200 0 stevel cmarg = (uintptr_t)uap->cmarg; 2201 0 stevel 2202 0 stevel /* 2203 0 stevel * convert file pointer to file descriptor 2204 0 stevel * Note: fd ref count incremented here. 2205 0 stevel */ 2206 0 stevel if ((fp = getf(fd)) == NULL) { 2207 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 2208 0 stevel au_uwrite(au_to_arg32(2, "cmd", cmd)); 2209 0 stevel #ifndef _LP64 2210 0 stevel au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg)); 2211 0 stevel #else 2212 0 stevel au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg)); 2213 0 stevel #endif 2214 0 stevel return; 2215 0 stevel } 2216 0 stevel 2217 0 stevel /* get path from file struct here */ 2218 0 stevel fad = F2A(fp); 2219 0 stevel if (fad->fad_aupath != NULL) { 2220 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2221 0 stevel } else { 2222 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 2223 0 stevel } 2224 0 stevel 2225 0 stevel vp = fp->f_vnode; 2226 0 stevel audit_attributes(vp); 2227 0 stevel 2228 0 stevel /* decrement file descriptor reference count */ 2229 0 stevel releasef(fd); 2230 0 stevel 2231 0 stevel au_uwrite(au_to_arg32(2, "cmd", cmd)); 2232 0 stevel #ifndef _LP64 2233 0 stevel au_uwrite(au_to_arg32(3, "arg", (uint32_t)cmarg)); 2234 0 stevel #else 2235 0 stevel au_uwrite(au_to_arg64(3, "arg", (uint64_t)cmarg)); 2236 0 stevel #endif 2237 0 stevel } 2238 0 stevel 2239 0 stevel /* 2240 0 stevel * null function for memcntl for now. We might want to limit memcntl() 2241 0 stevel * auditing to commands: MC_LOCKAS, MC_LOCK, MC_UNLOCKAS, MC_UNLOCK which 2242 0 stevel * require privileges. 2243 0 stevel */ 2244 0 stevel static au_event_t 2245 0 stevel aui_memcntl(au_event_t e) 2246 0 stevel { 2247 0 stevel return (e); 2248 0 stevel } 2249 0 stevel 2250 0 stevel /*ARGSUSED*/ 2251 0 stevel static au_event_t 2252 0 stevel aui_privsys(au_event_t e) 2253 0 stevel { 2254 0 stevel klwp_t *clwp = ttolwp(curthread); 2255 0 stevel 2256 0 stevel struct a { 2257 0 stevel long opcode; 2258 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2259 0 stevel 2260 0 stevel switch (uap->opcode) { 2261 0 stevel case PRIVSYS_SETPPRIV: 2262 0 stevel return (AUE_SETPPRIV); 2263 0 stevel default: 2264 0 stevel return (AUE_NULL); 2265 0 stevel } 2266 0 stevel } 2267 0 stevel 2268 0 stevel /*ARGSUSED*/ 2269 0 stevel static void 2270 0 stevel aus_memcntl(struct t_audit_data *tad) 2271 0 stevel { 2272 0 stevel klwp_t *clwp = ttolwp(curthread); 2273 0 stevel 2274 0 stevel struct a { 2275 0 stevel long addr; 2276 0 stevel long len; 2277 0 stevel long cmd; 2278 0 stevel long arg; 2279 0 stevel long attr; 2280 0 stevel long mask; 2281 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2282 0 stevel 2283 0 stevel #ifdef _LP64 2284 0 stevel au_uwrite(au_to_arg64(1, "base", (uint64_t)uap->addr)); 2285 0 stevel au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len)); 2286 0 stevel #else 2287 0 stevel au_uwrite(au_to_arg32(1, "base", (uint32_t)uap->addr)); 2288 0 stevel au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len)); 2289 0 stevel #endif 2290 0 stevel au_uwrite(au_to_arg32(3, "cmd", (uint_t)uap->cmd)); 2291 0 stevel #ifdef _LP64 2292 0 stevel au_uwrite(au_to_arg64(4, "arg", (uint64_t)uap->arg)); 2293 0 stevel #else 2294 0 stevel au_uwrite(au_to_arg32(4, "arg", (uint32_t)uap->arg)); 2295 0 stevel #endif 2296 0 stevel au_uwrite(au_to_arg32(5, "attr", (uint_t)uap->attr)); 2297 0 stevel au_uwrite(au_to_arg32(6, "mask", (uint_t)uap->mask)); 2298 0 stevel } 2299 0 stevel 2300 0 stevel /*ARGSUSED*/ 2301 0 stevel static void 2302 0 stevel aus_mmap(struct t_audit_data *tad) 2303 0 stevel { 2304 0 stevel klwp_t *clwp = ttolwp(curthread); 2305 0 stevel struct file *fp; 2306 0 stevel struct f_audit_data *fad; 2307 0 stevel struct vnode *vp; 2308 0 stevel uint32_t fd; 2309 0 stevel 2310 0 stevel struct a { 2311 0 stevel long addr; 2312 0 stevel long len; 2313 0 stevel long prot; 2314 0 stevel long flags; 2315 0 stevel long fd; 2316 0 stevel long pos; 2317 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2318 0 stevel 2319 0 stevel fd = (uint32_t)uap->fd; 2320 0 stevel 2321 0 stevel #ifdef _LP64 2322 0 stevel au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr)); 2323 0 stevel au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len)); 2324 0 stevel #else 2325 0 stevel au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr)); 2326 0 stevel au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len)); 2327 0 stevel #endif 2328 0 stevel 2329 0 stevel if ((fp = getf(fd)) == NULL) { 2330 0 stevel au_uwrite(au_to_arg32(5, "fd", (uint32_t)uap->fd)); 2331 0 stevel return; 2332 0 stevel } 2333 0 stevel 2334 0 stevel /* 2335 0 stevel * Mark in the tad if write access is NOT requested... if 2336 0 stevel * this is later detected (in audit_attributes) to be a 2337 0 stevel * public object, the mmap event may be discarded. 2338 0 stevel */ 2339 0 stevel if (((uap->prot) & PROT_WRITE) == 0) { 2340 0 stevel tad->tad_ctrl |= PAD_PUBLIC_EV; 2341 0 stevel } 2342 0 stevel 2343 0 stevel fad = F2A(fp); 2344 0 stevel if (fad->fad_aupath != NULL) { 2345 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2346 0 stevel } else { 2347 0 stevel au_uwrite(au_to_arg32(1, "no path: fd", fd)); 2348 0 stevel } 2349 0 stevel 2350 0 stevel vp = (struct vnode *)fp->f_vnode; 2351 0 stevel audit_attributes(vp); 2352 0 stevel 2353 0 stevel /* mark READ/WRITE since we can't predict access */ 2354 0 stevel if (uap->prot & PROT_READ) 2355 0 stevel fad->fad_flags |= FAD_READ; 2356 0 stevel if (uap->prot & PROT_WRITE) 2357 0 stevel fad->fad_flags |= FAD_WRITE; 2358 0 stevel 2359 0 stevel /* decrement file descriptor reference count */ 2360 0 stevel releasef(fd); 2361 0 stevel 2362 0 stevel } /* AUS_MMAP */ 2363 0 stevel 2364 0 stevel 2365 0 stevel 2366 0 stevel 2367 0 stevel /*ARGSUSED*/ 2368 0 stevel static void 2369 0 stevel aus_munmap(struct t_audit_data *tad) 2370 0 stevel { 2371 0 stevel klwp_t *clwp = ttolwp(curthread); 2372 0 stevel 2373 0 stevel struct a { 2374 0 stevel long addr; 2375 0 stevel long len; 2376 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2377 0 stevel 2378 0 stevel #ifdef _LP64 2379 0 stevel au_uwrite(au_to_arg64(1, "addr", (uint64_t)uap->addr)); 2380 0 stevel au_uwrite(au_to_arg64(2, "len", (uint64_t)uap->len)); 2381 0 stevel #else 2382 0 stevel au_uwrite(au_to_arg32(1, "addr", (uint32_t)uap->addr)); 2383 0 stevel au_uwrite(au_to_arg32(2, "len", (uint32_t)uap->len)); 2384 0 stevel #endif 2385 0 stevel 2386 0 stevel } /* AUS_MUNMAP */ 2387 0 stevel 2388 0 stevel 2389 0 stevel 2390 0 stevel 2391 0 stevel 2392 0 stevel 2393 0 stevel 2394 0 stevel /*ARGSUSED*/ 2395 0 stevel static void 2396 0 stevel aus_priocntlsys(struct t_audit_data *tad) 2397 0 stevel { 2398 0 stevel klwp_t *clwp = ttolwp(curthread); 2399 0 stevel 2400 0 stevel struct a { 2401 0 stevel long pc_version; 2402 0 stevel long psp; /* procset_t */ 2403 0 stevel long cmd; 2404 0 stevel long arg; 2405 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2406 0 stevel 2407 0 stevel au_uwrite(au_to_arg32(1, "pc_version", (uint32_t)uap->pc_version)); 2408 0 stevel au_uwrite(au_to_arg32(3, "cmd", (uint32_t)uap->cmd)); 2409 0 stevel 2410 0 stevel } /* AUS_PRIOCNTLSYS */ 2411 0 stevel 2412 0 stevel 2413 0 stevel /*ARGSUSED*/ 2414 0 stevel static void 2415 0 stevel aus_setegid(struct t_audit_data *tad) 2416 0 stevel { 2417 0 stevel klwp_t *clwp = ttolwp(curthread); 2418 0 stevel uint32_t gid; 2419 0 stevel 2420 0 stevel struct a { 2421 0 stevel long gid; 2422 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2423 0 stevel 2424 0 stevel gid = (uint32_t)uap->gid; 2425 0 stevel 2426 0 stevel au_uwrite(au_to_arg32(1, "gid", gid)); 2427 0 stevel } /* AUS_SETEGID */ 2428 0 stevel 2429 0 stevel 2430 0 stevel 2431 0 stevel 2432 0 stevel /*ARGSUSED*/ 2433 0 stevel static void 2434 0 stevel aus_setgroups(struct t_audit_data *tad) 2435 0 stevel { 2436 0 stevel klwp_t *clwp = ttolwp(curthread); 2437 0 stevel int i; 2438 0 stevel int gidsetsize; 2439 0 stevel uintptr_t gidset; 2440 0 stevel gid_t *gidlist; 2441 0 stevel 2442 0 stevel struct a { 2443 0 stevel long gidsetsize; 2444 0 stevel long gidset; 2445 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2446 0 stevel 2447 0 stevel gidsetsize = (uint_t)uap->gidsetsize; 2448 0 stevel gidset = (uintptr_t)uap->gidset; 2449 0 stevel 2450 0 stevel if ((gidsetsize > NGROUPS_MAX_DEFAULT) || (gidsetsize < 0)) 2451 0 stevel return; 2452 0 stevel if (gidsetsize != 0) { 2453 0 stevel gidlist = kmem_alloc(gidsetsize * sizeof (gid_t), 2454 5227 tz204579 KM_SLEEP); 2455 0 stevel if (copyin((caddr_t)gidset, gidlist, 2456 5227 tz204579 gidsetsize * sizeof (gid_t)) == 0) 2457 0 stevel for (i = 0; i < gidsetsize; i++) 2458 0 stevel au_uwrite(au_to_arg32(1, "setgroups", 2459 5227 tz204579 (uint32_t)gidlist[i])); 2460 0 stevel kmem_free(gidlist, gidsetsize * sizeof (gid_t)); 2461 0 stevel } else 2462 0 stevel au_uwrite(au_to_arg32(1, "setgroups", (uint32_t)0)); 2463 0 stevel 2464 0 stevel } /* AUS_SETGROUPS */ 2465 0 stevel 2466 0 stevel 2467 0 stevel 2468 0 stevel 2469 0 stevel 2470 0 stevel /*ARGSUSED*/ 2471 0 stevel static void 2472 0 stevel aus_seteuid(struct t_audit_data *tad) 2473 0 stevel { 2474 0 stevel klwp_t *clwp = ttolwp(curthread); 2475 0 stevel uint32_t uid; 2476 0 stevel 2477 0 stevel struct a { 2478 0 stevel long uid; 2479 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2480 0 stevel 2481 0 stevel uid = (uint32_t)uap->uid; 2482 0 stevel 2483 0 stevel au_uwrite(au_to_arg32(1, "euid", uid)); 2484 0 stevel 2485 0 stevel } /* AUS_SETEUID */ 2486 0 stevel 2487 0 stevel /*ARGSUSED*/ 2488 0 stevel static void 2489 0 stevel aus_putmsg(struct t_audit_data *tad) 2490 0 stevel { 2491 0 stevel klwp_t *clwp = ttolwp(curthread); 2492 0 stevel uint32_t fd, pri; 2493 0 stevel struct file *fp; 2494 0 stevel struct f_audit_data *fad; 2495 0 stevel 2496 0 stevel struct a { 2497 0 stevel long fdes; 2498 0 stevel long ctl; /* struct strbuf * */ 2499 0 stevel long data; /* struct strbuf * */ 2500 0 stevel long pri; 2501 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2502 0 stevel 2503 0 stevel fd = (uint32_t)uap->fdes; 2504 0 stevel pri = (uint32_t)uap->pri; 2505 0 stevel 2506 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 2507 0 stevel 2508 0 stevel if ((fp = getf(fd)) != NULL) { 2509 0 stevel fad = F2A(fp); 2510 0 stevel 2511 0 stevel fad->fad_flags |= FAD_WRITE; 2512 0 stevel 2513 0 stevel /* add path name to audit record */ 2514 0 stevel if (fad->fad_aupath != NULL) { 2515 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2516 0 stevel } 2517 0 stevel audit_attributes(fp->f_vnode); 2518 0 stevel 2519 0 stevel releasef(fd); 2520 0 stevel } 2521 0 stevel 2522 0 stevel au_uwrite(au_to_arg32(4, "pri", pri)); 2523 0 stevel } 2524 0 stevel 2525 0 stevel /*ARGSUSED*/ 2526 0 stevel static void 2527 0 stevel aus_putpmsg(struct t_audit_data *tad) 2528 0 stevel { 2529 0 stevel klwp_t *clwp = ttolwp(curthread); 2530 0 stevel uint32_t fd, pri, flags; 2531 0 stevel struct file *fp; 2532 0 stevel struct f_audit_data *fad; 2533 0 stevel 2534 0 stevel struct a { 2535 0 stevel long fdes; 2536 0 stevel long ctl; /* struct strbuf * */ 2537 0 stevel long data; /* struct strbuf * */ 2538 0 stevel long pri; 2539 0 stevel long flags; 2540 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2541 0 stevel 2542 0 stevel fd = (uint32_t)uap->fdes; 2543 0 stevel pri = (uint32_t)uap->pri; 2544 0 stevel flags = (uint32_t)uap->flags; 2545 0 stevel 2546 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 2547 0 stevel 2548 0 stevel if ((fp = getf(fd)) != NULL) { 2549 0 stevel fad = F2A(fp); 2550 0 stevel 2551 0 stevel fad->fad_flags |= FAD_WRITE; 2552 0 stevel 2553 0 stevel /* add path name to audit record */ 2554 0 stevel if (fad->fad_aupath != NULL) { 2555 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2556 0 stevel } 2557 0 stevel audit_attributes(fp->f_vnode); 2558 0 stevel 2559 0 stevel releasef(fd); 2560 0 stevel } 2561 0 stevel 2562 0 stevel 2563 0 stevel au_uwrite(au_to_arg32(4, "pri", pri)); 2564 0 stevel au_uwrite(au_to_arg32(5, "flags", flags)); 2565 0 stevel } 2566 0 stevel 2567 0 stevel /*ARGSUSED*/ 2568 0 stevel static void 2569 0 stevel aus_getmsg(struct t_audit_data *tad) 2570 0 stevel { 2571 0 stevel klwp_t *clwp = ttolwp(curthread); 2572 0 stevel uint32_t fd, pri; 2573 0 stevel struct file *fp; 2574 0 stevel struct f_audit_data *fad; 2575 0 stevel 2576 0 stevel struct a { 2577 0 stevel long fdes; 2578 0 stevel long ctl; /* struct strbuf * */ 2579 0 stevel long data; /* struct strbuf * */ 2580 0 stevel long pri; 2581 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2582 0 stevel 2583 0 stevel fd = (uint32_t)uap->fdes; 2584 0 stevel pri = (uint32_t)uap->pri; 2585 0 stevel 2586 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 2587 0 stevel 2588 0 stevel if ((fp = getf(fd)) != NULL) { 2589 0 stevel fad = F2A(fp); 2590 0 stevel 2591 0 stevel /* 2592 0 stevel * read operation on this object 2593 0 stevel */ 2594 0 stevel fad->fad_flags |= FAD_READ; 2595 0 stevel 2596 0 stevel /* add path name to audit record */ 2597 0 stevel if (fad->fad_aupath != NULL) { 2598 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2599 0 stevel } 2600 0 stevel audit_attributes(fp->f_vnode); 2601 0 stevel 2602 0 stevel releasef(fd); 2603 0 stevel } 2604 0 stevel 2605 0 stevel au_uwrite(au_to_arg32(4, "pri", pri)); 2606 0 stevel } 2607 0 stevel 2608 0 stevel /*ARGSUSED*/ 2609 0 stevel static void 2610 0 stevel aus_getpmsg(struct t_audit_data *tad) 2611 0 stevel { 2612 0 stevel klwp_t *clwp = ttolwp(curthread); 2613 0 stevel uint32_t fd; 2614 0 stevel struct file *fp; 2615 0 stevel struct f_audit_data *fad; 2616 0 stevel 2617 0 stevel struct a { 2618 0 stevel long fdes; 2619 0 stevel long ctl; /* struct strbuf * */ 2620 0 stevel long data; /* struct strbuf * */ 2621 0 stevel long pri; 2622 0 stevel long flags; 2623 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2624 0 stevel 2625 0 stevel fd = (uint32_t)uap->fdes; 2626 0 stevel 2627 0 stevel au_uwrite(au_to_arg32(1, "fd", fd)); 2628 0 stevel 2629 0 stevel if ((fp = getf(fd)) != NULL) { 2630 0 stevel fad = F2A(fp); 2631 0 stevel 2632 0 stevel /* 2633 0 stevel * read operation on this object 2634 0 stevel */ 2635 0 stevel fad->fad_flags |= FAD_READ; 2636 0 stevel 2637 0 stevel /* add path name to audit record */ 2638 0 stevel if (fad->fad_aupath != NULL) { 2639 0 stevel au_uwrite(au_to_path(fad->fad_aupath)); 2640 0 stevel } 2641 0 stevel audit_attributes(fp->f_vnode); 2642 0 stevel 2643 0 stevel releasef(fd); 2644 0 stevel } 2645 0 stevel } 2646 0 stevel 2647 0 stevel static au_event_t 2648 6688 rica aui_labelsys(au_event_t e) 2649 6688 rica { 2650 6688 rica klwp_t *clwp = ttolwp(curthread); 2651 6688 rica uint32_t code; 2652 6688 rica uint32_t cmd; 2653 6688 rica 2654 6688 rica struct a { 2655 6688 rica long code; 2656 6688 rica long cmd; 2657 6688 rica } *uap = (struct a *)clwp->lwp_ap; 2658 6688 rica 2659 6688 rica code = (uint32_t)uap->code; 2660 6688 rica cmd = (uint32_t)uap->cmd; 2661 6688 rica 2662 6688 rica /* not security relevant if not changing kernel cache */ 2663 6688 rica if (cmd == TNDB_GET) 2664 7379 Ric return (AUE_NULL); 2665 6688 rica 2666 6688 rica switch (code) { 2667 6688 rica case TSOL_TNRH: 2668 6688 rica e = AUE_LABELSYS_TNRH; 2669 6688 rica break; 2670 6688 rica case TSOL_TNRHTP: 2671 6688 rica e = AUE_LABELSYS_TNRHTP; 2672 6688 rica break; 2673 6688 rica case TSOL_TNMLP: 2674 6688 rica e = AUE_LABELSYS_TNMLP; 2675 6688 rica break; 2676 6688 rica default: 2677 6688 rica e = AUE_NULL; 2678 6688 rica break; 2679 6688 rica } 2680 6688 rica 2681 6688 rica return (e); 2682 6688 rica 2683 6688 rica } 2684 6688 rica 2685 6688 rica static void 2686 6688 rica aus_labelsys(struct t_audit_data *tad) 2687 6688 rica { 2688 6688 rica klwp_t *clwp = ttolwp(curthread); 2689 6688 rica uint32_t cmd; 2690 6688 rica uintptr_t a2; 2691 6688 rica 2692 6688 rica struct a { 2693 6688 rica long code; 2694 6688 rica long cmd; 2695 6688 rica long a2; 2696 6688 rica } *uap = (struct a *)clwp->lwp_ap; 2697 6688 rica 2698 6688 rica cmd = (uint32_t)uap->cmd; 2699 6688 rica a2 = (uintptr_t)uap->a2; 2700 6688 rica 2701 6688 rica switch (tad->tad_event) { 2702 6688 rica case AUE_LABELSYS_TNRH: 2703 6688 rica { 2704 6688 rica tsol_rhent_t *rhent; 2705 6688 rica tnaddr_t *rh_addr; 2706 6688 rica 2707 6688 rica au_uwrite(au_to_arg32(1, "cmd", cmd)); 2708 6688 rica 2709 6688 rica /* Remaining args don't apply for FLUSH, so skip */ 2710 6688 rica if (cmd == TNDB_FLUSH) 2711 6688 rica break; 2712 6688 rica 2713 6688 rica rhent = kmem_alloc(sizeof (tsol_rhent_t), KM_SLEEP); 2714 6688 rica if (copyin((caddr_t)a2, rhent, sizeof (tsol_rhent_t))) { 2715 6688 rica kmem_free(rhent, sizeof (tsol_rhent_t)); 2716 6688 rica return; 2717 6688 rica } 2718 6688 rica 2719 6688 rica rh_addr = &rhent->rh_address; 2720 6688 rica if (rh_addr->ta_family == AF_INET) { 2721 6688 rica struct in_addr *ipaddr; 2722 6688 rica 2723 6688 rica ipaddr = &(rh_addr->ta_addr_v4); 2724 6688 rica au_uwrite(au_to_in_addr(ipaddr)); 2725 6688 rica } else if (rh_addr->ta_family == AF_INET6) { 2726 6688 rica int32_t *ipaddr; 2727 6688 rica 2728 6688 rica ipaddr = (int32_t *)&(rh_addr->ta_addr_v6); 2729 6688 rica au_uwrite(au_to_in_addr_ex(ipaddr)); 2730 6688 rica } 2731 6688 rica au_uwrite(au_to_arg32(2, "prefix len", rhent->rh_prefix)); 2732 6688 rica 2733 6688 rica kmem_free(rhent, sizeof (tsol_rhent_t)); 2734 6688 rica 2735 6688 rica break; 2736 6688 rica } 2737 6688 rica case AUE_LABELSYS_TNRHTP: 2738 6688 rica { 2739 6688 rica tsol_tpent_t *tpent; 2740 6688 rica 2741 6688 rica au_uwrite(au_to_arg32(1, "cmd", cmd)); 2742 6688 rica 2743 6688 rica /* Remaining args don't apply for FLUSH, so skip */ 2744 6688 rica if (cmd == TNDB_FLUSH) 2745 6688 rica break; 2746 6688 rica 2747 6688 rica tpent = kmem_alloc(sizeof (tsol_tpent_t), KM_SLEEP); 2748 6688 rica if (copyin((caddr_t)a2, tpent, sizeof (tsol_tpent_t))) { 2749 6688 rica kmem_free(tpent, sizeof (tsol_tpent_t)); 2750 6688 rica return; 2751 6688 rica } 2752 7379 Ric 2753 7379 Ric /* Make sure that the template name is null-terminated. */ 2754 7379 Ric *(tpent->name + TNTNAMSIZ - 1) = '\0'; 2755 6688 rica 2756 6688 rica au_uwrite(au_to_text(tpent->name)); 2757 6688 rica kmem_free(tpent, sizeof (tsol_tpent_t)); 2758 6688 rica 2759 6688 rica break; 2760 6688 rica } 2761 6688 rica case AUE_LABELSYS_TNMLP: 2762 6688 rica { 2763 6688 rica tsol_mlpent_t *mlpent; 2764 6688 rica 2765 6688 rica au_uwrite(au_to_arg32(1, "cmd", cmd)); 2766 6688 rica 2767 6688 rica mlpent = kmem_alloc(sizeof (tsol_mlpent_t), KM_SLEEP); 2768 6688 rica if (copyin((caddr_t)a2, mlpent, sizeof (tsol_mlpent_t))) { 2769 6688 rica kmem_free(mlpent, sizeof (tsol_mlpent_t)); 2770 6688 rica return; 2771 6688 rica } 2772 6688 rica 2773 6688 rica if (mlpent->tsme_flags & TSOL_MEF_SHARED) { 2774 6688 rica au_uwrite(au_to_text("shared")); 2775 6688 rica } else { 2776 6688 rica zone_t *zone; 2777 6688 rica 2778 6688 rica zone = zone_find_by_id(mlpent->tsme_zoneid); 2779 6688 rica if (zone != NULL) { 2780 6688 rica au_uwrite(au_to_text(zone->zone_name)); 2781 6688 rica zone_rele(zone); 2782 6688 rica } 2783 6688 rica } 2784 6688 rica 2785 6688 rica /* Remaining args don't apply for FLUSH, so skip */ 2786 6688 rica if (cmd == TNDB_FLUSH) { 2787 6688 rica kmem_free(mlpent, sizeof (tsol_mlpent_t)); 2788 6688 rica break; 2789 6688 rica } 2790 6688 rica 2791 6688 rica au_uwrite(au_to_arg32(2, "proto num", 2792 6688 rica (uint32_t)mlpent->tsme_mlp.mlp_ipp)); 2793 6688 rica au_uwrite(au_to_arg32(2, "mlp_port", 2794 6688 rica (uint32_t)mlpent->tsme_mlp.mlp_port)); 2795 6688 rica 2796 6688 rica if (mlpent->tsme_mlp.mlp_port_upper != 0) 2797 6688 rica au_uwrite(au_to_arg32(2, "mlp_port_upper", 2798 6688 rica (uint32_t)mlpent->tsme_mlp.mlp_port_upper)); 2799 6688 rica 2800 6688 rica kmem_free(mlpent, sizeof (tsol_mlpent_t)); 2801 6688 rica 2802 6688 rica break; 2803 6688 rica } 2804 6688 rica default: 2805 6688 rica break; 2806 6688 rica } 2807 6688 rica } 2808 6688 rica 2809 6688 rica 2810 6688 rica static au_event_t 2811 0 stevel aui_auditsys(au_event_t e) 2812 0 stevel { 2813 0 stevel klwp_t *clwp = ttolwp(curthread); 2814 0 stevel uint32_t code; 2815 0 stevel 2816 0 stevel struct a { 2817 0 stevel long code; 2818 0 stevel long a1; 2819 0 stevel long a2; 2820 0 stevel long a3; 2821 0 stevel long a4; 2822 0 stevel long a5; 2823 0 stevel long a6; 2824 0 stevel long a7; 2825 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2826 0 stevel 2827 0 stevel code = (uint32_t)uap->code; 2828 0 stevel 2829 0 stevel switch (code) { 2830 0 stevel 2831 0 stevel case BSM_GETAUID: 2832 0 stevel e = AUE_GETAUID; 2833 0 stevel break; 2834 0 stevel case BSM_SETAUID: 2835 0 stevel e = AUE_SETAUID; 2836 0 stevel break; 2837 0 stevel case BSM_GETAUDIT: 2838 0 stevel e = AUE_GETAUDIT; 2839 0 stevel break; 2840 0 stevel case BSM_GETAUDIT_ADDR: 2841 0 stevel e = AUE_GETAUDIT_ADDR; 2842 0 stevel break; 2843 0 stevel case BSM_SETAUDIT: 2844 0 stevel e = AUE_SETAUDIT; 2845 0 stevel break; 2846 0 stevel case BSM_SETAUDIT_ADDR: 2847 0 stevel e = AUE_SETAUDIT_ADDR; 2848 0 stevel break; 2849 0 stevel case BSM_AUDIT: 2850 0 stevel e = AUE_AUDIT; 2851 0 stevel break; 2852 0 stevel case BSM_AUDITON: 2853 0 stevel case BSM_AUDITCTL: 2854 0 stevel 2855 0 stevel switch ((uint_t)uap->a1) { 2856 0 stevel 2857 0 stevel case A_GETPOLICY: 2858 0 stevel e = AUE_AUDITON_GPOLICY; 2859 0 stevel break; 2860 0 stevel case A_SETPOLICY: 2861 0 stevel e = AUE_AUDITON_SPOLICY; 2862 0 stevel break; 2863 0 stevel case A_GETKMASK: 2864 0 stevel e = AUE_AUDITON_GETKMASK; 2865 0 stevel break; 2866 0 stevel case A_SETKMASK: 2867 0 stevel e = AUE_AUDITON_SETKMASK; 2868 0 stevel break; 2869 0 stevel case A_GETQCTRL: 2870 0 stevel e = AUE_AUDITON_GQCTRL; 2871 0 stevel break; 2872 0 stevel case A_SETQCTRL: 2873 0 stevel e = AUE_AUDITON_SQCTRL; 2874 0 stevel break; 2875 0 stevel case A_GETCWD: 2876 0 stevel e = AUE_AUDITON_GETCWD; 2877 0 stevel break; 2878 0 stevel case A_GETCAR: 2879 0 stevel e = AUE_AUDITON_GETCAR; 2880 0 stevel break; 2881 0 stevel case A_GETSTAT: 2882 0 stevel e = AUE_AUDITON_GETSTAT; 2883 0 stevel break; 2884 0 stevel case A_SETSTAT: 2885 0 stevel e = AUE_AUDITON_SETSTAT; 2886 0 stevel break; 2887 0 stevel case A_SETUMASK: 2888 0 stevel e = AUE_AUDITON_SETUMASK; 2889 0 stevel break; 2890 0 stevel case A_SETSMASK: 2891 0 stevel e = AUE_AUDITON_SETSMASK; 2892 0 stevel break; 2893 0 stevel case A_GETCOND: 2894 0 stevel e = AUE_AUDITON_GETCOND; 2895 0 stevel break; 2896 0 stevel case A_SETCOND: 2897 0 stevel e = AUE_AUDITON_SETCOND; 2898 0 stevel break; 2899 0 stevel case A_GETCLASS: 2900 0 stevel e = AUE_AUDITON_GETCLASS; 2901 0 stevel break; 2902 0 stevel case A_SETCLASS: 2903 0 stevel e = AUE_AUDITON_SETCLASS; 2904 0 stevel break; 2905 0 stevel default: 2906 0 stevel e = AUE_NULL; 2907 0 stevel break; 2908 0 stevel } 2909 0 stevel break; 2910 0 stevel default: 2911 0 stevel e = AUE_NULL; 2912 0 stevel break; 2913 0 stevel } 2914 0 stevel 2915 0 stevel return (e); 2916 0 stevel 2917 0 stevel } /* AUI_AUDITSYS */ 2918 0 stevel 2919 0 stevel 2920 0 stevel static void 2921 0 stevel aus_auditsys(struct t_audit_data *tad) 2922 0 stevel { 2923 0 stevel klwp_t *clwp = ttolwp(curthread); 2924 0 stevel uintptr_t a1, a2; 2925 0 stevel STRUCT_DECL(auditinfo, ainfo); 2926 0 stevel STRUCT_DECL(auditinfo_addr, ainfo_addr); 2927 0 stevel au_evclass_map_t event; 2928 0 stevel au_mask_t mask; 2929 0 stevel int auditstate, policy; 2930 4353 tz204579 au_id_t auid; 2931 0 stevel 2932 0 stevel 2933 0 stevel struct a { 2934 0 stevel long code; 2935 0 stevel long a1; 2936 0 stevel long a2; 2937 0 stevel long a3; 2938 0 stevel long a4; 2939 0 stevel long a5; 2940 0 stevel long a6; 2941 0 stevel long a7; 2942 0 stevel } *uap = (struct a *)clwp->lwp_ap; 2943 0 stevel 2944 0 stevel a1 = (uintptr_t)uap->a1; 2945 0 stevel a2 = (uintptr_t)uap->a2; 2946 0 stevel 2947 0 stevel switch (tad->tad_event) { 2948 0 stevel case AUE_SETAUID: 2949 4353 tz204579 if (copyin((caddr_t)a1, &auid, sizeof (au_id_t))) 2950 4353 tz204579 return; 2951 4353 tz204579 au_uwrite(au_to_arg32(2, "setauid", auid)); 2952 0 stevel break; 2953 0 stevel case AUE_SETAUDIT: 2954 0 stevel STRUCT_INIT(ainfo, get_udatamodel()); 2955 0 stevel if (copyin((caddr_t)a1, STRUCT_BUF(ainfo), 2956 5227 tz204579 STRUCT_SIZE(ainfo))) { 2957 0 stevel return; 2958 0 stevel } 2959 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:auid", 2960 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_auid))); 2961 0 stevel #ifdef _LP64 2962 0 stevel au_uwrite(au_to_arg64((char)1, "setaudit:port", 2963 5227 tz204579 (uint64_t)STRUCT_FGET(ainfo, ai_termid.port))); 2964 0 stevel #else 2965 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:port", 2966 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_termid.port))); 2967 0 stevel #endif 2968 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:machine", 2969 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_termid.machine))); 2970 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:as_success", 2971 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_success))); 2972 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:as_failure", 2973 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_mask.as_failure))); 2974 0 stevel au_uwrite(au_to_arg32((char)1, "setaudit:asid", 2975 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo, ai_asid))); 2976 0 stevel break; 2977 0 stevel case AUE_SETAUDIT_ADDR: 2978 0 stevel STRUCT_INIT(ainfo_addr, get_udatamodel()); 2979 0 stevel if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr), 2980 5227 tz204579 STRUCT_SIZE(ainfo_addr))) { 2981 0 stevel return; 2982 0 stevel } 2983 0 stevel au_uwrite(au_to_arg32((char)1, "auid", 2984 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid))); 2985 0 stevel #ifdef _LP64 2986 0 stevel au_uwrite(au_to_arg64((char)1, "port", 2987 5227 tz204579 (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port))); 2988 0 stevel #else 2989 0 stevel au_uwrite(au_to_arg32((char)1, "port", 2990 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port))); 2991 0 stevel #endif 2992 0 stevel au_uwrite(au_to_arg32((char)1, "type", 2993 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type))); 2994 0 stevel if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) == 2995 0 stevel AU_IPv4) { 2996 0 stevel au_uwrite(au_to_in_addr( 2997 5227 tz204579 (struct in_addr *)STRUCT_FGETP(ainfo_addr, 2998 5227 tz204579 ai_termid.at_addr))); 2999 0 stevel } else { 3000 0 stevel au_uwrite(au_to_in_addr_ex( 3001 5227 tz204579 (int32_t *)STRUCT_FGETP(ainfo_addr, 3002 5227 tz204579 ai_termid.at_addr))); 3003 0 stevel } 3004 0 stevel au_uwrite(au_to_arg32((char)1, "as_success", 3005 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success))); 3006 0 stevel au_uwrite(au_to_arg32((char)1, "as_failure", 3007 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure))); 3008 0 stevel au_uwrite(au_to_arg32((char)1, "asid", 3009 5227 tz204579 (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid))); 3010 0 stevel break; 3011 0 stevel case AUE_AUDITON_SETKMASK: 3012 0 stevel if (copyin((caddr_t)a2, &mask, sizeof (au_mask_t))) 3013 0 stevel return; 3014 0 stevel au_uwrite(au_to_arg32( 3015 5227 tz204579 2, "setkmask:as_success", (uint32_t)mask.as_success)); 3016 0 stevel au_uwrite(au_to_arg32( 3017 5227 tz204579 2, "setkmask:as_failure", (uint32_t)mask.as_failure)); 3018 0 stevel break; 3019 0 stevel case AUE_AUDITON_SPOLICY: 3020