/*ARGSUSED1*/
int
auditsys(struct auditcalls *uap, rval_t *rvp)
{
int err;
/*
* this ugly hack is because auditsys returns
* 0 for all cases except audit_active == 0
* and uap->code == BSM_AUDITCTL || default)
*/
if (!audit_active)
return (ENOTSUP);
switch (uap->code) {
case BSM_GETAUID:
case BSM_SETAUID:
case BSM_GETAUDIT:
case BSM_SETAUDIT:
case BSM_AUDIT:
return (0);
case BSM_AUDITCTL:
if ((int)uap->a1 == A_GETCOND)
err = secpolicy_audit_getattr(CRED());
else
/* FALLTHROUGH */
default:
/* Return a different error when not privileged */
err = secpolicy_audit_config(CRED());
if (err == 0)
return (EINVAL);
else
return (err);
}
}
/*
* Get the audit state information from the current process.
* Return EFAULT if copyout fails.
*/
int
getaudit_addr(caddr_t info_p, int len)
{
STRUCT_DECL(auditinfo_addr, info);
const auditinfo_addr_t *ainfo;
model_t model;
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
if (len < STRUCT_SIZE(info))
return (EOVERFLOW);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
return (EOVERFLOW);
}
STRUCT_FSET(info, ai_termid.at_port, dev);
} else
STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
#else
STRUCT_FSET(info, ai_termid.at_port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(info, ai_termid.at_type, ainfo->ai_termid.at_type);
STRUCT_FSET(info, ai_termid.at_addr[0], ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(info, ai_termid.at_addr[1], ainfo->ai_termid.at_addr[1]);
STRUCT_FSET(info, ai_termid.at_addr[2], ainfo->ai_termid.at_addr[2]);
STRUCT_FSET(info, ai_termid.at_addr[3], ainfo->ai_termid.at_addr[3]);
STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
return (EFAULT);
return (0);
}
/*
* Return the audit user ID for the current process. Currently only
* the privileged processes may see the audit id. That may change.
* If copyout is unsucessful return EFAULT.
*/
int
getauid(caddr_t auid_p)
{
const auditinfo_addr_t *ainfo;
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
if (copyout(&ainfo->ai_auid, auid_p, sizeof (au_id_t)))
return (EFAULT);
return (0);
}
/*
* Get the audit state information from the current process.
* Return EFAULT if copyout fails.
*/
static int
getaudit(caddr_t info_p)
{
STRUCT_DECL(auditinfo, info);
const auditinfo_addr_t *ainfo;
model_t model;
if (secpolicy_audit_getattr(CRED()) != 0)
return (EPERM);
model = get_udatamodel();
STRUCT_INIT(info, model);
ainfo = crgetauinfo(CRED());
if (ainfo == NULL)
return (EINVAL);
/* trying to read a process with an IPv6 address? */
if (ainfo->ai_termid.at_type == AU_IPv6)
return (EOVERFLOW);
STRUCT_FSET(info, ai_auid, ainfo->ai_auid);
STRUCT_FSET(info, ai_mask, ainfo->ai_mask);
#ifdef _LP64
if (model == DATAMODEL_ILP32) {
dev32_t dev;
/* convert internal 64 bit form to 32 bit version */
if (cmpldev(&dev, ainfo->ai_termid.at_port) == 0) {
return (EOVERFLOW);
}
STRUCT_FSET(info, ai_termid.port, dev);
} else
STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
#else
STRUCT_FSET(info, ai_termid.port, ainfo->ai_termid.at_port);
#endif
STRUCT_FSET(info, ai_termid.machine, ainfo->ai_termid.at_addr[0]);
STRUCT_FSET(info, ai_asid, ainfo->ai_asid);
if (copyout(STRUCT_BUF(info), info_p, STRUCT_SIZE(info)))
return (EFAULT);
return (0);
}
static int
cred2ucaud(const cred_t *cr, auditinfo64_addr_t *ainfo, const cred_t *rcr)
{
auditinfo_addr_t *ai;
au_tid_addr_t tid;
if (secpolicy_audit_getattr(rcr) != 0)
return (-1);
ai = CR_AUINFO(cr); /* caller makes sure this is non-NULL */
tid = ai->ai_termid;
ainfo->ai_auid = ai->ai_auid;
ainfo->ai_mask = ai->ai_mask;
ainfo->ai_asid = ai->ai_asid;
ainfo->ai_termid.at_type = tid.at_type;
bcopy(&tid.at_addr, &ainfo->ai_termid.at_addr, 4 * sizeof (uint_t));
ainfo->ai_termid.at_port.at_major = (uint32_t)getmajor(tid.at_port);
ainfo->ai_termid.at_port.at_minor = (uint32_t)getminor(tid.at_port);
return (0);
}
/*
* The out of control system call
* This is audit kitchen sink aka auditadm, aka auditon
*/
int
auditctl(
int cmd,
caddr_t data,
int length)
{
int result;
switch (cmd) {
case A_GETAMASK:
case A_GETCOND:
case A_GETCAR:
case A_GETCLASS:
case A_GETCWD:
case A_GETKAUDIT:
case A_GETKMASK:
case A_GETPINFO:
case A_GETPINFO_ADDR:
case A_GETPOLICY:
case A_GETQCTRL:
case A_GETSTAT:
if (secpolicy_audit_getattr(CRED(), B_FALSE) != 0)
return (EPERM);
break;
default:
if (secpolicy_audit_config(CRED()) != 0)
return (EPERM);
break;
}
switch (cmd) {
case A_GETPOLICY:
result = getpolicy(data);
break;
case A_SETPOLICY:
result = setpolicy(data);
break;
case A_GETAMASK:
result = getamask(data);
break;
case A_SETAMASK:
result = setamask(data);
break;
case A_GETKMASK:
result = getkmask(data);
break;
case A_SETKMASK:
result = setkmask(data);
break;
case A_GETKAUDIT:
result = getkaudit(data, length);
break;
case A_SETKAUDIT:
result = setkaudit(data, length);
break;
case A_GETQCTRL:
result = getqctrl(data);
break;
case A_SETQCTRL:
result = setqctrl(data);
break;
case A_GETCWD:
result = getcwd(data, length);
break;
case A_GETCAR:
result = getcar(data, length);
break;
case A_GETSTAT:
result = getstat(data);
break;
case A_SETSTAT:
result = setstat(data);
break;
case A_SETUMASK:
result = setumask(data);
break;
case A_SETSMASK:
result = setsmask(data);
break;
case A_GETCOND:
result = getcond(data);
break;
case A_SETCOND:
result = setcond(data);
break;
case A_GETCLASS:
result = getclass(data);
break;
case A_SETCLASS:
result = setclass(data);
break;
case A_GETPINFO:
result = getpinfo(data);
break;
case A_GETPINFO_ADDR:
result = getpinfo_addr(data, length);
break;
case A_SETPMASK:
result = setpmask(data);
break;
default:
result = EINVAL;
break;
}
return (result);
}
