Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/bsd/kern/kern_audit.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Copyright (c) 2003 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. 7 * 8 * This file contains Original Code and/or Modifications of Original Code 9 * as defined in and that are subject to the Apple Public Source License 10 * Version 2.0 (the 'License'). You may not use this file except in 11 * compliance with the License. Please obtain a copy of the License at 12 * http://www.opensource.apple.com/apsl/ and read it before using this 13 * file. 14 * 15 * The Original Code and all software distributed under the License are 16 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 17 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 18 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 20 * Please see the License for the specific language governing rights and 21 * limitations under the License. 22 * 23 * @APPLE_LICENSE_HEADER_END@ 24 */ 25 #include <sys/param.h> 26 #include <sys/fcntl.h> 27 #include <sys/kernel.h> 28 #include <sys/lock.h> 29 #include <sys/namei.h> 30 #include <sys/proc.h> 31 #include <sys/queue.h> 32 #include <sys/systm.h> 33 #include <sys/time.h> 34 #include <sys/ucred.h> 35 #include <sys/uio.h> 36 #include <sys/unistd.h> 37 #include <sys/vnode.h> 38 #include <sys/audit.h> 39 #include <sys/kern_audit.h> 40 #include <sys/user.h> 41 #include <sys/bsm_kevents.h> 42 #include <sys/bsm_klib.h> 43 #include <sys/syscall.h> 44 #include <sys/malloc.h> 45 #include <sys/un.h> 46 47 #include <kern/lock.h> 48 #include <kern/wait_queue.h> 49 50 #ifdef AUDIT 51 52 /* 53 * The AUDIT_EXCESSIVELY_VERBOSE define enables a number of 54 * gratuitously noisy printf's to the console. Due to the 55 * volume, it should be left off unless you want your system 56 * to churn a lot whenever the audit record flow gets high. 57 */ 58 /* #define AUDIT_EXCESSIVELY_VERBOSE */ 59 #ifdef AUDIT_EXCESSIVELY_VERBOSE 60 #define AUDIT_PRINTF(x) printf x 61 #else 62 #define AUDIT_PRINTF(X) 63 #endif 64 65 #if DIAGNOSTIC 66 #if defined(assert) 67 #undef assert() 68 #endif 69 #define assert(cond) \ 70 ((void) ((cond) ? 0 : panic("%s:%d (%s)", __FILE__, __LINE__, # cond))) 71 #else 72 #include <kern/assert.h> 73 #endif /* DIAGNOSTIC */ 74 75 /* 76 * Define the audit control flags. 77 */ 78 int audit_enabled; 79 int audit_suspended; 80 81 /* 82 * Mutex to protect global variables shared between various threads and 83 * processes. 84 */ 85 static mutex_t *audit_mtx; 86 87 /* 88 * Queue of audit records ready for delivery to disk. We insert new 89 * records at the tail, and remove records from the head. 90 */ 91 static TAILQ_HEAD(, kaudit_record) audit_q; 92 93 /* 94 * Condition variable to signal to the worker that it has work to do: 95 * either new records are in the queue, or a log replacement is taking 96 * place. 97 */ 98 static wait_queue_t audit_wait_queue; 99 100 /* 101 * When an audit log is rotated, the actual rotation must be performed 102 * by the audit worker thread, as it may have outstanding writes on the 103 * current audit log. audit_replacement_vp holds the vnode replacing 104 * the current vnode. We can't let more than one replacement occur 105 * at a time, so if more than one thread requests a replacement, only 106 * one can have the replacement "in progress" at any given moment. If 107 * a thread tries to replace the audit vnode and discovers a replacement 108 * is already in progress (i.e., audit_replacement_flag != 0), then it 109 * will sleep on audit_replacement_cv waiting its turn to perform a 110 * replacement. When a replacement is completed, this cv is signalled 111 * by the worker thread so a waiting thread can start another replacement. 112 * We also store a credential to perform audit log write operations with. 113 */ 114 static wait_queue_t audit_replacement_wait_queue; 115 116 static int audit_replacement_flag; 117 static struct vnode *audit_replacement_vp; 118 static struct ucred *audit_replacement_cred; 119 120 /* 121 * Flags to use on audit files when opening and closing. 122 */ 123 const static int audit_open_flags = FWRITE | O_APPEND; 124 const static int audit_close_flags = FWRITE | O_APPEND; 125 126 /* 127 * XXX: Couldn't find the include file for this, so copied kern_exec.c's 128 * behavior. 129 */ 130 extern task_t kernel_task; 131 132 static void 133 audit_free(struct kaudit_record *ar) 134 { 135 if (ar->k_ar.ar_arg_upath1 != NULL) { 136 kmem_free(kernel_map, ar->k_ar.ar_arg_upath1, MAXPATHLEN); 137 } 138 if (ar->k_ar.ar_arg_upath2 != NULL) { 139 kmem_free(kernel_map, ar->k_ar.ar_arg_upath2, MAXPATHLEN); 140 } 141 if (ar->k_ar.ar_arg_kpath1 != NULL) { 142 kmem_free(kernel_map, ar->k_ar.ar_arg_kpath1, MAXPATHLEN); 143 } 144 if (ar->k_ar.ar_arg_kpath2 != NULL) { 145 kmem_free(kernel_map, ar->k_ar.ar_arg_kpath2, MAXPATHLEN); 146 } 147 if (ar->k_ar.ar_arg_text != NULL) { 148 kmem_free(kernel_map, ar->k_ar.ar_arg_text, MAXPATHLEN); 149 } 150 if (ar->k_udata != NULL) { 151 kmem_free(kernel_map, ar->k_udata, ar->k_ulen); 152 } 153 kmem_free(kernel_map, ar, sizeof(*ar)); 154 } 155 156 static int 157 audit_write(struct vnode *vp, struct kaudit_record *ar, struct ucred *cred, 158 struct proc *p) 159 { 160 int ret; 161 struct au_record *bsm; 162 163 /* 164 * If there is a user audit record attached to the kernel record, 165 * then write the user record. 166 */ 167 /* XXX Need to decide a few things here: IF the user audit 168 * record is written, but the write of the kernel record fails, 169 * what to do? Should the kernel record come before or after the 170 * user record? For now, we write the user record first, and 171 * we ignore errors. 172 */ 173 if (ar->k_udata != NULL) { 174 vn_rdwr(UIO_WRITE, vp, (void *)ar->k_udata, ar->k_ulen, 175 (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL, p); 176 } 177 178 /* 179 * Convert the internal kernel record to BSM format and write it 180 * out if everything's OK. 181 */ 182 ret = kaudit_to_bsm(ar, &bsm); 183 if (ret == BSM_NOAUDIT) 184 return (0); 185 186 if (ret == BSM_FAILURE) { 187 AUDIT_PRINTF(("BSM conversion failure\n")); 188 return (-1); 189 } 190 191 /* XXX This function can be called with the kernel funnel held, 192 * which is not optimal. We should break the write functionality 193 * away from the BSM record generation and have the BSM generation 194 * done before this function is called. This function will then 195 * take the BSM record as a parameter. 196 */ 197 ret = (vn_rdwr(UIO_WRITE, vp, (void *)bsm->data, bsm->len, 198 (off_t)0, UIO_SYSSPACE, IO_APPEND|IO_UNIT, cred, NULL, p)); 199 200 kau_free(bsm); 201 202 return (ret); 203 } 204 205 static void 206 audit_worker() 207 { 208 int do_replacement_signal, error, release_funnel; 209 TAILQ_HEAD(, kaudit_record) ar_worklist; 210 struct kaudit_record *ar, *ar_start, *ar_stop; 211 struct vnode *audit_vp, *old_vp; 212 struct ucred *audit_cred, *old_cred; 213 struct proc *audit_p; 214 215 AUDIT_PRINTF(("audit_worker starting\n")); 216 217 TAILQ_INIT(&ar_worklist); 218 audit_cred = NULL; 219 audit_p = current_proc(); 220 audit_vp = NULL; 221 222 /* 223 * XXX: Presumably we can assume Mach threads are started without 224 * holding the BSD kernel funnel? 225 */ 226 thread_funnel_set(kernel_flock, FALSE); 227 228 mutex_lock(audit_mtx); 229 while (1) { 230 /* 231 * First priority: replace the audit log target if requested. 232 * As we actually close the vnode in the worker thread, we 233 * need to grab the funnel, which means releasing audit_mtx. 234 * In case another replacement was scheduled while the mutex 235 * we released, we loop. 236 * 237 * XXX It could well be we should drain existing records 238 * first to ensure that the timestamps and ordering 239 * are right. 240 */ 241 do_replacement_signal = 0; 242 while (audit_replacement_flag != 0) { 243 old_cred = audit_cred; 244 old_vp = audit_vp; 245 audit_cred = audit_replacement_cred; 246 audit_vp = audit_replacement_vp; 247 audit_replacement_cred = NULL; 248 audit_replacement_vp = NULL; 249 audit_replacement_flag = 0; 250 251 audit_enabled = (audit_vp != NULL); 252 253 if (old_vp != NULL || audit_vp != NULL) { 254 mutex_unlock(audit_mtx); 255 thread_funnel_set(kernel_flock, TRUE); 256 release_funnel = 1; 257 } else 258 release_funnel = 0; 259 /* 260 * XXX: What to do about write failures here? 261 */ 262 if (old_vp != NULL) { 263 AUDIT_PRINTF(("Closing old audit file\n")); 264 vn_close(old_vp, audit_close_flags, old_cred, 265 audit_p); 266 crfree(old_cred); 267 old_cred = NULL; 268 old_vp = NULL; 269 AUDIT_PRINTF(("Audit file closed\n")); 270 } 271 if (audit_vp != NULL) { 272 AUDIT_PRINTF(("Opening new audit file\n")); 273 } 274 if (release_funnel) { 275 thread_funnel_set(kernel_flock, FALSE); 276 mutex_lock(audit_mtx); 277 } 278 do_replacement_signal = 1; 279 } 280 /* 281 * Signal that replacement have occurred to wake up and 282 * start any other replacements started in parallel. We can 283 * continue about our business in the mean time. We 284 * broadcast so that both new replacements can be inserted, 285 * but also so that the source(s) of replacement can return 286 * successfully. 287 */ 288 if (do_replacement_signal) 289 wait_queue_wakeup_all(audit_replacement_wait_queue, 290 0, THREAD_AWAKENED); 291 292 /* 293 * Next, check to see if we have any records to drain into 294 * the vnode. If not, go back to waiting for an event. 295 */ 296 if (TAILQ_EMPTY(&audit_q)) { 297 int ret; 298 299 AUDIT_PRINTF(("audit_worker waiting\n")); 300 ret = wait_queue_assert_wait(audit_wait_queue, 0, 301 THREAD_UNINT); 302 mutex_unlock(audit_mtx); 303 304 assert(ret == THREAD_WAITING); 305 ret = thread_block(THREAD_CONTINUE_NULL); 306 assert(ret == THREAD_AWAKENED); 307 AUDIT_PRINTF(("audit_worker woken up\n")); 308 AUDIT_PRINTF(("audit_worker: new vp = %p; value of flag %d\n", 309 audit_replacement_vp, audit_replacement_flag)); 310 311 mutex_lock(audit_mtx); 312 continue; 313 } 314 315 /* 316 * If we have records, but there's no active vnode to 317 * write to, drain the record queue. Generally, we 318 * prevent the unnecessary allocation of records 319 * elsewhere, but we need to allow for races between 320 * conditional allocation and queueing. Go back to 321 * waiting when we're done. 322 * 323 * XXX: We go out of our way to avoid calling audit_free() 324 * with the audit_mtx held, to avoid a lock order reversal 325 * as free() may grab the funnel. This will be fixed at 326 * some point. 327 */ 328 if (audit_vp == NULL) { 329 while ((ar = TAILQ_FIRST(&audit_q))) { 330 TAILQ_REMOVE(&audit_q, ar, k_q); 331 TAILQ_INSERT_TAIL(&ar_worklist, ar, k_q); 332 } 333 mutex_unlock(audit_mtx); 334 while ((ar = TAILQ_FIRST(&ar_worklist))) { 335 TAILQ_REMOVE(&ar_worklist, ar, k_q); 336 audit_free(ar); 337 } 338 mutex_lock(audit_mtx); 339 continue; 340 } 341 342 /* 343 * We have both records to write, and an active vnode 344 * to write to. Dequeue a record, and start the write. 345 * Eventually, it might make sense to dequeue several 346 * records and perform our own clustering, if the lower 347 * layers aren't doing it automatically enough. 348 * 349 * XXX: We go out of our way to avoid calling audit_free() 350 * with the audit_mtx held, to avoid a lock order reversal 351 * as free() may grab the funnel. This will be fixed at 352 * some point. 353 */ 354 while ((ar = TAILQ_FIRST(&audit_q))) { 355 TAILQ_REMOVE(&audit_q, ar, k_q); 356 TAILQ_INSERT_TAIL(&ar_worklist, ar, k_q); 357 } 358 mutex_unlock(audit_mtx); 359 release_funnel = 0; 360 while ((ar = TAILQ_FIRST(&ar_worklist))) { 361 TAILQ_REMOVE(&ar_worklist, ar, k_q); 362 if (audit_vp != NULL) { 363 /* 364 * XXX: What should happen if there's a write 365 * error here? 366 */ 367 if (!release_funnel) { 368 thread_funnel_set(kernel_flock, TRUE); 369 release_funnel = 1; 370 } 371 VOP_LEASE(audit_vp, audit_p, audit_cred, 372 LEASE_WRITE); 373 error = audit_write(audit_vp, ar, audit_cred, 374 audit_p); 375 if (error) 376 printf("audit_worker: write error %d\n", 377 error); 378 } 379 audit_free(ar); 380 } 381 if (release_funnel) 382 thread_funnel_set(kernel_flock, FALSE); 383 mutex_lock(audit_mtx); 384 } 385 } 386 387 void 388 audit_init(void) 389 { 390 391 /* Verify that the syscall to audit event table is the same 392 * size as the system call table. 393 */ 394 if (nsys_au_event != nsysent) { 395 printf("Security auditing service initialization failed, "); 396 printf("audit event table doesn't match syscall table.\n"); 397 return; 398 } 399 400 printf("Security auditing service present\n"); 401 TAILQ_INIT(&audit_q); 402 audit_enabled = 0; 403 audit_suspended = 0; 404 audit_replacement_cred = NULL; 405 audit_replacement_flag = 0; 406 audit_replacement_vp = NULL; 407 audit_mtx = mutex_alloc(ETAP_NO_TRACE); 408 audit_wait_queue = wait_queue_alloc(SYNC_POLICY_FIFO); 409 audit_replacement_wait_queue = wait_queue_alloc(SYNC_POLICY_FIFO); 410 411 /* Initialize the BSM audit subsystem. */ 412 kau_init(); 413 414 kernel_thread(kernel_task, audit_worker); 415 } 416 417 static void 418 audit_rotate_vnode(struct ucred *cred, struct vnode *vp) 419 { 420 int ret; 421 422 /* 423 * If other parallel log replacements have been requested, we wait 424 * until they've finished before continuing. 425 */ 426 mutex_lock(audit_mtx); 427 while (audit_replacement_flag != 0) { 428 429 AUDIT_PRINTF(("audit_rotate_vnode: sleeping to wait for " 430 "flag\n")); 431 ret = wait_queue_assert_wait(audit_replacement_wait_queue, 0, 432 THREAD_UNINT); 433 mutex_unlock(audit_mtx); 434 435 assert(ret == THREAD_WAITING); 436 ret = thread_block(THREAD_CONTINUE_NULL); 437 assert(ret == THREAD_AWAKENED); 438 AUDIT_PRINTF(("audit_rotate_vnode: woken up (flag %d)\n", 439 audit_replacement_flag)); 440 441 mutex_lock(audit_mtx); 442 } 443 audit_replacement_cred = cred; 444 audit_replacement_flag = 1; 445 audit_replacement_vp = vp; 446 447 /* 448 * Wake up the audit worker to perform the exchange once we 449 * release the mutex. 450 */ 451 wait_queue_wakeup_one(audit_wait_queue, 0, THREAD_AWAKENED); 452 453 /* 454 * Wait for the audit_worker to broadcast that a replacement has 455 * taken place; we know that once this has happened, our vnode 456 * has been replaced in, so we can return successfully. 457 */ 458 AUDIT_PRINTF(("audit_rotate_vnode: waiting for news of " 459 "replacement\n")); 460 ret = wait_queue_assert_wait(audit_replacement_wait_queue, 0, 461 THREAD_UNINT); 462 mutex_unlock(audit_mtx); 463 464 assert(ret == THREAD_WAITING); 465 ret = thread_block(THREAD_CONTINUE_NULL); 466 assert(ret == THREAD_AWAKENED); 467 AUDIT_PRINTF(("audit_rotate_vnode: change acknowledged by " 468 "audit_worker (flag " "now %d)\n", audit_replacement_flag)); 469 } 470 471 /* 472 * Drain the audit queue and close the log at shutdown. 473 */ 474 void 475 audit_shutdown(void) 476 { 477 478 audit_rotate_vnode(NULL, NULL); 479 } 480 481 static __inline__ struct uthread * 482 curuthread(void) 483 { 484 485 return (get_bsdthread_info(current_act())); 486 } 487 488 static __inline__ struct kaudit_record * 489 currecord(void) 490 { 491 492 return (curuthread()->uu_ar); 493 } 494 495 /********************************** 496 * Begin system calls. * 497 **********************************/ 498 /* 499 * System call to allow a user space application to submit a BSM audit 500 * record to the kernel for inclusion in the audit log. This function 501 * does little verification on the audit record that is submitted. 502 * 503 * XXXAUDIT: Audit preselection for user records does not currently 504 * work, since we pre-select only based on the AUE_audit event type, 505 * not the event type submitted as part of the user audit data. 506 */ 507 struct audit_args { 508 void * record; 509 int length; 510 }; 511 /* ARGSUSED */ 512 int 513 audit(struct proc *p, struct audit_args *uap, register_t *retval) 514 { 515 register struct pcred *pc = p->p_cred; 516 int error; 517 void * rec; 518 struct kaudit_record *ar; 519 520 ar = currecord(); 521 522 /* XXX: What's the proper error code if a user audit record can't 523 * be written due to auditing off, or otherwise unavailable? 524 */ 525 if (ar == NULL) 526 return (ENOTSUP); 527 528 error = suser(pc->pc_ucred, &p->p_acflag); 529 if (error) 530 return (error); 531 532 if (uap->length > MAX_AUDIT_RECORD_SIZE) 533 return (EINVAL); 534 535 error = kmem_alloc(kernel_map, (vm_offset_t *)&rec, uap->length); 536 if (error != KERN_SUCCESS) 537 return(ENOMEM); 538 539 error = copyin(uap->record, rec, uap->length); 540 if (error) 541 goto free_out; 542 543 /* Verify the record */ 544 if (bsm_rec_verify(rec) == 0) { 545 error = EINVAL; 546 goto free_out; 547 } 548 549 /* Attach the user audit record to the kernel audit record. Because 550 * this system call is an auditable event, we will write the user 551 * record along with the record for this audit event. 552 */ 553 ar->k_udata = rec; 554 ar->k_ulen = uap->length; 555 return (0); 556 557 free_out: 558 kmem_free(kernel_map, (vm_offset_t)rec, uap->length); 559 return (error); 560 } 561 562 /* 563 * System call to manipulate auditing. 564 */ 565 struct auditon_args { 566 int cmd; 567 void * data; 568 int length; 569 }; 570 /* ARGSUSED */ 571 int 572 auditon(struct proc *p, struct auditon_args *uap, register_t *retval) 573 { 574 register struct pcred *pc = p->p_cred; 575 int error; 576 577 error = suser(pc->pc_ucred, &p->p_acflag); 578 if (error) 579 return (error); 580 return (ENOSYS); 581 } 582 583 /* 584 * System call to pass in file descriptor for audit log. 585 */ 586 struct auditsvc_args { 587 int fd; 588 int limit; 589 }; 590 /* ARGSUSED */ 591 int 592 auditsvc(struct proc *p, struct auditsvc_args *uap, register_t *retval) 593 { 594 register struct pcred *pc = p->p_cred; 595 int error; 596 597 error = suser(pc->pc_ucred, &p->p_acflag); 598 if (error) 599 return (error); 600 return (ENOSYS); 601 } 602 603 /* 604 * System calls to manage the user audit information. 605 * XXXAUDIT May need to lock the proc structure. 606 */ 607 struct getauid_args { 608 au_id_t *auid; 609 }; 610 /* ARGSUSED */ 611 int 612 getauid(struct proc *p, struct getauid_args *uap, register_t *retval) 613 { 614 register struct pcred *pc = p->p_cred; 615 int error; 616 617 error = suser(pc->pc_ucred, &p->p_acflag); 618 if (error) 619 return (error); 620 621 error = copyout((void *)&p->p_au->ai_auid, (void *)uap->auid, 622 sizeof(*uap->auid)); 623 if (error) 624 return (error); 625 626 return (0); 627 } 628 629 struct setauid_args { 630 au_id_t *auid; 631 }; 632 /* ARGSUSED */ 633 int 634 setauid(struct proc *p, struct setauid_args *uap, register_t *retval) 635 { 636 register struct pcred *pc = p->p_cred; 637 int error; 638 639 error = suser(pc->pc_ucred, &p->p_acflag); 640 if (error) 641 return (error); 642 643 error = copyin((void *)uap->auid, (void *)&p->p_au->ai_auid, 644 sizeof(p->p_au->ai_auid)); 645 if (error) 646 return (error); 647 648 audit_arg_auid(p->p_au->ai_auid); 649 return (0); 650 } 651 652 /* 653 * System calls to get and set process audit information. 654 */ 655 struct getaudit_args { 656 struct auditinfo *auditinfo; 657 }; 658 /* ARGSUSED */ 659 int 660 getaudit(struct proc *p, struct getaudit_args *uap, register_t *retval) 661 { 662 register struct pcred *pc = p->p_cred; 663 int error; 664 665 error = suser(pc->pc_ucred, &p->p_acflag); 666 if (error) 667 return (error); 668 error = copyout((void *)p->p_au, (void *)uap->auditinfo, 669 sizeof(*uap->auditinfo)); 670 if (error) 671 return (error); 672 673 return (0); 674 } 675 676 struct setaudit_args { 677 struct auditinfo *auditinfo; 678 }; 679 /* ARGSUSED */ 680 int 681 setaudit(struct proc *p, struct setaudit_args *uap, register_t *retval) 682 { 683 register struct pcred *pc = p->p_cred; 684 int error; 685 686 error = suser(pc->pc_ucred, &p->p_acflag); 687 if (error) 688 return (error); 689 error = copyin((void *)uap->auditinfo, (void *)p->p_au, 690 sizeof(*p->p_au)); 691 if (error) 692 return (error); 693 694 return (0); 695 } 696 697 struct getaudit_addr_args { 698 struct auditinfo_addr *auditinfo_addr; 699 int length; 700 }; 701 /* ARGSUSED */ 702 int 703 getaudit_addr(struct proc *p, struct getaudit_addr_args *uap, register_t *retval) 704 { 705 register struct pcred *pc = p->p_cred; 706 int error; 707 708 error = suser(pc->pc_ucred, &p->p_acflag); 709 if (error) 710 return (error); 711 return (ENOSYS); 712 } 713 714 struct setaudit_addr_args { 715 struct auditinfo_addr *auditinfo_addr; 716 int length; 717 }; 718 /* ARGSUSED */ 719 int 720 setaudit_addr(struct proc *p, struct setaudit_addr_args *uap, register_t *retval) 721 { 722 register struct pcred *pc = p->p_cred; 723 int error; 724 725 error = suser(pc->pc_ucred, &p->p_acflag); 726 if (error) 727 return (error); 728 return (ENOSYS); 729 } 730 731 /* 732 * Syscall to manage audit files. 733 * 734 * XXX: Should generate an audit event. 735 */ 736 struct auditctl_args { 737 char *path; 738 }; 739 /* ARGSUSED */ 740 int 741 auditctl(struct proc *p, struct auditctl_args *uap) 742 { 743 struct kaudit_record *ar; 744 struct nameidata nd; 745 struct ucred *cred; 746 struct vnode *vp; 747 int error, flags, ret; 748 749 error = suser(p->p_ucred, &p->p_acflag); 750 if (error) 751 return (error); 752 753 vp = NULL; 754 cred = NULL; 755 756 /* 757 * If a path is specified, open the replacement vnode, perform 758 * validity checks, and grab another reference to the current 759 * credential. 760 */ 761 if (uap->path != NULL) { 762 NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, 763 uap->path, p); 764 flags = audit_open_flags; 765 error = vn_open(&nd, flags, 0); 766 if (error) 767 goto out; 768 VOP_UNLOCK(nd.ni_vp, 0, p); 769 vp = nd.ni_vp; 770 if (vp->v_type != VREG) { 771 vn_close(vp, audit_close_flags, p->p_ucred, p); 772 error = EINVAL; 773 goto out; 774 } 775 cred = p->p_ucred; 776 crhold(cred); 777 } 778 779 audit_rotate_vnode(cred, vp); 780 out: 781 return (error); 782 } 783 784 /********************************** 785 * End of system calls. * 786 **********************************/ 787 788 /* 789 * MPSAFE 790 */ 791 struct kaudit_record * 792 audit_new(int event, struct proc *p, struct uthread *uthread) 793 { 794 struct kaudit_record *ar; 795 int no_record; 796 797 /* 798 * Eventually, there may be certain classes of events that 799 * we will audit regardless of the audit state at the time 800 * the record is created. These events will generally 801 * correspond to changes in the audit state. The dummy 802 * code below is from our first prototype, but may also 803 * be used in the final version (with modified event numbers). 804 */ 805 #if 0 806 if (event != AUDIT_EVENT_FILESTOP && event != AUDIT_EVENT_FILESTART) { 807 #endif 808 mutex_lock(audit_mtx); 809 no_record = (audit_suspended || !audit_enabled); 810 mutex_unlock(audit_mtx); 811 if (no_record) 812 return (NULL); 813 #if 0 814 } 815 #endif 816 817 /* 818 * Eventually, we might want to have global event filtering 819 * by event type here. 820 */ 821 822 /* 823 * XXX: Process-based event preselection should occur here. 824 * Currently, we only post-select. 825 */ 826 827 /* 828 * Initialize the audit record header. 829 * XXX: Should probably use a zone; whatever we use must be 830 * safe to call from the non-BSD side of the house. 831 * XXX: We may want to fail-stop if allocation fails. 832 */ 833 (void)kmem_alloc(kernel_map, &ar, sizeof(*ar)); 834 if (ar == NULL) 835 return NULL; 836 837 bzero(ar, sizeof(*ar)); 838 ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC; 839 ar->k_ar.ar_event = event; 840 nanotime(&ar->k_ar.ar_starttime); 841 842 /* Export the subject credential. */ 843 cru2x(p->p_ucred, &ar->k_ar.ar_subj_cred); 844 ar->k_ar.ar_subj_ruid = p->p_cred->p_ruid; 845 ar->k_ar.ar_subj_rgid = p->p_cred->p_rgid; 846 ar->k_ar.ar_subj_egid = p->p_ucred->cr_groups[0]; 847 ar->k_ar.ar_subj_auid = p->p_au->ai_auid; 848 ar->k_ar.ar_subj_pid = p->p_pid; 849 bcopy(p->p_comm, ar->k_ar.ar_subj_comm, MAXCOMLEN); 850 bcopy(&p->p_au->ai_mask, &ar->k_ar.ar_subj_amask, 851 sizeof(p->p_au->ai_mask)); 852 853 return (ar); 854 } 855 856 /* 857 * MPSAFE 858 * XXXAUDIT: So far, this is unused, and should probably be GC'd. 859 */ 860 void 861 audit_abort(struct kaudit_record *ar) 862 { 863 864 audit_free(ar); 865 } 866 867 /* 868 * MPSAFE 869 */ 870 void 871 audit_commit(struct kaudit_record *ar, int error, int retval) 872 { 873 874 if (ar == NULL) 875 return; 876 877 ar->k_ar.ar_errno = error; 878 ar->k_ar.ar_retval = retval; 879 880 /* 881 * We might want to do some system-wide post-filtering 882 * here at some point. 883 */ 884 885 /* 886 * Timestamp system call end. 887 */ 888 nanotime(&ar->k_ar.ar_endtime); 889 890 /* 891 * XXXAUDIT: The number of outstanding uncommitted audit records is 892 * limited by the number of concurrent threads servicing system 893 * calls in the kernel. However, there is currently no bound on 894 * the size of the committed records in the audit event queue 895 * before they are sent to disk. Probably, there should be a fixed 896 * size bound (perhaps configurable), and if that bound is reached, 897 * threads should sleep in audit_commit() until there's room. 898 */ 899 mutex_lock(audit_mtx); 900 /* 901 * Note: it could be that some records initiated while audit was 902 * enabled should still be committed? 903 */ 904 if (audit_suspended || !audit_enabled) { 905 mutex_unlock(audit_mtx); 906 audit_free(ar); 907 return; 908 } 909 TAILQ_INSERT_TAIL(&audit_q, ar, k_q); 910 wait_queue_wakeup_one(audit_wait_queue, 0, THREAD_AWAKENED); 911 mutex_unlock(audit_mtx); 912 } 913 914 /* 915 * Calls to set up and tear down audit structures associated with 916 * each system call. 917 */ 918 void 919 audit_syscall_enter(unsigned short code, struct proc *proc, 920 struct uthread *uthread) 921 { 922 int audit_event; 923 924 assert(uthread->uu_ar == NULL); 925 926 audit_event = sys_au_event[code]; 927 928 /* 929 * Allocate an audit record, if desired, and store in the BSD 930 * thread for later use. 931 */ 932 if (audit_event != AUE_NULL) { 933 #if 0 934 AUDIT_PRINTF(("Allocated record type %d for syscall %d\n", 935 audit_event, code)); 936 #endif 937 if (au_preselect(audit_event, &proc->p_au->ai_mask, 938 AU_PRS_FAILURE | AU_PRS_SUCCESS)) { 939 uthread->uu_ar = audit_new(audit_event, proc, uthread); 940 } else { 941 uthread->uu_ar = NULL; 942 } 943 } 944 } 945 946 void 947 audit_syscall_exit(int error, struct proc *proc, struct uthread *uthread) 948 { 949 int retval; 950 951 /* 952 * Commit the audit record as desired; once we pass the record 953 * into audit_commit(), the memory is owned by the audit 954 * subsystem. 955 * The return value from the system call is stored on the user 956 * thread. If there was an error, the return value is set to -1, 957 * imitating the behavior of the cerror routine. 958 */ 959 if (error) 960 retval = -1; 961 else 962 retval = uthread->uu_rval[0]; 963 964 audit_commit(uthread->uu_ar, error, retval); 965 if (uthread->uu_ar != NULL) 966 AUDIT_PRINTF(("audit record committed by pid %d\n", proc->p_pid)); 967 uthread->uu_ar = NULL; 968 969 } 970 971 /* 972 * Calls to manipulate elements of the audit record structure from system 973 * call code. Macro wrappers will prevent this functions from being 974 * entered if auditing is disabled, avoiding the function call cost. We 975 * check the thread audit record pointer anyway, as the audit condition 976 * could change, and pre-selection may not have allocated an audit 977 * record for this event. 978 */ 979 void 980 audit_arg_accmode(int accmode) 981 { 982 struct kaudit_record *ar; 983 984 ar = currecord(); 985 if (ar == NULL) 986 return; 987 988 ar->k_ar.ar_arg_accmode = accmode; 989 ar->k_ar.ar_valid_arg |= ARG_ACCMODE; 990 } 991 992 void 993 audit_arg_cmode(int cmode) 994 { 995 struct kaudit_record *ar; 996 997 ar = currecord(); 998 if (ar == NULL) 999 return; 1000 1001 ar->k_ar.ar_arg_cmode = cmode; 1002 ar->k_ar.ar_valid_arg |= ARG_CMODE; 1003 } 1004 1005 void 1006 audit_arg_fd(int fd) 1007 { 1008 struct kaudit_record *ar; 1009 1010 ar = currecord(); 1011 if (ar == NULL) 1012 return; 1013 1014 ar->k_ar.ar_arg_fd = fd; 1015 ar->k_ar.ar_valid_arg |= ARG_FD; 1016 } 1017 1018 void 1019 audit_arg_fflags(int fflags) 1020 { 1021 struct kaudit_record *ar; 1022 1023 ar = currecord(); 1024 if (ar == NULL) 1025 return; 1026 1027 ar->k_ar.ar_arg_fflags = fflags; 1028 ar->k_ar.ar_valid_arg |= ARG_FFLAGS; 1029 } 1030 1031 void 1032 audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid, gid_t sgid) 1033 { 1034 struct kaudit_record *ar; 1035 1036 ar = currecord(); 1037 if (ar == NULL) 1038 return; 1039 1040 ar->k_ar.ar_arg_gid = gid; 1041 ar->k_ar.ar_arg_egid = egid; 1042 ar->k_ar.ar_arg_rgid = rgid; 1043 ar->k_ar.ar_arg_sgid = sgid; 1044 ar->k_ar.ar_valid_arg |= (ARG_GID | ARG_EGID | ARG_RGID | ARG_SGID); 1045 } 1046 1047 void 1048 audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid, uid_t suid) 1049 { 1050 struct kaudit_record *ar; 1051 1052 ar = currecord(); 1053 if (ar == NULL) 1054 return; 1055 1056 ar->k_ar.ar_arg_uid = uid; 1057 ar->k_ar.ar_arg_euid = euid; 1058 ar->k_ar.ar_arg_ruid = ruid; 1059 ar->k_ar.ar_arg_suid = suid; 1060 ar->k_ar.ar_valid_arg |= (ARG_UID | ARG_EUID | ARG_RUID | ARG_SUID); 1061 } 1062 1063 void 1064 audit_arg_groupset(gid_t *gidset, u_int gidset_size) 1065 { 1066 int i; 1067 struct kaudit_record *ar; 1068 1069 ar = currecord(); 1070 if (ar == NULL) 1071 return; 1072 1073 for (i = 0; i < gidset_size; i++) 1074 ar->k_ar.ar_arg_groups.gidset[i] = gidset[i]; 1075 ar->k_ar.ar_arg_groups.gidset_size = gidset_size; 1076 ar->k_ar.ar_valid_arg |= ARG_GROUPSET; 1077 } 1078 1079 void 1080 audit_arg_login(char *login) 1081 { 1082 struct kaudit_record *ar; 1083 1084 ar = currecord(); 1085 if (ar == NULL) 1086 return; 1087 1088 #if 0 1089 /* 1090 * XXX: Add strlcpy() to Darwin for improved safety. 1091 */ 1092 strlcpy(ar->k_ar.ar_arg_login, login, MAXLOGNAME); 1093 #else 1094 strcpy(ar->k_ar.ar_arg_login, login); 1095 #endif 1096 1097 ar->k_ar.ar_valid_arg |= ARG_LOGIN; 1098 } 1099 1100 void 1101 audit_arg_mask(int mask) 1102 { 1103 struct kaudit_record *ar; 1104 1105 ar = currecord(); 1106 if (ar == NULL) 1107 return; 1108 1109 ar->k_ar.ar_arg_mask = mask; 1110 ar->k_ar.ar_valid_arg |= ARG_MASK; 1111 } 1112 1113 void 1114 audit_arg_mode(mode_t mode) 1115 { 1116 struct kaudit_record *ar; 1117 1118 ar = currecord(); 1119 if (ar == NULL) 1120 return; 1121 1122 ar->k_ar.ar_arg_mode = mode; 1123 ar->k_ar.ar_valid_arg |= ARG_MODE; 1124 } 1125 1126 void 1127 audit_arg_dev(int dev) 1128 { 1129 struct kaudit_record *ar; 1130 1131 ar = currecord(); 1132 if (ar == NULL) 1133 return; 1134 1135 ar->k_ar.ar_arg_dev = dev; 1136 ar->k_ar.ar_valid_arg |= ARG_DEV; 1137 } 1138 1139 void 1140 audit_arg_owner(uid_t uid, gid_t gid) 1141 { 1142 struct kaudit_record *ar; 1143 1144 ar = currecord(); 1145 if (ar == NULL) 1146 return; 1147 1148 ar->k_ar.ar_arg_uid = uid; 1149 ar->k_ar.ar_arg_gid = gid; 1150 ar->k_ar.ar_valid_arg |= (ARG_UID | ARG_GID); 1151 } 1152 1153 void 1154 audit_arg_pid(pid_t pid) 1155 { 1156 struct kaudit_record *ar; 1157 1158 ar = currecord(); 1159 if (ar == NULL) 1160 return; 1161 1162 ar->k_ar.ar_arg_pid = pid; 1163 ar->k_ar.ar_valid_arg |= ARG_PID; 1164 } 1165 1166 void 1167 audit_arg_signum(u_int signum) 1168 { 1169 struct kaudit_record *ar; 1170 1171 ar = currecord(); 1172 if (ar == NULL) 1173 return; 1174 1175 ar->k_ar.ar_arg_signum = signum; 1176 ar->k_ar.ar_valid_arg |= ARG_SIGNUM; 1177 } 1178 1179 void 1180 audit_arg_socket(int sodomain, int sotype, int soprotocol) 1181 { 1182 1183 struct kaudit_record *ar; 1184 1185 ar = currecord(); 1186 if (ar == NULL) 1187 return; 1188 1189 ar->k_ar.ar_arg_sockinfo.sodomain = sodomain; 1190 ar->k_ar.ar_arg_sockinfo.sotype = sotype; 1191 ar->k_ar.ar_arg_sockinfo.soprotocol = soprotocol; 1192 ar->k_ar.ar_valid_arg |= ARG_SOCKINFO; 1193 } 1194 1195 void 1196 audit_arg_sockaddr(struct proc *p, struct sockaddr *so) 1197 { 1198 struct kaudit_record *ar; 1199 1200 ar = currecord(); 1201 if (ar == NULL || p == NULL || so == NULL) 1202 return; 1203 1204 bcopy(so, &ar->k_ar.ar_arg_sockaddr, sizeof(ar->k_ar.ar_arg_sockaddr)); 1205 switch (so->sa_family) { 1206 case AF_INET: 1207 ar->k_ar.ar_valid_arg |= ARG_SADDRINET; 1208 break; 1209 case AF_INET6: 1210 ar->k_ar.ar_valid_arg |= ARG_SADDRINET6; 1211 break; 1212 case AF_UNIX: 1213 audit_arg_upath(p, ((struct sockaddr_un *)so)->sun_path, 1214 ARG_UPATH1); 1215 ar->k_ar.ar_valid_arg |= ARG_SADDRUNIX; 1216 break; 1217 } 1218 } 1219 1220 void 1221 audit_arg_auid(uid_t auid) 1222 { 1223 struct kaudit_record *ar; 1224 1225 ar = currecord(); 1226 if (ar == NULL) 1227 return; 1228 1229 ar->k_ar.ar_arg_auid = auid; 1230 ar->k_ar.ar_valid_arg |= ARG_AUID; 1231 } 1232 1233 void 1234 audit_arg_text(char *text) 1235 { 1236 struct kaudit_record *ar; 1237 1238 ar = currecord(); 1239 if (ar == NULL) 1240 return; 1241 1242 /* Invalidate the text string */ 1243 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT); 1244 if (text == NULL) 1245 return; 1246 1247 if (ar->k_ar.ar_arg_text == NULL) { 1248 kmem_alloc(kernel_map, &ar->k_ar.ar_arg_text, MAXPATHLEN); 1249 if (ar->k_ar.ar_arg_text == NULL) 1250 return; 1251 } 1252 1253 strcpy(ar->k_ar.ar_arg_text, text); 1254 ar->k_ar.ar_valid_arg |= ARG_TEXT; 1255 } 1256 1257 void 1258 audit_arg_cmd(int cmd) 1259 { 1260 struct kaudit_record *ar; 1261 1262 ar = currecord(); 1263 if (ar == NULL) 1264 return; 1265 1266 ar->k_ar.ar_arg_cmd = cmd; 1267 ar->k_ar.ar_valid_arg |= ARG_CMD; 1268 } 1269 1270 void 1271 audit_arg_svipc_cmd(int cmd) 1272 { 1273 struct kaudit_record *ar; 1274 1275 ar = currecord(); 1276 if (ar == NULL) 1277 return; 1278 1279 ar->k_ar.ar_arg_svipc_cmd = cmd; 1280 ar->k_ar.ar_valid_arg |= ARG_SVIPC_CMD; 1281 } 1282 1283 void 1284 audit_arg_svipc_perm(struct ipc_perm *perm) 1285 { 1286 struct kaudit_record *ar; 1287 1288 ar = currecord(); 1289 if (ar == NULL) 1290 return; 1291 1292 bcopy(perm, &ar->k_ar.ar_arg_svipc_perm, 1293 sizeof(ar->k_ar.ar_arg_svipc_perm)); 1294 ar->k_ar.ar_valid_arg |= ARG_SVIPC_PERM; 1295 } 1296 1297 void 1298 audit_arg_svipc_id(int id) 1299 { 1300 struct kaudit_record *ar; 1301 1302 ar = currecord(); 1303 if (ar == NULL) 1304 return; 1305 1306 ar->k_ar.ar_arg_svipc_id = id; 1307 ar->k_ar.ar_valid_arg |= ARG_SVIPC_ID; 1308 } 1309 1310 void 1311 audit_arg_svipc_addr(void * addr) 1312 { 1313 struct kaudit_record *ar; 1314 1315 ar = currecord(); 1316 if (ar == NULL) 1317 return; 1318 1319 ar->k_ar.ar_arg_svipc_addr = addr; 1320 ar->k_ar.ar_valid_arg |= ARG_SVIPC_ADDR; 1321 } 1322 1323 /* 1324 * Initialize the audit information for the a process, presumably the first 1325 * process in the system. 1326 * XXX It is not clear what the initial values should be for audit ID, 1327 * session ID, etc. 1328 */ 1329 void 1330 audit_proc_init(struct proc *p) 1331 { 1332 MALLOC_ZONE(p->p_au, struct auditinfo *, sizeof(*p->p_au), 1333 M_SUBPROC, M_WAITOK); 1334 1335 bzero((void *)p->p_au, sizeof(*p->p_au)); 1336 } 1337 1338 /* 1339 * Copy the audit info from the parent process to the child process when 1340 * a fork takes place. 1341 * XXX Need to check for failure from the memory allocation, in here 1342 * as well as in any functions that use the process auditing info. 1343 */ 1344 void 1345 audit_proc_fork(struct proc *parent, struct proc *child) 1346 { 1347 /* Always set up the audit information pointer as this function 1348 * should only be called when the proc is new. If proc structures 1349 * are ever cached and reused, then this behavior will leak memory. 1350 */ 1351 MALLOC_ZONE(child->p_au, struct auditinfo *, sizeof(*child->p_au), 1352 M_SUBPROC, M_WAITOK); 1353 1354 bcopy(parent->p_au, child->p_au, sizeof(*child->p_au)); 1355 } 1356 1357 /* 1358 * Free the auditing structure for the process. 1359 */ 1360 void 1361 audit_proc_free(struct proc *p) 1362 { 1363 FREE_ZONE((void *)p->p_au, sizeof(*p->p_au), M_SUBPROC); 1364 p->p_au = NULL; 1365 } 1366 1367 /* 1368 * Store a path as given by the user process for auditing into the audit 1369 * record stored on the user thread. This function will allocate the memory to 1370 * store the path info if not already available. This memory will be 1371 * freed when the audit record is freed. 1372 */ 1373 void 1374 audit_arg_upath(struct proc *p, char *upath, u_int64_t flags) 1375 { 1376 struct kaudit_record *ar; 1377 char **pathp; 1378 1379 if (p == NULL || upath == NULL) 1380 return; /* nothing to do! */ 1381 1382 if (flags & (ARG_UPATH1 | ARG_UPATH2) == 0) 1383 return; 1384 1385 ar = currecord(); 1386 if (ar == NULL) /* This will be the case for unaudited system calls */ 1387 return; 1388 1389 if (flags & ARG_UPATH1) { 1390 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_UPATH1); 1391 pathp = &ar->k_ar.ar_arg_upath1; 1392 } 1393 else { 1394 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_UPATH2); 1395 pathp = &ar->k_ar.ar_arg_upath2; 1396 } 1397 1398 if (*pathp == NULL) { 1399 kmem_alloc(kernel_map, pathp, MAXPATHLEN); 1400 if (*pathp == NULL) 1401 return; 1402 } 1403 1404 canon_path(p, upath, *pathp); 1405 1406 if (flags & ARG_UPATH1) 1407 ar->k_ar.ar_valid_arg |= ARG_UPATH1; 1408 else 1409 ar->k_ar.ar_valid_arg |= ARG_UPATH2; 1410 } 1411 1412 /* 1413 * Function to save the path and vnode attr information into the audit 1414 * record. 1415 * 1416 * It is assumed that the caller will hold any vnode locks necessary to 1417 * perform a VOP_GETATTR() on the passed vnode. 1418 * 1419 * XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but 1420 * always provides access to the generation number as we need that 1421 * to construct the BSM file ID. 1422 * XXX: We should accept the process argument from the caller, since 1423 * it's very likely they already have a reference. 1424 * XXX: Error handling in this function is poor. 1425 */ 1426 void 1427 audit_arg_vnpath(struct vnode *vp, u_int64_t flags) 1428 { 1429 struct kaudit_record *ar; 1430 struct vattr vattr; 1431 int error; 1432 int len; 1433 char **pathp; 1434 struct vnode_au_info *vnp; 1435 struct proc *p; 1436 1437 if (vp == NULL) 1438 return; 1439 1440 ar = currecord(); 1441 if (ar == NULL) /* This will be the case for unaudited system calls */ 1442 return; 1443 1444 if (flags & (ARG_VNODE1 | ARG_VNODE2) == 0) 1445 return; 1446 1447 p = current_proc(); 1448 1449 if (flags & ARG_VNODE1) { 1450 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_KPATH1); 1451 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_VNODE1); 1452 pathp = &ar->k_ar.ar_arg_kpath1; 1453 vnp = &ar->k_ar.ar_arg_vnode1; 1454 } 1455 else { 1456 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_KPATH2); 1457 ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_VNODE2); 1458 pathp = &ar->k_ar.ar_arg_kpath2; 1459 vnp = &ar->k_ar.ar_arg_vnode2; 1460 } 1461 1462 if (*pathp == NULL) { 1463 kmem_alloc(kernel_map, pathp, MAXPATHLEN); 1464 if (*pathp == NULL) 1465 return; 1466 } 1467 1468 /* Copy the path looked up by the vn_getpath() function */ 1469 len = MAXPATHLEN; 1470 vn_getpath(vp, *pathp, &len); 1471 if (flags & ARG_VNODE1) 1472 ar->k_ar.ar_valid_arg |= ARG_KPATH1; 1473 else 1474 ar->k_ar.ar_valid_arg |= ARG_KPATH2; 1475 1476 /* 1477 * XXX: We'd assert the vnode lock here, only Darwin doesn't 1478 * appear to have vnode locking assertions. 1479 */ 1480 error = VOP_GETATTR(vp, &vattr, p->p_ucred, p); 1481 if (error) { 1482 /* XXX: How to handle this case? */ 1483 return; 1484 } 1485 1486 vnp->vn_mode = vattr.va_mode; 1487 vnp->vn_uid = vattr.va_uid; 1488 vnp->vn_gid = vattr.va_gid; 1489 vnp->vn_dev = vattr.va_rdev; 1490 vnp->vn_fsid = vattr.va_fsid; 1491 vnp->vn_fileid = vattr.va_fileid; 1492 vnp->vn_gen = vattr.va_gen; 1493 if (flags & ARG_VNODE1) 1494 ar->k_ar.ar_valid_arg |= ARG_VNODE1; 1495 else 1496 ar->k_ar.ar_valid_arg |= ARG_VNODE2; 1497 1498 } 1499 1500 #else /* !AUDIT */ 1501 1502 void 1503 audit_init(void) 1504 { 1505 1506 } 1507 1508 void 1509 audit_shutdown(void) 1510 { 1511 1512 } 1513 1514 int 1515 audit(struct proc *p, struct audit_args *uap, register_t *retval) 1516 { 1517 return (ENOSYS); 1518 } 1519 1520 int 1521 auditon(struct proc *p, struct auditon_args *uap, register_t *retval) 1522 { 1523 return (ENOSYS); 1524 } 1525 1526 int 1527 auditsvc(struct proc *p, struct auditsvc_args *uap, register_t *retval) 1528 { 1529 return (ENOSYS); 1530 } 1531 1532 int 1533 getauid(struct proc *p, struct getauid_args *uap, register_t *retval) 1534 { 1535 return (ENOSYS); 1536 } 1537 1538 int 1539 setauid(struct proc *p, struct setauid_args *uap, register_t *retval) 1540 { 1541 return (ENOSYS); 1542 } 1543 1544 int 1545 getaudit(struct proc *p, struct getaudit_args *uap, register_t *retval) 1546 { 1547 return (ENOSYS); 1548 } 1549 1550 int 1551 setaudit(struct proc *p, struct setaudit_args *uap, register_t *retval) 1552 { 1553 return (ENOSYS); 1554 } 1555 1556 int 1557 getaudit_addr(struct proc *p, struct getaudit_addr_args *uap, register_t *retval) 1558 { 1559 return (ENOSYS); 1560 } 1561 1562 int 1563 setaudit_addr(struct proc *p, struct setaudit_addr_args *uap, register_t *retval) 1564 { 1565 return (ENOSYS); 1566 } 1567 1568 int 1569 auditctl(struct proc *p, struct auditctl_args *uap, register_t *retval) 1570 { 1571 return (ENOSYS); 1572 } 1573 1574 void 1575 audit_proc_init(struct proc *p) 1576 { 1577 1578 } 1579 1580 void 1581 audit_proc_fork(struct proc *parent, struct proc *child) 1582 { 1583 1584 } 1585 1586 void 1587 audit_proc_free(struct proc *p) 1588 { 1589 1590 } 1591 1592 #endif /* AUDIT */
Cache object: 9dbd80c88eb58e35872b94ad171fbab9
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]