big-one Udiff usr/src/uts/common/c2/audit.c

Print this page

NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 
 /*
  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  */
 
 /*
  * This file contains the audit hook support code for auditing.
  */

@@ -59,10 +60,11 @@
 #include <sys/model.h>          /* for model_t */
 #include <sys/disp.h>           /* for servicing_interrupt() */
 #include <sys/devpolicy.h>
 #include <sys/crypto/ioctladmin.h>
 #include <sys/cred_impl.h>
+#include <sys/sid.h>
 #include <inet/kssl/kssl.h>
 #include <net/pfpolicy.h>
 
 static void add_return_token(caddr_t *, unsigned int scid, int err, int rval);

@@ -704,10 +706,55 @@
 
         stp->sd_t_audit_data = (caddr_t)curthread;
         mutex_exit(&stp->sd_lock);
 }
 
+/*
+ * ROUTINE:     AUDIT_SACL
+ * PURPOSE:     audit ACL-based file accesses
+ * CALLBY:      SMB, NFS
+ * NOTE:
+ *
+ * IMPORTANT NOTE: Since we generate an audit record here, we may sleep
+ *      on the audit queue if it becomes full.
+ * TODO:
+ * QUESTION:
+ */
+void
+audit_sacl(char *path, cred_t *cr, uint32_t desired, boolean_t success,
+    t_audit_sacl_t *tas)
+{
+        token_t *ad = NULL;
+        au_kcontext_t   *kctx = GET_KCTX_PZ;
+        const auditinfo_addr_t *ainfo;
+        ksid_t *ks;
+
+        /* if auditing not enabled, then don't generate an audit record */
+        if (((kctx->auk_auditstate) &
+            ~(AUC_AUDITING | AUC_INIT_AUDIT | AUC_NOSPACE)) != 0)
+                return;
+
+        if ((success && (tas->tas_smask & desired) == 0) ||
+            (!success && (tas->tas_fmask & desired) == 0))
+                return;
+
+        ainfo = crgetauinfo(cr);
+        if (ainfo == NULL)
+                return;
+
+        au_write((caddr_t *)&(ad), au_to_path_string(path));
+        au_write((caddr_t *)&(ad), au_to_access_mask(desired));
+
+        /* Include the SID if it has one, in case the id is ephemeral */
+        if ((ks = crgetsid(cr, KSID_USER)) != NULL) {
+                au_write((caddr_t *)&(ad), au_to_wsid(ks));
+        }
+        AUDIT_SETSUBJ((caddr_t *)&(ad), cr, ainfo, kctx);
+        au_close(kctx, (caddr_t *)&(ad), AU_OK, AUE_SACL,
+            success ? 0 : PAD_FAILURE, NULL);
+}
+
 /*
  * ROUTINE:     AUDIT_CLOSEF
  * PURPOSE:
  * CALLBY:      CLOSEF
  * NOTE: