Print this page 
NEX-13644 File access audit logging
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
Reviewed by: Saso Kiselkov <saso.kiselkov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>


   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.

  23  */
  24 
  25 /*
  26  * This file contains the envelope code for system call auditing.
  27  */
  28 
  29 #include <sys/param.h>
  30 #include <sys/types.h>
  31 #include <sys/time.h>
  32 #include <sys/kmem.h>
  33 #include <sys/proc.h>
  34 #include <sys/vnode.h>
  35 #include <sys/file.h>
  36 #include <sys/user.h>
  37 #include <sys/stropts.h>
  38 #include <sys/systm.h>
  39 #include <sys/pathname.h>
  40 #include <sys/debug.h>
  41 #include <sys/cred.h>
  42 #include <sys/zone.h>


 446                 /* preselected system call */
 447 
 448         if (amask.as_success & estate || amask.as_failure & estate) {
 449                 flag = 1;
 450         } else if ((tad->tad_scid == SYS_putmsg) ||
 451             (tad->tad_scid == SYS_getmsg)) {
 452                 estate = kctx->auk_ets[AUE_SOCKCONNECT]      |
 453                     kctx->auk_ets[AUE_SOCKACCEPT]    |
 454                     kctx->auk_ets[AUE_SOCKSEND]              |
 455                     kctx->auk_ets[AUE_SOCKRECEIVE];
 456                 if (amask.as_success & estate || amask.as_failure & estate)
 457                         flag = 1;
 458         } else if (tad->tad_scid == SYS_execve &&
 459             getpflags(PRIV_PFEXEC, CRED()) != 0) {
 460                 estate = kctx->auk_ets[AUE_PFEXEC];
 461                 if (amask.as_success & estate || amask.as_failure & estate)
 462                         flag = 1;
 463         }
 464 
 465         return (flag);



























 466 }



   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
  23  * Copyright 2018 Nexenta Systems, Inc.  All rights reserved.
  24  */
  25 
  26 /*
  27  * This file contains the envelope code for system call auditing.
  28  */
  29 
  30 #include <sys/param.h>
  31 #include <sys/types.h>
  32 #include <sys/time.h>
  33 #include <sys/kmem.h>
  34 #include <sys/proc.h>
  35 #include <sys/vnode.h>
  36 #include <sys/file.h>
  37 #include <sys/user.h>
  38 #include <sys/stropts.h>
  39 #include <sys/systm.h>
  40 #include <sys/pathname.h>
  41 #include <sys/debug.h>
  42 #include <sys/cred.h>
  43 #include <sys/zone.h>


 447                 /* preselected system call */
 448 
 449         if (amask.as_success & estate || amask.as_failure & estate) {
 450                 flag = 1;
 451         } else if ((tad->tad_scid == SYS_putmsg) ||
 452             (tad->tad_scid == SYS_getmsg)) {
 453                 estate = kctx->auk_ets[AUE_SOCKCONNECT]      |
 454                     kctx->auk_ets[AUE_SOCKACCEPT]    |
 455                     kctx->auk_ets[AUE_SOCKSEND]              |
 456                     kctx->auk_ets[AUE_SOCKRECEIVE];
 457                 if (amask.as_success & estate || amask.as_failure & estate)
 458                         flag = 1;
 459         } else if (tad->tad_scid == SYS_execve &&
 460             getpflags(PRIV_PFEXEC, CRED()) != 0) {
 461                 estate = kctx->auk_ets[AUE_PFEXEC];
 462                 if (amask.as_success & estate || amask.as_failure & estate)
 463                         flag = 1;
 464         }
 465 
 466         return (flag);
 467 }
 468 
 469 /*
 470  * determine if we've preselected this event (non-syscall).
 471  */
 472 
 473 int
 474 auditev(au_event_t event, cred_t *cr)
 475 {
 476         au_mask_t amask;
 477         const auditinfo_addr_t *ainfo;
 478         au_state_t estate;
 479         au_kcontext_t *kctx = GET_KCTX_PZ;
 480 
 481         ASSERT3U(event, <=, MAX_KEVENTS);
 482 
 483         estate = kctx->auk_ets[event];
 484         ainfo = crgetauinfo(cr);
 485         if (ainfo == NULL)
 486                 return (0);
 487         amask = ainfo->ai_mask;
 488 
 489         if ((amask.as_success & estate) != 0 ||
 490             (amask.as_failure & estate) != 0)
 491                 return (AU_OK);
 492 
 493         return (0);
 494 }