1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
14 */
15
16 #include <smbsrv/smb_ktypes.h>
17 #include <smbsrv/smb_kproto.h>
18 #include <smbsrv/smb_fsops.h>
19
20 #include <c2/audit.h>
21 #include <c2/audit_kernel.h>
22
23 boolean_t
24 smb_audit_init(smb_request_t *sr)
25 {
26 t_audit_data_t *tad;
27
28 if (AU_ZONE_AUDITING(NULL) && sr->session->dialect >= SMB_VERS_2_BASE) {
29 tad = T2A(curthread);
30 tad->tad_sacl_ctrl = SACL_AUDIT_ON;
31 bzero(&tad->tad_sacl_mask, sizeof (tad->tad_sacl_mask));
32 return (B_TRUE);
33 }
34 return (B_FALSE);
35 }
36
37 void
38 smb_audit_fini(smb_request_t *sr, uint32_t desired, smb_node_t *node,
39 boolean_t success)
40 {
41 char *truepath;
42 t_audit_data_t *tad;
43
44 if (!AU_ZONE_AUDITING(NULL))
45 return;
46
47 tad = T2A(curthread);
48
49 truepath = kmem_alloc(SMB_MAXPATHLEN, KM_SLEEP);
50 /* We don't keep the resolved pathname around, so get it from here */
51 smb_node_getpath_nofail(node, smb_audit_rootvp(sr), truepath,
52 SMB_MAXPATHLEN);
53 audit_sacl(truepath, sr->user_cr, desired, success,
54 &tad->tad_sacl_mask);
55 tad->tad_sacl_ctrl = SACL_AUDIT_NONE;
56 kmem_free(truepath, SMB_MAXPATHLEN);
57 }
58
59 boolean_t
60 smb_audit_rename_init(smb_request_t *sr)
61 {
62 t_audit_data_t *tad;
63
64 if (AU_ZONE_AUDITING(NULL) && sr->session->dialect >= SMB_VERS_2_BASE) {
65 tad = T2A(curthread);
66 tad->tad_sacl_ctrl = SACL_AUDIT_NO_SRC;
67 bzero(&tad->tad_sacl_mask, sizeof (tad->tad_sacl_mask));
68 bzero(&tad->tad_sacl_mask_src, sizeof (tad->tad_sacl_mask_src));
69 bzero(&tad->tad_sacl_mask_dest,
70 sizeof (tad->tad_sacl_mask_dest));
71 return (B_TRUE);
72 }
73 return (B_FALSE);
74 }
75
76 void
77 smb_audit_rename_fini(smb_request_t *sr, char *src, smb_node_t *dir, char *dest,
78 boolean_t success, boolean_t isdir)
79 {
80 char *truepath;
81 t_audit_data_t *tad;
82
83 if (!AU_ZONE_AUDITING(NULL))
84 return;
85
86 tad = T2A(curthread);
87 if (src != NULL) {
88 audit_sacl(src, sr->user_cr, ACE_DELETE, success,
89 &tad->tad_sacl_mask_src);
90 }
91 if (dest != NULL) {
92 audit_sacl(dest, sr->user_cr, ACE_DELETE, success,
93 &tad->tad_sacl_mask_dest);
94 }
95
96 truepath = kmem_alloc(SMB_MAXPATHLEN, KM_SLEEP);
97 /* We don't keep the resolved pathname around, so get it from here */
98 smb_node_getpath_nofail(dir, smb_audit_rootvp(sr), truepath,
99 SMB_MAXPATHLEN);
100 audit_sacl(truepath, sr->user_cr,
101 isdir ? ACE_ADD_SUBDIRECTORY : ACE_ADD_FILE,
102 success, &tad->tad_sacl_mask);
103 tad->tad_sacl_ctrl = SACL_AUDIT_NONE;
104 kmem_free(truepath, SMB_MAXPATHLEN);
105 }
106
107 void
108 smb_audit_save()
109 {
110 t_audit_data_t *tad;
111 if (AU_ZONE_AUDITING(NULL)) {
112 tad = T2A(curthread);
113 tad->tad_sacl_backup = tad->tad_sacl_ctrl;
114 tad->tad_sacl_ctrl = SACL_AUDIT_NONE;
115 }
116 }
117
118 void
119 smb_audit_load()
120 {
121 t_audit_data_t *tad = T2A(curthread);
122 if (AU_ZONE_AUDITING(NULL) && tad->tad_sacl_backup != SACL_AUDIT_NONE)
123 tad->tad_sacl_ctrl = tad->tad_sacl_backup;
124 }
125
126 vnode_t *
127 smb_audit_rootvp(smb_request_t *sr)
128 {
129 return (AU_AUDIT_PERZONE() ?
130 sr->sr_server->si_root_smb_node->vp : rootdir);
131 }