17c478bdstevel@tonic-gate/*
27c478bdstevel@tonic-gate * CDDL HEADER START
37c478bdstevel@tonic-gate *
47c478bdstevel@tonic-gate * The contents of this file are subject to the terms of the
57257d1braf * Common Development and Distribution License (the "License").
67257d1braf * You may not use this file except in compliance with the License.
77c478bdstevel@tonic-gate *
87c478bdstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bdstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bdstevel@tonic-gate * See the License for the specific language governing permissions
117c478bdstevel@tonic-gate * and limitations under the License.
127c478bdstevel@tonic-gate *
137c478bdstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bdstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bdstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bdstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bdstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bdstevel@tonic-gate *
197c478bdstevel@tonic-gate * CDDL HEADER END
207c478bdstevel@tonic-gate */
217257d1braf
227c478bdstevel@tonic-gate/*
2310c0e3agww * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
247c478bdstevel@tonic-gate */
257c478bdstevel@tonic-gate
267c478bdstevel@tonic-gate#include <sys/param.h>
277c478bdstevel@tonic-gate#include <sys/time.h>
287c478bdstevel@tonic-gate#include <sys/types.h>
297c478bdstevel@tonic-gate#include <stdlib.h>
307c478bdstevel@tonic-gate#include <string.h>
317c478bdstevel@tonic-gate#include <bsm/audit.h>
327c478bdstevel@tonic-gate#include <bsm/libbsm.h>
337c478bdstevel@tonic-gate#include <bsm/audit_record.h>
347c478bdstevel@tonic-gate#include <synch.h>
357c478bdstevel@tonic-gate
367c478bdstevel@tonic-gate
377c478bdstevel@tonic-gate/*
387c478bdstevel@tonic-gate * Open an audit record = find a free descriptor and pass it back.
397c478bdstevel@tonic-gate * The descriptors are in a "fixed" length array which is extended
407c478bdstevel@tonic-gate * whenever it gets full.
417c478bdstevel@tonic-gate *
427c478bdstevel@tonic-gate *  Since the expected frequency of copies is expected to be low,
437c478bdstevel@tonic-gate *  and since realloc loses data if it fails to expand the buffer,
447c478bdstevel@tonic-gate *  calloc() is used rather than realloc().
457c478bdstevel@tonic-gate */
467c478bdstevel@tonic-gate
477c478bdstevel@tonic-gate/*
487c478bdstevel@tonic-gate * AU_TABLE_MAX must be a integer multiple of AU_TABLE_LENGTH
497c478bdstevel@tonic-gate */
507c478bdstevel@tonic-gate#define	AU_TABLE_LENGTH	16
517c478bdstevel@tonic-gate#define	AU_TABLE_MAX	256
527c478bdstevel@tonic-gate
537c478bdstevel@tonic-gatestatic token_t	**au_d;
547c478bdstevel@tonic-gatestatic int	au_d_length = 0;	/* current table length */
557c478bdstevel@tonic-gatestatic int	au_d_required_length = AU_TABLE_LENGTH; /* new table length */
567c478bdstevel@tonic-gatestatic mutex_t  mutex_au_d = DEFAULTMUTEX;
577c478bdstevel@tonic-gate
587c478bdstevel@tonic-gateint
597c478bdstevel@tonic-gateau_open(void)
607c478bdstevel@tonic-gate{
617c478bdstevel@tonic-gate	int d;			/* descriptor */
627c478bdstevel@tonic-gate	token_t	**au_d_new;
637c478bdstevel@tonic-gate
647257d1braf	(void) mutex_lock(&mutex_au_d);
657c478bdstevel@tonic-gate
667c478bdstevel@tonic-gate	if (au_d_required_length > au_d_length) {
677c478bdstevel@tonic-gate		au_d_new = (token_t **)calloc(au_d_required_length,
687c478bdstevel@tonic-gate		    sizeof (au_d));
697c478bdstevel@tonic-gate
707c478bdstevel@tonic-gate		if (au_d_new == NULL) {
717c478bdstevel@tonic-gate			au_d_required_length = au_d_length;
727257d1braf			(void) mutex_unlock(&mutex_au_d);
737c478bdstevel@tonic-gate			return (-1);
747c478bdstevel@tonic-gate		}
757c478bdstevel@tonic-gate		if (au_d_length > 0) {
767c478bdstevel@tonic-gate			(void) memcpy(au_d_new, au_d, au_d_length *
777c478bdstevel@tonic-gate			    sizeof (au_d));
787c478bdstevel@tonic-gate			free(au_d);
797c478bdstevel@tonic-gate		}
807c478bdstevel@tonic-gate		au_d = au_d_new;
817c478bdstevel@tonic-gate		au_d_length = au_d_required_length;
827c478bdstevel@tonic-gate	}
837c478bdstevel@tonic-gate	for (d = 0; d < au_d_length; d++) {
847c478bdstevel@tonic-gate		if (au_d[d] == (token_t *)0) {
857c478bdstevel@tonic-gate			au_d[d] = (token_t *)&au_d;
867257d1braf			(void) mutex_unlock(&mutex_au_d);
877c478bdstevel@tonic-gate			return (d);
887c478bdstevel@tonic-gate		}
897c478bdstevel@tonic-gate	}
907c478bdstevel@tonic-gate	/*
917c478bdstevel@tonic-gate	 * table full; make more room.
927c478bdstevel@tonic-gate	 * AU_TABLE_MAX limits recursion.
937c478bdstevel@tonic-gate	 * Logic here expects AU_TABLE_MAX to be multiple of AU_TABLE_LENGTH
947c478bdstevel@tonic-gate	 */
957c478bdstevel@tonic-gate	if (au_d_length >= AU_TABLE_MAX) {
967257d1braf		(void) mutex_unlock(&mutex_au_d);
977c478bdstevel@tonic-gate		return (-1);
987c478bdstevel@tonic-gate	}
997c478bdstevel@tonic-gate	au_d_required_length += AU_TABLE_LENGTH;
1007257d1braf	(void) mutex_unlock(&mutex_au_d);
1017c478bdstevel@tonic-gate
1027c478bdstevel@tonic-gate	return (au_open());
1037c478bdstevel@tonic-gate}
1047c478bdstevel@tonic-gate
1057c478bdstevel@tonic-gate/*
1067c478bdstevel@tonic-gate * Write to an audit descriptor.
1077c478bdstevel@tonic-gate * Add the mbuf to the descriptor chain and free the chain passed in.
1087c478bdstevel@tonic-gate */
1097c478bdstevel@tonic-gate
1107c478bdstevel@tonic-gateint
1117c478bdstevel@tonic-gateau_write(int d, token_t *m)
1127c478bdstevel@tonic-gate{
1137c478bdstevel@tonic-gate	token_t *mp;
1147c478bdstevel@tonic-gate
1157c478bdstevel@tonic-gate	if (d < 0)
1167c478bdstevel@tonic-gate		return (-1);
1177c478bdstevel@tonic-gate	if (m == (token_t *)0)
1187c478bdstevel@tonic-gate		return (-1);
1197257d1braf	(void) mutex_lock(&mutex_au_d);
1207c478bdstevel@tonic-gate	if ((d >= au_d_length) || (au_d[d] == (token_t *)0)) {
1217257d1braf		(void) mutex_unlock(&mutex_au_d);
1227c478bdstevel@tonic-gate		return (-1);
1237c478bdstevel@tonic-gate	} else if (au_d[d] == (token_t *)&au_d) {
1247c478bdstevel@tonic-gate		au_d[d] = m;
1257257d1braf		(void) mutex_unlock(&mutex_au_d);
1267c478bdstevel@tonic-gate		return (0);
1277c478bdstevel@tonic-gate	}
1287c478bdstevel@tonic-gate	for (mp = au_d[d]; mp->tt_next != (token_t *)0; mp = mp->tt_next)
1297c478bdstevel@tonic-gate		;
1307c478bdstevel@tonic-gate	mp->tt_next = m;
1317257d1braf	(void) mutex_unlock(&mutex_au_d);
1327c478bdstevel@tonic-gate	return (0);
1337c478bdstevel@tonic-gate}
1347c478bdstevel@tonic-gate
1357c478bdstevel@tonic-gate/*
1367c478bdstevel@tonic-gate * Close an audit descriptor.
1377c478bdstevel@tonic-gate * Use the second parameter to indicate if it should be written or not.
1387c478bdstevel@tonic-gate */
1397c478bdstevel@tonic-gateint
140d0fa49bTony Nguyenau_close(int d, int right, au_event_t e_type)
1417c478bdstevel@tonic-gate{
142d0fa49bTony Nguyen	au_emod_t e_mod;
1437c478bdstevel@tonic-gate	struct timeval now;	/* current time */
1447c478bdstevel@tonic-gate	adr_t adr;		/* adr header */
1457c478bdstevel@tonic-gate	auditinfo_addr_t	audit_info;
1467c478bdstevel@tonic-gate	au_tid_addr_t	*host_info = &audit_info.ai_termid;
1477c478bdstevel@tonic-gate	token_t *dchain;	/* mbuf chain which is the tokens */
1487c478bdstevel@tonic-gate	token_t *record;	/* mbuf chain which is the record */
1497c478bdstevel@tonic-gate	char data_header;	/* token type */
1507c478bdstevel@tonic-gate	char version;		/* token version */
1517c478bdstevel@tonic-gate	char *buffer;		/* to build record into */
1527c478bdstevel@tonic-gate	int  byte_count;	/* bytes in the record */
1537c478bdstevel@tonic-gate	int   v;
1547c478bdstevel@tonic-gate
1557257d1braf	(void) mutex_lock(&mutex_au_d);
1567c478bdstevel@tonic-gate	if (d < 0 || d >= au_d_length ||
1577c478bdstevel@tonic-gate	    ((dchain = au_d[d]) == (token_t *)0)) {
1587257d1braf		(void) mutex_unlock(&mutex_au_d);
1597c478bdstevel@tonic-gate		return (-1);
1607c478bdstevel@tonic-gate	}
1617c478bdstevel@tonic-gate
1627c478bdstevel@tonic-gate	au_d[d] = (token_t *)0;
1637c478bdstevel@tonic-gate
1647c478bdstevel@tonic-gate	if (dchain == (token_t *)&au_d) {
1657257d1braf		(void) mutex_unlock(&mutex_au_d);
1667c478bdstevel@tonic-gate		return (0);
1677c478bdstevel@tonic-gate	}
1687c478bdstevel@tonic-gate	/*
1697c478bdstevel@tonic-gate	 * If not to be written toss the record
1707c478bdstevel@tonic-gate	 */
1717c478bdstevel@tonic-gate	if (!right) {
1727c478bdstevel@tonic-gate		while (dchain != (token_t *)0) {
1737c478bdstevel@tonic-gate			record = dchain;
1747c478bdstevel@tonic-gate			dchain = dchain->tt_next;
1757c478bdstevel@tonic-gate			free(record->tt_data);
1767c478bdstevel@tonic-gate			free(record);
1777c478bdstevel@tonic-gate		}
1787257d1braf		(void) mutex_unlock(&mutex_au_d);
1797c478bdstevel@tonic-gate		return (0);
1807c478bdstevel@tonic-gate	}
1817c478bdstevel@tonic-gate
1827c478bdstevel@tonic-gate	/*
1837c478bdstevel@tonic-gate	 * Count up the bytes used in the record.
1847c478bdstevel@tonic-gate	 */
1857c478bdstevel@tonic-gate	byte_count = sizeof (char) * 2 + sizeof (short) * 2 +
18610c0e3agww	    sizeof (int32_t) + sizeof (struct timeval);
1877c478bdstevel@tonic-gate
1887c478bdstevel@tonic-gate	for (record = dchain; record != (token_t *)0;
18910c0e3agww	    record = record->tt_next) {
19010c0e3agww		byte_count += record->tt_size;
1917c478bdstevel@tonic-gate	}
1927c478bdstevel@tonic-gate
1937c478bdstevel@tonic-gate#ifdef _LP64
1947c478bdstevel@tonic-gate#define	HEADER_ID	AUT_HEADER64
1957c478bdstevel@tonic-gate#define	HEADER_ID_EX	AUT_HEADER64_EX
1967c478bdstevel@tonic-gate#else
1977c478bdstevel@tonic-gate#define	HEADER_ID	AUT_HEADER32
1987c478bdstevel@tonic-gate#define	HEADER_ID_EX	AUT_HEADER32_EX
1997c478bdstevel@tonic-gate#endif
2007c478bdstevel@tonic-gate
2017c478bdstevel@tonic-gate	/* Use the extended headed if our host address can be determined. */
2027c478bdstevel@tonic-gate
2037c478bdstevel@tonic-gate	data_header = HEADER_ID;		/* Assume the worst */
2047c478bdstevel@tonic-gate	if (auditon(A_GETKAUDIT, (caddr_t)&audit_info,
2057c478bdstevel@tonic-gate	    sizeof (audit_info)) == 0) {
2067c478bdstevel@tonic-gate		int	have_valid_addr;
2077c478bdstevel@tonic-gate
2087c478bdstevel@tonic-gate		if (host_info->at_type == AU_IPv6)
2097c478bdstevel@tonic-gate			have_valid_addr = IN6_IS_ADDR_UNSPECIFIED(
2107c478bdstevel@tonic-gate			    (in6_addr_t *)host_info->at_addr) ? 0 : 1;
2117c478bdstevel@tonic-gate		else
2127c478bdstevel@tonic-gate			have_valid_addr = (host_info->at_addr[0] ==
2137c478bdstevel@tonic-gate			    htonl(INADDR_ANY)) ? 0 : 1;
2147c478bdstevel@tonic-gate
2157c478bdstevel@tonic-gate		if (have_valid_addr) {
2167c478bdstevel@tonic-gate			data_header = HEADER_ID_EX;
2177c478bdstevel@tonic-gate			byte_count += sizeof (int32_t) + host_info->at_type;
2187c478bdstevel@tonic-gate		}
2197c478bdstevel@tonic-gate	}
2207c478bdstevel@tonic-gate
2217c478bdstevel@tonic-gate	/*
2227c478bdstevel@tonic-gate	 * Build the header
2237c478bdstevel@tonic-gate	 */
22410c0e3agww	if ((buffer = malloc((size_t)byte_count)) == NULL) {
22510c0e3agww		/* free the token chain */
22610c0e3agww		while (dchain != (token_t *)0) {
22710c0e3agww			record = dchain;
22810c0e3agww			dchain = dchain->tt_next;
22910c0e3agww			free(record->tt_data);
23010c0e3agww			free(record);
23110c0e3agww		}
23210c0e3agww		(void) mutex_unlock(&mutex_au_d);
23310c0e3agww		return (-1);
23410c0e3agww	}
2357c478bdstevel@tonic-gate	(void) gettimeofday(&now, NULL);
2367c478bdstevel@tonic-gate	version = TOKEN_VERSION;
2377c478bdstevel@tonic-gate	e_mod = 0;
2387c478bdstevel@tonic-gate	adr_start(&adr, buffer);
2397c478bdstevel@tonic-gate	adr_char(&adr, &data_header, 1);
2407c478bdstevel@tonic-gate	adr_int32(&adr, (int32_t *)&byte_count, 1);
2417c478bdstevel@tonic-gate	adr_char(&adr, &version, 1);
242d0fa49bTony Nguyen	adr_ushort(&adr, &e_type, 1);
243d0fa49bTony Nguyen	adr_ushort(&adr, &e_mod, 1);
2447c478bdstevel@tonic-gate	if (data_header == HEADER_ID_EX) {
2457c478bdstevel@tonic-gate		adr_int32(&adr, (int32_t *)&host_info->at_type, 1);
2467c478bdstevel@tonic-gate		adr_char(&adr, (char *)&host_info->at_addr[0],
2477c478bdstevel@tonic-gate		    (int)host_info->at_type);
2487c478bdstevel@tonic-gate	}
2497c478bdstevel@tonic-gate#ifdef _LP64
2507c478bdstevel@tonic-gate	adr_int64(&adr, (int64_t *)&now, 2);
2517c478bdstevel@tonic-gate#else
2527c478bdstevel@tonic-gate	adr_int32(&adr, (int32_t *)&now, 2);
2537c478bdstevel@tonic-gate#endif
2547c478bdstevel@tonic-gate	/*
2557c478bdstevel@tonic-gate	 * Tack on the data, and free the tokens.
2567c478bdstevel@tonic-gate	 * We're not supposed to know how adr works, but ...
2577c478bdstevel@tonic-gate	 */
2587c478bdstevel@tonic-gate	while (dchain != (token_t *)0) {
2597c478bdstevel@tonic-gate		(void) memcpy(adr.adr_now, dchain->tt_data, dchain->tt_size);
2607c478bdstevel@tonic-gate		adr.adr_now += dchain->tt_size;
2617c478bdstevel@tonic-gate		record = dchain;
2627c478bdstevel@tonic-gate		dchain = dchain->tt_next;
2637c478bdstevel@tonic-gate		free(record->tt_data);
2647c478bdstevel@tonic-gate		free(record);
2657c478bdstevel@tonic-gate	}
2667c478bdstevel@tonic-gate	/*
2677c478bdstevel@tonic-gate	 * Send it down to the system
2687c478bdstevel@tonic-gate	 */
2697c478bdstevel@tonic-gate	v = audit((caddr_t)buffer, byte_count);
2707c478bdstevel@tonic-gate	free(buffer);
2717257d1braf	(void) mutex_unlock(&mutex_au_d);
2727c478bdstevel@tonic-gate	return (v);
2737c478bdstevel@tonic-gate}
274