summaryrefslogtreecommitdiff
path: root/usr/src/uts/common/c2/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/uts/common/c2/audit.c')
-rw-r--r--usr/src/uts/common/c2/audit.c77
1 files changed, 76 insertions, 1 deletions
diff --git a/usr/src/uts/common/c2/audit.c b/usr/src/uts/common/c2/audit.c
index 62230f02d6..0ab2dba4d7 100644
--- a/usr/src/uts/common/c2/audit.c
+++ b/usr/src/uts/common/c2/audit.c
@@ -20,7 +20,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
@@ -63,6 +63,7 @@
#include <sys/disp.h> /* for servicing_interrupt() */
#include <sys/devpolicy.h>
#include <sys/crypto/ioctladmin.h>
+#include <inet/kssl/kssl.h>
static void add_return_token(caddr_t *, unsigned int scid, int err, int rval);
@@ -2274,3 +2275,77 @@ audit_cryptoadm(int cmd, char *module_name, crypto_mech_name_t *mech_names,
au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CRYPTOADM, 0);
}
+
+/*
+ * Audit the kernel SSL administration command. The address and the
+ * port number for the SSL instance, and the proxy port are put in the
+ * audit trail.
+ */
+void
+audit_kssl(int cmd, void *params, int error)
+{
+ cred_t *cr = CRED();
+ t_audit_data_t *tad;
+ token_t *ad = NULL;
+ const auditinfo_addr_t *ainfo = crgetauinfo(cr);
+ au_kcontext_t *kctx = SET_KCTX_PZ;
+
+ ASSERT(kctx != NULL);
+ tad = U2A(u);
+
+ if (ainfo == NULL)
+ return;
+
+ tad->tad_event = AUE_CONFIGKSSL;
+
+ if (audit_success(kctx, tad, error) != AU_OK)
+ return;
+
+ /* Add a subject token */
+ AUDIT_SETSUBJ((caddr_t *)&ad, cr, ainfo);
+
+ /* add an optional group token */
+ AUDIT_SETGROUP((caddr_t *)&ad, cr, kctx);
+
+ switch (cmd) {
+ case KSSL_ADD_ENTRY: {
+ char buf[32];
+ kssl_params_t *kp = (kssl_params_t *)params;
+ struct sockaddr_in *saddr = &(kp->kssl_addr);
+
+ au_write((caddr_t *)&ad, au_to_text("op=KSSL_ADD_ENTRY"));
+ au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr)));
+ (void) snprintf(buf, sizeof (buf), "SSL port=%d",
+ saddr->sin_port);
+ au_write((caddr_t *)&ad, au_to_text(buf));
+
+ (void) snprintf(buf, sizeof (buf), "proxy port=%d",
+ kp->kssl_proxy_port);
+ au_write((caddr_t *)&ad, au_to_text(buf));
+ break;
+ }
+
+ case KSSL_DELETE_ENTRY: {
+ char buf[32];
+ struct sockaddr_in *saddr = (struct sockaddr_in *)params;
+
+ au_write((caddr_t *)&ad, au_to_text("op=KSSL_DELETE_ENTRY"));
+ au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr)));
+ (void) snprintf(buf, sizeof (buf), "SSL port=%d",
+ saddr->sin_port);
+ au_write((caddr_t *)&ad, au_to_text(buf));
+ break;
+ }
+
+ default:
+ return;
+ }
+
+ /* add a return token */
+ add_return_token((caddr_t *)&ad, tad->tad_scid, error, 0);
+
+ AS_INC(as_generated, 1, kctx);
+ AS_INC(as_kernel, 1, kctx);
+
+ au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CONFIGKSSL, 0);
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-26 18:20:44 +0000