diff options
Diffstat (limited to 'usr/src/uts/common/c2/audit_io.c')
| -rw-r--r-- | usr/src/uts/common/c2/audit_io.c | 244 |
1 files changed, 3 insertions, 241 deletions
diff --git a/usr/src/uts/common/c2/audit_io.c b/usr/src/uts/common/c2/audit_io.c index 828c007622..e498dcdd58 100644 --- a/usr/src/uts/common/c2/audit_io.c +++ b/usr/src/uts/common/c2/audit_io.c @@ -21,7 +21,7 @@ /* * Routines for writing audit records. * - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -96,245 +96,6 @@ au_write(caddr_t *d, token_t *m) else (void) au_append_rec((au_buff_t *)*d, m, AU_PACK); } -#define AU_INTERVAL 120 - -/* - * Write audit information to the disk. - * Called from auditsvc(); EOL'd as of Sol 10. - * Local zones are not allowed; the caller (auditsvc()) enforces the - * restriction. - */ -int -au_doio(vp, limit) - - struct vnode *vp; - int limit; - -{ /* AU_DOIO */ - - off_t off; /* space used in buffer */ - size_t used; /* space used in au_membuf */ - token_t *cAR; /* current AR being processed */ - token_t *cMB; /* current au_membuf being processed */ - token_t *sp; /* last AR processed */ - char *bp; /* start of free space in staging buffer */ - unsigned char *cp; /* ptr to data to be moved */ - au_kcontext_t *kctx; - /* - * size (data left in au_membuf - space in buffer) - */ - ssize_t sz; - ssize_t len; /* len of data to move, size of AR */ - int error; /* error return */ - ssize_t left; /* data not xfered by write to disk */ - statvfs64_t sb; /* buffer for statfs */ - size_t curr_sz = 0; /* amount of data written during now */ - int part = 0; /* partial audit record written */ - int partial = 0; /* flag to force partial AR to file */ - /* 0 - idle, ignore */ - /* 1 - force write of audit record */ - /* 2 - finished writing AR, commit */ - - kctx = GET_KCTX_GZ; - - /* - * Check to ensure enough free space on audit device. - */ - bzero(&sb, sizeof (statvfs64_t)); - (void) VFS_STATVFS(vp->v_vfsp, &sb); - /* - * Large Files: We do not convert any of this part of kernel - * to be large file aware. Original behaviour should be - * maintained. This function is called from audit_svc and - * it already checks for negative values of limit. - */ - - if (sb.f_blocks && (fsblkcnt64_t)limit > sb.f_bavail) - return (ENOSPC); - - if (kctx->auk_file_stat.af_filesz && - (kctx->auk_file_stat.af_currsz >= - kctx->auk_file_stat.af_filesz)) - return (EFBIG); - - /* - * has the write buffer changed length due to a auditctl(2)? - * (remember that auk_buffer is an element of auk_dbuffer) - */ - if (kctx->auk_queue.bufsz != kctx->auk_queue.buflen) { - - kmem_free(kctx->auk_buffer, kctx->auk_queue.buflen); - - /* bad, should not sleep here. Testing only */ - kctx->auk_buffer = kmem_alloc(kctx->auk_queue.bufsz, KM_SLEEP); - - kctx->auk_queue.buflen = kctx->auk_queue.bufsz; - } - - if (!kctx->auk_queue.head) { - goto nodata; - } - sp = (token_t *)0; /* no AR copied */ - off = 0; /* no space used in buffer */ - used = 0; /* no data processed in au_membuf */ - cAR = kctx->auk_queue.head; /* start at head of queue */ - cMB = cAR; /* start with first au_membuf of record */ - bp = &(kctx->auk_buffer[0]); /* start at beginning of buffer */ - - while (cMB) { - ASSERT(kctx->auk_queue.head != NULL); - - /* indicate audit record being processed */ - part = 1; - - /* pointer to buffer data */ - cp = memtod(cMB, unsigned char *); - /* data left in au_membuf */ - sz = (ssize_t)cMB->len - used; - /* len to move */ - len = (ssize_t)MIN(sz, kctx->auk_queue.buflen - off); - - /* move the data */ - bcopy(cp + used, bp + off, len); - used += len; /* update used au_membuf */ - off += len; /* update offset into buffer */ - - if (used >= (ssize_t)cMB->len) { - /* advance to next au_membuf */ - used = 0; - cMB = cMB->next_buf; - } - if (cMB == (au_buff_t *)0) { - /* advance to next AR */ - sp = cAR; - cAR = cAR->next_rec; - cMB = cAR; - /* reached end of an audit record */ - part = 0; - /* force abort at end of audit record? */ - if (partial == 1) - partial = 2; - } - /* - * If we've reached end of buffer, or have run out of - * audit records on the queue or we've processed a - * partial audit record to complete the audit file, - * then its time to flush the holding buffer to the - * audit trail. - */ - if ((kctx->auk_queue.buflen == off) || - (cAR == (au_buff_t *)0) || - (partial == 2)) { - - left = 0; - /* - * Largefiles: We purposely pass a value of - * MAXOFF_T as we do not want any of the - * auditing files to exceed 2GB. May be we will - * support this in future. - */ - error = vn_rdwr(UIO_WRITE, vp, kctx->auk_buffer, - off, 0LL, UIO_SYSSPACE, FAPPEND, - (rlim64_t)MAXOFF_T, CRED(), &left); - - /* error on write */ - if (error != 0) { - if (error == EDQUOT) - error = ENOSPC; - return (error); - } - - /* end of file system? */ - if (left) { - au_buff_t *b = NULL; - - sz = off - left; /* how much written */ - - /* update space counters */ - kctx->auk_file_stat.af_currsz += sz; - - /* which AR are done */ - cAR = kctx->auk_queue.head; - while (sz) { - cp = memtod(cAR, unsigned char *); - len = (ssize_t)((cp[1]<<24 | cp[2]<<16 | - cp[3]<<8 | cp[4]) & - 0xffffffffU); - - if (len > sz) - break; - b = cAR; - cAR = cAR->next_rec; - sz -= len; - } - if (b != NULL) - au_dequeue(kctx, b); - - return (ENOSPC); - - } else { /* still space in file system */ - /* if we've written an AR */ - if (sp) { - /* - * free records up to last one copied. - */ - au_dequeue(kctx, sp); - } - /* Update sizes */ - curr_sz += off; - kctx->auk_file_stat.af_currsz += (uint_t)off; - - /* reset auk_buffer pointers */ - sp = (token_t *)0; - off = 0; - bp = &(kctx->auk_buffer[0]); - - /* check exit conditions */ - if (sb.f_blocks) { - ulong_t blks_used; - blks_used = (curr_sz / sb.f_bsize); - if ((fsblkcnt64_t)limit > - (sb.f_bavail - (fsblkcnt64_t)blks_used)) { - /* - * if we haven't put out a - * complete audit record, - * continue to process the - * audit queue until we reach - * the end of the record. - */ - if (part && (partial == 0)) { - partial = 1; - continue; - } - /* - * exit if complete record - */ - if (partial != 1) - return (ENOSPC); - } - } - if (kctx->auk_file_stat.af_filesz && - (kctx->auk_file_stat.af_currsz - >= kctx->auk_file_stat.af_filesz)) { - /* - * force a complete audit - * record to the trail. - */ - if (partial == 0) - partial = 1; - /* - * Written data to AR boundry. - */ - if (partial != 1) - return (EFBIG); - } - } - } - } /* while(cMB) */ - -nodata: - return (0); -} /* * Close an audit descriptor. @@ -505,7 +266,8 @@ au_close_time(au_kcontext_t *kctx, token_t *dchain, int flag, short e_type, sizeof (char) + 2 * sizeof (short) + sizeof (timestruc_t); if (kctx->auk_hostaddr_valid) - byte_count += sizeof (int32_t) + kctx->auk_info.ai_termid.at_type; + byte_count += sizeof (int32_t) + + kctx->auk_info.ai_termid.at_type; /* * add in size of zonename token (zero if !AUDIT_ZONENAME) |