[illumos-gate merge]

commit d687f445dcb8e0cd6caf81ea59a259f83ac93e2d
    15016 find_elf should cope with O_DIRECTORY absence
commit eca0273a3d9494e12a4d82943f1b2d701cde4489
    15057 i86pc: redefinition of typedef 'vmm_data_req_t' is a C11 feature
commit bdf9be201fbb95afc4f1d45b03d66d6f0f96c25f
    15052 libc: unused label
commit 430fb0518974971393f591123b410c866df1855a
    5913 audit_syslog is noisy when it discards messages
commit cd918266dec8ae2553f7a0efd53c52aa90d99a39
    2271 CIFS clients fail to authenticate when idmap is using IDMU

8 files changed, 84 insertions, 44 deletions

diff --git a/usr/src/cmd/auditd/doorway.c b/usr/src/cmd/auditd/doorway.c
index c3fe37afe6..59509c2593 100644
--- a/usr/src/cmd/auditd/doorway.c
+++ b/usr/src/cmd/auditd/doorway.c
@@ -23,6 +23,10 @@
  */
 
 /*
+ * Copyright 2022 Tintri by DDN, Inc. All rights reserved.
+ */
+
+/*
  * Threads:
  *
  * auditd is thread 0 and does signal handling
@@ -151,12 +155,12 @@ warn_or_fatal(int fatal, char *parting_shot)
 static void
 report_error(int rc, char *error_text, char *plugin_path)
 {
-	int		warn = 0;
 	char		rcbuf[100]; /* short error name string */
 	char		message[FATAL_MESSAGE_LEN];
 	int		bad_count = 0;
 	char		*name;
 	char		empty[] = "..";
+	boolean_t	warn = B_FALSE, discard = B_FALSE;
 
 	static int	no_plug = 0;
 	static int	no_load = 0;
@@ -174,17 +178,17 @@ report_error(int rc, char *error_text, char *plugin_path)
 
 	switch (rc) {
 	case INTERNAL_LOAD_ERROR:
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++no_load;
 		(void) strcpy(rcbuf, "load_error");
 		break;
 	case INTERNAL_SYS_ERROR:
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++no_thread;
 		(void) strcpy(rcbuf, "sys_error");
 		break;
 	case INTERNAL_CONFIG_ERROR:
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++no_plug;
 		(void) strcpy(rcbuf, "config_error");
 		name = strdup("--");
@@ -192,17 +196,17 @@ report_error(int rc, char *error_text, char *plugin_path)
 	case AUDITD_SUCCESS:
 		break;
 	case AUDITD_NO_MEMORY:	/* no_memory */
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++no_memory;
 		(void) strcpy(rcbuf, "no_memory");
 		break;
 	case AUDITD_INVALID:	/* invalid */
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++invalid;
 		(void) strcpy(rcbuf, "invalid");
 		break;
 	case AUDITD_RETRY:
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++retry;
 		(void) strcpy(rcbuf, "retry");
 		break;
@@ -210,10 +214,15 @@ report_error(int rc, char *error_text, char *plugin_path)
 		(void) strcpy(rcbuf, "comm_fail");
 		break;
 	case AUDITD_FATAL:	/* failure */
-		warn = 1;
+		warn = B_TRUE;
 		bad_count = ++fail;
 		(void) strcpy(rcbuf, "failure");
 		break;
+	case AUDITD_DISCARD:	/* discarded - shouldn't get here */
+		/* Don't report this one; it's a non-error. */
+		discard = B_TRUE;
+		(void) strcpy(rcbuf, "discarded");
+		break;
 	default:
 		(void) strcpy(rcbuf, "error");
 		break;
@@ -222,7 +231,7 @@ report_error(int rc, char *error_text, char *plugin_path)
 	    bad_count, name, rcbuf, error_text));
 	if (warn)
 		__audit_dowarn2("plugin", name, rcbuf, error_text, bad_count);
-	else {
+	else if (!discard) {
 		(void) snprintf(message, FATAL_MESSAGE_LEN,
 		    gettext("audit plugin %s reported error = \"%s\": %s\n"),
 		    name, rcbuf, error_text);
diff --git a/usr/src/lib/auditd_plugins/auditd.h b/usr/src/lib/auditd_plugins/auditd.h
index 6be801b6eb..d7ca96deaa 100644
--- a/usr/src/lib/auditd_plugins/auditd.h
+++ b/usr/src/lib/auditd_plugins/auditd.h
@@ -22,6 +22,8 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
+ * Copyright 2017 Tintri by DDN, Inc. All rights reserved.
+ *
  * This is an unstable interface; changes may be made without
  * notice.
  */
@@ -46,7 +48,8 @@ enum auditd_rc {
 	AUDITD_INVALID,	/*   bad input			(WARN invalid)	*/
 	AUDITD_COMM_FAIL, /* communications failure			*/
 	AUDITD_FATAL,	/*   other error		(WARN failure)	*/
-	AUDITD_FAIL	/*   other non-fatal error			*/
+	AUDITD_FAIL,	/*   other non-fatal error			*/
+	AUDITD_DISCARD	/*   Discarded message				*/
 };
 typedef enum auditd_rc auditd_rc_t;
 
diff --git a/usr/src/lib/auditd_plugins/syslog/sysplugin.c b/usr/src/lib/auditd_plugins/syslog/sysplugin.c
index 948e60aa7a..2f307176d2 100644
--- a/usr/src/lib/auditd_plugins/syslog/sysplugin.c
+++ b/usr/src/lib/auditd_plugins/syslog/sysplugin.c
@@ -22,6 +22,8 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
+ * Copyright 2017 Tintri by DDN, Inc. All rights reserved.
+ *
  * convert binary audit records to syslog messages and
  * send them off to syslog
  *
@@ -226,7 +228,7 @@ tossit(au_event_t id, int passfail)
 
 static size_t
 fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
-	size_t txtlen)
+    size_t txtlen)
 {
 	size_t	len;
 
@@ -253,7 +255,7 @@ fromleft(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
 
 static size_t
 fromright(char *p, size_t avail, char *attrname, size_t attrlen, char *txt,
-	size_t txtlen)
+    size_t txtlen)
 {
 	size_t	len;
 
@@ -650,7 +652,7 @@ filter(const char *input, uint64_t sequence, char *output,
 				ctx.out.sf_zonelen = 0;
 			}
 
-			return (-1);	/* tell caller it was tossed */
+			return (AUDITD_DISCARD);
 		}
 		bp = output;
 		remaining = out_len;
@@ -823,16 +825,16 @@ auditd_plugin(const char *input, size_t in_len, uint64_t sequence, char **error)
 			DPRINT((dbfp, "syslog: write_count=%llu, "
 			    "buffer=%llu, tossed=%llu\n",
 			    ++write_count, sequence, toss_count));
-		} else if (rc > 0) {	/* -1 == discard it */
+		} else if (rc != AUDITD_DISCARD) {
 			DPRINT((dbfp, "syslog: parse failed for buffer %llu\n",
 			    sequence));
 			*error = strdup(gettext(
 			    "Unable to parse audit record"));
 		} else {
-			DPRINT((dbfp, "syslog: rc = %d (-1 is discard), "
+			DPRINT((dbfp, "syslog: rc = %d (%d is discard), "
 			    "sequence=%llu, toss_count=%llu\n",
-			    rc, sequence, ++toss_count));
-			rc = 0;
+			    rc, AUDITD_DISCARD, sequence, ++toss_count));
+			rc = AUDITD_SUCCESS;
 		}
 		free(outbuf);
 	}
diff --git a/usr/src/lib/libbsm/common/adt.c b/usr/src/lib/libbsm/common/adt.c
index 20741efa75..3e0f4ec2c5 100644
--- a/usr/src/lib/libbsm/common/adt.c
+++ b/usr/src/lib/libbsm/common/adt.c
@@ -23,6 +23,7 @@
  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2013, Joyent, Inc. All rights reserved.
  * Copyright 2017 OmniOS Community Edition (OmniOSce) Association.
+ * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
  */
 
 #include <bsm/adt.h>
@@ -192,7 +193,23 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
 		/* c2audit excluded */
 		mask->am_success = 0;
 		mask->am_failure = 0;
-	} else if (uid <= MAXUID) {
+		return (0);
+	}
+
+	/*
+	 * This function applies the 'attributable' mask, modified by
+	 * any per-user flags, to any user whose UID can be mapped to
+	 * a name via name services.
+	 * Others, such as users with Ephemeral UIDs, or NFS clients
+	 * using AUTH_SYS, get the 'non-attributable mask'.
+	 * This is true even if some _other_ system or service could
+	 * map the ID to a name, or if it could be inferred from
+	 * other records.
+	 * Note that it is possible for records to contain _only_
+	 * an ephemeral ID, which can't be mapped back to a name
+	 * once it becomes invalid (e.g. server reboot).
+	 */
+	if (uid <= MAXUID) {
 		if ((buff_sz = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
 			adt_write_syslog("couldn't determine maximum size of "
 			    "password buffer", errno);
@@ -201,18 +218,24 @@ adt_get_mask_from_user(uid_t uid, au_mask_t *mask)
 		if ((pwd_buff = calloc(1, (size_t)++buff_sz)) == NULL) {
 			return (-1);
 		}
-		if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) == NULL) {
-			errno = EINVAL;	/* user doesn't exist */
-			free(pwd_buff);
-			return (-1);
-		}
-		if (au_user_mask(pwd.pw_name, mask)) {
+		/*
+		 * Ephemeral id's and id's that exist in a name service we
+		 * don't have configured (LDAP, NIS) can't be looked up,
+		 * but either way it's not an error.
+		 */
+		if (getpwuid_r(uid, &pwd, pwd_buff, (int)buff_sz) != NULL) {
+			if (au_user_mask(pwd.pw_name, mask)) {
+				free(pwd_buff);
+				errno = EFAULT; /* undetermined failure */
+				return (-1);
+			}
 			free(pwd_buff);
-			errno = EFAULT; /* undetermined failure */
-			return (-1);
+			return (0);
 		}
 		free(pwd_buff);
-	} else if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
+	}
+
+	if (auditon(A_GETKMASK, (caddr_t)mask, sizeof (*mask)) == -1) {
 			return (-1);
 	}
 
@@ -1082,9 +1105,9 @@ adt_from_export_format(adt_internal_state_t *internal,
 	struct export_header	head;
 	struct export_link	link;
 	adr_t			context;
-	int32_t 		offset;
-	int32_t 		length;
-	int32_t 		version;
+	int32_t			offset;
+	int32_t			length;
+	int32_t			version;
 	size_t			label_len;
 	char			*p = (char *)external;
 
diff --git a/usr/src/lib/libc/port/gen/getutx.c b/usr/src/lib/libc/port/gen/getutx.c
index 5ccd88e55d..71b8364600 100644
--- a/usr/src/lib/libc/port/gen/getutx.c
+++ b/usr/src/lib/libc/port/gen/getutx.c
@@ -877,7 +877,6 @@ updwtmpx(const char *filex, struct utmpx *utx)
 	utmpx_api2frec(utx, &futx);
 	(void) write(wfdx, &futx, sizeof (futx));
 
-done:
 	(void) close(wfdx);
 }
 
diff --git a/usr/src/lib/libc/port/locale/collate.c b/usr/src/lib/libc/port/locale/collate.c
index a8d7bf60d5..cf480c913b 100644
--- a/usr/src/lib/libc/port/locale/collate.c
+++ b/usr/src/lib/libc/port/locale/collate.c
@@ -380,7 +380,7 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf,
 	wchar_t		*tr = NULL;
 	int		direc;
 	int		pass;
-	const int32_t 	*state;
+	const int32_t	*state;
 	size_t		want = 0;
 	size_t		need = 0;
 	int		ndir = lcc->lc_directive_count;
@@ -470,14 +470,11 @@ _collate_wxfrm(const struct lc_collate *lcc, const wchar_t *src, wchar_t *xf,
 		}
 	}
 
-end:
-	if (tr)
-		free(tr);
+	free(tr);
 	return (need);
 
 fail:
-	if (tr)
-		free(tr);
+	free(tr);
 	return ((size_t)(-1));
 }
 
@@ -531,7 +528,7 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc)
 	wchar_t		*tr = NULL;
 	int		direc;
 	int		pass;
-	const int32_t 	*state;
+	const int32_t	*state;
 	size_t		want = 0;
 	size_t		need = 0;
 	int		b;
@@ -640,13 +637,10 @@ _collate_sxfrm(const wchar_t *src, char *xf, size_t room, locale_t loc)
 		}
 	}
 
-end:
-	if (tr)
-		free(tr);
+	free(tr);
 	return (need);
 
 fail:
-	if (tr)
-		free(tr);
+	free(tr);
 	return ((size_t)(-1));
 }
diff --git a/usr/src/tools/find_elf/find_elf.c b/usr/src/tools/find_elf/find_elf.c
index 7c31ccc685..4ece9ac44a 100644
--- a/usr/src/tools/find_elf/find_elf.c
+++ b/usr/src/tools/find_elf/find_elf.c
@@ -229,7 +229,18 @@ process_arg(char *arg)
 		err(EXIT_FAILURE, "not a file or directory: %s", arg);
 	}
 
+#ifndef O_DIRECTORY
+	struct stat tsb;
+	if (stat(dir, &tsb) == -1) {
+		err(EXIT_FAILURE, "failed to stat %s", dir);
+	}
+	if (!S_ISDIR(tsb.st_mode)) {
+		errx(EXIT_FAILURE, "not a directory: %s", dir);
+	}
+	rootfd = open(dir, O_RDONLY);
+#else
 	rootfd = open(dir, O_RDONLY|O_DIRECTORY);
+#endif
 	if (rootfd < 0) {
 		err(EXIT_FAILURE, "%s", dir);
 	}
diff --git a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
index 404942f438..290044b438 100644
--- a/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
+++ b/usr/src/uts/intel/io/vmm/sys/vmm_kernel.h
@@ -483,7 +483,6 @@ typedef struct vmm_data_req {
 	void		*vdr_data;
 	uint32_t	*vdr_result_len;
 } vmm_data_req_t;
-typedef struct vmm_data_req vmm_data_req_t;
 
 typedef int (*vmm_data_writef_t)(void *, const vmm_data_req_t *);
 typedef int (*vmm_data_readf_t)(void *, const vmm_data_req_t *);