5079356 Framework should provide administrative audit trail/history

6405683 svc.configd audit events need to be defined.

4 files changed, 79 insertions, 16 deletions

diff --git a/usr/src/lib/libscf/common/libscf_impl.h b/usr/src/lib/libscf/common/libscf_impl.h
index 6dfef8577c..f0947de5a0 100644
--- a/usr/src/lib/libscf/common/libscf_impl.h
+++ b/usr/src/lib/libscf/common/libscf_impl.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -21,7 +20,7 @@
  */
 
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -41,15 +40,6 @@
 extern "C" {
 #endif
 
-#define	SCF_FMRI_SVC_PREFIX		"svc:"
-#define	SCF_FMRI_FILE_PREFIX		"file:"
-#define	SCF_FMRI_SCOPE_PREFIX		"//"
-#define	SCF_FMRI_LOCAL_SCOPE		"localhost"
-#define	SCF_FMRI_SCOPE_SUFFIX		"@localhost"
-#define	SCF_FMRI_SERVICE_PREFIX		"/"
-#define	SCF_FMRI_INSTANCE_PREFIX	":"
-#define	SCF_FMRI_PROPERTYGRP_PREFIX	"/:properties/"
-#define	SCF_FMRI_PROPERTY_PREFIX	"/"
 /*
  * This macro must be extended if additional FMRI prefixes are defined
  */
diff --git a/usr/src/lib/libscf/common/lowlevel.c b/usr/src/lib/libscf/common/lowlevel.c
index 2e31aa6e1f..ce40d0e74f 100644
--- a/usr/src/lib/libscf/common/lowlevel.c
+++ b/usr/src/lib/libscf/common/lowlevel.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -6871,3 +6871,49 @@ _scf_pg_is_read_protected(const scf_propertygroup_t *pg, boolean_t *out)
 		return (scf_set_error(SCF_ERROR_INTERNAL));
 	return (SCF_SUCCESS);
 }
+
+/*
+ * _scf_set_annotation: a wrapper to set the annotation fields for SMF
+ * security auditing.
+ *
+ * Fails with following in scf_error_key thread specific data:
+ *	_INVALID_ARGUMENT - operation or file too large
+ *	_NOT_BOUND
+ *	_CONNECTION_BROKEN
+ *	_INTERNAL
+ *	_NO_RESOURCES
+ */
+int
+_scf_set_annotation(scf_handle_t *h, const char *operation, const char *file)
+{
+	struct rep_protocol_annotation request;
+	struct rep_protocol_response response;
+	size_t copied;
+	int r;
+
+	request.rpr_request = REP_PROTOCOL_SET_AUDIT_ANNOTATION;
+	copied = strlcpy(request.rpr_operation,
+	    (operation == NULL) ? "" : operation,
+	    sizeof (request.rpr_operation));
+	if (copied >= sizeof (request.rpr_operation))
+		return (scf_set_error(SCF_ERROR_INVALID_ARGUMENT));
+
+	copied = strlcpy(request.rpr_file,
+	    (file == NULL) ? "" : file,
+	    sizeof (request.rpr_file));
+	if (copied >= sizeof (request.rpr_operation))
+		return (scf_set_error(SCF_ERROR_INVALID_ARGUMENT));
+
+	(void) pthread_mutex_lock(&h->rh_lock);
+	r = make_door_call(h, &request, sizeof (request),
+	    &response, sizeof (response));
+	(void) pthread_mutex_unlock(&h->rh_lock);
+
+	if (r < 0) {
+		DOOR_ERRORS_BLOCK(r);
+	}
+
+	if (response.rpr_response != REP_PROTOCOL_SUCCESS)
+		return (scf_set_error(proto_error(response.rpr_response)));
+	return (0);
+}
diff --git a/usr/src/lib/libscf/common/mapfile-vers b/usr/src/lib/libscf/common/mapfile-vers
index d64e43b026..898e8307ac 100644
--- a/usr/src/lib/libscf/common/mapfile-vers
+++ b/usr/src/lib/libscf/common/mapfile-vers
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -216,6 +216,7 @@ SUNWprivate_1.1 {
 	scf_parse_svc_fmri;
 	_scf_pg_wait;
 	_scf_request_backup;
+	_scf_set_annotation;
 	_scf_snapshot_attach;
 	_scf_snapshot_delete;
 	_scf_snapshot_take_attach;
diff --git a/usr/src/lib/libscf/inc/libscf_priv.h b/usr/src/lib/libscf/inc/libscf_priv.h
index acffe5b5d8..39c92d20b7 100644
--- a/usr/src/lib/libscf/inc/libscf_priv.h
+++ b/usr/src/lib/libscf/inc/libscf_priv.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -60,6 +60,9 @@ extern "C" {
 #define	SCF_PG_RESTARTER_ACTIONS_TYPE	SCF_GROUP_FRAMEWORK
 #define	SCF_PG_RESTARTER_ACTIONS_FLAGS	SCF_PG_FLAG_NONPERSISTENT
 
+#define	SCF_PROPERTY_CLEAR		((const char *)"maint_off")
+#define	SCF_PROPERTY_MAINTENANCE	((const char *)"maint_on")
+
 #define	SCF_PROPERTY_LOGFILE		((const char *)"logfile")
 #define	SCF_PROPERTY_ALT_LOGFILE	((const char *)"alt_logfile")
 
@@ -72,6 +75,19 @@ extern "C" {
 #define	SCF_FMRI_TYPE_SVC		0x1
 #define	SCF_FMRI_TYPE_FILE		0x2
 
+/*
+ * Strings for use in constructing FMRIs
+ */
+#define	SCF_FMRI_SVC_PREFIX		"svc:"
+#define	SCF_FMRI_FILE_PREFIX		"file:"
+#define	SCF_FMRI_SCOPE_PREFIX		"//"
+#define	SCF_FMRI_LOCAL_SCOPE		"localhost"
+#define	SCF_FMRI_SCOPE_SUFFIX		"@localhost"
+#define	SCF_FMRI_SERVICE_PREFIX		"/"
+#define	SCF_FMRI_INSTANCE_PREFIX	":"
+#define	SCF_FMRI_PROPERTYGRP_PREFIX	"/:properties/"
+#define	SCF_FMRI_PROPERTY_PREFIX	"/"
+
 typedef struct scf_decoration_info {
 	const char *sdi_name;
 	scf_type_t sdi_type;
@@ -304,6 +320,16 @@ int _scf_request_backup(scf_handle_t *, const char *);
 int _scf_pg_is_read_protected(const scf_propertygroup_t *, boolean_t *);
 
 /*
+ * Sets annotation data for SMF audit logging.  Once this function has been
+ * set, the next audit record will be preceded by an ADT_smf_annotation
+ * with the information provided in this function.  This function is used
+ * to mark operations which comprise multiple primitive operations such as
+ * svccfg import.
+ */
+int _scf_set_annotation(scf_handle_t *h, const char *operation,
+    const char *file);
+
+/*
  * scf_pattern_t
  */
 typedef struct scf_pattern {