diff options
| author | kais <none@none> | 2005-11-12 18:58:05 -0800 |
|---|---|---|
| committer | kais <none@none> | 2005-11-12 18:58:05 -0800 |
| commit | c28749e97052f09388969427adf7df641cdcdc22 (patch) | |
| tree | b17bd3ede804338c80294e581561c82d63d41f35 /usr/src/uts/common/c2/audit.c | |
| parent | eb907aea8fddc9748490fe3243e8f5fc0e31435f (diff) | |
| download | illumos-joyent-c28749e97052f09388969427adf7df641cdcdc22.tar.gz | |
PSARC/2005/625 Greyhound - Solaris Kernel SSL proxy
4931229 Kernel-level SSL proxy
Diffstat (limited to 'usr/src/uts/common/c2/audit.c')
| -rw-r--r-- | usr/src/uts/common/c2/audit.c | 77 |
1 files changed, 76 insertions, 1 deletions
diff --git a/usr/src/uts/common/c2/audit.c b/usr/src/uts/common/c2/audit.c index 62230f02d6..0ab2dba4d7 100644 --- a/usr/src/uts/common/c2/audit.c +++ b/usr/src/uts/common/c2/audit.c @@ -20,7 +20,7 @@ * CDDL HEADER END */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -63,6 +63,7 @@ #include <sys/disp.h> /* for servicing_interrupt() */ #include <sys/devpolicy.h> #include <sys/crypto/ioctladmin.h> +#include <inet/kssl/kssl.h> static void add_return_token(caddr_t *, unsigned int scid, int err, int rval); @@ -2274,3 +2275,77 @@ audit_cryptoadm(int cmd, char *module_name, crypto_mech_name_t *mech_names, au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CRYPTOADM, 0); } + +/* + * Audit the kernel SSL administration command. The address and the + * port number for the SSL instance, and the proxy port are put in the + * audit trail. + */ +void +audit_kssl(int cmd, void *params, int error) +{ + cred_t *cr = CRED(); + t_audit_data_t *tad; + token_t *ad = NULL; + const auditinfo_addr_t *ainfo = crgetauinfo(cr); + au_kcontext_t *kctx = SET_KCTX_PZ; + + ASSERT(kctx != NULL); + tad = U2A(u); + + if (ainfo == NULL) + return; + + tad->tad_event = AUE_CONFIGKSSL; + + if (audit_success(kctx, tad, error) != AU_OK) + return; + + /* Add a subject token */ + AUDIT_SETSUBJ((caddr_t *)&ad, cr, ainfo); + + /* add an optional group token */ + AUDIT_SETGROUP((caddr_t *)&ad, cr, kctx); + + switch (cmd) { + case KSSL_ADD_ENTRY: { + char buf[32]; + kssl_params_t *kp = (kssl_params_t *)params; + struct sockaddr_in *saddr = &(kp->kssl_addr); + + au_write((caddr_t *)&ad, au_to_text("op=KSSL_ADD_ENTRY")); + au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr))); + (void) snprintf(buf, sizeof (buf), "SSL port=%d", + saddr->sin_port); + au_write((caddr_t *)&ad, au_to_text(buf)); + + (void) snprintf(buf, sizeof (buf), "proxy port=%d", + kp->kssl_proxy_port); + au_write((caddr_t *)&ad, au_to_text(buf)); + break; + } + + case KSSL_DELETE_ENTRY: { + char buf[32]; + struct sockaddr_in *saddr = (struct sockaddr_in *)params; + + au_write((caddr_t *)&ad, au_to_text("op=KSSL_DELETE_ENTRY")); + au_write((caddr_t *)&ad, au_to_in_addr(&(saddr->sin_addr))); + (void) snprintf(buf, sizeof (buf), "SSL port=%d", + saddr->sin_port); + au_write((caddr_t *)&ad, au_to_text(buf)); + break; + } + + default: + return; + } + + /* add a return token */ + add_return_token((caddr_t *)&ad, tad->tad_scid, error, 0); + + AS_INC(as_generated, 1, kctx); + AS_INC(as_kernel, 1, kctx); + + au_close(kctx, (caddr_t *)&ad, AU_OK, AUE_CONFIGKSSL, 0); +} |