1 /*-
2 * Copyright (c) 2011, David E. O'Brien.
3 * Copyright (c) 2009-2011, Juniper Networks, Inc.
4 * Copyright (c) 2015, EMC Corp.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY JUNIPER NETWORKS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL JUNIPER NETWORKS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
31
32 #include "opt_compat.h"
33
34 #include <sys/param.h>
35 #include <sys/file.h>
36 #include <sys/systm.h>
37 #include <sys/buf.h>
38 #include <sys/condvar.h>
39 #include <sys/conf.h>
40 #include <sys/fcntl.h>
41 #include <sys/ioccom.h>
42 #include <sys/kernel.h>
43 #include <sys/lock.h>
44 #include <sys/malloc.h>
45 #include <sys/module.h>
46 #include <sys/poll.h>
47 #include <sys/proc.h>
48 #include <sys/queue.h>
49 #include <sys/sx.h>
50 #include <sys/syscall.h>
51 #include <sys/sysent.h>
52 #include <sys/sysproto.h>
53 #include <sys/uio.h>
54
55 #if __FreeBSD_version >= 900041
56 #include <sys/capsicum.h>
57 #endif
58
59 #include "filemon.h"
60
61 #if defined(COMPAT_IA32) || defined(COMPAT_FREEBSD32) || defined(COMPAT_ARCH32)
62 #include <compat/freebsd32/freebsd32_syscall.h>
63 #include <compat/freebsd32/freebsd32_proto.h>
64
65 extern struct sysentvec ia32_freebsd_sysvec;
66 #endif
67
68 extern struct sysentvec elf32_freebsd_sysvec;
69 extern struct sysentvec elf64_freebsd_sysvec;
70
71 static d_close_t filemon_close;
72 static d_ioctl_t filemon_ioctl;
73 static d_open_t filemon_open;
74 static int filemon_unload(void);
75 static void filemon_load(void *);
76
77 static struct cdevsw filemon_cdevsw = {
78 .d_version = D_VERSION,
79 .d_close = filemon_close,
80 .d_ioctl = filemon_ioctl,
81 .d_open = filemon_open,
82 .d_name = "filemon",
83 };
84
85 MALLOC_DECLARE(M_FILEMON);
86 MALLOC_DEFINE(M_FILEMON, "filemon", "File access monitor");
87
88 struct filemon {
89 TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */
90 struct sx lock; /* Lock mutex for this filemon. */
91 struct file *fp; /* Output file pointer. */
92 pid_t pid; /* The process ID being monitored. */
93 char fname1[MAXPATHLEN]; /* Temporary filename buffer. */
94 char fname2[MAXPATHLEN]; /* Temporary filename buffer. */
95 char msgbufr[1024]; /* Output message buffer. */
96 };
97
98 static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse);
99 static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free);
100 static struct sx access_lock;
101
102 static struct cdev *filemon_dev;
103
104 #include "filemon_lock.c"
105 #include "filemon_wrapper.c"
106
107 static void
filemon_dtr(void * data)108 filemon_dtr(void *data)
109 {
110 struct filemon *filemon = data;
111
112 if (filemon != NULL) {
113 struct file *fp = filemon->fp;
114
115 /* Get exclusive write access. */
116 filemon_lock_write();
117
118 /* Remove from the in-use list. */
119 TAILQ_REMOVE(&filemons_inuse, filemon, link);
120
121 filemon->fp = NULL;
122 filemon->pid = -1;
123
124 /* Add to the free list. */
125 TAILQ_INSERT_TAIL(&filemons_free, filemon, link);
126
127 /* Give up write access. */
128 filemon_unlock_write();
129
130 if (fp != NULL)
131 fdrop(fp, curthread);
132 }
133 }
134
135 static int
filemon_ioctl(struct cdev * dev,u_long cmd,caddr_t data,int flag __unused,struct thread * td)136 filemon_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag __unused,
137 struct thread *td)
138 {
139 int error = 0;
140 struct filemon *filemon;
141 struct proc *p;
142 #if __FreeBSD_version >= 900041
143 cap_rights_t rights;
144 #endif
145
146 devfs_get_cdevpriv((void **) &filemon);
147
148 switch (cmd) {
149 /* Set the output file descriptor. */
150 case FILEMON_SET_FD:
151 error = fget_write(td, *(int *)data,
152 #if __FreeBSD_version >= 900041
153 cap_rights_init(&rights, CAP_PWRITE),
154 #endif
155 &filemon->fp);
156 if (error == 0)
157 /* Write the file header. */
158 filemon_comment(filemon);
159 break;
160
161 /* Set the monitored process ID. */
162 case FILEMON_SET_PID:
163 error = pget(*((pid_t *)data), PGET_CANDEBUG | PGET_NOTWEXIT,
164 &p);
165 if (error == 0) {
166 filemon->pid = p->p_pid;
167 PROC_UNLOCK(p);
168 }
169 break;
170
171 default:
172 error = EINVAL;
173 break;
174 }
175
176 return (error);
177 }
178
179 static int
filemon_open(struct cdev * dev,int oflags __unused,int devtype __unused,struct thread * td __unused)180 filemon_open(struct cdev *dev, int oflags __unused, int devtype __unused,
181 struct thread *td __unused)
182 {
183 struct filemon *filemon;
184
185 /* Get exclusive write access. */
186 filemon_lock_write();
187
188 if ((filemon = TAILQ_FIRST(&filemons_free)) != NULL)
189 TAILQ_REMOVE(&filemons_free, filemon, link);
190
191 /* Give up write access. */
192 filemon_unlock_write();
193
194 if (filemon == NULL) {
195 filemon = malloc(sizeof(struct filemon), M_FILEMON,
196 M_WAITOK | M_ZERO);
197 sx_init(&filemon->lock, "filemon");
198 }
199
200 filemon->pid = curproc->p_pid;
201
202 devfs_set_cdevpriv(filemon, filemon_dtr);
203
204 /* Get exclusive write access. */
205 filemon_lock_write();
206
207 /* Add to the in-use list. */
208 TAILQ_INSERT_TAIL(&filemons_inuse, filemon, link);
209
210 /* Give up write access. */
211 filemon_unlock_write();
212
213 return (0);
214 }
215
216 static int
filemon_close(struct cdev * dev __unused,int flag __unused,int fmt __unused,struct thread * td __unused)217 filemon_close(struct cdev *dev __unused, int flag __unused, int fmt __unused,
218 struct thread *td __unused)
219 {
220
221 return (0);
222 }
223
224 static void
filemon_load(void * dummy __unused)225 filemon_load(void *dummy __unused)
226 {
227 sx_init(&access_lock, "filemons_inuse");
228
229 /* Install the syscall wrappers. */
230 filemon_wrapper_install();
231
232 filemon_dev = make_dev(&filemon_cdevsw, 0, UID_ROOT, GID_WHEEL, 0666,
233 "filemon");
234 }
235
236 static int
filemon_unload(void)237 filemon_unload(void)
238 {
239 struct filemon *filemon;
240 int error = 0;
241
242 /* Get exclusive write access. */
243 filemon_lock_write();
244
245 if (TAILQ_FIRST(&filemons_inuse) != NULL)
246 error = EBUSY;
247 else {
248 destroy_dev(filemon_dev);
249
250 /* Deinstall the syscall wrappers. */
251 filemon_wrapper_deinstall();
252 }
253
254 /* Give up write access. */
255 filemon_unlock_write();
256
257 if (error == 0) {
258 /* free() filemon structs free list. */
259 filemon_lock_write();
260 while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) {
261 TAILQ_REMOVE(&filemons_free, filemon, link);
262 sx_destroy(&filemon->lock);
263 free(filemon, M_FILEMON);
264 }
265 filemon_unlock_write();
266
267 sx_destroy(&access_lock);
268 }
269
270 return (error);
271 }
272
273 static int
filemon_modevent(module_t mod __unused,int type,void * data)274 filemon_modevent(module_t mod __unused, int type, void *data)
275 {
276 int error = 0;
277
278 switch (type) {
279 case MOD_LOAD:
280 filemon_load(data);
281 break;
282
283 case MOD_UNLOAD:
284 error = filemon_unload();
285 break;
286
287 case MOD_SHUTDOWN:
288 break;
289
290 default:
291 error = EOPNOTSUPP;
292 break;
293
294 }
295
296 return (error);
297 }
298
299 DEV_MODULE(filemon, filemon_modevent, NULL);
300 MODULE_VERSION(filemon, 1);
301