PERFORCE change 56936 for review
Wayne Salamon
wsalamon at FreeBSD.org
Fri Jul 9 17:36:35 PDT 2004
http://perforce.freebsd.org/chv.cgi?CH=56936
Change 56936 by wsalamon at wsalamon_epi on 2004/07/10 00:35:35
Merge in the remaining changes from the audit2 versions.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 (text+ko) ====
@@ -282,10 +282,8 @@
token_t *au_to_return64(char status, u_int64_t ret);
token_t *au_to_seq(long audit_count);
token_t *au_to_socket(struct socket *so);
-token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
-token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ta);
+token_t *au_to_socket_ex_32(struct socket *so);
+token_t *au_to_socket_ex_128(struct socket *so);
token_t *au_to_sock_inet(struct sockaddr_in *so);
token_t *au_to_sock_inet32(struct sockaddr_in *so);
token_t *au_to_sock_inet128(struct sockaddr_in6 *so);
==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 (text+ko) ====
@@ -37,7 +37,10 @@
*/
token_t *kau_to_socket(struct socket_au_info *soi);
token_t *kau_to_attr32(struct vnode_au_info *vni);
-token_t *kau_to_attr64(struct vnode_au_info *vni);
+
+/*
+ * audit_klib prototypes
+ */
int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf);
au_event_t flags_and_error_to_openevent(int oflags, int error);
void au_evclassmap_init(void);
@@ -47,8 +50,8 @@
int auditon_command_event(int cmd);
int msgctl_to_event(int cmd);
int semctl_to_event(int cmr);
+void canon_path(struct thread *td, char *path, char *cpath);
-int canon_path(struct thread *td, char *path, char *cpath);
/*
* Define a system call to audit event mapping table.
*/
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 (text+ko) ====
@@ -631,7 +631,7 @@
"flag\n"));
cv_wait(&audit_replacement_cv, &audit_mtx);
AUDIT_PRINTF(("audit_rotate_vnode: woken up (flag %d)\n",
- audit_replacement_flag));
+ audit_replacement_flag));
}
audit_replacement_cred = cred;
audit_replacement_flag = 1;
@@ -1678,6 +1678,9 @@
if (ar == NULL || td == NULL || so == NULL)
return;
+ /*
+ * XXX: Do we need to lock the socket?
+ */
bcopy(so, &ar->k_ar.ar_arg_sockaddr, sizeof(ar->k_ar.ar_arg_sockaddr));
switch (so->sa_family) {
case AF_INET:
@@ -2027,6 +2030,9 @@
if (vp == NULL)
return;
+ mtx_assert(&Giant, MA_OWNED);
+ ASSERT_VOP_LOCKED(vp, "audit_arg_vnpath")
+
ar = currecord();
if (ar == NULL) /* This will be the case for unaudited system calls */
return;
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 (text+ko) ====
@@ -151,7 +151,8 @@
* Close out the audit record by adding the header token, identifying
* any missing tokens. Write out the tokens to the record memory.
*/
-void kau_close(struct au_record *rec, struct timespec *ctime, short event)
+void
+kau_close(struct au_record *rec, struct timespec *ctime, short event)
{
u_char *dptr;
size_t tot_rec_size;
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 (text+ko) ====
@@ -21,14 +21,14 @@
*/
#include <sys/param.h>
-#include <sys/vnode.h>
#include <sys/fcntl.h>
#include <sys/filedesc.h>
+#include <sys/libkern.h>
+#include <sys/malloc.h>
+#include <sys/proc.h>
#include <sys/sem.h>
-#include <sys/malloc.h>
#include <sys/sysctl.h>
-#include <sys/libkern.h>
-#include <sys/proc.h>
+#include <sys/vnode.h>
#include <bsm/audit.h>
#include <bsm/audit_kernel.h>
@@ -545,7 +545,7 @@
/*
* Perform the actual check of the masks against the event.
*/
- if (sorf & AU_PRS_SUCCESS) {
+ if(sorf & AU_PRS_SUCCESS) {
effmask |= (mask_p->am_success & ae_class);
}
@@ -811,7 +811,7 @@
* written to the audit log. So we will leave the filename starting
* with '/' in the audit log in this case.
*/
-int canon_path(struct thread *td, char *path, char *cpath)
+void canon_path(struct thread *td, char *path, char *cpath)
{
char *bufp;
char **retbuf, **freebuf;
@@ -819,6 +819,8 @@
struct vnode *vnp;
struct filedesc *fdp;
+ mtx_assert(&Giant, MA_OWNED);
+
fdp = td->td_proc->p_fd;
bufp = path;
FILEDESC_LOCK(fdp);
@@ -844,6 +846,9 @@
FILEDESC_UNLOCK(fdp);
if (vnp != NULL) {
/*
+ * XXX: Should lock vnode!
+ */
+ /*
* XXX: vn_fullpath() on FreeBSD is "less reliable"
* than vn_getpath() on Darwin, so this will need more
* attention in the future. Also, the question and
@@ -866,5 +871,4 @@
} else {
strncpy(cpath, bufp, MAXPATHLEN);
}
- return (0);
}
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 (text+ko) ====
@@ -20,25 +20,25 @@
* @APPLE_LICENSE_HEADER_END@
*/
-#include <sys/param.h>
-#include <sys/un.h>
+#include <sys/param.h>
#include <sys/event.h>
#include <sys/libkern.h>
#include <sys/malloc.h>
+#include <sys/un.h>
#include <bsm/audit.h>
#include <bsm/audit_record.h>
#include <bsm/audit_kernel.h>
#include <security/audit/audit_klib.h>
-#define GET_TOKEN_AREA(tok, dptr, length) \
+#define GET_TOKEN_AREA(tok, dptr, length) \
do { \
tok = malloc(sizeof(*tok), M_AUDIT, M_WAITOK); \
tok->len = length; \
dptr = tok->t_data = malloc(length * sizeof(u_char), \
M_AUDIT, M_WAITOK); \
memset(tok->t_data, 0, length); \
- }while(0)
+ } while(0)
/*
* token ID 1 byte
@@ -137,8 +137,6 @@
{
token_t *t;
u_char *dptr;
- u_int64_t fileid;
- u_int16_t pad0_16 = 0;
u_int32_t pad0_32 = 0;
if(vni == NULL) {
@@ -151,27 +149,14 @@
}
ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
-
- /*
- * Darwin defines the size for the file mode as 2 bytes;
- * BSM defines 4. So we copy in a 0 first.
- */
- ADD_U_INT16(dptr, pad0_16);
- ADD_U_INT16(dptr, vni->vn_mode);
-
+ ADD_U_INT32(dptr, vni->vn_mode);
ADD_U_INT32(dptr, vni->vn_uid);
ADD_U_INT32(dptr, vni->vn_gid);
ADD_U_INT32(dptr, vni->vn_fsid);
-
- /*
- * Darwin defines the size for fileid as 4 bytes;
- * BSM defines 8. So we copy in a 0 first.
- */
- fileid = vni->vn_fileid;
+ /* Pad four bytes for the file ID due to BSM's need for 8 bytes */
ADD_U_INT32(dptr, pad0_32);
- ADD_U_INT32(dptr, fileid);
-
- ADD_U_INT32(dptr, vni->vn_dev);
+ ADD_U_INT32(dptr, vni->vn_fileid);
+ ADD_U_INT32(dptr, vni->vn_gen);
return t;
}
@@ -202,15 +187,9 @@
return t;
}
-token_t *kau_to_attr64(struct vnode_au_info *vni)
-{
- return NULL;
-}
-
token_t *au_to_attr(struct vattr *attr)
{
return au_to_attr32(attr);
-
}
@@ -438,7 +417,6 @@
{
token_t *t;
u_char *dptr;
- u_int16_t pad0 = 0;
if(perm == NULL) {
return NULL;
@@ -448,34 +426,16 @@
if(t == NULL) {
return NULL;
}
-
- /*
- * Darwin defines the sizes for ipc_perm members
- * as 2 bytes; BSM defines 4. So we copy in a 0 first.
- */
+
ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->uid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->gid);
+ ADD_U_INT32(dptr, perm->uid);
+ ADD_U_INT32(dptr, perm->gid);
+ ADD_U_INT32(dptr, perm->cuid);
+ ADD_U_INT32(dptr, perm->cgid);
+ ADD_U_INT32(dptr, perm->mode);
+ ADD_U_INT32(dptr, perm->seq);
+ ADD_U_INT32(dptr, perm->key);
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->cuid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->cgid);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->mode);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->seq);
-
- ADD_U_INT16(dptr, pad0);
- ADD_U_INT16(dptr, perm->key);
-
return t;
}
@@ -528,6 +488,7 @@
return t;
}
+#ifdef _KERNEL
/*
* Kernel version of the add file token function, where the time value
* is passed in as an additional parameter.
@@ -570,8 +531,8 @@
ADD_STRING(dptr, file, filelen);
return t;
-
}
+#endif
/*
* token ID 1 byte
@@ -688,7 +649,30 @@
uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_t *tid)
{
- return NULL;
+ token_t *t;
+ u_char *dptr;
+
+ if(tid == NULL) {
+ return NULL;
+ }
+
+ GET_TOKEN_AREA(t, dptr, 41);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_U_INT32(dptr, tid->machine);
+
+ return t;
}
token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
@@ -752,7 +736,34 @@
uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_addr_t *tid)
{
- return NULL;
+ token_t *t;
+ u_char *dptr;
+
+ if(tid == NULL) {
+ return NULL;
+ }
+
+ GET_TOKEN_AREA(t, dptr, 57);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ ADD_U_INT32(dptr, tid->at_addr[0]);
+ ADD_U_INT32(dptr, tid->at_addr[1]);
+ ADD_U_INT32(dptr, tid->at_addr[2]);
+ ADD_U_INT32(dptr, tid->at_addr[3]);
+
+ return t;
}
token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
@@ -840,12 +851,13 @@
*/
token_t *au_to_socket(struct socket *so)
{
- return NULL;
+ return au_to_socket_ex_32(so);
}
/*
* Kernel-specific version of the above function.
*/
+#ifdef _KERNEL
token_t *kau_to_socket(struct socket_au_info *soi)
{
token_t *t;
@@ -872,6 +884,7 @@
return t;
}
+#endif
/*
* token ID 1 byte
@@ -883,14 +896,12 @@
* address type/length 4 bytes
* remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
*/
-token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ra)
+token_t *au_to_socket_ex_32(struct socket *so)
{
return NULL;
}
-token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp,
- struct sockaddr *la, struct sockaddr *ra)
+token_t *au_to_socket_ex_128(struct socket *so)
{
return NULL;
}
@@ -1038,15 +1049,38 @@
}
token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid)
+ uid_t ruid, gid_t rgid, pid_t pid,
+ au_asid_t sid, au_tid_t *tid)
{
- return NULL;
+ token_t *t;
+ u_char *dptr;
+
+ if(tid == NULL) {
+ return NULL;
+ }
+
+ GET_TOKEN_AREA(t, dptr, 41);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->port);
+ ADD_U_INT32(dptr, tid->machine);
+
+ return t;
}
token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
- uid_t ruid, gid_t rgid, pid_t pid,
- au_asid_t sid, au_tid_t *tid)
+ uid_t ruid, gid_t rgid, pid_t pid,
+ au_asid_t sid, au_tid_t *tid)
{
return au_to_subject32(auid, euid, egid, ruid, rgid,
pid, sid, tid);
@@ -1105,7 +1139,34 @@
gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
au_asid_t sid, au_tid_addr_t *tid)
{
- return NULL;
+ token_t *t;
+ u_char *dptr;
+
+ if(tid == NULL) {
+ return NULL;
+ }
+
+ GET_TOKEN_AREA(t, dptr, 57);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN);
+ ADD_U_INT32(dptr, auid);
+ ADD_U_INT32(dptr, euid);
+ ADD_U_INT32(dptr, egid);
+ ADD_U_INT32(dptr, ruid);
+ ADD_U_INT32(dptr, rgid);
+ ADD_U_INT32(dptr, pid);
+ ADD_U_INT32(dptr, sid);
+ ADD_U_INT64(dptr, tid->at_port);
+ ADD_U_INT32(dptr, tid->at_type);
+ ADD_U_INT32(dptr, tid->at_addr[0]);
+ ADD_U_INT32(dptr, tid->at_addr[1]);
+ ADD_U_INT32(dptr, tid->at_addr[2]);
+ ADD_U_INT32(dptr, tid->at_addr[3]);
+
+ return t;
}
token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
@@ -1216,7 +1277,7 @@
return t;
}
-
+#ifdef _KERNEL
/*
* Kernel version of the BSM header token functions. These versions take
* a timespec struct as an additional parameter in order to obtain the
@@ -1257,7 +1318,26 @@
token_t *kau_to_header64(struct timespec *ctime, int rec_size,
au_event_t e_type, au_emod_t e_mod)
{
- return NULL;
+ token_t *t;
+ u_char *dptr;
+ u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
+
+ GET_TOKEN_AREA(t, dptr, 26);
+ if(t == NULL) {
+ return NULL;
+ }
+
+ ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN);
+ ADD_U_INT32(dptr, rec_size);
+ ADD_U_CHAR(dptr, HEADER_VERSION);
+ ADD_U_INT16(dptr, e_type);
+ ADD_U_INT16(dptr, e_mod);
+
+ /* Add the timestamp */
+ ADD_U_INT32(dptr, ctime->tv_sec);
+ ADD_U_INT32(dptr, timems);
+
+ return t;
}
token_t *kau_to_header(struct timespec *ctime, int rec_size,
@@ -1265,6 +1345,7 @@
{
return kau_to_header32(ctime, rec_size, e_type, e_mod);
}
+#endif
/*
* token ID 1 byte
More information about the p4-projects
mailing list