PERFORCE change 145181 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Sun Jul 13 23:41:46 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=145181
Change 145181 by snagg at snagg_macosx on 2008/07/13 23:40:36
Fixed some typos, added the ability to get a complete record with a GET on a specific pid. Change name conventions.
Affected files ...
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#17 edit
.. //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#27 edit
Differences ...
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_ioctl.h#17 (text) ====
@@ -38,11 +38,9 @@
* structures, add new revised ones to be used by new ioctls, and keep the
* old structures and ioctls for backwards compatibility.
*/
-
-struct auditpipe_ioctl_preselect_pid {
- au_id_t aip_auid;
- au_mask_t aip_mask;
- pid_t app_pid;
+struct auditpipe_ioctl_preselect_proc {
+ int aipp_flag;
+ pid_t aipp_pid;
};
struct auditpipe_ioctl_preselect{
@@ -55,7 +53,7 @@
*/
#define AUDITPIPE_PRESELECT_MODE_TRAIL 1 /* Global audit trail. */
#define AUDITPIPE_PRESELECT_MODE_LOCAL 2 /* Local audit trail. */
-#define AUDITPIPE_PRESELECT_MODE_PID 3 /*Pid based audit trail*/
+#define AUDITPIPE_PRESELECT_MODE_PROC 3 /* Pid based audit trail. */
/*
* Ioctls to read and control the behavior of individual audit pipe devices.
@@ -79,12 +77,12 @@
#define AUDITPIPE_SET_PRESELECT_MODE _IOW(AUDITPIPE_IOBASE, 15, int)
#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 16)
#define AUDITPIPE_GET_MAXAUDITDATA _IOR(AUDITPIPE_IOBASE, 17, u_int)
-#define AUDITPIPE_GET_PRESELECT_PID _IOR(AUDITPIPE_IOBASE, 18, \
- struct auditpipe_ioctl_preselect_pid)
-#define AUDITPIPE_SET_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 19, \
- struct auditpipe_ioctl_preselect_pid)
-#define AUDITPIPE_DELETE_PRESELECT_PID _IOW(AUDITPIPE_IOBASE, 20, pid_t)
-#define AUDITPIPE_FLUSH_PRESELECT_PID _IO(AUDITPIPE_IOBASE, 21)
+#define AUDITPIPE_GET_PRESELECT_PROC _IOWR(AUDITPIPE_IOBASE, 18, \
+ struct auditpipe_ioctl_preselect_proc)
+#define AUDITPIPE_SET_PRESELECT_PROC _IOW(AUDITPIPE_IOBASE, 19, \
+ struct auditpipe_ioctl_preselect_proc)
+#define AUDITPIPE_DELETE_PRESELECT_PROC _IOW(AUDITPIPE_IOBASE, 20, pid_t)
+#define AUDITPIPE_FLUSH_PRESELECT_PROC _IO(AUDITPIPE_IOBASE, 21)
/*
* Ioctls to retrieve audit pipe statistics.
==== //depot/projects/soc2008/snagg-audit/sys/security/audit/audit_pipe.c#27 (text) ====
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.16 2008/06/11 18:55:19 ed Exp $");
+__FBSDID("$FreeBSD: src/sys/security/audit/audit_pipe.c,v 1.15 2008/04/13 22:06:56 rwatson Exp $");
#include <sys/param.h>
#include <sys/condvar.h>
@@ -96,12 +96,11 @@
* We may want to consider a more space/time-efficient data structure once
* usage patterns for per-auid specifications are clear.
*/
-
struct audit_pipe_preselect {
au_id_t app_auid;
au_mask_t app_mask;
pid_t app_pid;
- int app_event_len;
+ int app_flag;
TAILQ_ENTRY(audit_pipe_preselect) app_list;
};
@@ -180,7 +179,7 @@
static struct cdevsw audit_pipe_cdevsw = {
.d_version = D_VERSION,
- .d_flags = D_PSEUDO | D_NEEDGIANT | D_NEEDMINOR,
+ .d_flags = D_PSEUDO | D_NEEDGIANT,
.d_open = audit_pipe_open,
.d_close = audit_pipe_close,
.d_read = audit_pipe_read,
@@ -218,24 +217,21 @@
free(ape->ape_record, M_AUDIT_PIPE_ENTRY);
free(ape, M_AUDIT_PIPE_ENTRY);
}
-
/*
- * Find an audit pipe preselection specification for a pid,
- * if any.
+ * Find an audit pipe preselection specification for a pid, if any.
*/
static struct audit_pipe_preselect *
-audit_pipe_preselect_find_pid(struct audit_pipe *ap, pid_t app_pid)
+audit_pipe_preselect_find_proc(struct audit_pipe *ap, pid_t app_pid)
{
struct audit_pipe_preselect *app;
mtx_assert(&audit_pipe_mtx, MA_OWNED);
TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
- if(app->app_pid == app_pid)
+ if (app->app_pid == app_pid)
return (app);
}
-
return (NULL);
}
@@ -278,62 +274,65 @@
}
/*
- * Check if there's an entry for a given pid
+ * Check if there's an entry for a given pid.
*/
static int
-audit_pipe_preselect_get_pid(struct audit_pipe *ap, pid_t pid)
+audit_pipe_preselect_get_proc(struct audit_pipe *ap, pid_t pid,
+ struct auditpipe_ioctl_preselect_proc *aipp)
{
struct audit_pipe_preselect *app;
int error;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find_pid(ap, pid);
- if(app != NULL)
+ app = audit_pipe_preselect_find_proc(ap, pid);
+ if (app != NULL) {
+ aipp->aipp_pid = pid;
+ aipp->aipp_flag = app->app_flag;
error = 0;
- else
+ }else
error = ENOENT;
mtx_unlock(&audit_pipe_mtx);
- return(error);
+ return (error);
}
/*
* Add a new entry for a specifc event. Add a new entry if needed;
* otherwise, update the current entry.
*/
-static void
-audit_pipe_preselect_set_pid(struct audit_pipe *ap, pid_t app_pid)
+static int
+audit_pipe_preselect_set_proc(struct audit_pipe *ap,
+ struct auditpipe_ioctl_preselect_proc *aipp)
{
struct audit_pipe_preselect *app, *app_new;
- int found;
-
+
+ if (aipp->aipp_pid < 0)
+ return (EINVAL);
- KASSERT(app_pid >= 0, ("Pid is invalid"));
-
/*
- * Pessimistically assume that the entry for this pid doesn't
- * exist, and allocate. We will free it if it is unneeded.
+ * Pessimistically assume that the entry for this pid doesn't exist,
+ * and allocate. We will free it if it is unneeded.
*/
app_new = malloc(sizeof(*app_new), M_AUDIT_PIPE_PRESELECT, M_WAITOK);
-
mtx_lock(&audit_pipe_mtx);
-
+
/*
- * Search for the entry by its pid
+ * Search for the entry by its pid.
*/
- app = audit_pipe_preselect_find_pid(ap, app_pid);
- found = (app != NULL) ? 1: 0;
- if(!found) {
+ app = audit_pipe_preselect_find_proc(ap, aipp->aipp_pid);
+ if (app == NULL) {
app = app_new;
app_new = NULL;
- app->app_pid = app_pid;
+ app->app_pid = aipp->aipp_pid;
+ app->app_flag = aipp->aipp_flag;
TAILQ_INSERT_TAIL(&ap->ap_preselect_list, app, app_list);
- }
+ }
mtx_unlock(&audit_pipe_mtx);
- if (app_new != NULL) {
+ if (app_new != NULL)
free(app_new, M_AUDIT_PIPE_PRESELECT);
- }
+
+ return (0);
}
/*
@@ -368,12 +367,12 @@
* Delete a per-pid entry on an audit pipe wiping the whole entry.
*/
static int
-audit_pipe_preselect_delete_pid(struct audit_pipe *ap, pid_t pid)
+audit_pipe_preselect_delete_proc(struct audit_pipe *ap, pid_t pid)
{
struct audit_pipe_preselect *app;
mtx_lock(&audit_pipe_mtx);
- app = audit_pipe_preselect_find_pid(ap, pid);
+ app = audit_pipe_preselect_find_proc(ap, pid);
if (app != NULL) {
TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list);
mtx_unlock(&audit_pipe_mtx);
@@ -381,7 +380,6 @@
return (0);
} else
mtx_unlock(&audit_pipe_mtx);
-
return (ENOENT);
}
@@ -408,32 +406,6 @@
}
/*
- * Delete all per-events entry on an audit pipe.
- */
-static void
-audit_pipe_preselect_pid_flush_locked(struct audit_pipe *ap)
-{
- struct audit_pipe_preselect *app;
-
- mtx_assert(&audit_pipe_mtx, MA_OWNED);
-
- while ((app = TAILQ_FIRST(&ap->ap_preselect_list)) != NULL) {
- TAILQ_REMOVE(&ap->ap_preselect_list, app, app_list);
- if (app != NULL)
- free(app, M_AUDIT_PIPE_PRESELECT);
- }
-}
-
-static void
-audit_pipe_preselect_pid_flush(struct audit_pipe *ap)
-{
-
- mtx_lock(&audit_pipe_mtx);
- audit_pipe_preselect_pid_flush_locked(ap);
- mtx_unlock(&audit_pipe_mtx);
-}
-
-/*
* Delete all per-auid masks on an audit pipe.
*/
static void
@@ -493,10 +465,10 @@
} else
return (au_preselect(event, class, &app->app_mask,
sorf));
-
- case AUDITPIPE_PRESELECT_MODE_PID:
- app = audit_pipe_preselect_find_pid(ap, app_pid);
- if(app != NULL)
+
+ case AUDITPIPE_PRESELECT_MODE_PROC:
+ app = audit_pipe_preselect_find_proc(ap, app_pid);
+ if (app != NULL)
return (1);
else
break;
@@ -825,7 +797,7 @@
struct thread *td)
{
struct auditpipe_ioctl_preselect *aip;
- struct auditpipe_ioctl_preselect_pid *aip_pid;
+ struct auditpipe_ioctl_preselect_proc *aip_pid;
struct audit_pipe *ap;
au_mask_t *maskp;
int error, mode;
@@ -948,18 +920,17 @@
error = audit_pipe_preselect_get(ap, aip->aip_auid,
&aip->aip_mask);
break;
-
- case AUDITPIPE_GET_PRESELECT_PID:
- aip_pid = (struct auditpipe_ioctl_preselect_pid *)data;
- error = audit_pipe_preselect_get_pid(ap, aip_pid->app_pid);
+
+ case AUDITPIPE_GET_PRESELECT_PROC:
+ aip_pid = (struct auditpipe_ioctl_preselect_proc *)data;
+ error = audit_pipe_preselect_get_proc(ap, aip_pid->aipp_pid, aip_pid);
break;
- case AUDITPIPE_SET_PRESELECT_PID:
- aip_pid = (struct auditpipe_ioctl_preselect_pid *)data;
- audit_pipe_preselect_set_pid(ap, aip_pid->app_pid);
- error = 0;
+ case AUDITPIPE_SET_PRESELECT_PROC:
+ aip_pid = (struct auditpipe_ioctl_preselect_proc *)data;
+ error = audit_pipe_preselect_set_proc(ap, aip_pid);
break;
-
+
case AUDITPIPE_SET_PRESELECT_AUID:
aip = (struct auditpipe_ioctl_preselect *)data;
audit_pipe_preselect_set(ap, aip->aip_auid, aip->aip_mask);
@@ -971,21 +942,17 @@
error = audit_pipe_preselect_delete(ap, auid);
break;
- case AUDITPIPE_DELETE_PRESELECT_PID:
+ case AUDITPIPE_DELETE_PRESELECT_PROC:
app_pid = *(pid_t *)data;
- error = audit_pipe_preselect_delete_pid(ap, app_pid);
+ error = audit_pipe_preselect_delete_proc(ap, app_pid);
break;
-
+
case AUDITPIPE_FLUSH_PRESELECT_AUID:
+ case AUDITPIPE_FLUSH_PRESELECT_PROC:
audit_pipe_preselect_flush(ap);
error = 0;
break;
- case AUDITPIPE_FLUSH_PRESELECT_PID:
- audit_pipe_preselect_pid_flush(ap);
- error = 0;
- break;
-
case AUDITPIPE_GET_PRESELECT_MODE:
mtx_lock(&audit_pipe_mtx);
*(int *)data = ap->ap_preselect_mode;
@@ -998,7 +965,8 @@
switch (mode) {
case AUDITPIPE_PRESELECT_MODE_TRAIL:
case AUDITPIPE_PRESELECT_MODE_LOCAL:
- case AUDITPIPE_PRESELECT_MODE_PID:
+ case AUDITPIPE_PRESELECT_MODE_PROC:
+ audit_pipe_preselect_flush(ap);
mtx_lock(&audit_pipe_mtx);
ap->ap_preselect_mode = mode;
mtx_unlock(&audit_pipe_mtx);
More information about the p4-projects
mailing list