PERFORCE change 141465 for review
Diego Giagio
diego at FreeBSD.org
Sun May 11 16:03:47 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=141465
Change 141465 by diego at diego_black on 2008/05/11 16:03:09
- Added wrappers around audit_arg_xxx to specify which record is being used
- Added support for two new events - AUE_PFIL_ENABLE/DISABLE
- Moved preselection code to audit_begin()
- Imported audit_pfil.c and added it to the build
- Created macro AUDIT_CALL to wrap audit functions call
Affected files ...
.. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/conf/files#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw_pfil.c#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#5 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm.c#2 edit
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_pfil.c#1 add
.. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#2 edit
Differences ...
==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_kevents.h#2 (text) ====
@@ -548,6 +548,8 @@
#define AUE_MKNODAT 43150 /* FreeBSD. */
#define AUE_READLINKAT 43151 /* FreeBSD. */
#define AUE_SYMLINKAT 43152 /* FreeBSD. */
+#define AUE_PFIL_ENABLE 43153 /* FreeBSD. */
+#define AUE_PFIL_DISABLE 43154 /* FreeBSD. */
/*
* Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
==== //depot/projects/soc2008/diego-audit/src/sys/conf/files#5 (text+ko) ====
@@ -2260,6 +2260,7 @@
security/audit/audit_bsm.c optional audit
security/audit/audit_bsm_klib.c optional audit
security/audit/audit_bsm_token.c optional audit
+security/audit/audit_pfil.c optional audit
security/audit/audit_pipe.c optional audit
security/audit/audit_syscalls.c standard
security/audit/audit_trigger.c optional audit
==== //depot/projects/soc2008/diego-audit/src/sys/netinet/ip_fw_pfil.c#2 (text+ko) ====
@@ -65,6 +65,8 @@
#include <machine/in_cksum.h>
+#include <security/audit/audit.h>
+
int fw_enable = 1;
#ifdef INET6
int fw6_enable = 1;
@@ -542,6 +544,7 @@
break;
}
#endif
+ AUDIT_CALL(audit_pfil_enable_ipfw(err));
break;
case MOD_UNLOAD:
@@ -552,6 +555,7 @@
break;
#endif
ipfw_destroy();
+ AUDIT_CALL(audit_pfil_disable_ipfw(err));
break;
default:
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.c#2 (text) ====
@@ -322,6 +322,58 @@
return (ar);
}
+struct kaudit_record *
+audit_begin(int event, struct thread *td)
+{
+ struct kaudit_record *ar;
+ struct au_mask *aumask;
+ au_class_t class;
+ au_id_t auid;
+
+ KASSERT(event != AUE_NULL, ("audit_begin: event == AUE_NULL"));
+
+ /*
+ * Check which audit mask to use; either the kernel non-attributable
+ * event mask or the process audit mask.
+ */
+ auid = td->td_ucred->cr_audit.ai_auid;
+ if (auid == AU_DEFAUDITID)
+ aumask = &audit_nae_mask;
+ else
+ aumask = &td->td_ucred->cr_audit.ai_mask;
+
+ /*
+ * Allocate an audit record, if preselection allows it, and store in
+ * the thread for later use.
+ */
+ class = au_event_class(event);
+ if (au_preselect(event, class, aumask, AU_PRS_BOTH)) {
+ /*
+ * If we're out of space and need to suspend unprivileged
+ * processes, do that here rather than trying to allocate
+ * another audit record.
+ *
+ * Note: we might wish to be able to continue here in the
+ * future, if the system recovers. That should be possible
+ * by means of checking the condition in a loop around
+ * cv_wait(). It might be desirable to reevaluate whether an
+ * audit record is still required for this event by
+ * re-calling au_preselect().
+ */
+ if (audit_in_failure &&
+ priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) {
+ cv_wait(&audit_fail_cv, &audit_mtx);
+ panic("audit_failing_stop: thread continued");
+ }
+ ar = audit_new(event, td);
+ } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
+ ar = audit_new(event, td);
+ else
+ ar = NULL;
+
+ return (ar);
+}
+
void
audit_free(struct kaudit_record *ar)
{
@@ -435,10 +487,7 @@
void
audit_syscall_enter(unsigned short code, struct thread *td)
{
- struct au_mask *aumask;
- au_class_t class;
au_event_t event;
- au_id_t auid;
KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
@@ -457,44 +506,7 @@
if (event == AUE_NULL)
return;
- /*
- * Check which audit mask to use; either the kernel non-attributable
- * event mask or the process audit mask.
- */
- auid = td->td_ucred->cr_audit.ai_auid;
- if (auid == AU_DEFAUDITID)
- aumask = &audit_nae_mask;
- else
- aumask = &td->td_ucred->cr_audit.ai_mask;
-
- /*
- * Allocate an audit record, if preselection allows it, and store in
- * the thread for later use.
- */
- class = au_event_class(event);
- if (au_preselect(event, class, aumask, AU_PRS_BOTH)) {
- /*
- * If we're out of space and need to suspend unprivileged
- * processes, do that here rather than trying to allocate
- * another audit record.
- *
- * Note: we might wish to be able to continue here in the
- * future, if the system recovers. That should be possible
- * by means of checking the condition in a loop around
- * cv_wait(). It might be desirable to reevaluate whether an
- * audit record is still required for this event by
- * re-calling au_preselect().
- */
- if (audit_in_failure &&
- priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) {
- cv_wait(&audit_fail_cv, &audit_mtx);
- panic("audit_failing_stop: thread continued");
- }
- td->td_ar = audit_new(event, td);
- } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0))
- td->td_ar = audit_new(event, td);
- else
- td->td_ar = NULL;
+ td->td_ar = audit_begin(event, td);
}
/*
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#5 (text) ====
@@ -117,10 +117,19 @@
#define ARG_NONE 0x0000000000000000ULL
#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL
+/*
+ * Functions for auditing syscalls.
+ */
void audit_syscall_enter(unsigned short code, struct thread *td);
void audit_syscall_exit(int error, struct thread *td);
/*
+ * Functions for auditing packet filter events.
+ */
+void audit_pfil_enable_ipfw(int error);
+void audit_pfil_disable_ipfw(int error);
+
+/*
* The remaining kernel functions are conditionally compiled in as they are
* wrapped by a macro, and the macro should be the only place in the source
* tree where these functions are referenced.
@@ -214,6 +223,14 @@
audit_sysclose(td, fd); \
} while (0)
+/*
+ * A macro to wrap audit functions.
+ */
+#define AUDIT_CALL(func) do { \
+ if (audit_enabled) \
+ func; \
+} while (0)
+
#else /* !AUDIT */
#define AUDIT_ARG(op, args...) do { \
@@ -228,6 +245,9 @@
#define AUDIT_SYSCLOSE(p, fd) do { \
} while (0)
+#define AUDIT_CALL(func) do {
+} while (0)
+
#endif /* AUDIT */
#endif /* !_SECURITY_AUDIT_KERNEL_H_ */
==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#2 (text) ====
@@ -61,20 +61,16 @@
* hasn't already been filled in?
*/
void
-audit_arg_addr(void *addr)
+audit_record_arg_addr(struct kaudit_record *ar, void *addr)
{
- struct kaudit_record *ar;
+ KASSERT(ar != NULL, ("audit_record_arg_addr: ar == NULL"));
- ar = currecord();
- if (ar == NULL)
- return;
-
ar->k_ar.ar_arg_addr = addr;
ARG_SET_VALID(ar, ARG_ADDR);
}
void
-audit_arg_exit(int status, int retval)
+audit_arg_addr(void *addr)
{
struct kaudit_record *ar;
@@ -82,13 +78,21 @@
if (ar == NULL)
return;
+ audit_record_arg_addr(ar, addr);
+}
+
+void
+audit_record_arg_exit(struct kaudit_record *ar, int status, int retval)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_exit: ar == NULL"));
+
ar->k_ar.ar_arg_exitstatus = status;
ar->k_ar.ar_arg_exitretval = retval;
ARG_SET_VALID(ar, ARG_EXIT);
}
void
-audit_arg_len(int len)
+audit_arg_exit(int status, int retval)
{
struct kaudit_record *ar;
@@ -96,12 +100,20 @@
if (ar == NULL)
return;
+ audit_record_arg_exit(ar, status, retval);
+}
+
+void
+audit_record_arg_len(struct kaudit_record *ar, int len)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_len: ar == NULL"));
+
ar->k_ar.ar_arg_len = len;
ARG_SET_VALID(ar, ARG_LEN);
}
void
-audit_arg_fd(int fd)
+audit_arg_len(int len)
{
struct kaudit_record *ar;
@@ -109,12 +121,20 @@
if (ar == NULL)
return;
+ audit_record_arg_len(ar, len);
+}
+
+void
+audit_record_arg_fd(struct kaudit_record *ar, int fd)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_fd: ar == NULL"));
+
ar->k_ar.ar_arg_fd = fd;
ARG_SET_VALID(ar, ARG_FD);
}
void
-audit_arg_fflags(int fflags)
+audit_arg_fd(int fd)
{
struct kaudit_record *ar;
@@ -122,12 +142,20 @@
if (ar == NULL)
return;
+ audit_record_arg_fd(ar, fd);
+}
+
+void
+audit_record_arg_fflags(struct kaudit_record *ar, int fflags)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_fflags: ar == NULL"));
+
ar->k_ar.ar_arg_fflags = fflags;
ARG_SET_VALID(ar, ARG_FFLAGS);
}
void
-audit_arg_gid(gid_t gid)
+audit_arg_fflags(int fflags)
{
struct kaudit_record *ar;
@@ -135,12 +163,20 @@
if (ar == NULL)
return;
+ audit_record_arg_fflags(ar, fflags);
+}
+
+void
+audit_record_arg_gid(struct kaudit_record *ar, gid_t gid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_gid: ar == NULL"));
+
ar->k_ar.ar_arg_gid = gid;
ARG_SET_VALID(ar, ARG_GID);
}
void
-audit_arg_uid(uid_t uid)
+audit_arg_gid(gid_t gid)
{
struct kaudit_record *ar;
@@ -148,12 +184,20 @@
if (ar == NULL)
return;
+ audit_record_arg_gid(ar, gid);
+}
+
+void
+audit_record_arg_uid(struct kaudit_record *ar, uid_t uid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_uid: ar == NULL"));
+
ar->k_ar.ar_arg_uid = uid;
ARG_SET_VALID(ar, ARG_UID);
}
void
-audit_arg_egid(gid_t egid)
+audit_arg_uid(uid_t uid)
{
struct kaudit_record *ar;
@@ -161,12 +205,20 @@
if (ar == NULL)
return;
+ audit_record_arg_uid(ar, uid);
+}
+
+void
+audit_record_arg_egid(struct kaudit_record *ar, gid_t egid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_egid: ar == NULL"));
+
ar->k_ar.ar_arg_egid = egid;
ARG_SET_VALID(ar, ARG_EGID);
}
void
-audit_arg_euid(uid_t euid)
+audit_arg_egid(gid_t egid)
{
struct kaudit_record *ar;
@@ -174,12 +226,20 @@
if (ar == NULL)
return;
+ audit_record_arg_egid(ar, egid);
+}
+
+void
+audit_record_arg_euid(struct kaudit_record *ar, uid_t euid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_euid: ar == NULL"));
+
ar->k_ar.ar_arg_euid = euid;
ARG_SET_VALID(ar, ARG_EUID);
}
void
-audit_arg_rgid(gid_t rgid)
+audit_arg_euid(uid_t euid)
{
struct kaudit_record *ar;
@@ -187,12 +247,20 @@
if (ar == NULL)
return;
+ audit_record_arg_euid(ar, euid);
+}
+
+void
+audit_record_arg_rgid(struct kaudit_record *ar, gid_t rgid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_rgid: ar == NULL"));
+
ar->k_ar.ar_arg_rgid = rgid;
ARG_SET_VALID(ar, ARG_RGID);
}
void
-audit_arg_ruid(uid_t ruid)
+audit_arg_rgid(gid_t rgid)
{
struct kaudit_record *ar;
@@ -200,12 +268,20 @@
if (ar == NULL)
return;
+ audit_record_arg_rgid(ar, rgid);
+}
+
+void
+audit_record_arg_ruid(struct kaudit_record *ar, uid_t ruid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_ruid: ar == NULL"));
+
ar->k_ar.ar_arg_ruid = ruid;
ARG_SET_VALID(ar, ARG_RUID);
}
void
-audit_arg_sgid(gid_t sgid)
+audit_arg_ruid(uid_t ruid)
{
struct kaudit_record *ar;
@@ -213,12 +289,20 @@
if (ar == NULL)
return;
+ audit_record_arg_ruid(ar, ruid);
+}
+
+void
+audit_record_arg_sgid(struct kaudit_record *ar, gid_t sgid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_sgid: ar == NULL"));
+
ar->k_ar.ar_arg_sgid = sgid;
ARG_SET_VALID(ar, ARG_SGID);
}
void
-audit_arg_suid(uid_t suid)
+audit_arg_sgid(gid_t sgid)
{
struct kaudit_record *ar;
@@ -226,20 +310,38 @@
if (ar == NULL)
return;
+ audit_record_arg_sgid(ar, sgid);
+}
+
+void
+audit_record_arg_suid(struct kaudit_record *ar, uid_t suid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_suid: ar == NULL"));
+
ar->k_ar.ar_arg_suid = suid;
ARG_SET_VALID(ar, ARG_SUID);
}
void
-audit_arg_groupset(gid_t *gidset, u_int gidset_size)
+audit_arg_suid(uid_t suid)
{
- int i;
struct kaudit_record *ar;
ar = currecord();
if (ar == NULL)
return;
+ audit_record_arg_suid(ar, suid);
+}
+
+void
+audit_record_arg_groupset(struct kaudit_record *ar, gid_t *gidset,
+ u_int gidset_size)
+{
+ int i;
+
+ KASSERT(ar != NULL, ("audit_record_arg_groupset: ar == NULL"));
+
for (i = 0; i < gidset_size; i++)
ar->k_ar.ar_arg_groups.gidset[i] = gidset[i];
ar->k_ar.ar_arg_groups.gidset_size = gidset_size;
@@ -247,7 +349,7 @@
}
void
-audit_arg_login(char *login)
+audit_arg_groupset(gid_t *gidset, u_int gidset_size)
{
struct kaudit_record *ar;
@@ -255,12 +357,20 @@
if (ar == NULL)
return;
+ audit_record_arg_groupset(ar, gidset, gidset_size);
+}
+
+void
+audit_record_arg_login(struct kaudit_record *ar, char *login)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_login: ar == NULL"));
+
strlcpy(ar->k_ar.ar_arg_login, login, MAXLOGNAME);
ARG_SET_VALID(ar, ARG_LOGIN);
}
void
-audit_arg_ctlname(int *name, int namelen)
+audit_arg_login(char *login)
{
struct kaudit_record *ar;
@@ -268,13 +378,21 @@
if (ar == NULL)
return;
+ audit_record_arg_login(ar, login);
+}
+
+void
+audit_record_arg_ctlname(struct kaudit_record *ar, int *name, int namelen)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_ctlname: ar == NULL"));
+
bcopy(name, &ar->k_ar.ar_arg_ctlname, namelen * sizeof(int));
ar->k_ar.ar_arg_len = namelen;
ARG_SET_VALID(ar, ARG_CTLNAME | ARG_LEN);
}
void
-audit_arg_mask(int mask)
+audit_arg_ctlname(int *name, int namelen)
{
struct kaudit_record *ar;
@@ -282,12 +400,20 @@
if (ar == NULL)
return;
+ audit_record_arg_ctlname(ar, name, namelen);
+}
+
+void
+audit_record_arg_mask(struct kaudit_record *ar, int mask)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_mask: ar == NULL"));
+
ar->k_ar.ar_arg_mask = mask;
ARG_SET_VALID(ar, ARG_MASK);
}
void
-audit_arg_mode(mode_t mode)
+audit_arg_mask(int mask)
{
struct kaudit_record *ar;
@@ -295,12 +421,20 @@
if (ar == NULL)
return;
+ audit_record_arg_mask(ar, mask);
+}
+
+void
+audit_record_arg_mode(struct kaudit_record *ar, mode_t mode)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_mode: ar == NULL"));
+
ar->k_ar.ar_arg_mode = mode;
ARG_SET_VALID(ar, ARG_MODE);
}
void
-audit_arg_dev(int dev)
+audit_arg_mode(mode_t mode)
{
struct kaudit_record *ar;
@@ -308,12 +442,20 @@
if (ar == NULL)
return;
+ audit_record_arg_mode(ar, mode);
+}
+
+void
+audit_record_arg_dev(struct kaudit_record *ar, int dev)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_dev: ar == NULL"));
+
ar->k_ar.ar_arg_dev = dev;
ARG_SET_VALID(ar, ARG_DEV);
}
void
-audit_arg_value(long value)
+audit_arg_dev(int dev)
{
struct kaudit_record *ar;
@@ -321,12 +463,20 @@
if (ar == NULL)
return;
+ audit_record_arg_dev(ar, dev);
+}
+
+void
+audit_record_arg_value(struct kaudit_record *ar, long value)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_value: ar == NULL"));
+
ar->k_ar.ar_arg_value = value;
ARG_SET_VALID(ar, ARG_VALUE);
}
void
-audit_arg_owner(uid_t uid, gid_t gid)
+audit_arg_value(long value)
{
struct kaudit_record *ar;
@@ -334,13 +484,21 @@
if (ar == NULL)
return;
+ audit_record_arg_value(ar, value);
+}
+
+void
+audit_record_arg_owner(struct kaudit_record *ar, uid_t uid, gid_t gid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_owner: ar == NULL"));
+
ar->k_ar.ar_arg_uid = uid;
ar->k_ar.ar_arg_gid = gid;
ARG_SET_VALID(ar, ARG_UID | ARG_GID);
}
void
-audit_arg_pid(pid_t pid)
+audit_arg_owner(uid_t uid, gid_t gid)
{
struct kaudit_record *ar;
@@ -348,23 +506,38 @@
if (ar == NULL)
return;
+ audit_record_arg_owner(ar, uid, gid);
+}
+
+void
+audit_record_arg_pid(struct kaudit_record *ar, pid_t pid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_pid: ar == NULL"));
+
ar->k_ar.ar_arg_pid = pid;
ARG_SET_VALID(ar, ARG_PID);
}
void
-audit_arg_process(struct proc *p)
+audit_arg_pid(pid_t pid)
{
struct kaudit_record *ar;
- KASSERT(p != NULL, ("audit_arg_process: p == NULL"));
-
- PROC_LOCK_ASSERT(p, MA_OWNED);
-
ar = currecord();
if (ar == NULL)
return;
+ audit_record_arg_pid(ar, pid);
+}
+
+void
+audit_record_arg_process(struct kaudit_record *ar, struct proc *p)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_process: ar == NULL"));
+ KASSERT(p != NULL, ("audit_record_arg_process: p == NULL"));
+
+ PROC_LOCK_ASSERT(p, MA_OWNED);
+
ar->k_ar.ar_arg_auid = p->p_ucred->cr_audit.ai_auid;
ar->k_ar.ar_arg_euid = p->p_ucred->cr_uid;
ar->k_ar.ar_arg_egid = p->p_ucred->cr_groups[0];
@@ -378,7 +551,7 @@
}
void
-audit_arg_signum(u_int signum)
+audit_arg_process(struct proc *p)
{
struct kaudit_record *ar;
@@ -386,12 +559,20 @@
if (ar == NULL)
return;
+ audit_record_arg_process(ar, p);
+}
+
+void
+audit_record_arg_signum(struct kaudit_record *ar, u_int signum)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_signum: ar == NULL"));
+
ar->k_ar.ar_arg_signum = signum;
ARG_SET_VALID(ar, ARG_SIGNUM);
}
void
-audit_arg_socket(int sodomain, int sotype, int soprotocol)
+audit_arg_signum(u_int signum)
{
struct kaudit_record *ar;
@@ -399,6 +580,15 @@
if (ar == NULL)
return;
+ audit_record_arg_signum(ar, signum);
+}
+
+void
+audit_record_arg_socket(struct kaudit_record *ar, int sodomain, int sotype,
+ int soprotocol)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_socket: ar == NULL"));
+
ar->k_ar.ar_arg_sockinfo.so_domain = sodomain;
ar->k_ar.ar_arg_sockinfo.so_type = sotype;
ar->k_ar.ar_arg_sockinfo.so_protocol = soprotocol;
@@ -406,17 +596,25 @@
}
void
-audit_arg_sockaddr(struct thread *td, struct sockaddr *sa)
+audit_arg_socket(int sodomain, int sotype, int soprotocol)
{
struct kaudit_record *ar;
- KASSERT(td != NULL, ("audit_arg_sockaddr: td == NULL"));
- KASSERT(sa != NULL, ("audit_arg_sockaddr: sa == NULL"));
-
ar = currecord();
if (ar == NULL)
return;
+ audit_record_arg_socket(ar, sodomain, sotype, soprotocol);
+}
+
+void
+audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td,
+ struct sockaddr *sa)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_sockaddr: ar == NULL"));
+ KASSERT(td != NULL, ("audit_record_arg_sockaddr: td == NULL"));
+ KASSERT(sa != NULL, ("audit_record_arg_sockaddr: sa == NULL"));
+
bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
switch (sa->sa_family) {
case AF_INET:
@@ -428,8 +626,8 @@
break;
case AF_UNIX:
- audit_arg_upath(td, ((struct sockaddr_un *)sa)->sun_path,
- ARG_UPATH1);
+ audit_record_arg_upath(ar, td,
+ ((struct sockaddr_un *)sa)->sun_path, ARG_UPATH1);
ARG_SET_VALID(ar, ARG_SADDRUNIX);
break;
/* XXXAUDIT: default:? */
@@ -437,7 +635,7 @@
}
void
-audit_arg_auid(uid_t auid)
+audit_arg_sockaddr(struct thread *td, struct sockaddr *sa)
{
struct kaudit_record *ar;
@@ -445,12 +643,20 @@
if (ar == NULL)
return;
+ audit_record_arg_sockaddr(ar, td, sa);
+}
+
+void
+audit_record_arg_auid(struct kaudit_record *ar, uid_t auid)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_auid: ar == NULL"));
+
ar->k_ar.ar_arg_auid = auid;
ARG_SET_VALID(ar, ARG_AUID);
}
void
-audit_arg_auditinfo(struct auditinfo *au_info)
+audit_arg_auid(uid_t auid)
{
struct kaudit_record *ar;
@@ -458,6 +664,14 @@
if (ar == NULL)
return;
+ audit_record_arg_auid(ar, auid);
+}
+
+void
+audit_record_arg_auditinfo(struct kaudit_record *ar, struct auditinfo *au_info)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_auditinfo: ar == NULL"));
+
ar->k_ar.ar_arg_auid = au_info->ai_auid;
ar->k_ar.ar_arg_asid = au_info->ai_asid;
ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success;
@@ -468,7 +682,7 @@
}
void
-audit_arg_auditinfo_addr(struct auditinfo_addr *au_info)
+audit_arg_auditinfo(struct auditinfo *au_info)
{
struct kaudit_record *ar;
@@ -476,6 +690,15 @@
if (ar == NULL)
return;
+ audit_record_arg_auditinfo(ar, au_info);
+}
+
+void
+audit_record_arg_auditinfo_addr(struct kaudit_record *ar,
+ struct auditinfo_addr *au_info)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_auditinfo_addr: ar == NULL"));
+
ar->k_ar.ar_arg_auid = au_info->ai_auid;
ar->k_ar.ar_arg_asid = au_info->ai_asid;
ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success;
@@ -490,16 +713,23 @@
}
void
-audit_arg_text(char *text)
+audit_arg_auditinfo_addr(struct auditinfo_addr *au_info)
{
struct kaudit_record *ar;
- KASSERT(text != NULL, ("audit_arg_text: text == NULL"));
-
ar = currecord();
if (ar == NULL)
return;
+ audit_record_arg_auditinfo_addr(ar, au_info);
+}
+
+void
+audit_record_arg_text(struct kaudit_record *ar, char *text)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_text: ar == NULL"));
+ KASSERT(text != NULL, ("audit_record_arg_text: text == NULL"));
+
/* Invalidate the text string */
ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT);
@@ -512,7 +742,7 @@
}
void
-audit_arg_cmd(int cmd)
+audit_arg_text(char *text)
{
struct kaudit_record *ar;
@@ -520,12 +750,20 @@
if (ar == NULL)
return;
+ audit_record_arg_text(ar, text);
+}
+
+void
+audit_record_arg_cmd(struct kaudit_record *ar, int cmd)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_cmd: ar == NULL"));
+
ar->k_ar.ar_arg_cmd = cmd;
ARG_SET_VALID(ar, ARG_CMD);
}
void
-audit_arg_svipc_cmd(int cmd)
+audit_arg_cmd(int cmd)
{
struct kaudit_record *ar;
@@ -533,12 +771,20 @@
if (ar == NULL)
return;
+ audit_record_arg_cmd(ar, cmd);
+}
+
+void
+audit_record_arg_svipc_cmd(struct kaudit_record *ar, int cmd)
+{
+ KASSERT(ar != NULL, ("audit_record_arg_svipc_cmd: ar == NULL"));
+
ar->k_ar.ar_arg_svipc_cmd = cmd;
ARG_SET_VALID(ar, ARG_SVIPC_CMD);
}
void
-audit_arg_svipc_perm(struct ipc_perm *perm)
+audit_arg_svipc_cmd(int cmd)
{
struct kaudit_record *ar;
@@ -546,13 +792,21 @@
if (ar == NULL)
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list