PERFORCE change 187034 for review

Sat Dec 18 17:01:35 UTC 2010

http://p4web.freebsd.org/@@187034?ac=10

Change 187034 by gpf at gpf_desktop on 2010/12/18 17:01:26

	bugfix: some of the functions in audit_arg.c were being called 
	directly and not through the appropriate macros that check 
	if we are auditing atm. e.g. This caused audit_arg_auditinfo()
	to pagefault because of a missing audit_record in case we 
	were not auditing naflags:ad (for the setaudit syscall).
	
	Remember that now we *do* have an kaudit_record even if we are 
	not auditing an event because we need to keep some state.
	The audit_record on the other hand is allocated on demand.
	
	I also added macros for other audit_arg_* functions that were 
	missing.

Affected files ...

.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 edit

Differences ...

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 (text) ====

@@ -167,11 +167,26 @@
 		audit_arg_atfd2((atfd));				\
 } while (0)
 
+#define	AUDIT_ARG_AUDITINFO(au_info) do {				\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_auditinfo((au_info));				\
+} while (0)
+
+#define	AUDIT_ARG_AUDITINFO_ADDR(au_info) do {				\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_auditinfo_addr((au_info));			\
+} while (0)
+
 #define	AUDIT_ARG_AUDITON(udata) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_auditon((udata));				\
 } while (0)
 
+#define	AUDIT_ARG_AUID(auid) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_auid((auid));					\
+} while (0)
+
 #define AUDIT_ARG_CLIENTID(clientid) do {				\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_clientid((clientid));				\
@@ -187,6 +202,11 @@
 		audit_arg_cmd((cmd));					\
 } while (0)
 
+#define AUDIT_ARG_CTLNAME(name, namelen) do {				\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_ctlname((name), (namelen));			\
+} while (0)
+
 #define	AUDIT_ARG_DEV(dev) do {						\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_dev((dev));					\
@@ -237,6 +257,11 @@
 		audit_arg_groupset((gidset), (gidset_size));		\
 } while (0)
 
+#define	AUDIT_ARG_LEN(len) do {						\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_len((len));					\
+} while (0)
+
 #define AUDIT_ARG_LOCKOWNER(lockowner, size) do {			\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_lockowner((lockowner), (size));		\
@@ -247,6 +272,16 @@
 		audit_arg_locktype((locktype));				\
 } while (0)
 
+#define AUDIT_ARG_LOGIN(login) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_login((login));				\
+} while (0)
+
+#define	AUDIT_ARG_MASK(mask) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_mask((mask));					\
+} while (0)
+
 #define	AUDIT_ARG_MODE(mode) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_mode((mode));					\
@@ -307,6 +342,31 @@
 		audit_arg_suid((suid));					\
 } while (0)
 
+#define	AUDIT_ARG_SVIPC_CMD(cmd) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_svipc_cmd((cmd));				\
+} while (0)
+
+#define	AUDIT_ARG_SVIPC_PERM(perm) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_svipc_perm((perm));				\
+} while (0)
+
+#define	AUDIT_ARG_SVIPC_ID(id) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_svipc_id((id));				\
+} while (0)
+
+#define	AUDIT_ARG_SVIPC_ADDR(addr) do {					\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_svipc_addr((addr));				\
+} while (0)
+
+#define	AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode) do {			\
+	if (AUDITING_TD(curthread))					\
+		audit_arg_svipc_ipc_perm((uid), (gid), (mode));		\
+} while (0)
+
 #define	AUDIT_ARG_TEXT(text) do {					\
 	if (AUDITING_TD(curthread))					\
 		audit_arg_text((text));					\
@@ -415,9 +475,13 @@
 #define	AUDIT_ARG_ARGV(argv, argc, length)
 #define	AUDIT_ARG_ATFD1(atfd)
 #define	AUDIT_ARG_ATFD2(atfd)
+#define	AUDIT_ARG_AUDITINFO(au_info)
+#define	AUDIT_ARG_AUDITINFO_ADDR(au_info)
 #define	AUDIT_ARG_AUDITON(udata)
+#define	AUDIT_ARG_AUID(auid)
 #define AUDIT_ARG_CLIENTID(clientid)
 #define AUDIT_ARG_CLIENTNAME(clientname, size)
+#define AUDIT_ARG_CTLNAME(name, namelen)
 #define	AUDIT_ARG_CMD(cmd)
 #define	AUDIT_ARG_DEV(dev)
 #define	AUDIT_ARG_EGID(egid)
@@ -429,8 +493,11 @@
 #define	AUDIT_ARG_FFLAGS(fflags)
 #define	AUDIT_ARG_GID(gid)
 #define	AUDIT_ARG_GROUPSET(gidset, gidset_size)
+#define	AUDIT_ARG_LEN(len)
 #define AUDIT_ARG_LOCKOWNER(lockowner, size)
 #define AUDIT_ARG_LOCKTYPE(locktype)
+#define AUDIT_ARG_LOGIN(login)
+#define	AUDIT_ARG_MASK(mask)
 #define	AUDIT_ARG_MODE(mode)
 #define	AUDIT_ARG_OWNER(uid, gid)
 #define	AUDIT_ARG_PID(pid)
@@ -443,6 +510,11 @@
 #define AUDIT_ARG_SOCKADDR_IN(sin)
 #define	AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol)
 #define	AUDIT_ARG_SUID(suid)
+#define	AUDIT_ARG_SVIPC_CMD(cmd)
+#define	AUDIT_ARG_SVIPC_PERM(perm)
+#define	AUDIT_ARG_SVIPC_ID(id)
+#define	AUDIT_ARG_SVIPC_ADDR(addr)
+#define	AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode)
 #define	AUDIT_ARG_TEXT(text)
 #define	AUDIT_ARG_UID(uid)
 #define	AUDIT_ARG_UPATH1(td, upath)

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 (text) ====

@@ -52,7 +52,7 @@
 
 /*
  * Calls to manipulate elements of the audit record structure from system
- * call code.  Macro wrappers will prevent this functions from being entered
+ * call code.  Macro wrappers will prevent these functions from being entered
  * if auditing is disabled, avoiding the function call cost.  We check the
  * thread audit record pointer anyway, as the audit condition could change,
  * and pre-selection may not have allocated an audit record for this event.

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 (text) ====

@@ -586,7 +586,7 @@
 	error = copyin(uap->auid, &id, sizeof(id));
 	if (error)
 		return (error);
-	audit_arg_auid(id);
+	AUDIT_ARG_AUID(id);
 	newcred = crget();
 	PROC_LOCK(td->td_proc);
 	oldcred = td->td_proc->p_ucred;
@@ -651,7 +651,7 @@
 	error = copyin(uap->auditinfo, &ai, sizeof(ai));
 	if (error)
 		return (error);
-	audit_arg_auditinfo(&ai);
+	AUDIT_ARG_AUDITINFO(&ai);
 	newcred = crget();
 	PROC_LOCK(td->td_proc);
 	oldcred = td->td_proc->p_ucred;
@@ -711,7 +711,7 @@
 	error = copyin(uap->auditinfo_addr, &aia, sizeof(aia));
 	if (error)
 		return (error);
-	audit_arg_auditinfo_addr(&aia);
+	AUDIT_ARG_AUDITINFO_ADDR(&aia);
 	if (aia.ai_termid.at_type != AU_IPv6 &&
 	    aia.ai_termid.at_type != AU_IPv4)
 		return (EINVAL);
