PERFORCE change 180422 for review
Efstratios Karatzas
gpf at FreeBSD.org
Fri Jul 2 21:38:54 UTC 2010
http://p4web.freebsd.org/@@180422?ac=10
Change 180422 by gpf at gpf_desktop on 2010/07/02 21:38:21
- nfsv4 open operation for nfsv4 belongs to audit class 'fc'
- made the required changes so that nfsv4 ops that are supposed
to change the current filehandle, actually do so. Also, changed
getfh() so that the filehandle containing the hint is returned
to the client. savefh() now saves the actual filehandle
instead of just the vnode pointer. Tested the hell out of this
change and it seems to be working fine.
- provided audit support for a few more nfsv4 ops
This is a work in progress - the code I'm editing now will
be going through changes this weekend.
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#5 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#7 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdsocket.c#10 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#12 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#5 (text) ====
@@ -397,7 +397,7 @@
2029:AUE_NFS_LOCKU:nfsrv_locku():fm
2030:AUE_NFS_LOOKUPP:nfsrv_lockupp():fa,ad
2031:AUE_NFS_NVERIFY:nfsrv_nverify():fa
-2032:AUE_NFS_OPEN:nfsrv_open():fa
+2032:AUE_NFS_OPEN:nfsrv_open():fa,fc
2033:AUE_NFS_OPENATTR:nfsrv_openattr():fa
2034:AUE_NFS_OPENCONFIRM:nfsrv_openconfirm():fa
2035:AUE_NFS_OPENDOWNGRADE:nfsrv_opendowngrade():fm
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#7 (text+ko) ====
@@ -1729,6 +1729,8 @@
nd->nd_repstat = nfsvno_getattr(ndp->ni_vp,
nvap, nd->nd_cred, p);
}
+ else if (nd->nd_flag & ND_NFSV4)
+ nfsvno_getfh(ndp->ni_vp, fhp, p, ndp->ni_dvp);
if (vpp) {
NFSVOPUNLOCK(ndp->ni_vp, 0, p);
*vpp = ndp->ni_vp;
@@ -2826,6 +2828,7 @@
(void) nfsm_strtom(nd, "OWNER@", 6);
}
*vpp = vp;
+ nfsvno_getfh(vp, fhp, p, dp);
} else if (vp) {
vrele(vp);
}
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdsocket.c#10 (text+ko) ====
@@ -534,11 +534,12 @@
u_int32_t minorvers, retops = 0, *retopsp = NULL, *repp;
u_char tag[NFSV4_SMALLSTR + 1], *tagstr;
vnode_t vp, nvp, savevp;
- struct nfsrvfh fh;
+ struct nfsrvfh fh, savefh;
mount_t mp, savemp;
struct ucred *credanon;
struct nfsexstuff nes, vpnes, savevpnes;
static u_int64_t compref = 0;
+ int rootfhflag = 0, pubfhflag = 0;
NFSVNO_EXINIT(&vpnes);
NFSVNO_EXINIT(&savevpnes);
@@ -742,7 +743,7 @@
if (nd->nd_nam != NULL)
AUDIT_ARG_SOCKADDR_IN((struct sockaddr_in *)nd->nd_nam);
switch (op) {
- /* xxx gpf */
+ /* xxx gpf dbg */
printf("op = %d\n", op);
case NFSV4OP_PUTFH:
error = nfsrv_mtofh(nd, &fh);
@@ -770,6 +771,7 @@
}
break;
case NFSV4OP_PUTPUBFH:
+ pubfhflag = 1;
if (nfs_pubfhset) {
nes.nes_vfslocked = vpnes.nes_vfslocked;
nfsd_fhtovp(nd, &nfs_pubfh, &nvp,
@@ -791,7 +793,9 @@
}
break;
case NFSV4OP_PUTROOTFH:
+ rootfhflag = 1;
if (nfs_rootfhset) {
+ printf("mpkha sto prwto\n");
nes.nes_vfslocked = vpnes.nes_vfslocked;
nfsd_fhtovp(nd, &nfs_rootfh, &nvp,
&nes, &mp, 0, p);
@@ -808,6 +812,7 @@
vpnes = nes;
}
} else if (nfsv4root_vp && nfsv4root_set) {
+ printf("mpkha sto deytero\n");
if (vp) {
if (vpnes.nes_vfslocked)
nfsvno_unlockvfs(mp);
@@ -833,8 +838,8 @@
savevp = vp;
savevpnes = vpnes;
savemp = mp;
+ NFSBCOPY(&fh, &savefh, sizeof(fh));
}
- /* XXXgpf: is this the correct filehandle? */
if (savevp) {
nfsrv_auditpath(savevp, NULL, NULL,
(fhandle_t *)fh.nfsrvfh_data, 1);
@@ -849,10 +854,9 @@
case NFSV4OP_RESTOREFH:
if (savevp) {
nd->nd_repstat = 0;
- /* XXXgpf: file handle? */
vref(savevp);
nfsrv_auditpath(savevp, NULL, NULL,
- NULL, 1);
+ (fhandle_t *)savefh.nfsrvfh_data, 1);
vn_lock(savevp, LK_EXCLUSIVE);
AUDIT_ARG_VNODE1(savevp);
VOP_UNLOCK(savevp, 0);
@@ -877,6 +881,7 @@
vp = savevp;
vpnes = savevpnes;
mp = savemp;
+ NFSBCOPY(&savefh, &fh, sizeof(fh));
}
} else {
nd->nd_repstat = NFSERR_RESTOREFH;
@@ -929,6 +934,8 @@
NFS_STARTWRITE(NULL, &mp);
error = (*(nfsrv4_ops1[op]))(nd, isdgram, vp,
&nvp, (fhandle_t *)fh.nfsrvfh_data, p, &vpnes);
+ nfsrv_auditpath(nvp, NULL, NULL,
+ (fhandle_t *)fh.nfsrvfh_data, 1);
if (!error && !nd->nd_repstat) {
if (vfs_statfs(mp)->f_fsid.val[0] !=
vfs_statfs(vnode_mount(nvp))->f_fsid.val[0] ||
@@ -987,9 +994,9 @@
error = (*(nfsrv4_ops2[op]))(nd, isdgram, savevp,
vp, p, &savevpnes, &vpnes);
if (savevp) {
- if (nd->nd_procnum == NFSPROC_LINK)
+ if (nd->nd_procnum == NFSV4OP_LINK)
nfsrv_auditpath(savevp, NULL, NULL,
- (fhandle_t *)fh.nfsrvfh_data, 2);
+ (fhandle_t *)savefh.nfsrvfh_data, 2);
vrele(savevp);
}
if (nfsv4_opflag[op].modifyfs)
@@ -1016,8 +1023,27 @@
}
break;
}
- error = (*(nfsrv4_ops0[op]))(nd, isdgram, vp,
- p, &vpnes);
+ /*
+ * XXXgpf:
+ * NFSV4OP_GETFH hack so that current filehandle, with the hint stored inside,
+ * is returned instead of recomputing the filehandle and losing the hint.
+ */
+ if (op == NFSV4OP_GETFH) {
+ fhandle_t * fhp;
+
+ vput(vp);
+ if (rootfhflag)
+ fhp = (fhandle_t *)nfs_rootfh.nfsrvfh_data;
+ else if (pubfhflag)
+ fhp = (fhandle_t *)nfs_pubfh.nfsrvfh_data;
+ else
+ fhp = (fhandle_t *)fh.nfsrvfh_data;
+ (void) nfsm_fhtom(nd, (u_int8_t *)fhp, 0, 0);
+ error = 0;
+ }
+ else
+ error = (*(nfsrv4_ops0[op]))(nd, isdgram, vp,
+ p, &vpnes);
if (nfsv4_opflag[op].modifyfs)
NFS_ENDWRITE(mp);
} else {
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#12 (text) ====
@@ -1648,11 +1648,14 @@
}
break;
+ /* XXXgpf: temporary fallthrough for nfsv4 events */
case AUE_NFS_PUTFH:
case AUE_NFS_PUTPUBFH:
case AUE_NFS_PUTROOTFH:
case AUE_NFS_RESTOREFH:
case AUE_NFS_SAVEFH:
+ case AUE_NFS_OPEN:
+ case AUE_NFS_LOOKUPP:
UPATH1_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
@@ -1667,10 +1670,8 @@
case AUE_NFSv4_GETFH:
case AUE_NFS_LOCK:
case AUE_NFS_LOCKT:
- case AUE_NFS_LOCKU:
- case AUE_NFS_LOOKUPP:
- case AUE_NFS_NVERIFY:
- case AUE_NFS_OPEN:
+ case AUE_NFS_LOCKU:
+ case AUE_NFS_NVERIFY:
case AUE_NFS_OPENATTR:
case AUE_NFS_OPENCONFIRM:
case AUE_NFS_OPENDOWNGRADE:
More information about the p4-projects
mailing list