PERFORCE change 181170 for review
Efstratios Karatzas
gpf at FreeBSD.org
Mon Jul 19 14:34:21 UTC 2010
http://p4web.freebsd.org/@@181170?ac=10
Change 181170 by gpf at gpf_desktop on 2010/07/19 14:34:02
- The building block of our event tree is going to be the
'kaudit_record' data structure. We need to keep state even for
the events that we do not wish to audit; but there's no need to
waste memory on the 'audit_record' data structure for those cases,
so allocate it on demand.
This change simply makes the audit framework work with a heap allocated
audit_record.
- fixed minor bug with the auditing of nfs op 'symlink'.
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#12 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#8 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#19 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#9 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_worker.c#2 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#12 (text) ====
@@ -83,6 +83,7 @@
MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage");
MALLOC_DEFINE(M_AUDITLOCKOWNER, "audit_lockowner", "Audit lockowner storage");
MALLOC_DEFINE(M_AUDITCLIENTNAME, "audit_clientname", "Audit client name storage");
+MALLOC_DEFINE(M_AUDITRECORD, "audit_record", "Audit Record storage");
SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
"TrustedBSD audit controls");
@@ -220,22 +221,25 @@
td = arg;
ar = mem;
bzero(ar, sizeof(*ar));
- ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;
- nanotime(&ar->k_ar.ar_starttime);
+ /* XXXgpf: we should allocate a k_ar, iff we are auditing this event -> todo */
+ ar->k_ar = malloc(sizeof(struct audit_record), M_AUDITRECORD, M_WAITOK);
+ bzero(ar->k_ar, sizeof(struct audit_record));
+ ar->k_ar->ar_magic = AUDIT_RECORD_MAGIC;
+ nanotime(&ar->k_ar->ar_starttime);
/*
* Export the subject credential.
*/
cred = td->td_ucred;
- cru2x(cred, &ar->k_ar.ar_subj_cred);
- ar->k_ar.ar_subj_ruid = cred->cr_ruid;
- ar->k_ar.ar_subj_rgid = cred->cr_rgid;
- ar->k_ar.ar_subj_egid = cred->cr_groups[0];
- ar->k_ar.ar_subj_auid = cred->cr_audit.ai_auid;
- ar->k_ar.ar_subj_asid = cred->cr_audit.ai_asid;
- ar->k_ar.ar_subj_pid = td->td_proc->p_pid;
- ar->k_ar.ar_subj_amask = cred->cr_audit.ai_mask;
- ar->k_ar.ar_subj_term_addr = cred->cr_audit.ai_termid;
+ cru2x(cred, &ar->k_ar->ar_subj_cred);
+ ar->k_ar->ar_subj_ruid = cred->cr_ruid;
+ ar->k_ar->ar_subj_rgid = cred->cr_rgid;
+ ar->k_ar->ar_subj_egid = cred->cr_groups[0];
+ ar->k_ar->ar_subj_auid = cred->cr_audit.ai_auid;
+ ar->k_ar->ar_subj_asid = cred->cr_audit.ai_asid;
+ ar->k_ar->ar_subj_pid = td->td_proc->p_pid;
+ ar->k_ar->ar_subj_amask = cred->cr_audit.ai_mask;
+ ar->k_ar->ar_subj_term_addr = cred->cr_audit.ai_termid;
return (0);
}
@@ -247,24 +251,27 @@
KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size"));
ar = mem;
- if (ar->k_ar.ar_arg_upath1 != NULL)
- free(ar->k_ar.ar_arg_upath1, M_AUDITPATH);
- if (ar->k_ar.ar_arg_upath2 != NULL)
- free(ar->k_ar.ar_arg_upath2, M_AUDITPATH);
- if (ar->k_ar.ar_arg_text != NULL)
- free(ar->k_ar.ar_arg_text, M_AUDITTEXT);
- if (ar->k_udata != NULL)
- free(ar->k_udata, M_AUDITDATA);
- if (ar->k_ar.ar_arg_argv != NULL)
- free(ar->k_ar.ar_arg_argv, M_AUDITTEXT);
- if (ar->k_ar.ar_arg_envv != NULL)
- free(ar->k_ar.ar_arg_envv, M_AUDITTEXT);
- if (ar->k_ar.ar_arg_groups.gidset != NULL)
- free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET);
- if (ar->k_ar.ar_arg_lockowner != NULL)
- free(ar->k_ar.ar_arg_lockowner, M_AUDITLOCKOWNER);
- if (ar->k_ar.ar_arg_clientname != NULL)
- free(ar->k_ar.ar_arg_clientname, M_AUDITCLIENTNAME);
+ if (ar->k_ar != NULL) {
+ if (ar->k_ar->ar_arg_upath1 != NULL)
+ free(ar->k_ar->ar_arg_upath1, M_AUDITPATH);
+ if (ar->k_ar->ar_arg_upath2 != NULL)
+ free(ar->k_ar->ar_arg_upath2, M_AUDITPATH);
+ if (ar->k_ar->ar_arg_text != NULL)
+ free(ar->k_ar->ar_arg_text, M_AUDITTEXT);
+ if (ar->k_udata != NULL)
+ free(ar->k_udata, M_AUDITDATA);
+ if (ar->k_ar->ar_arg_argv != NULL)
+ free(ar->k_ar->ar_arg_argv, M_AUDITTEXT);
+ if (ar->k_ar->ar_arg_envv != NULL)
+ free(ar->k_ar->ar_arg_envv, M_AUDITTEXT);
+ if (ar->k_ar->ar_arg_groups.gidset != NULL)
+ free(ar->k_ar->ar_arg_groups.gidset, M_AUDITGIDSET);
+ if (ar->k_ar->ar_arg_lockowner != NULL)
+ free(ar->k_ar->ar_arg_lockowner, M_AUDITLOCKOWNER);
+ if (ar->k_ar->ar_arg_clientname != NULL)
+ free(ar->k_ar->ar_arg_clientname, M_AUDITCLIENTNAME);
+ free(ar->k_ar, M_AUDITRECORD);
+ }
}
/*
@@ -376,7 +383,8 @@
* in the kernel.
*/
ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK);
- ar->k_ar.ar_event = event;
+ if (ar->k_ar != NULL)
+ ar->k_ar->ar_event = event;
mtx_lock(&audit_mtx);
audit_pre_q_len++;
@@ -408,10 +416,10 @@
* Decide whether to commit the audit record by checking the error
* value from the system call and using the appropriate audit mask.
*/
- if (ar->k_ar.ar_subj_auid == AU_DEFAUDITID)
+ if (ar->k_ar->ar_subj_auid == AU_DEFAUDITID)
aumask = &audit_nae_mask;
else
- aumask = &ar->k_ar.ar_subj_amask;
+ aumask = &ar->k_ar->ar_subj_amask;
if (error)
sorf = AU_PRS_FAILURE;
@@ -423,34 +431,34 @@
* we will transform into a more specific event number now that we
* have more complete information gathered during the system call.
*/
- switch(ar->k_ar.ar_event) {
+ switch(ar->k_ar->ar_event) {
case AUE_OPEN_RWTC:
- ar->k_ar.ar_event = audit_flags_and_error_to_openevent(
- ar->k_ar.ar_arg_fflags, error);
+ ar->k_ar->ar_event = audit_flags_and_error_to_openevent(
+ ar->k_ar->ar_arg_fflags, error);
break;
case AUE_OPENAT_RWTC:
- ar->k_ar.ar_event = audit_flags_and_error_to_openatevent(
- ar->k_ar.ar_arg_fflags, error);
+ ar->k_ar->ar_event = audit_flags_and_error_to_openatevent(
+ ar->k_ar->ar_arg_fflags, error);
break;
case AUE_SYSCTL:
- ar->k_ar.ar_event = audit_ctlname_to_sysctlevent(
- ar->k_ar.ar_arg_ctlname, ar->k_ar.ar_valid_arg);
+ ar->k_ar->ar_event = audit_ctlname_to_sysctlevent(
+ ar->k_ar->ar_arg_ctlname, ar->k_ar->ar_valid_arg);
break;
case AUE_AUDITON:
/* Convert the auditon() command to an event. */
- ar->k_ar.ar_event = auditon_command_event(ar->k_ar.ar_arg_cmd);
+ ar->k_ar->ar_event = auditon_command_event(ar->k_ar->ar_arg_cmd);
break;
case AUE_NFS_OPEN:
- ar->k_ar.ar_event = audit_flags_to_nfs_openevent(ar->k_ar.ar_arg_fflags);
+ ar->k_ar->ar_event = audit_flags_to_nfs_openevent(ar->k_ar->ar_arg_fflags);
break;
}
- auid = ar->k_ar.ar_subj_auid;
- event = ar->k_ar.ar_event;
+ auid = ar->k_ar->ar_subj_auid;
+ event = ar->k_ar->ar_event;
class = au_event_class(event);
ar->k_ar_commit |= AR_COMMIT_KERNEL;
@@ -468,9 +476,9 @@
return;
}
- ar->k_ar.ar_errno = error;
- ar->k_ar.ar_retval = retval;
- nanotime(&ar->k_ar.ar_endtime);
+ ar->k_ar->ar_errno = error;
+ ar->k_ar->ar_retval = retval;
+ nanotime(&ar->k_ar->ar_endtime);
/*
* Note: it could be that some records initiated while audit was
@@ -715,10 +723,7 @@
au_event_t event;
au_id_t auid;
int error;
-
- if (td->td_ar != NULL) {
- printf("bug event = %d\n", td->td_ar->k_ar.ar_event);
- }
+
KASSERT(td->td_ar == NULL, ("audit_nfs_enter: td->td_ar != NULL"));
KASSERT((td->td_pflags & TDP_AUDITREC) == 0,
("audit_nfs_enter: TDP_AUDITREC set"));
@@ -793,10 +798,10 @@
* td->td_ucred = orig_cr;
*/
if (td->td_ar != NULL && user_cr != NULL) {
- cru2x(user_cr, &td->td_ar->k_ar.ar_subj_cred);
- td->td_ar->k_ar.ar_subj_ruid = user_cr->cr_ruid;
- td->td_ar->k_ar.ar_subj_rgid = user_cr->cr_rgid;
- td->td_ar->k_ar.ar_subj_egid = user_cr->cr_groups[0];
+ cru2x(user_cr, &td->td_ar->k_ar->ar_subj_cred);
+ td->td_ar->k_ar->ar_subj_ruid = user_cr->cr_ruid;
+ td->td_ar->k_ar->ar_subj_rgid = user_cr->cr_rgid;
+ td->td_ar->k_ar->ar_subj_egid = user_cr->cr_groups[0];
}
}
@@ -926,14 +931,15 @@
* Where possible coredump records should contain a pathname and arg32
* (signal) tokens.
*/
+ td->td_pflags |= TDP_AUDITREC;
ar = audit_new(AUE_CORE, td);
if (path != NULL) {
- pathp = &ar->k_ar.ar_arg_upath1;
+ pathp = &ar->k_ar->ar_arg_upath1;
*pathp = malloc(MAXPATHLEN, M_AUDITPATH, M_WAITOK);
audit_canon_path(td, path, *pathp);
ARG_SET_VALID(ar, ARG_UPATH1);
}
- ar->k_ar.ar_arg_signum = td->td_proc->p_sig;
+ ar->k_ar->ar_arg_signum = td->td_proc->p_sig;
ARG_SET_VALID(ar, ARG_SIGNUM);
if (errcode != 0)
ret = 1;
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#8 (text) ====
@@ -69,7 +69,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_addr = addr;
+ ar->k_ar->ar_arg_addr = addr;
ARG_SET_VALID(ar, ARG_ADDR);
}
@@ -82,8 +82,8 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_exitstatus = status;
- ar->k_ar.ar_arg_exitretval = retval;
+ ar->k_ar->ar_arg_exitstatus = status;
+ ar->k_ar->ar_arg_exitretval = retval;
ARG_SET_VALID(ar, ARG_EXIT);
}
@@ -96,7 +96,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_len = len;
+ ar->k_ar->ar_arg_len = len;
ARG_SET_VALID(ar, ARG_LEN);
}
@@ -109,7 +109,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_atfd1 = atfd;
+ ar->k_ar->ar_arg_atfd1 = atfd;
ARG_SET_VALID(ar, ARG_ATFD1);
}
@@ -122,7 +122,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_atfd2 = atfd;
+ ar->k_ar->ar_arg_atfd2 = atfd;
ARG_SET_VALID(ar, ARG_ATFD2);
}
@@ -135,7 +135,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_fd = fd;
+ ar->k_ar->ar_arg_fd = fd;
ARG_SET_VALID(ar, ARG_FD);
}
@@ -148,7 +148,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_fflags = fflags;
+ ar->k_ar->ar_arg_fflags = fflags;
ARG_SET_VALID(ar, ARG_FFLAGS);
}
@@ -161,7 +161,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_gid = gid;
+ ar->k_ar->ar_arg_gid = gid;
ARG_SET_VALID(ar, ARG_GID);
}
@@ -174,7 +174,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_uid = uid;
+ ar->k_ar->ar_arg_uid = uid;
ARG_SET_VALID(ar, ARG_UID);
}
@@ -187,7 +187,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_egid = egid;
+ ar->k_ar->ar_arg_egid = egid;
ARG_SET_VALID(ar, ARG_EGID);
}
@@ -200,7 +200,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_euid = euid;
+ ar->k_ar->ar_arg_euid = euid;
ARG_SET_VALID(ar, ARG_EUID);
}
@@ -213,7 +213,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_rgid = rgid;
+ ar->k_ar->ar_arg_rgid = rgid;
ARG_SET_VALID(ar, ARG_RGID);
}
@@ -226,7 +226,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_ruid = ruid;
+ ar->k_ar->ar_arg_ruid = ruid;
ARG_SET_VALID(ar, ARG_RUID);
}
@@ -239,7 +239,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_sgid = sgid;
+ ar->k_ar->ar_arg_sgid = sgid;
ARG_SET_VALID(ar, ARG_SGID);
}
@@ -252,7 +252,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_suid = suid;
+ ar->k_ar->ar_arg_suid = suid;
ARG_SET_VALID(ar, ARG_SUID);
}
@@ -269,13 +269,13 @@
if (ar == NULL)
return;
- if (ar->k_ar.ar_arg_groups.gidset == NULL)
- ar->k_ar.ar_arg_groups.gidset = malloc(
+ if (ar->k_ar->ar_arg_groups.gidset == NULL)
+ ar->k_ar->ar_arg_groups.gidset = malloc(
sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK);
for (i = 0; i < gidset_size; i++)
- ar->k_ar.ar_arg_groups.gidset[i] = gidset[i];
- ar->k_ar.ar_arg_groups.gidset_size = gidset_size;
+ ar->k_ar->ar_arg_groups.gidset[i] = gidset[i];
+ ar->k_ar->ar_arg_groups.gidset_size = gidset_size;
ARG_SET_VALID(ar, ARG_GROUPSET);
}
@@ -288,7 +288,7 @@
if (ar == NULL)
return;
- strlcpy(ar->k_ar.ar_arg_login, login, MAXLOGNAME);
+ strlcpy(ar->k_ar->ar_arg_login, login, MAXLOGNAME);
ARG_SET_VALID(ar, ARG_LOGIN);
}
@@ -301,8 +301,8 @@
if (ar == NULL)
return;
- bcopy(name, &ar->k_ar.ar_arg_ctlname, namelen * sizeof(int));
- ar->k_ar.ar_arg_len = namelen;
+ bcopy(name, &ar->k_ar->ar_arg_ctlname, namelen * sizeof(int));
+ ar->k_ar->ar_arg_len = namelen;
ARG_SET_VALID(ar, ARG_CTLNAME | ARG_LEN);
}
@@ -315,7 +315,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_mask = mask;
+ ar->k_ar->ar_arg_mask = mask;
ARG_SET_VALID(ar, ARG_MASK);
}
@@ -328,7 +328,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_mode = mode;
+ ar->k_ar->ar_arg_mode = mode;
ARG_SET_VALID(ar, ARG_MODE);
}
@@ -341,7 +341,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_dev = dev;
+ ar->k_ar->ar_arg_dev = dev;
ARG_SET_VALID(ar, ARG_DEV);
}
@@ -354,7 +354,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_value = value;
+ ar->k_ar->ar_arg_value = value;
ARG_SET_VALID(ar, ARG_VALUE);
}
@@ -367,8 +367,8 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_uid = uid;
- ar->k_ar.ar_arg_gid = gid;
+ ar->k_ar->ar_arg_uid = uid;
+ ar->k_ar->ar_arg_gid = gid;
ARG_SET_VALID(ar, ARG_UID | ARG_GID);
}
@@ -381,7 +381,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_pid = pid;
+ ar->k_ar->ar_arg_pid = pid;
ARG_SET_VALID(ar, ARG_PID);
}
@@ -400,14 +400,14 @@
return;
cred = p->p_ucred;
- ar->k_ar.ar_arg_auid = cred->cr_audit.ai_auid;
- ar->k_ar.ar_arg_euid = cred->cr_uid;
- ar->k_ar.ar_arg_egid = cred->cr_groups[0];
- ar->k_ar.ar_arg_ruid = cred->cr_ruid;
- ar->k_ar.ar_arg_rgid = cred->cr_rgid;
- ar->k_ar.ar_arg_asid = cred->cr_audit.ai_asid;
- ar->k_ar.ar_arg_termid_addr = cred->cr_audit.ai_termid;
- ar->k_ar.ar_arg_pid = p->p_pid;
+ ar->k_ar->ar_arg_auid = cred->cr_audit.ai_auid;
+ ar->k_ar->ar_arg_euid = cred->cr_uid;
+ ar->k_ar->ar_arg_egid = cred->cr_groups[0];
+ ar->k_ar->ar_arg_ruid = cred->cr_ruid;
+ ar->k_ar->ar_arg_rgid = cred->cr_rgid;
+ ar->k_ar->ar_arg_asid = cred->cr_audit.ai_asid;
+ ar->k_ar->ar_arg_termid_addr = cred->cr_audit.ai_termid;
+ ar->k_ar->ar_arg_pid = p->p_pid;
ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS);
}
@@ -421,7 +421,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_signum = signum;
+ ar->k_ar->ar_arg_signum = signum;
ARG_SET_VALID(ar, ARG_SIGNUM);
}
@@ -434,9 +434,9 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_sockinfo.so_domain = sodomain;
- ar->k_ar.ar_arg_sockinfo.so_type = sotype;
- ar->k_ar.ar_arg_sockinfo.so_protocol = soprotocol;
+ ar->k_ar->ar_arg_sockinfo.so_domain = sodomain;
+ ar->k_ar->ar_arg_sockinfo.so_type = sotype;
+ ar->k_ar->ar_arg_sockinfo.so_protocol = soprotocol;
ARG_SET_VALID(ar, ARG_SOCKINFO);
}
@@ -452,7 +452,7 @@
if (ar == NULL)
return;
- bcopy(sa, &ar->k_ar.ar_arg_sockaddr, sa->sa_len);
+ bcopy(sa, &ar->k_ar->ar_arg_sockaddr, sa->sa_len);
switch (sa->sa_family) {
case AF_INET:
ARG_SET_VALID(ar, ARG_SADDRINET);
@@ -497,7 +497,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_auid = auid;
+ ar->k_ar->ar_arg_auid = auid;
ARG_SET_VALID(ar, ARG_AUID);
}
@@ -510,12 +510,12 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_auid = au_info->ai_auid;
- ar->k_ar.ar_arg_asid = au_info->ai_asid;
- ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success;
- ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure;
- ar->k_ar.ar_arg_termid.port = au_info->ai_termid.port;
- ar->k_ar.ar_arg_termid.machine = au_info->ai_termid.machine;
+ ar->k_ar->ar_arg_auid = au_info->ai_auid;
+ ar->k_ar->ar_arg_asid = au_info->ai_asid;
+ ar->k_ar->ar_arg_amask.am_success = au_info->ai_mask.am_success;
+ ar->k_ar->ar_arg_amask.am_failure = au_info->ai_mask.am_failure;
+ ar->k_ar->ar_arg_termid.port = au_info->ai_termid.port;
+ ar->k_ar->ar_arg_termid.machine = au_info->ai_termid.machine;
ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID);
}
@@ -528,16 +528,16 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_auid = au_info->ai_auid;
- ar->k_ar.ar_arg_asid = au_info->ai_asid;
- ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success;
- ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure;
- ar->k_ar.ar_arg_termid_addr.at_type = au_info->ai_termid.at_type;
- ar->k_ar.ar_arg_termid_addr.at_port = au_info->ai_termid.at_port;
- ar->k_ar.ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0];
- ar->k_ar.ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1];
- ar->k_ar.ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2];
- ar->k_ar.ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3];
+ ar->k_ar->ar_arg_auid = au_info->ai_auid;
+ ar->k_ar->ar_arg_asid = au_info->ai_asid;
+ ar->k_ar->ar_arg_amask.am_success = au_info->ai_mask.am_success;
+ ar->k_ar->ar_arg_amask.am_failure = au_info->ai_mask.am_failure;
+ ar->k_ar->ar_arg_termid_addr.at_type = au_info->ai_termid.at_type;
+ ar->k_ar->ar_arg_termid_addr.at_port = au_info->ai_termid.at_port;
+ ar->k_ar->ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0];
+ ar->k_ar->ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1];
+ ar->k_ar->ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2];
+ ar->k_ar->ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3];
ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID_ADDR);
}
@@ -553,13 +553,13 @@
return;
/* Invalidate the text string */
- ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_TEXT);
+ ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_TEXT);
- if (ar->k_ar.ar_arg_text == NULL)
- ar->k_ar.ar_arg_text = malloc(MAXPATHLEN, M_AUDITTEXT,
+ if (ar->k_ar->ar_arg_text == NULL)
+ ar->k_ar->ar_arg_text = malloc(MAXPATHLEN, M_AUDITTEXT,
M_WAITOK);
- strncpy(ar->k_ar.ar_arg_text, text, MAXPATHLEN);
+ strncpy(ar->k_ar->ar_arg_text, text, MAXPATHLEN);
ARG_SET_VALID(ar, ARG_TEXT);
}
@@ -572,7 +572,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_cmd = cmd;
+ ar->k_ar->ar_arg_cmd = cmd;
ARG_SET_VALID(ar, ARG_CMD);
}
@@ -585,7 +585,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_svipc_cmd = cmd;
+ ar->k_ar->ar_arg_svipc_cmd = cmd;
ARG_SET_VALID(ar, ARG_SVIPC_CMD);
}
@@ -598,8 +598,8 @@
if (ar == NULL)
return;
- bcopy(perm, &ar->k_ar.ar_arg_svipc_perm,
- sizeof(ar->k_ar.ar_arg_svipc_perm));
+ bcopy(perm, &ar->k_ar->ar_arg_svipc_perm,
+ sizeof(ar->k_ar->ar_arg_svipc_perm));
ARG_SET_VALID(ar, ARG_SVIPC_PERM);
}
@@ -612,7 +612,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_svipc_id = id;
+ ar->k_ar->ar_arg_svipc_id = id;
ARG_SET_VALID(ar, ARG_SVIPC_ID);
}
@@ -625,7 +625,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_svipc_addr = addr;
+ ar->k_ar->ar_arg_svipc_addr = addr;
ARG_SET_VALID(ar, ARG_SVIPC_ADDR);
}
@@ -638,9 +638,9 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_pipc_perm.pipc_uid = uid;
- ar->k_ar.ar_arg_pipc_perm.pipc_gid = gid;
- ar->k_ar.ar_arg_pipc_perm.pipc_mode = mode;
+ ar->k_ar->ar_arg_pipc_perm.pipc_uid = uid;
+ ar->k_ar->ar_arg_pipc_perm.pipc_gid = gid;
+ ar->k_ar->ar_arg_pipc_perm.pipc_mode = mode;
ARG_SET_VALID(ar, ARG_POSIX_IPC_PERM);
}
@@ -653,8 +653,8 @@
if (ar == NULL)
return;
- bcopy((void *)udata, &ar->k_ar.ar_arg_auditon,
- sizeof(ar->k_ar.ar_arg_auditon));
+ bcopy((void *)udata, &ar->k_ar->ar_arg_auditon,
+ sizeof(ar->k_ar->ar_arg_auditon));
ARG_SET_VALID(ar, ARG_AUDITON);
}
@@ -693,22 +693,22 @@
so = (struct socket *)fp->f_data;
if (INP_CHECK_SOCKAF(so, PF_INET)) {
SOCK_LOCK(so);
- ar->k_ar.ar_arg_sockinfo.so_type =
+ ar->k_ar->ar_arg_sockinfo.so_type =
so->so_type;
- ar->k_ar.ar_arg_sockinfo.so_domain =
+ ar->k_ar->ar_arg_sockinfo.so_domain =
INP_SOCKAF(so);
- ar->k_ar.ar_arg_sockinfo.so_protocol =
+ ar->k_ar->ar_arg_sockinfo.so_protocol =
so->so_proto->pr_protocol;
SOCK_UNLOCK(so);
pcb = (struct inpcb *)so->so_pcb;
INP_RLOCK(pcb);
- ar->k_ar.ar_arg_sockinfo.so_raddr =
+ ar->k_ar->ar_arg_sockinfo.so_raddr =
pcb->inp_faddr.s_addr;
- ar->k_ar.ar_arg_sockinfo.so_laddr =
+ ar->k_ar->ar_arg_sockinfo.so_laddr =
pcb->inp_laddr.s_addr;
- ar->k_ar.ar_arg_sockinfo.so_rport =
+ ar->k_ar->ar_arg_sockinfo.so_rport =
pcb->inp_fport;
- ar->k_ar.ar_arg_sockinfo.so_lport =
+ ar->k_ar->ar_arg_sockinfo.so_lport =
pcb->inp_lport;
INP_RUNLOCK(pcb);
ARG_SET_VALID(ar, ARG_SOCKINFO);
@@ -745,7 +745,7 @@
if (ar == NULL)
return;
- audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath1);
+ audit_arg_upath(td, upath, &ar->k_ar->ar_arg_upath1);
ARG_SET_VALID(ar, ARG_UPATH1);
}
@@ -758,7 +758,7 @@
if (ar == NULL)
return;
- audit_arg_upath(td, upath, &ar->k_ar.ar_arg_upath2);
+ audit_arg_upath(td, upath, &ar->k_ar->ar_arg_upath2);
ARG_SET_VALID(ar, ARG_UPATH2);
}
@@ -820,7 +820,7 @@
return;
ARG_CLEAR_VALID(ar, ARG_VNODE1);
- error = audit_arg_vnode(vp, &ar->k_ar.ar_arg_vnode1);
+ error = audit_arg_vnode(vp, &ar->k_ar->ar_arg_vnode1);
if (error == 0)
ARG_SET_VALID(ar, ARG_VNODE1);
}
@@ -836,7 +836,7 @@
return;
ARG_CLEAR_VALID(ar, ARG_VNODE2);
- error = audit_arg_vnode(vp, &ar->k_ar.ar_arg_vnode2);
+ error = audit_arg_vnode(vp, &ar->k_ar->ar_arg_vnode2);
if (error == 0)
ARG_SET_VALID(ar, ARG_VNODE2);
}
@@ -856,9 +856,9 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_argv = malloc(length, M_AUDITTEXT, M_WAITOK);
- bcopy(argv, ar->k_ar.ar_arg_argv, length);
- ar->k_ar.ar_arg_argc = argc;
+ ar->k_ar->ar_arg_argv = malloc(length, M_AUDITTEXT, M_WAITOK);
+ bcopy(argv, ar->k_ar->ar_arg_argv, length);
+ ar->k_ar->ar_arg_argc = argc;
ARG_SET_VALID(ar, ARG_ARGV);
}
@@ -877,9 +877,9 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_envv = malloc(length, M_AUDITTEXT, M_WAITOK);
- bcopy(envv, ar->k_ar.ar_arg_envv, length);
- ar->k_ar.ar_arg_envc = envc;
+ ar->k_ar->ar_arg_envv = malloc(length, M_AUDITTEXT, M_WAITOK);
+ bcopy(envv, ar->k_ar->ar_arg_envv, length);
+ ar->k_ar->ar_arg_envc = envc;
ARG_SET_VALID(ar, ARG_ENVV);
}
@@ -928,7 +928,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_protocol = protocol;
+ ar->k_ar->ar_arg_protocol = protocol;
ARG_SET_VALID(ar, ARG_PROTOCOL);
}
@@ -944,7 +944,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_vtype = vtype;
+ ar->k_ar->ar_arg_vtype = vtype;
ARG_SET_VALID(ar, ARG_VTYPE);
}
@@ -960,7 +960,7 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_clientid = clientid;
+ ar->k_ar->ar_arg_clientid = clientid;
ARG_SET_VALID(ar, ARG_CLIENTID);
}
@@ -982,13 +982,13 @@
return;
/* Invalidate the lockowner string */
- ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_LOCKOWNER);
+ ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_LOCKOWNER);
- if (ar->k_ar.ar_arg_lockowner == NULL)
- ar->k_ar.ar_arg_lockowner = malloc(len, M_AUDITLOCKOWNER,
+ if (ar->k_ar->ar_arg_lockowner == NULL)
+ ar->k_ar->ar_arg_lockowner = malloc(len, M_AUDITLOCKOWNER,
M_WAITOK);
- strlcpy(ar->k_ar.ar_arg_lockowner, lockowner, len);
+ strlcpy(ar->k_ar->ar_arg_lockowner, lockowner, len);
ARG_SET_VALID(ar, ARG_LOCKOWNER);
}
@@ -1010,13 +1010,13 @@
return;
/* Invalidate the clientname string */
- ar->k_ar.ar_valid_arg &= (ARG_ALL ^ ARG_CLIENTNAME);
+ ar->k_ar->ar_valid_arg &= (ARG_ALL ^ ARG_CLIENTNAME);
- if (ar->k_ar.ar_arg_clientname == NULL)
- ar->k_ar.ar_arg_clientname = malloc(len, M_AUDITCLIENTNAME,
+ if (ar->k_ar->ar_arg_clientname == NULL)
+ ar->k_ar->ar_arg_clientname = malloc(len, M_AUDITCLIENTNAME,
M_WAITOK);
- strlcpy(ar->k_ar.ar_arg_clientname, clientname, len);
+ strlcpy(ar->k_ar->ar_arg_clientname, clientname, len);
ARG_SET_VALID(ar, ARG_CLIENTNAME);
}
@@ -1032,6 +1032,6 @@
if (ar == NULL)
return;
- ar->k_ar.ar_arg_locktype = locktype;
+ ar->k_ar->ar_arg_locktype = locktype;
ARG_SET_VALID(ar, ARG_LOCKTYPE);
}
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#19 (text) ====
@@ -471,7 +471,7 @@
KASSERT(kar != NULL, ("kaudit_to_bsm: kar == NULL"));
*pau = NULL;
- ar = &kar->k_ar;
+ ar = kar->k_ar;
rec = kau_open();
/*
@@ -1660,11 +1660,17 @@
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
}
+ UPATH1_VNODE1_TOKENS;
+ UPATH2_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
+ tok = au_to_text(ar->ar_arg_text);
+ kau_write(rec, tok);
+ }
if (ARG_IS_VALID(kar, ARG_PROTOCOL)) {
tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol));
kau_write(rec, tok);
}
- /* FALLTHROUGH */
+ break;
case AUE_NFS_SETATTR:
UPATH1_VNODE1_TOKENS;
@@ -1740,7 +1746,6 @@
}
break;
- /* XXXgpf: temporary fallthrough for nfsv4 events */
case AUE_NFS_OPEN_RC:
case AUE_NFS_OPEN_RTC:
case AUE_NFS_OPEN_RWC:
@@ -1790,7 +1795,6 @@
}
break;
- /* XXXgpf: temporary fallthrough for nfsv4 events */
case AUE_NFS_DELEGPURGE:
case AUE_NFS_RENEW:
case AUE_NFS_SETCLIENTIDCFRM:
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#9 (text) ====
@@ -53,6 +53,7 @@
MALLOC_DECLARE(M_AUDITGIDSET);
MALLOC_DECLARE(M_AUDITLOCKOWNER);
MALLOC_DECLARE(M_AUDITCLIENTNAME);
+MALLOC_DECLARE(M_AUDITRECORD);
#endif
/*
@@ -305,12 +306,12 @@
#define ARG_NONE 0x0000000000000000ULL
#define ARG_ALL 0xFFFFFFFFFFFFFFFFULL
-#define ARG_IS_VALID(kar, arg) ((kar)->k_ar.ar_valid_arg & (arg))
+#define ARG_IS_VALID(kar, arg) ((kar)->k_ar->ar_valid_arg & (arg))
#define ARG_SET_VALID(kar, arg) do { \
- (kar)->k_ar.ar_valid_arg |= (arg); \
+ (kar)->k_ar->ar_valid_arg |= (arg); \
} while (0)
#define ARG_CLEAR_VALID(kar, arg) do { \
- (kar)->k_ar.ar_valid_arg &= ~(arg); \
+ (kar)->k_ar->ar_valid_arg &= ~(arg); \
} while (0)
/*
@@ -319,7 +320,7 @@
* passed through to the audit writing mechanism.
*/
struct kaudit_record {
- struct audit_record k_ar;
+ struct audit_record *k_ar;
u_int32_t k_ar_commit;
void *k_udata; /* User data. */
u_int k_ulen; /* User data length. */
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_worker.c#2 (text) ====
@@ -342,10 +342,10 @@
(ar->k_ar_commit & AR_PRESELECT_TRAIL) == 0))
goto out;
- auid = ar->k_ar.ar_subj_auid;
- event = ar->k_ar.ar_event;
+ auid = ar->k_ar->ar_subj_auid;
+ event = ar->k_ar->ar_event;
class = au_event_class(event);
- if (ar->k_ar.ar_errno == 0)
+ if (ar->k_ar->ar_errno == 0)
sorf = AU_PRS_SUCCESS;
else
sorf = AU_PRS_FAILURE;
More information about the p4-projects
mailing list