PERFORCE change 177910 for review
Efstratios Karatzas
gpf at FreeBSD.org
Fri May 7 15:11:56 UTC 2010
http://p4web.freebsd.org/@@177910?ac=10
Change 177910 by gpf at gpf_desktop on 2010/05/07 15:11:31
* added support for a few extra rpcs:
(mkdir, readdir, link, symlink, readlink)
* fixed a typo in a aue_nfs_event (readlink)
* a few minor changes
tested everything under ufs, seems ok
procedures serviced: 8/23
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#3 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#3 (text) ====
@@ -392,7 +392,7 @@
#define AUE_NFS_SETATTR 2002
#define AUE_NFS_LOOKUP 2003
#define AUE_NFS_ACCESS 2004
-#define AUE_NFS_REALINK 2005
+#define AUE_NFS_READLINK 2005
#define AUE_NFS_READ 2006
#define AUE_NFS_WRITE 2007
#define AUE_NFS_CREATE 2008
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#3 (text+ko) ====
@@ -88,6 +88,8 @@
#include <sys/bio.h>
#include <sys/buf.h>
+/* xxxgpf: 4 debuging */
+#include <sys/types.h>
#include <security/audit/audit.h>
#include <vm/vm.h>
@@ -670,7 +672,7 @@
int error = 0, rdonly, i, tlen, len, getret;
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mp3, *nmp, *mreq;
- struct vnode *vp = NULL;
+ struct vnode *vp = NULL, *link_vp = NULL;
struct vattr attr;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -716,6 +718,7 @@
uiop->uio_td = NULL;
error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
nam, &rdonly, TRUE);
+ link_vp = vp;
if (error) {
nfsm_reply(2 * NFSX_UNSIGNED);
if (v3)
@@ -755,6 +758,25 @@
if (vp)
vput(vp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (link_vp != NULL) {
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(link_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, link_vp, &fullpath, &freepath);
+
+ if (freepath != NULL) {
+ AUDIT_ARG_UPATH1(td, fullpath);
+ free(freepath, M_TEMP);
+ }
+ }
+ }
+
return(error);
}
@@ -780,7 +802,7 @@
int v3 = (nfsd->nd_flag & ND_NFSV3), reqlen;
struct mbuf *mb, *mreq;
struct mbuf *m2;
- struct vnode *vp = NULL, *vp_alt = NULL;
+ struct vnode *vp = NULL, *new_vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@@ -812,6 +834,7 @@
error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
nam, &rdonly, TRUE);
+ new_vp = vp;
if (error) {
vp = NULL;
nfsm_reply(2 * NFSX_UNSIGNED);
@@ -821,8 +844,6 @@
goto nfsmout;
}
- vp_alt = vp;
-
if (vp->v_type != VREG) {
if (v3)
error = EINVAL;
@@ -1009,16 +1030,20 @@
VFS_UNLOCK_GIANT(vfslocked);
/* XXX AUDIT */
- if (vp_alt != NULL) {
- char *fullpath, *freepath;
- struct thread *td = curthread;
+ if (AUDITING_TD(curthread)) {
+ if (new_vp != NULL) {
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(new_vp);
- freepath = NULL;
- vn_fullpath_global(td, vp_alt, &fullpath, &freepath);
+ freepath = NULL;
+ vn_fullpath_global(td, new_vp, &fullpath, &freepath);
- if (freepath != NULL) {
- AUDIT_ARG_UPATH1(td, fullpath);
- free(freepath, M_TEMP);
+ if (freepath != NULL) {
+ AUDIT_ARG_UPATH1(td, fullpath);
+ free(freepath, M_TEMP);
+ }
}
}
@@ -1050,7 +1075,7 @@
int stable = NFSV3WRITE_FILESYNC;
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
- struct vnode *vp = NULL, *vp_alt = NULL;;
+ struct vnode *vp = NULL, *new_vp = NULL;;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@@ -1130,6 +1155,7 @@
}
error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp,
nam, &rdonly, TRUE);
+ new_vp = vp;
vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked);
if (error) {
vp = NULL;
@@ -1138,10 +1164,8 @@
nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
error = 0;
goto nfsmout;
- }
+ }
- vp_alt = vp;
-
if (v3)
forat_ret = VOP_GETATTR(vp, &forat, cred);
if (vp->v_type != VREG) {
@@ -1248,7 +1272,7 @@
/*
* another way we could go about re-obtaining the vp from the file handle.
- * right now, I think i like the vp_alt method better
+ * right now, I think i like the new_vp method better
*/
/*
if (vp == NULL) {
@@ -1258,20 +1282,23 @@
if (error)
vp = NULL;
}
- */
-
- if (vp_alt != NULL) {
- char *fullpath, *freepath;
- struct thread *td = curthread;
+ */
+ if (AUDITING_TD(curthread)) {
+ if (new_vp != NULL) {
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(new_vp);
- freepath = NULL;
- vn_fullpath_global(td, vp_alt, &fullpath, &freepath);
+ freepath = NULL;
+ vn_fullpath_global(td, new_vp, &fullpath, &freepath);
- if (freepath != NULL) {
- AUDIT_ARG_UPATH1(td, fullpath);
- free(freepath, M_TEMP);
+ if (freepath != NULL) {
+ AUDIT_ARG_UPATH1(td, fullpath);
+ free(freepath, M_TEMP);
+ }
}
- }
+ }
return(error);
}
@@ -1573,34 +1600,36 @@
VFS_UNLOCK_GIANT(vfslocked);
/* XXX AUDIT */
- if (nd.ni_vp != NULL && nd.ni_dvp != NULL) {
- struct thread *td = curthread;
- char *fullpath, *freepath;
- char path[PATH_MAX];
-
- AUDIT_ARG_VNODE1(nd.ni_vp);
+ if (AUDITING_TD(curthread)) {
+ if (nd.ni_vp != NULL && nd.ni_dvp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
- freepath = NULL;
- vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath);
-
- if (freepath != NULL) {
- strlcpy(path, fullpath, sizeof(path));
- free(freepath, M_TEMP);
- }
- /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
- else {
- vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);
+ AUDIT_ARG_VNODE1(nd.ni_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath);
+
if (freepath != NULL) {
- snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ strlcpy(path, fullpath, sizeof(path));
free(freepath, M_TEMP);
}
- /* last resort: just save the name of the new file */
- else {
- strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+ else if (nd.ni_cnd.cn_pnbuf != NULL) {
+ vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
}
+
+ AUDIT_ARG_UPATH1(td, path);
}
-
- AUDIT_ARG_UPATH1(td, path);
}
return (error);
@@ -1800,6 +1829,7 @@
NDFREE(&nd, NDF_ONLY_PNBUF);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
return (error);
}
@@ -2162,6 +2192,7 @@
int getret = 1, v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
struct vnode *vp = NULL, *xp, *dirp = NULL;
+ struct vnode *new_vp = NULL, *parent_dir_vp = NULL;
struct vattr dirfor, diraft, at;
nfsfh_t nfh, dnfh;
fhandle_t *fhp, *dfhp;
@@ -2237,6 +2268,9 @@
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
+
+ parent_dir_vp = nd.ni_dvp;
+ new_vp = nd.ni_vp;
NDFREE(&nd, NDF_ONLY_PNBUF);
/* fall through */
@@ -2290,6 +2324,46 @@
vrele(nd.ni_vp);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (parent_dir_vp != NULL && nd.ni_cnd.cn_pnbuf != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ freepath = NULL;
+ printf("mphkaaaaaaaaaaaaaaaa\n");
+ vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+
+ if (freepath != NULL && nd.ni_cnd.cn_pnbuf) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+
+ AUDIT_ARG_UPATH1(td, path);
+ }
+
+ if (vp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(vp);
+
+ freepath = NULL;
+ printf("to vp den einai null\n");
+ vn_fullpath_global(td, vp, &fullpath, &freepath);
+
+ if (freepath != NULL) {
+ strlcpy(path, fullpath, sizeof(path));
+ free(freepath, M_TEMP);
+ }
+
+ AUDIT_ARG_UPATH2(td, path);
+ }
+ }
+
return(error);
}
@@ -2315,6 +2389,7 @@
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
struct vnode *dirp = NULL;
+ struct vnode *symlink_vp = NULL, *parent_dir_vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct mount *mp = NULL;
@@ -2373,6 +2448,9 @@
error = EEXIST;
goto out;
}
+
+ if (pathcp != NULL)
+ AUDIT_ARG_TEXT(pathcp);
/*
* issue symlink op. SAVESTART is set so the underlying path component
@@ -2385,6 +2463,10 @@
NDFREE(&nd, NDF_ONLY_PNBUF);
else
vput(nd.ni_vp);
+
+ symlink_vp = nd.ni_vp;
+ parent_dir_vp = nd.ni_dvp;
+
nd.ni_vp = NULL;
/*
* releases directory prior to potential lookup op.
@@ -2473,6 +2555,40 @@
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (symlink_vp != NULL && parent_dir_vp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(symlink_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, symlink_vp, &fullpath, &freepath);
+
+ if (freepath != NULL) {
+ strlcpy(path, fullpath, sizeof(path));
+ free(freepath, M_TEMP);
+ }
+ /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+ else if (nd.ni_cnd.cn_pnbuf != NULL) {
+ vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ }
+
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return (error);
}
@@ -2497,6 +2613,7 @@
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
struct vnode *dirp = NULL;
+ struct vnode *new_dir_vp = NULL, *parent_dir_vp = NULL;
int vpexcl = 0;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -2563,6 +2680,10 @@
if (vap->va_mode == (mode_t)VNOVAL)
vap->va_mode = 0;
error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+
+ new_dir_vp = nd.ni_vp;
+ parent_dir_vp = nd.ni_dvp;
+
NDFREE(&nd, NDF_ONLY_PNBUF);
vpexcl = 1;
@@ -2617,7 +2738,6 @@
}
error = 0;
/* fall through */
-
nfsmout:
if (nd.ni_dvp) {
NDFREE(&nd, NDF_ONLY_PNBUF);
@@ -2636,6 +2756,40 @@
vrele(dirp);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (new_dir_vp != NULL && parent_dir_vp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(new_dir_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, new_dir_vp, &fullpath, &freepath);
+
+ if (freepath != NULL) {
+ strlcpy(path, fullpath, sizeof(path));
+ free(freepath, M_TEMP);
+ }
+ /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+ else if (nd.ni_cnd.cn_pnbuf != NULL) {
+ vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ }
+
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return (error);
}
@@ -2817,7 +2971,7 @@
caddr_t bpos;
struct mbuf *mb, *mreq;
char *cpos, *cend, *rbuf;
- struct vnode *vp = NULL;
+ struct vnode *vp = NULL, *dir_vp = NULL;
struct vattr at;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -2856,11 +3010,12 @@
fullsiz = siz;
error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
nam, &rdonly, TRUE);
+ dir_vp = vp;
if (!error && vp->v_type != VDIR) {
error = ENOTDIR;
vput(vp);
vp = NULL;
- }
+ }
if (error) {
nfsm_reply(NFSX_UNSIGNED);
if (v3)
@@ -3092,7 +3247,26 @@
nfsmout:
if (vp)
vrele(vp);
- VFS_UNLOCK_GIANT(vfslocked);
+ VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (dir_vp != NULL) {
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(dir_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, dir_vp, &fullpath, &freepath);
+
+ if (freepath != NULL) {
+ AUDIT_ARG_UPATH1(td, fullpath);
+ free(freepath, M_TEMP);
+ }
+ }
+ }
+
return(error);
}
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#3 (text) ====
@@ -626,7 +626,7 @@
case 5:
/* nfsrv_readlink */
- *event = AUE_NFS_REALINK;
+ *event = AUE_NFS_READLINK;
break;
case 6:
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#3 (text) ====
@@ -1580,18 +1580,39 @@
tok = au_to_arg32(0, "prev mask", ar->ar_retval);
kau_write(rec, tok);
break;
-
+
+
case AUE_NFS_CREATE:
+ case AUE_NFS_READ:
+ case AUE_NFS_WRITE:
+ case AUE_NFS_MKDIR:
+ case AUE_NFS_READDIR:
+ case AUE_NFS_READLINK:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
}
- /* FALLTHROUGH */
-
- case AUE_NFS_READ:
- case AUE_NFS_WRITE:
+
+ UPATH1_VNODE1_TOKENS;
+ break;
+
+ case AUE_NFS_SYMLINK:
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
+ tok = au_to_text(ar->ar_arg_text);
+ kau_write(rec, tok);
+ }
+ UPATH1_VNODE1_TOKENS;
+ break;
+
+ case AUE_NFS_LINK:
UPATH1_VNODE1_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ UPATH2_TOKENS;
break;
+
case AUE_WAIT4:
PROCESS_PID_TOKENS(1);
More information about the p4-projects
mailing list