PERFORCE change 177947 for review
Efstratios Karatzas
gpf at FreeBSD.org
Sat May 8 11:37:30 UTC 2010
http://p4web.freebsd.org/@@177947?ac=10
Change 177947 by gpf at gpf_desktop on 2010/05/08 11:36:30
* added audit support for 3 more rpcs:
(rename, remove, removedir)
ufs testing seemed ok
* removed some dbg printf()s i had forgotten xD
* a few minor changes. not happy about how my
vnode * vars are named, perhaps I will add a
"AUDIT_" prefix.
procedures serviced (11/23)
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#4 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#4 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#4 (text+ko) ====
@@ -672,7 +672,8 @@
int error = 0, rdonly, i, tlen, len, getret;
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mp3, *nmp, *mreq;
- struct vnode *vp = NULL, *link_vp = NULL;
+ struct vnode *vp = NULL;
+ struct vnode *link_vp = NULL;
struct vattr attr;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -769,7 +770,6 @@
freepath = NULL;
vn_fullpath_global(td, link_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
AUDIT_ARG_UPATH1(td, fullpath);
free(freepath, M_TEMP);
@@ -802,7 +802,8 @@
int v3 = (nfsd->nd_flag & ND_NFSV3), reqlen;
struct mbuf *mb, *mreq;
struct mbuf *m2;
- struct vnode *vp = NULL, *new_vp = NULL;
+ struct vnode *vp = NULL;
+ struct vnode *new_vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@@ -1039,7 +1040,6 @@
freepath = NULL;
vn_fullpath_global(td, new_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
AUDIT_ARG_UPATH1(td, fullpath);
free(freepath, M_TEMP);
@@ -1075,7 +1075,8 @@
int stable = NFSV3WRITE_FILESYNC;
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
- struct vnode *vp = NULL, *new_vp = NULL;;
+ struct vnode *vp = NULL;
+ struct vnode *new_vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@@ -1282,17 +1283,16 @@
if (error)
vp = NULL;
}
- */
+ */
if (AUDITING_TD(curthread)) {
if (new_vp != NULL) {
struct thread *td = curthread;
- char *fullpath, *freepath;
+ char *fullpath, *freepath;
AUDIT_ARG_VNODE1(new_vp);
freepath = NULL;
vn_fullpath_global(td, new_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
AUDIT_ARG_UPATH1(td, fullpath);
free(freepath, M_TEMP);
@@ -1604,20 +1604,19 @@
if (nd.ni_vp != NULL && nd.ni_dvp != NULL) {
char path[PATH_MAX];
struct thread *td = curthread;
- char *fullpath, *freepath;
+ char *fullpath, *freepath;
AUDIT_ARG_VNODE1(nd.ni_vp);
freepath = NULL;
vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
strlcpy(path, fullpath, sizeof(path));
free(freepath, M_TEMP);
}
/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
else if (nd.ni_cnd.cn_pnbuf != NULL) {
- vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);
+ vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);
if (freepath != NULL) {
snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
free(freepath, M_TEMP);
@@ -1627,7 +1626,7 @@
strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
}
}
-
+
AUDIT_ARG_UPATH1(td, path);
}
}
@@ -1850,6 +1849,7 @@
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
struct vnode *dirp;
+ struct vnode *parent_dvp = NULL;
struct vattr dirfor, diraft;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -1876,6 +1876,12 @@
nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE;
error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos,
&dirp, v3, &dirfor, &dirfor_ret, FALSE);
+
+ parent_dvp = nd.ni_dvp;
+ if (nd.ni_vp != NULL) {
+ AUDIT_ARG_VNODE1(nd.ni_vp);
+ }
+
vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd);
if (dirp && !v3) {
vrele(dirp);
@@ -1939,6 +1945,29 @@
vput(nd.ni_vp);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ struct thread *td = curthread;
+ char path[PATH_MAX];
+ char *fullpath, *freepath;
+
+ if (parent_dvp != NULL && nd.ni_cnd.cn_pnbuf != NULL) {
+ /* use the directory vnode to acquire the old path */
+ freepath = NULL;
+ vn_fullpath_global(td, parent_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the deleted dir */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return(error);
}
@@ -1960,6 +1989,7 @@
struct mbuf *mb, *mreq;
struct nameidata fromnd, tond;
struct vnode *fvp, *tvp, *tdvp, *fdirp = NULL;
+ struct vnode *from_dvp = NULL, *to_dvp = NULL, *vp = NULL;
struct vnode *tdirp = NULL;
struct vattr fdirfor, fdiraft, tdirfor, tdiraft;
nfsfh_t fnfh, tnfh;
@@ -2026,6 +2056,11 @@
error = nfs_namei(&tond, nfsd, tfhp, len2, slp, nam, &md,
&dpos, &tdirp, v3, &tdirfor, &tdirfor_ret, FALSE);
vfslocked = nfsrv_lockedpair_nd(vfslocked, &tond);
+
+ from_dvp = fromnd.ni_dvp;
+ to_dvp = tond.ni_dvp;
+ vp = fromnd.ni_vp;
+
if (tdirp && !v3) {
vrele(tdirp);
tdirp = NULL;
@@ -2172,6 +2207,48 @@
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ struct thread *td = curthread;
+ char path[PATH_MAX];
+ char *fullpath, *freepath;
+
+ if (from_dvp != NULL && fromnd.ni_cnd.cn_pnbuf != NULL) {
+ /* use the directory vnode to acquire the old path */
+ freepath = NULL;
+ vn_fullpath_global(td, from_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, fromnd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the old file */
+ else {
+ strlcpy(path, fromnd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ AUDIT_ARG_UPATH1(td, path);
+ }
+
+ if (vp != NULL) {
+ AUDIT_ARG_VNODE1(vp);
+ }
+
+ if (to_dvp != NULL && tond.ni_cnd.cn_pnbuf != NULL) {
+ /* use the directory vnode to acquire the new path */
+ freepath = NULL;
+ vn_fullpath_global(td, to_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, tond.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, tond.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ AUDIT_ARG_UPATH2(td, path);
+ }
+ } /* AUDIT */
+
return (error);
}
@@ -2327,15 +2404,13 @@
/* XXX AUDIT */
if (AUDITING_TD(curthread)) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
if (parent_dir_vp != NULL && nd.ni_cnd.cn_pnbuf != NULL) {
- char path[PATH_MAX];
- struct thread *td = curthread;
- char *fullpath, *freepath;
-
freepath = NULL;
- printf("mphkaaaaaaaaaaaaaaaa\n");
vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
-
if (freepath != NULL && nd.ni_cnd.cn_pnbuf) {
snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
free(freepath, M_TEMP);
@@ -2345,16 +2420,10 @@
}
if (vp != NULL) {
- char path[PATH_MAX];
- struct thread *td = curthread;
- char *fullpath, *freepath;
-
AUDIT_ARG_VNODE1(vp);
-
+
freepath = NULL;
- printf("to vp den einai null\n");
- vn_fullpath_global(td, vp, &fullpath, &freepath);
-
+ vn_fullpath_global(td, vp, &fullpath, &freepath);
if (freepath != NULL) {
strlcpy(path, fullpath, sizeof(path));
free(freepath, M_TEMP);
@@ -2567,7 +2636,6 @@
freepath = NULL;
vn_fullpath_global(td, symlink_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
strlcpy(path, fullpath, sizeof(path));
free(freepath, M_TEMP);
@@ -2768,7 +2836,6 @@
freepath = NULL;
vn_fullpath_global(td, new_dir_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
strlcpy(path, fullpath, sizeof(path));
free(freepath, M_TEMP);
@@ -2809,6 +2876,7 @@
int v3 = (nfsd->nd_flag & ND_NFSV3);
struct mbuf *mb, *mreq;
struct vnode *vp, *dirp = NULL;
+ struct vnode *parent_dvp = NULL;
struct vattr dirfor, diraft;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -2835,6 +2903,12 @@
nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE;
error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos,
&dirp, v3, &dirfor, &dirfor_ret, FALSE);
+
+ parent_dvp = nd.ni_dvp;
+ if (nd.ni_vp != NULL) {
+ AUDIT_ARG_VNODE1(nd.ni_vp);
+ }
+
vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd);
if (dirp && !v3) {
vrele(dirp);
@@ -2914,6 +2988,29 @@
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ struct thread *td = curthread;
+ char path[PATH_MAX];
+ char *fullpath, *freepath;
+
+ if (parent_dvp != NULL && nd.ni_cnd.cn_pnbuf != NULL) {
+ /* use the directory vnode to acquire the old path */
+ freepath = NULL;
+ vn_fullpath_global(td, parent_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the deleted dir */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return(error);
}
@@ -2971,7 +3068,8 @@
caddr_t bpos;
struct mbuf *mb, *mreq;
char *cpos, *cend, *rbuf;
- struct vnode *vp = NULL, *dir_vp = NULL;
+ struct vnode *vp = NULL;
+ struct vnode *dir_vp = NULL;
struct vattr at;
nfsfh_t nfh;
fhandle_t *fhp;
@@ -3259,7 +3357,6 @@
freepath = NULL;
vn_fullpath_global(td, dir_vp, &fullpath, &freepath);
-
if (freepath != NULL) {
AUDIT_ARG_UPATH1(td, fullpath);
free(freepath, M_TEMP);
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#4 (text) ====
@@ -1588,6 +1588,8 @@
case AUE_NFS_MKDIR:
case AUE_NFS_READDIR:
case AUE_NFS_READLINK:
+ case AUE_NFS_REMOVE:
+ case AUE_NFS_RMDIR:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
@@ -1605,6 +1607,7 @@
break;
case AUE_NFS_LINK:
+ case AUE_NFS_RENAME:
UPATH1_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
@@ -1612,7 +1615,6 @@
}
UPATH2_TOKENS;
break;
-
case AUE_WAIT4:
PROCESS_PID_TOKENS(1);
More information about the p4-projects
mailing list