PERFORCE change 178039 for review
Efstratios Karatzas
gpf at FreeBSD.org
Mon May 10 15:24:32 UTC 2010
http://p4web.freebsd.org/@@178039?ac=10
Change 178039 by gpf at gpf_desktop on 2010/05/10 15:23:55
* altered nfsrv_symlink() so that upath2 is used
instead of the text field which is now reserved
for "ip_addr:port"
* support for two more nfs rpcs:
(commit, mknod)
procedures serviced: 19/23
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#6 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#7 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#6 (text+ko) ====
@@ -1746,6 +1746,7 @@
enum vtype vtyp;
struct mbuf *mb, *mreq;
struct vnode *vp, *dirp = NULL;
+ struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct mount *mp = NULL;
@@ -1782,6 +1783,9 @@
error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos,
&dirp, v3, &dirfor, &dirfor_ret, FALSE);
+
+ AUDIT_dvp = nd.ni_dvp;
+
vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd);
if (error) {
nfsm_reply(NFSX_WCCDATA(1));
@@ -1818,6 +1822,9 @@
vrele(nd.ni_startdir);
nd.ni_startdir = NULL;
error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+
+ AUDIT_vp = nd.ni_vp;
+
if (error)
NDFREE(&nd, NDF_ONLY_PNBUF);
} else {
@@ -1825,6 +1832,9 @@
PRIV_VFS_MKNOD_DEV, 0)))
goto out;
error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+
+ AUDIT_vp = nd.ni_vp;
+
if (error) {
NDFREE(&nd, NDF_ONLY_PNBUF);
goto out;
@@ -1860,7 +1870,8 @@
* send response, cleanup, return.
*/
out:
- vp = nd.ni_vp;
+ vp = nd.ni_vp;
+
if (!error) {
bzero((caddr_t)fhp, sizeof(nfh));
fhp->fh_fsid = vp->v_mount->mnt_stat.f_fsid;
@@ -1901,6 +1912,43 @@
}
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (AUDIT_vp != NULL) {
+ AUDIT_ARG_VNODE1(AUDIT_vp);
+ }
+
+ if (AUDIT_dvp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ freepath = NULL;
+ if (AUDIT_vp != NULL)
+ vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ strlcpy(path, fullpath, sizeof(path));
+ free(freepath, M_TEMP);
+ }
+ /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+ else if (nd.ni_cnd.cn_pnbuf != NULL) {
+
+ vn_fullpath_global(td, AUDIT_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ }
+
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return (0);
nfsmout:
if (nd.ni_dvp) {
@@ -1918,7 +1966,42 @@
NDFREE(&nd, NDF_ONLY_PNBUF);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
-
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (AUDIT_vp != NULL) {
+ AUDIT_ARG_VNODE1(AUDIT_vp);
+ }
+
+ if (AUDIT_dvp != NULL) {
+ char path[PATH_MAX];
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ freepath = NULL;
+ if (AUDIT_vp != NULL)
+ vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ strlcpy(path, fullpath, sizeof(path));
+ free(freepath, M_TEMP);
+ }
+ /* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+ else if (nd.ni_cnd.cn_pnbuf != NULL) {
+ vn_fullpath_global(td, AUDIT_dvp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+ free(freepath, M_TEMP);
+ }
+ /* last resort: just save the name of the new file */
+ else {
+ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+ }
+ }
+
+ AUDIT_ARG_UPATH1(td, path);
+ }
+ }
+
return (error);
}
@@ -2609,7 +2692,7 @@
}
if (pathcp != NULL)
- AUDIT_ARG_TEXT(pathcp);
+ AUDIT_ARG_UPATH2(curthread, pathcp);
/*
* issue symlink op. SAVESTART is set so the underlying path component
@@ -3819,6 +3902,7 @@
struct ucred *cred = nfsd->nd_cr;
struct vattr bfor, aft;
struct vnode *vp = NULL;
+ struct vnode *AUDIT_vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
u_int32_t *tl;
@@ -3855,6 +3939,9 @@
cnt = fxdr_unsigned(int, *tl);
error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp,
nam, &rdonly, TRUE);
+
+ AUDIT_vp = vp;
+
vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked);
if (error) {
nfsm_reply(2 * NFSX_UNSIGNED);
@@ -3966,6 +4053,24 @@
vput(vp);
vn_finished_write(mp);
VFS_UNLOCK_GIANT(vfslocked);
+
+ /* XXX AUDIT */
+ if (AUDITING_TD(curthread)) {
+ if (AUDIT_vp != NULL) {
+ struct thread *td = curthread;
+ char *fullpath, *freepath;
+
+ AUDIT_ARG_VNODE1(AUDIT_vp);
+
+ freepath = NULL;
+ vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+ if (freepath != NULL) {
+ AUDIT_ARG_UPATH1(td, fullpath);
+ free(freepath, M_TEMP);
+ }
+ }
+ }
+
return(error);
}
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#7 (text) ====
@@ -1593,6 +1593,8 @@
case AUE_NFS_SETATTR:
case AUE_NFS_ACCESS:
case AUE_NFS_LOOKUP:
+ case AUE_NFS_MKNODE:
+ case AUE_NFS_COMMIT:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
@@ -1604,14 +1606,6 @@
}
break;
- case AUE_NFS_SYMLINK:
- UPATH1_VNODE1_TOKENS;
- if (ARG_IS_VALID(kar, ARG_TEXT)) {
- tok = au_to_text(ar->ar_arg_text);
- kau_write(rec, tok);
- }
- break;
-
case AUE_NFS_NOOP:
case AUE_NFS_NULL:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
@@ -1619,7 +1613,8 @@
kau_write(rec, tok);
}
break;
-
+
+ case AUE_NFS_SYMLINK:
case AUE_NFS_LINK:
case AUE_NFS_RENAME:
UPATH1_VNODE1_TOKENS;
More information about the p4-projects
mailing list