PERFORCE change 178039 for review

Efstratios Karatzas gpf at FreeBSD.org
Mon May 10 15:24:32 UTC 2010


http://p4web.freebsd.org/@@178039?ac=10

Change 178039 by gpf at gpf_desktop on 2010/05/10 15:23:55

	* altered nfsrv_symlink() so that upath2 is used
	instead of the text field which is now reserved 
	for "ip_addr:port"
	* support for two more nfs rpcs:
	(commit, mknod)
	procedures serviced: 19/23

Affected files ...

.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#6 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#7 edit

Differences ...

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#6 (text+ko) ====

@@ -1746,6 +1746,7 @@
 	enum vtype vtyp;
 	struct mbuf *mb, *mreq;
 	struct vnode *vp, *dirp = NULL;
+	struct vnode *AUDIT_vp = NULL, *AUDIT_dvp = NULL;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
 	struct mount *mp = NULL;
@@ -1782,6 +1783,9 @@
 
 	error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos,
 		&dirp, v3, &dirfor, &dirfor_ret, FALSE);
+	
+	AUDIT_dvp = nd.ni_dvp;
+
 	vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd);
 	if (error) {
 		nfsm_reply(NFSX_WCCDATA(1));
@@ -1818,6 +1822,9 @@
 		vrele(nd.ni_startdir);
 		nd.ni_startdir = NULL;
 		error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+
+		AUDIT_vp = nd.ni_vp;
+
 		if (error)
 			NDFREE(&nd, NDF_ONLY_PNBUF);
 	} else {
@@ -1825,6 +1832,9 @@
 		    PRIV_VFS_MKNOD_DEV, 0)))
 			goto out;
 		error = VOP_MKNOD(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+
+		AUDIT_vp = nd.ni_vp;
+
 		if (error) {
 			NDFREE(&nd, NDF_ONLY_PNBUF);
 			goto out;
@@ -1860,7 +1870,8 @@
 	 * send response, cleanup, return.
 	 */
 out:
-	vp = nd.ni_vp;
+	vp = nd.ni_vp;	
+	
 	if (!error) {
 		bzero((caddr_t)fhp, sizeof(nfh));
 		fhp->fh_fsid = vp->v_mount->mnt_stat.f_fsid;
@@ -1901,6 +1912,43 @@
 	}
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (AUDIT_vp != NULL) {
+			AUDIT_ARG_VNODE1(AUDIT_vp);
+		}
+
+		if (AUDIT_dvp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			freepath = NULL;
+			if (AUDIT_vp != NULL)
+				vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+			if (freepath != NULL) {
+				strlcpy(path, fullpath, sizeof(path));
+				free(freepath, M_TEMP);
+			}
+			/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+			else if (nd.ni_cnd.cn_pnbuf != NULL) {
+
+				vn_fullpath_global(td, AUDIT_dvp, &fullpath, &freepath);
+				if (freepath != NULL) {
+					snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+					free(freepath, M_TEMP);
+				}
+				/* last resort: just save the name of the new file */
+				else {
+					strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+				}
+			}
+
+			AUDIT_ARG_UPATH1(td, path);
+		}
+	}
+	
 	return (0);
 nfsmout:
 	if (nd.ni_dvp) {
@@ -1918,7 +1966,42 @@
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
-	
+
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (AUDIT_vp != NULL) {
+			AUDIT_ARG_VNODE1(AUDIT_vp);
+		}
+		
+		if (AUDIT_dvp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			freepath = NULL;
+			if (AUDIT_vp != NULL)
+				vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+			if (freepath != NULL) {
+				strlcpy(path, fullpath, sizeof(path));
+				free(freepath, M_TEMP);
+			}
+			/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+			else if (nd.ni_cnd.cn_pnbuf != NULL) {
+				vn_fullpath_global(td, AUDIT_dvp, &fullpath, &freepath);
+				if (freepath != NULL) {
+					snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+					free(freepath, M_TEMP);
+				}
+				/* last resort: just save the name of the new file */
+				else {
+					strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+				}
+			}
+
+			AUDIT_ARG_UPATH1(td, path);
+		}
+	}
+
 	return (error);
 }
 
@@ -2609,7 +2692,7 @@
 	}
 	
 	if (pathcp != NULL)
-		AUDIT_ARG_TEXT(pathcp);
+		AUDIT_ARG_UPATH2(curthread, pathcp);
 
 	/*
 	 * issue symlink op.  SAVESTART is set so the underlying path component
@@ -3819,6 +3902,7 @@
 	struct ucred *cred = nfsd->nd_cr;
 	struct vattr bfor, aft;
 	struct vnode *vp = NULL;
+	struct vnode *AUDIT_vp = NULL;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
 	u_int32_t *tl;
@@ -3855,6 +3939,9 @@
 	cnt = fxdr_unsigned(int, *tl);
 	error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp,
 	    nam, &rdonly, TRUE);
+
+	AUDIT_vp = vp;
+
 	vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked);
 	if (error) {
 		nfsm_reply(2 * NFSX_UNSIGNED);
@@ -3966,6 +4053,24 @@
 		vput(vp);
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (AUDIT_vp != NULL) {
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+
+			AUDIT_ARG_VNODE1(AUDIT_vp);
+
+			freepath = NULL;
+			vn_fullpath_global(td, AUDIT_vp, &fullpath, &freepath);
+			if (freepath != NULL) {
+				AUDIT_ARG_UPATH1(td, fullpath);
+				free(freepath, M_TEMP);
+			}
+		}
+	}
+	
 	return(error);
 }
 

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#7 (text) ====

@@ -1593,6 +1593,8 @@
 	case AUE_NFS_SETATTR:
 	case AUE_NFS_ACCESS:
 	case AUE_NFS_LOOKUP:
+	case AUE_NFS_MKNODE:
+	case AUE_NFS_COMMIT:
 		if (ARG_IS_VALID(kar, ARG_MODE)) {
 			tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
 			kau_write(rec, tok);
@@ -1604,14 +1606,6 @@
 		}
 		break;
 	
-	case AUE_NFS_SYMLINK:
-		UPATH1_VNODE1_TOKENS;
-		if (ARG_IS_VALID(kar, ARG_TEXT)) {
-			tok = au_to_text(ar->ar_arg_text);
-			kau_write(rec, tok);
-		}
-		break;
-
 	case AUE_NFS_NOOP:
 	case AUE_NFS_NULL:
 		if (ARG_IS_VALID(kar, ARG_TEXT)) {
@@ -1619,7 +1613,8 @@
 			kau_write(rec, tok);
 		}
 		break;
-	
+
+	case AUE_NFS_SYMLINK:	
 	case AUE_NFS_LINK:
 	case AUE_NFS_RENAME:
 		UPATH1_VNODE1_TOKENS;


More information about the p4-projects mailing list