PERFORCE change 178979 for review
Efstratios Karatzas
gpf at FreeBSD.org
Sun May 30 17:41:55 UTC 2010
http://p4web.freebsd.org/@@178979?ac=10
Change 178979 by gpf at gpf_desktop on 2010/05/30 17:41:08
- for the current nfs implementation:
Keep track of the vap->va_mode attribute when a new file
is created via VOP_create/mknod/symlink/mkdir
Also, keep track of the flags for VOP_read/write
- forgot to ad the new argument to the usage() function of
praudit, done.
Affected files ...
.. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bin/praudit/praudit.c#4 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#13 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#9 edit
Differences ...
==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bin/praudit/praudit.c#4 (text) ====
@@ -59,7 +59,7 @@
usage(void)
{
- fprintf(stderr, "usage: praudit [-lpx] [-r | -s] [-d del] "
+ fprintf(stderr, "usage: praudit [-lpxc] [-r | -s] [-d del] "
"[file ...]\n");
exit(1);
}
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#13 (text+ko) ====
@@ -1359,6 +1359,7 @@
uiop->uio_segflg = UIO_SYSSPACE;
uiop->uio_td = NULL;
uiop->uio_offset = off;
+ AUDIT_ARG_FFLAGS(ioflags);
error = VOP_WRITE(vp, uiop, ioflags, cred);
/* Unlocked write. */
nfsrvstats.srvvop_writes++;
@@ -1554,6 +1555,7 @@
break;
};
}
+ AUDIT_ARG_MODE(vap->va_mode);
/*
* Iff doesn't exist, create it
@@ -1808,7 +1810,8 @@
minor = fxdr_unsigned(u_int32_t, *tl);
vap->va_rdev = makedev(major, minor);
}
-
+ AUDIT_ARG_MODE(vap->va_mode);
+
/*
* Iff doesn't exist, create it.
*/
@@ -1821,7 +1824,7 @@
vap->va_mode = 0;
if (vtyp == VSOCK) {
vrele(nd.ni_startdir);
- nd.ni_startdir = NULL;
+ nd.ni_startdir = NULL;
error = VOP_CREATE(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
AUDIT_vp = nd.ni_vp;
@@ -2563,7 +2566,7 @@
if (pathcp != NULL)
AUDIT_ARG_UPATH2(curthread, pathcp);
-
+ AUDIT_ARG_MODE(vap->va_mode);
/*
* issue symlink op. SAVESTART is set so the underlying path component
* is only freed by the VOP if an error occurs.
@@ -2757,6 +2760,7 @@
error = EEXIST;
goto out;
}
+ AUDIT_ARG_MODE(vap->va_mode);
/*
* Issue mkdir op. Since SAVESTART is not set, the pathname
==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#9 (text) ====
@@ -1580,11 +1580,16 @@
tok = au_to_arg32(0, "prev mask", ar->ar_retval);
kau_write(rec, tok);
break;
-
+
case AUE_NFS_CREATE:
- case AUE_NFS_READ:
- case AUE_NFS_WRITE:
case AUE_NFS_MKDIR:
+ case AUE_NFS_MKNODE:
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ /* FALLTHROUGH */
+
case AUE_NFS_READDIR:
case AUE_NFS_READDIR_PLUS:
case AUE_NFS_READLINK:
@@ -1594,22 +1599,30 @@
case AUE_NFS_SETATTR:
case AUE_NFS_ACCESS:
case AUE_NFS_LOOKUP:
- case AUE_NFS_MKNODE:
case AUE_NFS_COMMIT:
case AUE_NFS_PATHCONF:
case AUE_NFS_STATFS:
case AUE_NFS_FSINFO:
- if (ARG_IS_VALID(kar, ARG_MODE)) {
- tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ UPATH1_VNODE1_TOKENS;
+ if (ARG_IS_VALID(kar, ARG_TEXT)) {
+ tok = au_to_text(ar->ar_arg_text);
+ kau_write(rec, tok);
+ }
+ break;
+
+ case AUE_NFS_READ:
+ case AUE_NFS_WRITE:
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
kau_write(rec, tok);
- }
+ }
UPATH1_VNODE1_TOKENS;
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
}
break;
-
+
case AUE_NFS_NOOP:
case AUE_NFS_NULL:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
@@ -1618,14 +1631,16 @@
}
break;
- case AUE_NFS_SYMLINK:
- case AUE_NFS_LINK:
- case AUE_NFS_RENAME:
- UPATH1_VNODE1_TOKENS;
+ case AUE_NFS_SYMLINK:
if (ARG_IS_VALID(kar, ARG_MODE)) {
tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
kau_write(rec, tok);
}
+ /* FALLTHROUGH */
+
+ case AUE_NFS_LINK:
+ case AUE_NFS_RENAME:
+ UPATH1_VNODE1_TOKENS;
UPATH2_TOKENS;
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
More information about the p4-projects
mailing list