PERFORCE change 96597 for review

Robert Watson rwatson at FreeBSD.org
Wed May 3 16:03:44 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=96597

Change 96597 by rwatson at rwatson_zoo on 2006/05/03 16:02:56

	Comment on preselection at top.
	Add memory type for per-auid preselection structures.
	Assert mutex when checking for interest.
	Acquire mutex in external API for preselection.
	Comment on why we initialize preselection masks for pipes the way
	we do.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#17 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#17 (text+ko) ====

@@ -55,7 +55,8 @@
  * Implementation of a clonable special device providing a live stream of BSM
  * audit data.  This is a "tee" of the data going to the file.  It provides
  * unreliable but timely access to audit events.  Consumers of this interface
- * should be very careful to avoid introducing event cycles.
+ * should be very careful to avoid introducing event cycles.  Consumers may
+ * express interest via a set of preselection ioctls.
  */
 
 /*
@@ -64,6 +65,8 @@
 static MALLOC_DEFINE(M_AUDIT_PIPE, "audit_pipe", "Audit pipes");
 static MALLOC_DEFINE(M_AUDIT_PIPE_ENTRY, "audit_pipeent",
     "Audit pipe entries and buffers");
+static MALLOC_DEFINE(M_AUDIT_PIPE_PRESELECT, "audit_pipe_preselect",
+    "Audit pipe preselection structure");
 
 /*
  * Audit pipe buffer parameters.
@@ -205,6 +208,8 @@
 {
 	struct audit_pipe_preselect *app;
 
+	mtx_assert(&audit_pipe_mtx, MA_OWNED);
+
 	TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) {
 		if (app->app_auid == auid)
 			break;
@@ -231,10 +236,14 @@
 {
 	struct audit_pipe *ap;
 
+	mtx_lock(&audit_pipe_mtx);
 	TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) {
-		if (audit_pipe_preselect_check(ap, auid, event, class, sorf))
+		if (audit_pipe_preselect_check(ap, auid, event, class, sorf)) {
+			mtx_lock(&audit_pipe_mtx);
 			return (1);
+		}
 	}
+	mtx_unlock(&audit_pipe_mtx);
 	return (0);
 }
 
@@ -376,6 +385,16 @@
 		return (NULL);
 	ap->ap_qlimit = AUDIT_PIPE_QLIMIT_DEFAULT;
 	TAILQ_INIT(&ap->ap_queue);
+
+	/*
+	 * Initialize pre-selection state to match all events by default, and
+	 * have no particular auid-specific entries.  This allows praudit(1)
+	 * to be run directly on an audit pipe without any configuration or
+	 * special handling.  However, it also requires that applications
+	 * flush the pipe after specifying preselection prequirements so that
+	 * they don't see events captured before they completed
+	 * configuration.
+	 */
 	bzero(&ap->ap_preselect_flags, sizeof(ap->ap_preselect_flags));
 	ap->ap_preselect_flags.am_success = 0xffffffff;
 	ap->ap_preselect_flags.am_failure = 0xffffffff;

More information about the trustedbsd-cvs mailing list