PERFORCE change 164530 for review

Tue Jun 16 20:01:53 UTC 2009

http://perforce.freebsd.org/chv.cgi?CH=164530

Change 164530 by marinosi at marinosi_redrum on 2009/06/16 20:01:39

	Dynamic slice creation upon request implemented. Initialization system
	implemented too. The whole thing builds but remains untested and incomplete.

Affected files ...

.. //depot/projects/soc2009/marinosi_appaudit/src/sys/bsm/audit.h#3 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#4 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_private.h#4 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#2 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#3 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#3 edit

Differences ...

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/bsm/audit.h#3 (text) ====

@@ -128,7 +128,8 @@
 #define	A_SETCOND	38
 #define A_CREATESLICE	39
 #define A_UPDATESLICE	40
-#define A_REMOVESLICE	41
+#define A_GETSLICE 	41
+#define A_REMOVESLICE	42
 
 /*
  * Audit policy controls.

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#4 (text) ====

@@ -84,8 +84,14 @@
 SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
     "TrustedBSD audit controls");
 
+/* 
+ * The base audit slice statically declared.
+ */
 struct audit_slice 		*audit_base_slice = NULL;
 
+/* Audit slices queue */
+struct audit_slice_queue	audit_slice_q;
+
 /*
  * Kernel audit information.  This will store the current audit address
  * or host information that the kernel will use when it's generating
@@ -189,17 +195,35 @@
  * synchronization primitives, worker thread, and trigger device node.  Also
  * call into the BSM assembly code to initialize it.
  */
-static void
+void
 audit_init(void *arg)
 {
 
-	if ( audit_base_slice == NULL ) 
+	struct audit_slice *as;
+
+	/*
+	 * Initialize the slice queue and add every slice in it except the
+	 * base(no reason to be in the queue).
+	 */
+	TAILQ_INIT(&audit_slice_q);
+	if ( audit_base_slice == NULL && arg == NULL ) {
 		audit_base_slice = malloc(sizeof(*audit_base_slice), 
 				M_AUDITSLICE, M_WAITOK | M_ZERO);
+		/* 
+		 * If base slice is null allocate and then initialize the base 
+		 * slice first of all.
+		 */
+		as = audit_base_slice;
+	} else {
+		//as = (struct audit_slice *) arg;
+		as = malloc(sizeof(*as), M_AUDITSLICE, M_WAITOK | M_ZERO);
+		TAILQ_INSERT_TAIL(&audit_slice_q, as, as_q);
+	}
 
-	struct audit_slice *as = (struct audit_slice *) arg;
-	as = audit_base_slice;
-
+	/*
+	 * XXX: As M_ZERO flag is used during allocation, we may remove some
+	 * of the following initialization is useless.
+	 */
 	as->audit_enabled = 0;
 	as->audit_suspended = 0;
 	as->audit_panic_on_write_fail = 0;
@@ -634,3 +658,16 @@
 		ret = 1;
 	audit_commit(ar, errcode, ret);
 }
+
+/*
+ * audit_slice_destroy() is called through A_REMOVESLICE command of auditon()
+ * syscall to remove an existing slice ( except the base one!)
+ */
+void
+audit_slice_destroy(struct audit_slice *as)
+{
+	if (as != NULL) {
+		TAILQ_REMOVE(&audit_slice_q, as, as_q);
+		free(as, M_AUDITSLICE);
+	}
+}

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_private.h#4 (text) ====

@@ -132,6 +132,46 @@
 };
 typedef	struct au_qctrl64	au_qctrl64_t;
 
+#define AUDIT_SLICE_NAME_LEN 20
+#define AUDIT_DEV_NAME_LEN 20
+/*
+ * Helper data structure that keeps the data that are needed for new audit
+ * slice creation/modification/removal.This structure will be used with the
+ * auditon() syscall for all the audit slices except the base.
+ */
+struct au_slice_data {
+        char                            as_name[AUDIT_SLICE_NAME_LEN];
+	int				audit_enabled;
+	int				audit_suspended;
+        int                             audit_q_len;
+        int                             audit_pre_q_len;
+	int				audit_panic_on_write_fail;	
+	int				audit_fail_stop;	
+	int				audit_argv;	
+	int 				audit_arge;
+	int				audit_in_failure;
+	struct audit_fstat		audit_fstat;
+	struct au_mask			audit_nae_mask;
+        struct au_qctrl                 audit_qctrl;
+
+	int		 		audit_file_rotate_wait;
+	struct ucred			*audit_cred;
+	struct vnode			*audit_vp;
+
+
+
+	/*
+	 * Applications need their slice device to submit their audit records.
+	 * Device specific variables here.
+	 */
+	char				as_dev_name[AUDIT_DEV_NAME_LEN]; 
+	int 				as_dev_isopen;
+	uid_t				uid;
+	gid_t				gid;
+	int				perms;
+};
+typedef struct au_slice_data	au_slice_data_t;
+
 union auditon_udata {
 	char			*au_path;
 	int			au_cond;
@@ -150,6 +190,7 @@
 	au_stat_t		au_stat;
 	au_fstat_t		au_fstat;
 	auditinfo_addr_t	au_kau_info;
+	au_slice_data_t 	au_slice; /* Data used for audit slices, except the base*/
 };
 
 struct posix_ipc_perm {
@@ -229,6 +270,7 @@
 	struct sockaddr_storage ar_arg_sockaddr;
 };
 
+
 /*
  * Arguments in the audit record are initially not defined; flags are set to
  * indicate if they are present so they can be included in the audit log

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_slice.h#2 (text+ko) ====

@@ -152,18 +152,29 @@
 	uid_t				uid;
 	gid_t				gid;
 	int				perms;
+
+	/* 
+	 * Keep the several audit slices in a list 
+	 */
+	TAILQ_ENTRY(audit_slice)	as_q;
 };
+typedef struct audit_slice		audit_slice_t;
 
-typedef struct audit_slice	audit_slice_t;
+TAILQ_HEAD(audit_slice_queue, audit_slice);
 
 /* Static allocation of the base slice */
 extern struct audit_slice		*audit_base_slice;
 
+/* Audit slices queue */
+extern struct audit_slice_queue		audit_slice_q;
 
+
 /*
  * Audit related functions prototypes
  */
 
-void			 audit_rotate_vnode(struct ucred *cred,
-			    struct vnode *vp);
-void			 audit_worker_init(void *arg);
+void			audit_init(void *arg);
+void			audit_rotate_vnode(struct ucred *cred, 
+				struct vnode *vp);
+void			audit_worker_init(void *arg);
+void			audit_slice_destroy(struct audit_slice *as);

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_syscalls.c#3 (text) ====

@@ -541,19 +541,31 @@
 		return (audit_send_trigger(udata.au_trigger));
 
 	case A_CREATESLICE:
-		//if (uap->length != sizeof(udata.au_slice))
-		//	return (EINVAL);
+		if (uap->length != sizeof(udata.au_slice))
+			return (EINVAL);
+		/* Check if slice exists? */
+		if ((udata.au_slice.as_name == NULL))
+			return (EINVAL);
+		/* Passing null for testing purposes. TO be changed */
+		audit_init(NULL);
+		break;
+
+	case A_UPDATESLICE:
+		if (uap->length != sizeof(udata.au_slice))
+			return (EINVAL);
 		return (0);
 
-	case A_UPDATESLICE:
-		//if (uap->length != sizeof(udata.au_slice))
-		//	return (EINVAL);
+	case A_GETSLICE:
+		if (uap->length != sizeof(udata.au_slice))
+			return (EINVAL);
 		return (0);
 
 	case A_REMOVESLICE:
-		//if (uap->length != sizeof(udata.au_slice))
-		//	return (EINVAL);
-		return (0);
+		if (uap->length != sizeof(udata.au_slice))
+			return (EINVAL);
+		/* Passing null for testing purposes. TO be changed */
+		audit_slice_destroy(NULL);
+		break;
 
 	default:
 		return (EINVAL);

==== //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#3 (text) ====

@@ -384,9 +384,9 @@
 	struct kaudit_queue ar_worklist;
 	struct kaudit_record *ar;
 	int lowater_signal;
-
-	struct audit_slice *as = (struct audit_slice * ) arg;
-
+	struct audit_slice *as;
+       
+	as = (struct audit_slice * ) arg;
 	TAILQ_INIT(&ar_worklist);
 	mtx_lock(&(as->audit_mtx));
 	while (1) {
