PERFORCE change 56936 for review

Wayne Salamon wsalamon at FreeBSD.org
Sat Jul 10 00:36:33 GMT 2004


http://perforce.freebsd.org/chv.cgi?CH=56936

Change 56936 by wsalamon at wsalamon_epi on 2004/07/10 00:35:35

	Merge in the remaining changes from the audit2 versions.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#2 (text+ko) ====

@@ -282,10 +282,8 @@
 token_t			*au_to_return64(char status, u_int64_t ret);
 token_t			*au_to_seq(long audit_count);
 token_t			*au_to_socket(struct socket *so);
-token_t			*au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, 
-				struct sockaddr *la, struct sockaddr *ta);
-token_t			*au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, 
-				struct sockaddr *la, struct sockaddr *ta);
+token_t			*au_to_socket_ex_32(struct socket *so);
+token_t			*au_to_socket_ex_128(struct socket *so);
 token_t			*au_to_sock_inet(struct sockaddr_in *so);
 token_t			*au_to_sock_inet32(struct sockaddr_in *so);
 token_t			*au_to_sock_inet128(struct sockaddr_in6 *so);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_klib.h#3 (text+ko) ====

@@ -37,7 +37,10 @@
  */
 token_t *kau_to_socket(struct socket_au_info *soi);
 token_t *kau_to_attr32(struct vnode_au_info *vni);
-token_t *kau_to_attr64(struct vnode_au_info *vni);
+
+/*
+ * audit_klib prototypes
+ */
 int au_preselect(au_event_t event, au_mask_t *mask_p, int sorf);
 au_event_t flags_and_error_to_openevent(int oflags, int error);
 void au_evclassmap_init(void);
@@ -47,8 +50,8 @@
 int auditon_command_event(int cmd);
 int msgctl_to_event(int cmd);
 int semctl_to_event(int cmr);
+void canon_path(struct thread *td, char *path, char *cpath);
 
-int canon_path(struct thread *td, char *path, char *cpath);
 /*
  * Define a system call to audit event mapping table.
  */

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#4 (text+ko) ====

@@ -631,7 +631,7 @@
 		    "flag\n"));
 		cv_wait(&audit_replacement_cv, &audit_mtx);
 		AUDIT_PRINTF(("audit_rotate_vnode: woken up (flag %d)\n",
-			audit_replacement_flag));
+		    audit_replacement_flag));
 	}
 	audit_replacement_cred = cred;
 	audit_replacement_flag = 1;
@@ -1678,6 +1678,9 @@
 	if (ar == NULL || td == NULL || so == NULL)
 		return;
 
+	/*
+	 * XXX: Do we need to lock the socket?
+	 */
 	bcopy(so, &ar->k_ar.ar_arg_sockaddr, sizeof(ar->k_ar.ar_arg_sockaddr));
 	switch (so->sa_family) {
 	case AF_INET:
@@ -2027,6 +2030,9 @@
 	if (vp == NULL)
 		return;
 
+	mtx_assert(&Giant, MA_OWNED);
+	ASSERT_VOP_LOCKED(vp, "audit_arg_vnpath")
+
 	ar = currecord();
 	if (ar == NULL)	/* This will be the case for unaudited system calls */
 		return;

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#4 (text+ko) ====

@@ -151,7 +151,8 @@
  * Close out the audit record by adding the header token, identifying 
  * any missing tokens.  Write out the tokens to the record memory.
  */
-void kau_close(struct au_record *rec, struct timespec *ctime, short event)
+void
+kau_close(struct au_record *rec, struct timespec *ctime, short event)
 {
 	u_char *dptr;
 	size_t tot_rec_size;

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#4 (text+ko) ====

@@ -21,14 +21,14 @@
  */
 
 #include <sys/param.h>
-#include <sys/vnode.h>
 #include <sys/fcntl.h>
 #include <sys/filedesc.h>
+#include <sys/libkern.h>
+#include <sys/malloc.h>
+#include <sys/proc.h>
 #include <sys/sem.h>
-#include <sys/malloc.h>
 #include <sys/sysctl.h>
-#include <sys/libkern.h>
-#include <sys/proc.h>
+#include <sys/vnode.h>
 
 #include <bsm/audit.h>
 #include <bsm/audit_kernel.h>
@@ -545,7 +545,7 @@
 	/* 
 	 * Perform the actual check of the masks against the event.
 	 */
-	if (sorf & AU_PRS_SUCCESS) {
+	if(sorf & AU_PRS_SUCCESS) {
 		effmask |= (mask_p->am_success & ae_class);
 	}
                         
@@ -811,7 +811,7 @@
  * written to the audit log. So we will leave the filename starting
  * with '/' in the audit log in this case.
  */
-int canon_path(struct thread *td, char *path, char *cpath)
+void canon_path(struct thread *td, char *path, char *cpath)
 {
 	char *bufp;
 	char **retbuf, **freebuf;
@@ -819,6 +819,8 @@
 	struct vnode *vnp;
 	struct filedesc *fdp;
 
+	mtx_assert(&Giant, MA_OWNED);
+
 	fdp = td->td_proc->p_fd;
 	bufp = path;
 	FILEDESC_LOCK(fdp);
@@ -844,6 +846,9 @@
 	FILEDESC_UNLOCK(fdp);
 	if (vnp != NULL) {
 		/*
+		 * XXX: Should lock vnode!
+		 */
+		/*
 		 * XXX: vn_fullpath() on FreeBSD is "less reliable"
 		 * than vn_getpath() on Darwin, so this will need more
 		 * attention in the future.  Also, the question and
@@ -866,5 +871,4 @@
 	} else {
 		strncpy(cpath, bufp, MAXPATHLEN);
 	}
-	return (0);
 }

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_token.c#4 (text+ko) ====

@@ -20,25 +20,25 @@
  * @APPLE_LICENSE_HEADER_END@
  */
 
-#include <sys/param.h>
-#include <sys/un.h>      
+#include <sys/param.h>      
 #include <sys/event.h>      
 #include <sys/libkern.h>      
 #include <sys/malloc.h>      
+#include <sys/un.h>      
 
 #include <bsm/audit.h>      
 #include <bsm/audit_record.h>      
 #include <bsm/audit_kernel.h>      
 #include <security/audit/audit_klib.h>      
 
-#define GET_TOKEN_AREA(tok, dptr, length) \
+#define	GET_TOKEN_AREA(tok, dptr, length) \
 	do {								\
 		tok = malloc(sizeof(*tok), M_AUDIT, M_WAITOK);		\
 		tok->len = length;					\
 		dptr = tok->t_data = malloc(length * sizeof(u_char),	\
 		    M_AUDIT, M_WAITOK);					\
 		memset(tok->t_data, 0, length);				\
-	}while(0)
+	} while(0)
 
 /*
  * token ID                1 byte
@@ -137,8 +137,6 @@
 {
 	token_t *t;
 	u_char *dptr;
-	u_int64_t fileid;
-	u_int16_t pad0_16 = 0;
 	u_int32_t pad0_32 = 0;
 
 	if(vni == NULL) {
@@ -151,27 +149,14 @@
 	}
 
 	ADD_U_CHAR(dptr, AU_ATTR32_TOKEN);
-
-	/* 
-	 * Darwin defines the size for the file mode as 2 bytes; 
-	 * BSM defines 4. So we copy in a 0 first.
-	 */
-	ADD_U_INT16(dptr, pad0_16);
-	ADD_U_INT16(dptr, vni->vn_mode);
-
+	ADD_U_INT32(dptr, vni->vn_mode);
 	ADD_U_INT32(dptr, vni->vn_uid);
 	ADD_U_INT32(dptr, vni->vn_gid);
 	ADD_U_INT32(dptr, vni->vn_fsid);
-
-	/* 
-	 * Darwin defines the size for fileid as 4 bytes; 
-	 * BSM defines 8. So we copy in a 0 first.
-	 */
-	fileid = vni->vn_fileid;
+	/* Pad four bytes for the file ID due to BSM's need for 8 bytes */
 	ADD_U_INT32(dptr, pad0_32);
-	ADD_U_INT32(dptr, fileid);
-
-	ADD_U_INT32(dptr, vni->vn_dev);
+	ADD_U_INT32(dptr, vni->vn_fileid);
+	ADD_U_INT32(dptr, vni->vn_gen);
 	
 	return t;
 }
@@ -202,15 +187,9 @@
 	return t;
 }
 
-token_t *kau_to_attr64(struct vnode_au_info *vni)
-{
-	return NULL;
-}
-
 token_t *au_to_attr(struct vattr *attr)
 {
 	return au_to_attr32(attr);
-
 }
 
 
@@ -438,7 +417,6 @@
 {
 	token_t *t;
 	u_char *dptr;
-	u_int16_t pad0 = 0;
 
 	if(perm == NULL) {
 		return NULL;
@@ -448,34 +426,16 @@
 	if(t == NULL) {
 		return NULL;
 	}
-				
-	/* 
-	 * Darwin defines the sizes for ipc_perm members
-	 * as 2 bytes; BSM defines 4. So we copy in a 0 first.
-	 */
+
 	ADD_U_CHAR(dptr, AU_IPCPERM_TOKEN);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->uid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->gid);
+	ADD_U_INT32(dptr, perm->uid);
+	ADD_U_INT32(dptr, perm->gid);
+	ADD_U_INT32(dptr, perm->cuid);
+	ADD_U_INT32(dptr, perm->cgid);
+	ADD_U_INT32(dptr, perm->mode);
+	ADD_U_INT32(dptr, perm->seq);
+	ADD_U_INT32(dptr, perm->key);
 
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->cuid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->cgid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->mode);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->seq);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->key);
-
 	return t;
 }
 
@@ -528,6 +488,7 @@
 	return t;
 }
 
+#ifdef _KERNEL
 /*
  * Kernel version of the add file token function, where the time value 
  * is passed in as an additional parameter.
@@ -570,8 +531,8 @@
 	ADD_STRING(dptr, file, filelen);
 	 
 	return t;
-
 }
+#endif
 
 /*
  * token ID                1 byte
@@ -688,7 +649,30 @@
 		               uid_t ruid, gid_t rgid, pid_t pid,
 		               au_asid_t sid, au_tid_t *tid)
 {
-	return NULL;
+	token_t *t;
+	u_char *dptr;
+	
+	if(tid == NULL) {
+		return NULL;
+	}
+
+	GET_TOKEN_AREA(t, dptr, 41);
+	if(t == NULL) {
+		return NULL;
+	}
+						 
+	ADD_U_CHAR(dptr, AU_PROCESS_64_TOKEN);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_U_INT32(dptr, tid->machine);
+	 
+	return t;
 }
 
 token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
@@ -752,7 +736,34 @@
 		               	   uid_t ruid, gid_t rgid, pid_t pid,
 		                   au_asid_t sid, au_tid_addr_t *tid)
 {
-	return NULL;
+	token_t *t;
+	u_char *dptr;
+	
+	if(tid == NULL) {
+		return NULL;
+	}
+
+	GET_TOKEN_AREA(t, dptr, 57);
+	if(t == NULL) {
+		return NULL;
+	}
+						 
+	ADD_U_CHAR(dptr, AU_PROCESS_64_EX_TOKEN);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	ADD_U_INT32(dptr, tid->at_addr[0]);
+	ADD_U_INT32(dptr, tid->at_addr[1]);
+	ADD_U_INT32(dptr, tid->at_addr[2]);
+	ADD_U_INT32(dptr, tid->at_addr[3]);
+	 
+	return t;
 }
 
 token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
@@ -840,12 +851,13 @@
  */
 token_t *au_to_socket(struct socket *so)
 {
-	return NULL;
+	return au_to_socket_ex_32(so);
 }
 
 /*
  * Kernel-specific version of the above function.
  */
+#ifdef _KERNEL
 token_t *kau_to_socket(struct socket_au_info *soi)
 {
 	token_t *t;
@@ -872,6 +884,7 @@
 
 	return t;
 }
+#endif
 
 /*
  * token ID                1 byte
@@ -883,14 +896,12 @@
  * address type/length     4 bytes
  * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
  */
-token_t *au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, 
-	struct sockaddr *la, struct sockaddr *ra)
+token_t *au_to_socket_ex_32(struct socket *so)
 {
 	return NULL;
 }
 
-token_t *au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, 
-	struct sockaddr *la, struct sockaddr *ra)
+token_t *au_to_socket_ex_128(struct socket *so)
 {
 	return NULL;
 }
@@ -1038,15 +1049,38 @@
 }
 
 token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid,
-						uid_t ruid, gid_t rgid, pid_t pid,
-						au_asid_t sid, au_tid_t *tid)
+			uid_t ruid, gid_t rgid, pid_t pid,
+			au_asid_t sid, au_tid_t *tid)
 {
-	return NULL;
+	token_t *t;
+	u_char *dptr;
+	
+	if(tid == NULL) {
+		return NULL;
+	}
+
+	GET_TOKEN_AREA(t, dptr, 41);
+	if(t == NULL) {
+		return NULL;
+	}
+						 
+	ADD_U_CHAR(dptr, AU_SUBJECT_64_TOKEN);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->port);
+	ADD_U_INT32(dptr, tid->machine);
+	 
+	return t;
 }
 
 token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
-						uid_t ruid, gid_t rgid, pid_t pid,
-						au_asid_t sid, au_tid_t *tid)
+			uid_t ruid, gid_t rgid, pid_t pid,
+			au_asid_t sid, au_tid_t *tid)
 {
 	return au_to_subject32(auid, euid, egid, ruid, rgid,
 			pid, sid, tid); 
@@ -1105,7 +1139,34 @@
 	                       gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,
 		                   au_asid_t sid, au_tid_addr_t *tid)
 {
-	return NULL;
+	token_t *t;
+	u_char *dptr;
+	
+	if(tid == NULL) {
+		return NULL;
+	}
+
+	GET_TOKEN_AREA(t, dptr, 57);
+	if(t == NULL) {
+		return NULL;
+	}
+						 
+	ADD_U_CHAR(dptr, AU_SUBJECT_64_EX_TOKEN);
+	ADD_U_INT32(dptr, auid);
+	ADD_U_INT32(dptr, euid);
+	ADD_U_INT32(dptr, egid);
+	ADD_U_INT32(dptr, ruid);
+	ADD_U_INT32(dptr, rgid);
+	ADD_U_INT32(dptr, pid);
+	ADD_U_INT32(dptr, sid);
+	ADD_U_INT64(dptr, tid->at_port);
+	ADD_U_INT32(dptr, tid->at_type);
+	ADD_U_INT32(dptr, tid->at_addr[0]);
+	ADD_U_INT32(dptr, tid->at_addr[1]);
+	ADD_U_INT32(dptr, tid->at_addr[2]);
+	ADD_U_INT32(dptr, tid->at_addr[3]);
+	 
+	return t;
 }
 
 token_t *au_to_subject_ex(au_id_t auid, uid_t euid,
@@ -1216,7 +1277,7 @@
 	return t;
 }
 
-
+#ifdef _KERNEL
 /*
  * Kernel version of the BSM header token functions. These versions take 
  * a timespec struct as an additional parameter in order to obtain the
@@ -1257,7 +1318,26 @@
 token_t *kau_to_header64(struct timespec *ctime, int rec_size, 
 			  au_event_t e_type, au_emod_t e_mod)
 {
-	return NULL;
+	token_t *t;
+	u_char *dptr;
+	u_int32_t timems = ctime->tv_nsec/1000000; /* We need time in ms */
+	
+	GET_TOKEN_AREA(t, dptr, 26);
+	if(t == NULL) {
+		return NULL;
+	}
+						 
+	ADD_U_CHAR(dptr, AU_HEADER_64_TOKEN);
+	ADD_U_INT32(dptr, rec_size);
+	ADD_U_CHAR(dptr, HEADER_VERSION);
+	ADD_U_INT16(dptr, e_type);
+	ADD_U_INT16(dptr, e_mod);
+
+	/* Add the timestamp */
+	ADD_U_INT32(dptr, ctime->tv_sec);
+	ADD_U_INT32(dptr, timems); 
+
+	return t;
 }
 
 token_t *kau_to_header(struct timespec *ctime, int rec_size, 
@@ -1265,6 +1345,7 @@
 {
 	return kau_to_header32(ctime, rec_size, e_type, e_mod);
 }
+#endif
 
 /*
  * token ID                1 byte
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list