PERFORCE change 96595 for review

Wed May 3 15:44:18 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=96595

Change 96595 by rwatson at rwatson_zoo on 2006/05/03 15:43:11

	Default pre-selection masks for pipes to be full tracking, so that
	praudit on /dev/auditpipe will "just work".  Add a flush ioctl that
	applications can use to empty a pipe of records that may not
	interest them, but were queued before they set up preselection.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#7 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#16 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#7 (text+ko) ====

@@ -59,7 +59,8 @@
 					    struct auditpipe_preselect)
 #define	AUDITPIPE_SET_PRESELECT_AUID	_IOW(AUDITPIPE_IOBASE, 11,	\
 					    struct auditpipe_preselect)
-#define	AUDITPIPE_FLUSH_PRESELECT_AUID	_IO(AUDITPIPE_IOBASE, 11)
+#define	AUDITPIPE_FLUSH_PRESELECT_AUID	_IO(AUDITPIPE_IOBASE, 12)
+#define	AUDITPIPE_FLUSH			_IO(AUDITPIPE_IOBASE, 13)
 
 /*
  * Ioctls to retrieve audit pipe statistics.

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#16 (text+ko) ====

@@ -377,7 +377,11 @@
 	ap->ap_qlimit = AUDIT_PIPE_QLIMIT_DEFAULT;
 	TAILQ_INIT(&ap->ap_queue);
 	bzero(&ap->ap_preselect_flags, sizeof(ap->ap_preselect_flags));
+	ap->ap_preselect_flags.am_success = 0xffffffff;
+	ap->ap_preselect_flags.am_failure = 0xffffffff;
 	bzero(&ap->ap_preselect_naflags, sizeof(ap->ap_preselect_naflags));
+	ap->ap_preselect_naflags.am_success = 0xffffffff;
+	ap->ap_preselect_naflags.am_failure = 0xffffffff;
 	TAILQ_INIT(&ap->ap_preselect_list);
 
 	TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list);
@@ -388,11 +392,10 @@
 }
 
 /*
- * Free an audit pipe.  Assumes mutex is held, audit_pipe is still on the
- * global list.  Frees any audit pipe entries in the queue.
+ * Flush all records from an audit pipe; assume mutex is held.
  */
 static void
-audit_pipe_free(struct audit_pipe *ap)
+audit_pipe_flush(struct audit_pipe *ap)
 {
 	struct audit_pipe_entry *ape;
 
@@ -405,6 +408,17 @@
 		ap->ap_qlen--;
 	}
 	KASSERT(ap->ap_qlen == 0, ("audit_pipe_free: ap_qlen"));
+}
+
+/*
+ * Free an audit pipe.  Assumes mutex is held, audit_pipe is still on the
+ * global list.  Frees any audit pipe entries in the queue.
+ */
+static void
+audit_pipe_free(struct audit_pipe *ap)
+{
+
+	audit_pipe_flush(ap);
 	free(ap, M_AUDIT_PIPE);
 	audit_pipe_count--;
 }
@@ -621,6 +635,11 @@
 		error = EOPNOTSUPP;
 		break;
 
+	case AUDITPIPE_FLUSH:
+		audit_pipe_flush(ap);
+		error = 0;
+		break;
+
 	case AUDITPIPE_GET_INSERTS:
 		*(u_int *)data = ap->ap_inserts;
 		error = 0;
