From owner-p4-projects@FreeBSD.ORG Wed Sep 1 01:19:23 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0C3B616A4D0; Wed, 1 Sep 2004 01:19:23 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF00516A4CE for ; Wed, 1 Sep 2004 01:19:22 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A26C743D54 for ; Wed, 1 Sep 2004 01:19:22 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i811JMYZ083516 for ; Wed, 1 Sep 2004 01:19:22 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i811JMDZ083513 for perforce@freebsd.org; Wed, 1 Sep 2004 01:19:22 GMT (envelope-from wsalamon@computer.org) Date: Wed, 1 Sep 2004 01:19:22 GMT Message-Id: <200409010119.i811JMDZ083513@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Subject: PERFORCE change 60776 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Sep 2004 01:19:23 -0000 http://perforce.freebsd.org/chv.cgi?CH=60776 Change 60776 by wsalamon@wsalamon_epi on 2004/09/01 01:18:29 Save the path into the audit record during lookup when a namei audit flags is on. Audit the chdir, chmod, chown, chflags, lchflags, lchown, and lchmod system calls to test the path auditing. (This needs more testing of the edge cases). Add the new l* audit events to audit_event. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/bsm/etc/audit_event#2 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_lookup.c#2 edit .. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#5 edit .. //depot/projects/trustedbsd/audit3/sys/sys/namei.h#2 edit Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/bsm/etc/audit_event#2 (text+ko) ==== @@ -8,7 +8,7 @@ 7:AUE_EXEC:exec(2):pc,ex 8:AUE_CHDIR:chdir(2):pc 9:AUE_MKNOD:mknod(2):ad -10:AUE_CHMOD:chmod(2):ad +10:AUE_CHMOD:chmod(2):fm 11:AUE_CHOWN:chown(2):fm 12:AUE_UMOUNT:umount(2) - old version:ad 13:AUE_JUNK:junk:no @@ -241,6 +241,7 @@ 313:AUE_SETTIMEOFDAY:settimeofday(2):ad 314:AUE_FLOCK:flock(2):fm 315:AUE_MKFIFO:mkfifo(2):fc +316:AUE_POLL:poll(2):fa 317:AUE_SOCKETPAIR:socketpair(2):nt 318:AUE_FUTIMES:futimes(2):fm 319:AUE_SETSID:setsid(2):pc @@ -277,13 +278,16 @@ 350:AUE_PTHREADKILL:pthread_kill(2):pc 351:AUE_PTHREADSIGMASK:pthread_sigmask(2):pc 352:AUE_AUDITCTL:auditctl(2):ad +353:AUE_RFORK:rfork(2):pc +354:AUE_LCHMOD:lchmod():fm 355:AUE_SWAPOFF:swapoff():ad 356:AUE_INITPROCESS:init_process():pc 357:AUE_MAPFD:map_fd():fa -358:AUE_TASKFORPID:task_for_pid():pc +358:AUE_LCHFLAGS:lchflags():fm 359:AUE_PIDFORTASK:pid_for_task():pc 360:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot 361:AUE_COPYFILE:copyfile():fr,fw +362:AUE_LUTIMES:lutimes(2):fm 6152:AUE_login:login - local:lo 6153:AUE_logout:logout - local:lo 6159:AUE_su:su(1):lo ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_lookup.c#2 (text+ko) ==== @@ -40,6 +40,8 @@ #include "opt_ktrace.h" #include "opt_mac.h" +#include + #include #include #include @@ -126,6 +128,12 @@ error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN, (size_t *)&ndp->ni_pathlen); + /* If we are auditing the kernel pathname, save the user pathname */ + if (cnp->cn_flags & AUDITVNPATH1) + AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH1); + if (cnp->cn_flags & AUDITVNPATH2) + AUDIT_ARG(upath, td, cnp->cn_pnbuf, ARG_UPATH2); + /* * Don't allow empty pathnames. */ @@ -422,6 +430,12 @@ VREF(dp); } ndp->ni_vp = dp; + + if (cnp->cn_flags & AUDITVNPATH1) + AUDIT_ARG(vnpath, dp, ARG_VNODE1); + else if (cnp->cn_flags & AUDITVNPATH2) + AUDIT_ARG(vnpath, dp, ARG_VNODE2); + if (!(cnp->cn_flags & (LOCKPARENT | LOCKLEAF))) VOP_UNLOCK(dp, 0, td); /* XXX This should probably move to the top of function. */ @@ -624,6 +638,11 @@ if (!wantparent) vrele(ndp->ni_dvp); + if (cnp->cn_flags & AUDITVNPATH1) + AUDIT_ARG(vnpath, dp, ARG_VNODE1); + else if (cnp->cn_flags & AUDITVNPATH2) + AUDIT_ARG(vnpath, dp, ARG_VNODE2); + if ((cnp->cn_flags & LOCKLEAF) == 0) VOP_UNLOCK(dp, 0, td); return (0); ==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#4 (text+ko) ==== @@ -747,7 +747,8 @@ struct nameidata nd; struct vnode *vp; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, pathseg, path, td); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | AUDITVNPATH1, pathseg, + path, td); if ((error = namei(&nd)) != 0) return (error); if ((error = change_dir(nd.ni_vp, td)) != 0) { @@ -2345,7 +2346,9 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, td); + AUDIT_ARG(fflags, uap->flags); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, UIO_USERSPACE, + uap->path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2368,7 +2371,9 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + AUDIT_ARG(fflags, uap->flags); + NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + uap->path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2465,7 +2470,8 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, FOLLOW, pathseg, path, td); + AUDIT_ARG(mode, mode); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2494,7 +2500,9 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_USERSPACE, uap->path, td); + AUDIT_ARG(mode, (mode_t)uap->mode); + NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, UIO_USERSPACE, + uap->path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2597,7 +2605,8 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, FOLLOW, pathseg, path, td); + AUDIT_ARG(owner, uid, gid); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNPATH1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); @@ -2636,7 +2645,8 @@ int error; struct nameidata nd; - NDINIT(&nd, LOOKUP, NOFOLLOW, pathseg, path, td); + AUDIT_ARG(owner, uid, gid); + NDINIT(&nd, LOOKUP, NOFOLLOW | AUDITVNPATH1, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); NDFREE(&nd, NDF_ONLY_PNBUF); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#5 (text+ko) ==== @@ -593,18 +593,21 @@ break; case AUE_CHFLAGS: + case AUE_LCHFLAGS: tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); KPATH1_VNODE1_OR_UPATH1_TOKENS; break; case AUE_CHMOD: + case AUE_LCHMOD: tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); kau_write(rec, tok); KPATH1_VNODE1_OR_UPATH1_TOKENS; break; case AUE_CHOWN: + case AUE_LCHOWN: tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid); kau_write(rec, tok); tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); ==== //depot/projects/trustedbsd/audit3/sys/sys/namei.h#2 (text+ko) ==== @@ -122,22 +122,24 @@ * name being sought. The caller is responsible for releasing the * buffer and for vrele'ing ni_startdir. */ -#define RDONLY 0x000200 /* lookup with read-only semantics */ -#define HASBUF 0x000400 /* has allocated pathname buffer */ -#define SAVENAME 0x000800 /* save pathname buffer */ -#define SAVESTART 0x001000 /* save starting directory */ -#define ISDOTDOT 0x002000 /* current component name is .. */ -#define MAKEENTRY 0x004000 /* entry is to be added to name cache */ -#define ISLASTCN 0x008000 /* this is last component of pathname */ -#define ISSYMLINK 0x010000 /* symlink needs interpretation */ -#define ISWHITEOUT 0x020000 /* found whiteout */ -#define DOWHITEOUT 0x040000 /* do whiteouts */ -#define WILLBEDIR 0x080000 /* new files will be dirs; allow trailing / */ -#define ISUNICODE 0x100000 /* current component name is unicode*/ -#define PDIRUNLOCK 0x200000 /* filesystem lookup() unlocked parent dir */ -#define NOCROSSMOUNT 0x400000 /* do not cross mount points */ -#define NOMACCHECK 0x800000 /* do not perform MAC checks */ -#define PARAMASK 0xfffe00 /* mask of parameter descriptors */ +#define RDONLY 0x00000200 /* lookup with read-only semantics */ +#define HASBUF 0x00000400 /* has allocated pathname buffer */ +#define SAVENAME 0x00000800 /* save pathname buffer */ +#define SAVESTART 0x00001000 /* save starting directory */ +#define ISDOTDOT 0x00002000 /* current component name is .. */ +#define MAKEENTRY 0x00004000 /* entry is to be added to name cache */ +#define ISLASTCN 0x00008000 /* this is last component of pathname */ +#define ISSYMLINK 0x00010000 /* symlink needs interpretation */ +#define ISWHITEOUT 0x00020000 /* found whiteout */ +#define DOWHITEOUT 0x00040000 /* do whiteouts */ +#define WILLBEDIR 0x00080000 /* new files will be dirs;allow trailing / */ +#define ISUNICODE 0x00100000 /* current component name is unicode*/ +#define PDIRUNLOCK 0x00200000 /* filesystem lookup() unlocked parent dir */ +#define NOCROSSMOUNT 0x00400000 /* do not cross mount points */ +#define NOMACCHECK 0x00800000 /* do not perform MAC checks */ +#define AUDITVNPATH1 0x01000000 /* audit the path/vnode information */ +#define AUDITVNPATH2 0x02000000 /* audit the path/vnode information */ +#define PARAMASK 0x03fffe00 /* mask of parameter descriptors */ /* * Initialization of a nameidata structure.