From owner-p4-projects@FreeBSD.ORG Tue Dec 14 20:49:50 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 108D310656C6; Tue, 14 Dec 2010 20:49:50 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C59A91065697 for ; Tue, 14 Dec 2010 20:49:49 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id B09FA8FC19 for ; Tue, 14 Dec 2010 20:49:49 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.4/8.14.4) with ESMTP id oBEKnnfJ099203 for ; Tue, 14 Dec 2010 20:49:49 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.4/8.14.4/Submit) id oBEKnnDi099199 for perforce@freebsd.org; Tue, 14 Dec 2010 20:49:49 GMT (envelope-from csjp@freebsd.org) Date: Tue, 14 Dec 2010 20:49:49 GMT Message-Id: <201012142049.oBEKnnDi099199@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 186939 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 20:49:50 -0000 http://p4web.freebsd.org/@@186939?ac=10 Change 186939 by csjp@csjp_hvm02 on 2010/12/14 20:49:04 Add support for the Solaris privilege and privilege set tokens. This fixes truncated record errors when processing Solaris created audit trails using openbsm. Sponsored by: Seccuris Inc. Submitted by: Dave Bertouille [1] [1] Dave added the support for the privilege set token. Affected files ... .. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 edit .. //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 (text+ko) ==== @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#48 $ + * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#49 $ */ #ifndef _LIBBSM_H_ @@ -671,6 +671,31 @@ } au_text_t; /* + * upriv status 1 byte + * privstr len 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +typedef struct { + u_int8_t sorf; + u_int16_t privstrlen; + char *priv; +} au_priv_t; + +/* +* privset +* privtstrlen 2 bytes +* privtstr N Bytes + 1 +* privstrlen 2 bytes +* privstr N Bytes + 1 +*/ +typedef struct { + u_int16_t privtstrlen; + char *privtstr; + u_int16_t privstrlen; + char *privstr; +} au_privset_t; + +/* * zonename length 2 bytes * zonename text N bytes + 1 NULL terminator */ @@ -748,6 +773,8 @@ au_invalid_t invalid; au_trailer_t trail; au_zonename_t zonename; + au_priv_t priv; + au_privset_t privset; } tt; /* The token is one of the above types */ }; ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 (text+ko) ==== @@ -32,7 +32,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#65 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#66 $ */ #include @@ -3380,7 +3380,114 @@ } } +static void +print_upriv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + + print_tok_type(fp, tok->id, "use of privilege", raw, xml); + if (xml) { + open_attr(fp, "status"); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + close_attr(fp); + open_attr(fp, "name"); + print_string(fp, tok->tt.priv.priv, + tok->tt.priv.privstrlen); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + if (tok->tt.priv.sorf) + (void) fprintf(fp, "successful use of priv"); + else + (void) fprintf(fp, "failed use of priv"); + print_delim(fp, del); + print_string(fp, tok->tt.priv.priv, + tok->tt.priv.privstrlen); + } +} + +/* + * status 1 byte + * privstrlen 2 bytes + * priv N bytes + 1 (\0 byte) + */ +static int +fetch_priv_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_CHAR(buf, len, tok->tt.priv.sorf, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.priv.privstrlen, tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.priv.priv, tok->tt.priv.privstrlen, + tok->len, err); + if (err) + return (-1); + return (0); +} + /* + * privtstrlen 1 byte + * privtstr N bytes + 1 + * privstrlen 1 byte + * privstr N bytes + 1 + */ +static int +fetch_privset_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privtstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen, tok->len, err); + if (err) + return (-1); + READ_TOKEN_U_INT16(buf, len, tok->tt.privset.privstrlen, + tok->len, err); + if (err) + return (-1); + SET_PTR((char *)buf, len, tok->tt.privset.privstr, + tok->tt.privset.privstrlen, tok->len, err); + if (err) + return (-1); + return (0); +} + +static void +print_privset_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + print_tok_type(fp, tok->id, "privilege", raw, xml); + if (xml) { + open_attr(fp, "type"); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + close_attr(fp); + open_attr(fp, "priv"); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + close_attr(fp); + } else { + print_delim(fp, del); + print_string(fp, tok->tt.privset.privtstr, + tok->tt.privset.privtstrlen); + print_delim(fp, del); + print_string(fp, tok->tt.privset.privstr, + tok->tt.privset.privstrlen); + } +} + +/* * audit ID 4 bytes * euid 4 bytes * egid 4 bytes @@ -4110,6 +4217,12 @@ case AUT_ZONENAME: return (fetch_zonename_tok(tok, buf, len)); + case AUT_UPRIV: + return (fetch_priv_tok(tok, buf, len)); + + case AUT_PRIV: + return (fetch_privset_tok(tok, buf, len)); + default: return (fetch_invalid_tok(tok, buf, len)); } @@ -4284,6 +4397,14 @@ print_zonename_tok(outfp, tok, del, oflags); return; + case AUT_UPRIV: + print_upriv_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + + case AUT_PRIV: + print_privset_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + default: print_invalid_tok(outfp, tok, del, oflags); } @@ -4433,6 +4554,14 @@ } break; + case AUT_UPRIV: + print_upriv_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + + case AUT_PRIV: + print_privset_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + default: errno = EINVAL; return (-1); ==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#94 $ + * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#95 $ */ #include @@ -92,6 +92,59 @@ /* * token ID 1 byte + * success/failure 1 byte + * privstrlen 2 bytes + * privstr N bytes + 1 (\0 byte) + */ +token_t * +au_to_upriv(char sorf, char *priv) +{ + u_int16_t textlen; + u_char *dptr; + token_t *t; + + textlen = strlen(priv) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) + + sizeof(u_int16_t) + textlen); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_UPRIV); + ADD_U_CHAR(dptr, sorf); + ADD_U_INT16(dptr, textlen); + ADD_STRING(dptr, priv, textlen); + return (t); +} + +/* + * token ID 1 byte + * privtstrlen 2 bytes + * privtstr N bytes + 1 + * privstrlen 2 bytes + * privstr N bytes + 1 + */ +token_t * +au_to_privset(char *privtypestr, char *privstr) +{ + u_int16_t type_len, priv_len; + u_char *dptr; + token_t *t; + + type_len = strlen(privtypestr) + 1; + priv_len = strlen(privstr) + 1; + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + type_len + priv_len); + if (t == NULL) + return (NULL); + ADD_U_CHAR(dptr, AUT_PRIV); + ADD_U_INT16(dptr, type_len); + ADD_STRING(dptr, privtypestr, type_len); + ADD_U_INT16(dptr, priv_len); + ADD_STRING(dptr, privstr, priv_len); + return (t); +} + +/* + * token ID 1 byte * argument # 1 byte * argument value 4 bytes/8 bytes (32-bit/64-bit value) * text length 2 bytes From owner-p4-projects@FreeBSD.ORG Thu Dec 16 22:22:23 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 825FE1065670; Thu, 16 Dec 2010 22:22:23 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C97B106566B for ; Thu, 16 Dec 2010 22:22:23 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 185C18FC16 for ; Thu, 16 Dec 2010 22:22:23 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.4/8.14.4) with ESMTP id oBGMMMqq037567 for ; Thu, 16 Dec 2010 22:22:22 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.4/8.14.4/Submit) id oBGMMM5O037564 for perforce@freebsd.org; Thu, 16 Dec 2010 22:22:22 GMT (envelope-from gpf@FreeBSD.org) Date: Thu, 16 Dec 2010 22:22:22 GMT Message-Id: <201012162222.oBGMMM5O037564@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 186990 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2010 22:22:23 -0000 http://p4web.freebsd.org/@@186990?ac=10 Change 186990 by gpf@gpf_desktop on 2010/12/16 22:21:41 first take on auditing firewall events: - now auditing the enabling/disabling of ipfw note: perhaps I should add an argument or extra events to differentiate between packet filtering of ipv4 & ipv6. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#8 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#6 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/netinet/ipfw/ip_fw_pfil.c#2 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#15 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#12 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#22 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/etc/audit_event#8 (text) ==== @@ -425,6 +425,12 @@ 2057:AUE_NFS_OPEN_WTC:nfsrv_open() - write, trunc, creat:fw,fd,fc,fa,fm 2058:AUE_NFS_OPEN_WT:nfsrv_open() - write, trunc:fw,fd,fa,fm # +# Firewall Events +# note: class 'aa' is only temporarily used +# +3000:AUE_PFIL_ENABLE:enable packet filtering:aa +3001:AUE_PFIL_DISABLE:disable packet filtering:aa +# # OpenBSM-specific kernel events. # 43001:AUE_GETFSSTAT:getfsstat(2):fa ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#6 (text) ==== @@ -447,6 +447,11 @@ #define AUE_NFS_OPEN_WC 2056 #define AUE_NFS_OPEN_WTC 2057 #define AUE_NFS_OPEN_WT 2058 +/* + * Firewall Events + */ +#define AUE_PFIL_ENABLE 3000 +#define AUE_PFIL_DISABLE 3001 /* * Audit event identifiers added as part of OpenBSM, generally corresponding ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/netinet/ipfw/ip_fw_pfil.c#2 (text+ko) ==== @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -63,6 +64,9 @@ #include +#include +#include + static VNET_DEFINE(int, fw_enable) = 1; #define V_fw_enable VNET(fw_enable) @@ -334,9 +338,17 @@ if (pfh == NULL) return ENOENT; + if (onoff) + AUDIT_PFIL_ENTER(AUE_PFIL_ENABLE, curthread); + else + AUDIT_PFIL_ENTER(AUE_PFIL_DISABLE, curthread); + (void) (onoff ? pfil_add_hook : pfil_remove_hook) (ipfw_check_hook, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh); + AUDIT_ARG_TEXT("ipfw"); + AUDIT_PFIL_EXIT(0, curthread); + return 0; } ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#15 (text) ==== @@ -901,7 +901,6 @@ } } - /* * audit_nfs_exit() is called from the return of every NFS pseudo-sys/call * that services an RPC by performing the various vnode operations. If the @@ -944,6 +943,118 @@ audit_tree_go_up(td); } +/* + * audit_pfil_enter is called just before executing a firewall event, whether + * that be an administrative or a network event. It is responsible for deciding + * whether or not to audit the call (preselection), and if so, allocating a + * per-thread audit record. audit_new() will fill in basic thread/credential + * properties. + */ +void +audit_pfil_enter(unsigned short event, struct thread *td) +{ + struct au_mask *aumask; + au_class_t class; + au_id_t auid; + struct kaudit_record *ar; + + /* + * Check which audit mask to use; either the kernel non-attributable + * event mask or the process audit mask. + */ + auid = td->td_ucred->cr_audit.ai_auid; + if (auid == AU_DEFAUDITID) + aumask = &audit_nae_mask; + else + aumask = &td->td_ucred->cr_audit.ai_mask; + + /* + * Allocate an audit record, if preselection allows it, and store in + * the thread for later use. + */ + class = au_event_class(event); + if (au_preselect(event, class, aumask, AU_PRS_BOTH)) { + /* + * If we're out of space and need to suspend unprivileged + * processes, do that here rather than trying to allocate + * another audit record. + * + * Note: we might wish to be able to continue here in the + * future, if the system recovers. That should be possible + * by means of checking the condition in a loop around + * cv_wait(). It might be desirable to reevaluate whether an + * audit record is still required for this event by + * re-calling au_preselect(). + */ + if (audit_in_failure && + priv_check(td, PRIV_AUDIT_FAILSTOP) != 0) { + cv_wait(&audit_fail_cv, &audit_mtx); + panic("audit_failing_stop: thread continued"); + } + td->td_pflags |= TDP_AUDITREC; + } + else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) + td->td_pflags |= TDP_AUDITREC; + else + td->td_pflags &= ~TDP_AUDITREC; + + /* + * We need to keep state, even if we are not auditing this event. + * The reason is that that we may encounter another security event, + * before this one is over. When we exit from the second event, we + * need a way to remember if we were auditing the first event or not. + */ + ar = audit_new(event, td); + if (ar != NULL) + audit_tree_insert(td, ar); + else { + audit_commit(td->td_ar); + td->td_pflags &= ~TDP_AUDITREC; + td->td_ar = NULL; + } +} + +/* + * audit_pfil_exit() is called from the return of a routine that services + * firewall events. If the current event is the root of the audit record + * tree structure, this function is responsible for commiting the whole + * audit record tree. Otherwise, it stores the return status & endtime; + * also it restores the auditing flag and td_ar to reflect the parent audit record. + */ +void +audit_pfil_exit(int error, struct thread *td) +{ + int retval; + + if (td->td_ar == NULL) + return; + + /* + * XXXgpf: In the case of firewall events, I don't think we need to worry + * about retval. + */ + if (error) + retval = -1; + else + retval = td->td_retval[0]; + + AUDIT_ENDTIME(); + AUDIT_ERROR(error); + AUDIT_RETVAL(retval); + + /* + * Commit the audit record tree; once we pass the records into + * audit_commit(), the memory is owned by the audit subsystem. + */ + if (td->td_ar->k_parent == NULL) { + audit_commit(td->td_ar); + td->td_ar = NULL; + td->td_pflags &= ~TDP_AUDITREC; + } + else + audit_tree_go_up(td); +} + void audit_cred_copy(struct ucred *src, struct ucred *dest) { ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#12 (text) ==== @@ -62,6 +62,9 @@ void audit_nfs_enter(unsigned int proc, struct ucred *user_cr, struct thread *td, int nfsprot); void audit_nfs_exit(int error, struct thread *td); +void audit_pfil_enter(unsigned short event, struct thread *td); +void audit_pfil_exit(int error, struct thread *td); + /* * The remaining kernel functions are conditionally compiled in as they are * wrapped by a macro, and the macro should be the only place in the source @@ -371,6 +374,8 @@ * of audit records, make td_ar point someplace else or change the value * of the thread's auditing flag. Audit records can persist after * auditing is disabled, so we don't just check audit_enabled here. + * + * same goes for all the other audit_X_exit() macros */ #define AUDIT_SYSCALL_EXIT(error, td) do { \ audit_syscall_exit(error, td); \ @@ -382,17 +387,20 @@ } \ } while (0) -/* - * audit_syscall_exit() needs to be called even if we are not auditing - * this particular event because we may have to commit a whole tree - * of audit records, make td_ar point someplace else or change the value - * of the thread's auditing flag. Audit records can persist after - * auditing is disabled, so we don't just check audit_enabled here. - */ #define AUDIT_NFS_EXIT(error, td) do { \ audit_nfs_exit(error, td); \ } while (0) +#define AUDIT_PFIL_ENTER(event, td) do { \ + if (audit_enabled) { \ + audit_pfil_enter(event, td); \ + } \ +} while (0) + +#define AUDIT_PFIL_EXIT(error, td) do { \ + audit_pfil_exit(error, td); \ +} while (0) + /* * A Macro to wrap the audit_sysclose() function. */ @@ -456,6 +464,9 @@ #define AUDIT_NFS_ENTER(proc, user_cr, td, prot) #define AUDIT_NFS_EXIT(error, td) +#define AUDIT_PFIL_ENTER(event, td) +#define AUDIT_PFIL_EXIT(error, td) + #endif /* AUDIT */ #endif /* !_SECURITY_AUDIT_KERNEL_H_ */ ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#22 (text) ==== @@ -1831,6 +1831,15 @@ } break; + /* FALLTHROUGH */ + case AUE_PFIL_ENABLE: + case AUE_PFIL_DISABLE: + if (ARG_IS_VALID(kar, ARG_TEXT)) { + tok = au_to_text(ar->ar_arg_text); + kau_write(rec, tok); + } + break; + case AUE_WAIT4: PROCESS_PID_TOKENS(1); if (ARG_IS_VALID(kar, ARG_VALUE)) { From owner-p4-projects@FreeBSD.ORG Sat Dec 18 17:01:35 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E605A1065697; Sat, 18 Dec 2010 17:01:34 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 900D71065672 for ; Sat, 18 Dec 2010 17:01:34 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [IPv6:2001:4f8:fff6::2d]) by mx1.freebsd.org (Postfix) with ESMTP id 73F478FC21 for ; Sat, 18 Dec 2010 17:01:34 +0000 (UTC) Received: from skunkworks.freebsd.org (localhost [127.0.0.1]) by skunkworks.freebsd.org (8.14.4/8.14.4) with ESMTP id oBIH1YP6065518 for ; Sat, 18 Dec 2010 17:01:34 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.4/8.14.4/Submit) id oBIH1YXU065511 for perforce@freebsd.org; Sat, 18 Dec 2010 17:01:34 GMT (envelope-from gpf@FreeBSD.org) Date: Sat, 18 Dec 2010 17:01:34 GMT Message-Id: <201012181701.oBIH1YXU065511@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 187034 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2010 17:01:35 -0000 http://p4web.freebsd.org/@@187034?ac=10 Change 187034 by gpf@gpf_desktop on 2010/12/18 17:01:26 bugfix: some of the functions in audit_arg.c were being called directly and not through the appropriate macros that check if we are auditing atm. e.g. This caused audit_arg_auditinfo() to pagefault because of a missing audit_record in case we were not auditing naflags:ad (for the setaudit syscall). Remember that now we *do* have an kaudit_record even if we are not auditing an event because we need to keep some state. The audit_record on the other hand is allocated on demand. I also added macros for other audit_arg_* functions that were missing. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.h#13 (text) ==== @@ -167,11 +167,26 @@ audit_arg_atfd2((atfd)); \ } while (0) +#define AUDIT_ARG_AUDITINFO(au_info) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_auditinfo((au_info)); \ +} while (0) + +#define AUDIT_ARG_AUDITINFO_ADDR(au_info) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_auditinfo_addr((au_info)); \ +} while (0) + #define AUDIT_ARG_AUDITON(udata) do { \ if (AUDITING_TD(curthread)) \ audit_arg_auditon((udata)); \ } while (0) +#define AUDIT_ARG_AUID(auid) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_auid((auid)); \ +} while (0) + #define AUDIT_ARG_CLIENTID(clientid) do { \ if (AUDITING_TD(curthread)) \ audit_arg_clientid((clientid)); \ @@ -187,6 +202,11 @@ audit_arg_cmd((cmd)); \ } while (0) +#define AUDIT_ARG_CTLNAME(name, namelen) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_ctlname((name), (namelen)); \ +} while (0) + #define AUDIT_ARG_DEV(dev) do { \ if (AUDITING_TD(curthread)) \ audit_arg_dev((dev)); \ @@ -237,6 +257,11 @@ audit_arg_groupset((gidset), (gidset_size)); \ } while (0) +#define AUDIT_ARG_LEN(len) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_len((len)); \ +} while (0) + #define AUDIT_ARG_LOCKOWNER(lockowner, size) do { \ if (AUDITING_TD(curthread)) \ audit_arg_lockowner((lockowner), (size)); \ @@ -247,6 +272,16 @@ audit_arg_locktype((locktype)); \ } while (0) +#define AUDIT_ARG_LOGIN(login) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_login((login)); \ +} while (0) + +#define AUDIT_ARG_MASK(mask) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_mask((mask)); \ +} while (0) + #define AUDIT_ARG_MODE(mode) do { \ if (AUDITING_TD(curthread)) \ audit_arg_mode((mode)); \ @@ -307,6 +342,31 @@ audit_arg_suid((suid)); \ } while (0) +#define AUDIT_ARG_SVIPC_CMD(cmd) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_cmd((cmd)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_PERM(perm) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_perm((perm)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_ID(id) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_id((id)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_ADDR(addr) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_addr((addr)); \ +} while (0) + +#define AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_svipc_ipc_perm((uid), (gid), (mode)); \ +} while (0) + #define AUDIT_ARG_TEXT(text) do { \ if (AUDITING_TD(curthread)) \ audit_arg_text((text)); \ @@ -415,9 +475,13 @@ #define AUDIT_ARG_ARGV(argv, argc, length) #define AUDIT_ARG_ATFD1(atfd) #define AUDIT_ARG_ATFD2(atfd) +#define AUDIT_ARG_AUDITINFO(au_info) +#define AUDIT_ARG_AUDITINFO_ADDR(au_info) #define AUDIT_ARG_AUDITON(udata) +#define AUDIT_ARG_AUID(auid) #define AUDIT_ARG_CLIENTID(clientid) #define AUDIT_ARG_CLIENTNAME(clientname, size) +#define AUDIT_ARG_CTLNAME(name, namelen) #define AUDIT_ARG_CMD(cmd) #define AUDIT_ARG_DEV(dev) #define AUDIT_ARG_EGID(egid) @@ -429,8 +493,11 @@ #define AUDIT_ARG_FFLAGS(fflags) #define AUDIT_ARG_GID(gid) #define AUDIT_ARG_GROUPSET(gidset, gidset_size) +#define AUDIT_ARG_LEN(len) #define AUDIT_ARG_LOCKOWNER(lockowner, size) #define AUDIT_ARG_LOCKTYPE(locktype) +#define AUDIT_ARG_LOGIN(login) +#define AUDIT_ARG_MASK(mask) #define AUDIT_ARG_MODE(mode) #define AUDIT_ARG_OWNER(uid, gid) #define AUDIT_ARG_PID(pid) @@ -443,6 +510,11 @@ #define AUDIT_ARG_SOCKADDR_IN(sin) #define AUDIT_ARG_SOCKET(sodomain, sotype, soprotocol) #define AUDIT_ARG_SUID(suid) +#define AUDIT_ARG_SVIPC_CMD(cmd) +#define AUDIT_ARG_SVIPC_PERM(perm) +#define AUDIT_ARG_SVIPC_ID(id) +#define AUDIT_ARG_SVIPC_ADDR(addr) +#define AUDIT_ARG_SVIPC_IPC_PERM(uid, gid, mode) #define AUDIT_ARG_TEXT(text) #define AUDIT_ARG_UID(uid) #define AUDIT_ARG_UPATH1(td, upath) ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_arg.c#10 (text) ==== @@ -52,7 +52,7 @@ /* * Calls to manipulate elements of the audit record structure from system - * call code. Macro wrappers will prevent this functions from being entered + * call code. Macro wrappers will prevent these functions from being entered * if auditing is disabled, avoiding the function call cost. We check the * thread audit record pointer anyway, as the audit condition could change, * and pre-selection may not have allocated an audit record for this event. ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_syscalls.c#2 (text) ==== @@ -586,7 +586,7 @@ error = copyin(uap->auid, &id, sizeof(id)); if (error) return (error); - audit_arg_auid(id); + AUDIT_ARG_AUID(id); newcred = crget(); PROC_LOCK(td->td_proc); oldcred = td->td_proc->p_ucred; @@ -651,7 +651,7 @@ error = copyin(uap->auditinfo, &ai, sizeof(ai)); if (error) return (error); - audit_arg_auditinfo(&ai); + AUDIT_ARG_AUDITINFO(&ai); newcred = crget(); PROC_LOCK(td->td_proc); oldcred = td->td_proc->p_ucred; @@ -711,7 +711,7 @@ error = copyin(uap->auditinfo_addr, &aia, sizeof(aia)); if (error) return (error); - audit_arg_auditinfo_addr(&aia); + AUDIT_ARG_AUDITINFO_ADDR(&aia); if (aia.ai_termid.at_type != AU_IPv6 && aia.ai_termid.at_type != AU_IPv4) return (EINVAL);