From owner-p4-projects@FreeBSD.ORG Sat Aug 7 16:49:47 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0958C106567B; Sat, 7 Aug 2010 16:49:47 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C112A1065679 for ; Sat, 7 Aug 2010 16:49:46 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id AD0AB8FC17 for ; Sat, 7 Aug 2010 16:49:46 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id o77GnkK3026127 for ; Sat, 7 Aug 2010 16:49:46 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.4/8.14.4/Submit) id o77GnkYD026125 for perforce@freebsd.org; Sat, 7 Aug 2010 16:49:46 GMT (envelope-from gpf@FreeBSD.org) Date: Sat, 7 Aug 2010 16:49:46 GMT Message-Id: <201008071649.o77GnkYD026125@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 182036 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Aug 2010 16:49:47 -0000 http://p4web.freebsd.org/@@182036?ac=10 Change 182036 by gpf@gpf_desktop on 2010/08/07 16:49:25 - 2 minor bug fixes for Audit - instead of using the "text token", introduce 2 new token types for a)the protocol used in NFS connections and b) the vnode type of the file that is being created by RPCs such as MKNOD(v3) or CREATE(v4). Looks much prettier now. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bsm/libbsm.h#4 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/libbsm/bsm_errno.c#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/libbsm/bsm_io.c#4 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_record.h#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_record.h#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#21 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_errno.c#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_klib.c#5 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_token.c#3 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#11 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/bsm/libbsm.h#4 (text) ==== @@ -502,6 +502,10 @@ au_tidaddr64_t tid; } au_proc64ex_t; +typedef struct { + u_int32_t protocol; +} au_protocol_t; + /* * error status 4 byte * return value 4 bytes/8 bytes (32-bit/64-bit value) @@ -661,6 +665,10 @@ char *text; } au_text_t; +typedef struct { + u_int32_t vtype; +} au_vtype_t; + /* * zonename length 2 bytes * zonename text N bytes + 1 NULL terminator @@ -723,6 +731,7 @@ au_proc32ex_t proc32_ex; au_proc64_t proc64; au_proc64ex_t proc64_ex; + au_protocol_t prot; au_ret32_t ret32; au_ret64_t ret64; au_seq_t seq; @@ -735,6 +744,7 @@ au_subject64_t subj64; au_subject64ex_t subj64_ex; au_text_t text; + au_vtype_t vtype; au_kevent_t kevent; au_invalid_t invalid; au_trailer_t trail; ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/libbsm/bsm_errno.c#3 (text) ==== @@ -680,7 +680,7 @@ #endif 1, ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/libbsm/bsm_io.c#4 (text) ==== @@ -60,6 +60,7 @@ #include #include +#include #include @@ -777,6 +778,44 @@ } /* + * prints a string value for the protocol used + */ +static void +print_protocol(FILE *fp, int protocol, char raw) +{ + char *protocols[] = { + "NFSv2", + "NFSv3", + "NFSv4", + "Unknown Protocol" + }; + char *prot; + + if (raw) + fprintf(fp, "%u", protocol); + else { + switch (protocol) { + case ND_NFSV2: + prot = protocols[0]; + break; + + case ND_NFSV3: + prot = protocols[1]; + break; + + case ND_NFSV4: + prot = protocols[2]; + break; + + default: + prot = protocols[3]; + break; + } + fprintf(fp, "%s", prot); + } +} + +/* * Prints return value as success or failure. */ static void @@ -805,6 +844,39 @@ } /* + * prints a string value for a vnode type + */ +static void +print_vtype(FILE *fp, int vtype, char raw) +{ + char *vtypes[] = { + "VNON", + "VREG", + "VDIR", + "VBLK", + "VCHR", + "VLNK", + "VSOCK", + "VFIFO", + "VBAD", + "VMARKER" + }; + char *vt; + + if (raw) + fprintf(fp, "%u", vtype); + else { + if (vtype != VCHR && vtype != VBLK && vtype != VSOCK && vtype != VFIFO + && vtype != VNON && vtype != VREG && vtype != VDIR && vtype != VLNK + && vtype != VBAD && vtype != VMARKER) + vt = vtypes[VBAD]; + else + vt = vtypes[vtype]; + fprintf(fp, "%s", vt); + } +} + +/* * Prints the exit value. */ static void @@ -2958,7 +3030,39 @@ } /* - * errno 1 byte + * protocol 4 bytes + */ +static int +fetch_protocol_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.prot.protocol, tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_protocol_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + + print_tok_type(fp, tok->id, "protocol", raw, xml); + if (xml) { + open_attr(fp, "protocol"); + print_protocol(fp, tok->tt.prot.protocol, raw); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_protocol(fp, tok->tt.prot.protocol, raw); + } +} + +/* + * errno 4 bytes * return value 4 bytes */ static int @@ -3826,6 +3930,39 @@ } /* + * vtype 4 bytes + */ +static int +fetch_vtype_tok(tokenstr_t *tok, u_char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.vtype.vtype, tok->len, err); + if (err) + return (-1); + + return (0); +} + + +static void +print_vtype_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + __unused char sfrm, int xml) +{ + + print_tok_type(fp, tok->id, "vnode type", raw, xml); + if (xml) { + open_attr(fp, "vtype"); + print_vtype(fp, tok->tt.vtype.vtype, raw); + close_attr(fp); + close_tag(fp, tok->id); + } else { + print_delim(fp, del); + print_vtype(fp, tok->tt.vtype.vtype, raw); + } +} + +/* * socket domain 2 bytes * socket type 2 bytes * address type 2 bytes @@ -4112,6 +4249,9 @@ case AUT_PROCESS64_EX: return (fetch_process64ex_tok(tok, buf, len)); + case AUT_PROTOCOL: + return (fetch_protocol_tok(tok, buf, len)); + case AUT_RETURN32: return (fetch_return32_tok(tok, buf, len)); @@ -4148,6 +4288,9 @@ case AUT_TEXT: return (fetch_text_tok(tok, buf, len)); + case AUT_VTYPE: + return (fetch_vtype_tok(tok, buf, len)); + case AUT_SOCKET_EX: return (fetch_socketex32_tok(tok, buf, len)); @@ -4278,6 +4421,10 @@ print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN, rawcred); return; + case AUT_PROTOCOL: + print_protocol_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -4326,6 +4473,10 @@ print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; + case AUT_VTYPE: + print_vtype_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); + return; + case AUT_SOCKET_EX: print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); return; @@ -4456,6 +4607,10 @@ print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML, rawcred); return; + case AUT_PROTOCOL: + print_protocol_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_RETURN32: print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML); return; @@ -4500,6 +4655,10 @@ print_text_tok(outfp, tok, del, raw, sfrm, AU_XML); return; + case AUT_VTYPE: + print_vtype_tok(outfp, tok, del, raw, sfrm, AU_XML); + return; + case AUT_SOCKET_EX: print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_XML); return; ==== //depot/projects/soc2010/gpf_audit/freebsd/src/contrib/openbsm/sys/bsm/audit_record.h#3 (text) ==== @@ -125,6 +125,10 @@ #define AUT_SOCKINET128 0x81 /* XXX */ #define AUT_SOCKUNIX 0x82 /* XXX */ +/* Yet more token identifiers */ +#define AUT_PROTOCOL 0x83 +#define AUT_VTYPE 0x84 + /* print values for the arbitrary token */ #define AUP_BINARY 0 #define AUP_OCTAL 1 @@ -170,6 +174,11 @@ #define AUT_TRAILER_MAGIC 0xb105 +/* NFS specific stuff */ +#define ND_NFSV2 0x00000004 +#define ND_NFSV3 0x00000008 +#define ND_NFSV4 0x00000010 + /* BSM library calls */ __BEGIN_DECLS ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_record.h#3 (text) ==== @@ -126,6 +126,10 @@ #define AUT_SOCKINET128 0x81 /* XXX */ #define AUT_SOCKUNIX 0x82 /* XXX */ +/* Yet more token identifiers */ +#define AUT_PROTOCOL 0x83 +#define AUT_VTYPE 0x84 + /* print values for the arbitrary token */ #define AUP_BINARY 0 #define AUP_OCTAL 1 @@ -247,6 +251,7 @@ au_tid_addr_t *tid); token_t *au_to_process64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid); +token_t *au_to_protocol(u_int32_t protocol); token_t *au_to_return(u_int32_t status, uint32_t ret); token_t *au_to_return32(u_int32_t status, uint32_t ret); token_t *au_to_return64(u_int32_t status, uint64_t ret); @@ -277,6 +282,7 @@ token_t *au_to_exec_env(char **envp); #endif token_t *au_to_text(const char *text); +token_t *au_to_vtype(u_int32_t vtype); token_t *au_to_kevent(struct kevent *kev); token_t *au_to_trailer(int rec_size); token_t *au_to_zonename(const char *zonename); ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#21 (text) ==== @@ -1584,7 +1584,7 @@ case AUE_NFS_CREATE: case AUE_NFS_MKNOD: if (ARG_IS_VALID(kar, ARG_VTYPE)) { - tok = au_to_text(audit_vtype_to_text(ar->ar_arg_vtype)); + tok = au_to_vtype(ar->ar_arg_vtype); kau_write(rec, tok); } @@ -1614,7 +1614,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } @@ -1637,7 +1637,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1650,7 +1650,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1667,7 +1667,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1680,7 +1680,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1694,7 +1694,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1722,7 +1722,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1741,7 +1741,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1790,7 +1790,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1807,7 +1807,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; @@ -1826,7 +1826,7 @@ kau_write(rec, tok); } if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { - tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + tok = au_to_protocol(ar->ar_arg_protocol); kau_write(rec, tok); } break; ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_errno.c#3 (text+ko) ==== @@ -682,7 +682,7 @@ #endif 1, ES("Key has been revoked") }, { BSM_ERRNO_EKEYREJECTED, -#ifdef EKEREJECTED +#ifdef EKEYREJECTED EKEYREJECTED, #else ERRNO_NO_LOCAL_MAPPING, ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_klib.c#5 (text) ==== @@ -589,59 +589,3 @@ } sbuf_finish(&sbf); } - -char * -audit_protocol_to_text(int protocol) -{ - char *protocols[] = { - "NFSv2", - "NFSv3", - "NFSv4", - "Unknown Protocol" - }; - char *prot; - - switch (protocol) { - case ND_NFSV2: - prot = protocols[0]; - break; - - case ND_NFSV3: - prot = protocols[1]; - break; - - case ND_NFSV4: - prot = protocols[2]; - break; - - default: - prot = protocols[3]; - break; - } - - return prot; -} - -char * -audit_vtype_to_text(int vtype) -{ - char *vtypes[] = { - "VNON", - "VREG", - "VDIR", - "VBLK", - "VCHR", - "VLNK", - "VSOCK", - "VFIFO", - "VBAD", - "VMARKER" - }; - - if (vtype != VCHR && vtype != VBLK && vtype != VSOCK && vtype != VFIFO - && vtype != VNON && vtype != VREG && vtype != VDIR && vtype != VLNK - && vtype != VBAD && vtype != VMARKER) - return vtypes[VBAD]; - else - return vtypes[vtype]; -} ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm_token.c#3 (text) ==== @@ -581,6 +581,24 @@ /* * token ID 1 byte + * vtype 4 bytes + */ +token_t * +au_to_vtype(u_int32_t vtype) +{ + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + + ADD_U_CHAR(dptr, AUT_VTYPE); + ADD_U_INT32(dptr, vtype); + + return (t); +} + +/* + * token ID 1 byte * path length 2 bytes * path N bytes + 1 terminating NULL byte */ @@ -786,6 +804,24 @@ /* * token ID 1 byte + * protocol 4 bytes + */ +token_t * +au_to_protocol(u_int32_t protocol) +{ + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t)); + + ADD_U_CHAR(dptr, AUT_PROTOCOL); + ADD_U_INT32(dptr, protocol); + + return (t); +} + +/* + * token ID 1 byte * error status 4 bytes * return value 4 bytes/8 bytes (32-bit/64-bit value) */ ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_private.h#11 (text) ==== @@ -268,7 +268,7 @@ #define ARG_SADDRINET 0x0000000000100000ULL #define ARG_SADDRINET6 0x0000000000200000ULL #define ARG_SADDRUNIX 0x0000000000400000ULL -#define ARG_TERMID_ADDR 0x0000000000400000ULL +#define ARG_TERMID_ADDR 0x0000000000800000ULL #define ARG_UNUSED2 0x0000000001000000ULL #define ARG_UPATH1 0x0000000002000000ULL #define ARG_UPATH2 0x0000000004000000ULL @@ -355,10 +355,6 @@ */ int audit_nfs_proc_to_event(unsigned int proc, au_event_t *event, int nfsprot); -#define ND_NFSV2 0x00000004 -#define ND_NFSV3 0x00000008 -#define ND_NFSV4 0x00000010 - #define NFS_READACCESS 0x00000001 #define NFS_WRITEACCESS 0x00000002 #define NFS_RWACCESS NFS_READACCESS | NFS_WRITEACCESS @@ -434,8 +430,6 @@ au_event_t audit_semctl_to_event(int cmr); void audit_canon_path(struct thread *td, char *path, char *cpath); au_event_t auditon_command_event(int cmd); -char * audit_protocol_to_text(int protocol); -char * audit_vtype_to_text(int vtype); /* * Audit trigger events notify user space of kernel audit conditions