From owner-p4-projects@FreeBSD.ORG  Fri May  7 15:11:56 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 295631065675; Fri,  7 May 2010 15:11:56 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E1D2C106566B
	for <perforce@FreeBSD.org>; Fri,  7 May 2010 15:11:55 +0000 (UTC)
	(envelope-from gpf@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id CF48C8FC0C
	for <perforce@FreeBSD.org>; Fri,  7 May 2010 15:11:55 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o47FBt09020627
	for <perforce@FreeBSD.org>; Fri, 7 May 2010 15:11:55 GMT
	(envelope-from gpf@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o47FBt6V020625
	for perforce@freebsd.org; Fri, 7 May 2010 15:11:55 GMT
	(envelope-from gpf@FreeBSD.org)
Date: Fri, 7 May 2010 15:11:55 GMT
Message-Id: <201005071511.o47FBt6V020625@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	gpf@FreeBSD.org using -f
From: Efstratios Karatzas <gpf@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 177910 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 15:11:56 -0000

http://p4web.freebsd.org/@@177910?ac=10

Change 177910 by gpf@gpf_desktop on 2010/05/07 15:11:31

	* added support for a few extra rpcs:
	(mkdir, readdir, link, symlink, readlink)
	* fixed a typo in a aue_nfs_event (readlink)
	* a few minor changes
	tested everything under ufs, seems ok
	procedures serviced: 8/23

Affected files ...

.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#3 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#3 edit

Differences ...

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/bsm/audit_kevents.h#3 (text) ====

@@ -392,7 +392,7 @@
 #define	AUE_NFS_SETATTR 2002
 #define	AUE_NFS_LOOKUP 2003
 #define	AUE_NFS_ACCESS 2004
-#define	AUE_NFS_REALINK 2005
+#define	AUE_NFS_READLINK 2005
 #define	AUE_NFS_READ 2006
 #define	AUE_NFS_WRITE 2007
 #define	AUE_NFS_CREATE 2008

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#3 (text+ko) ====

@@ -88,6 +88,8 @@
 #include <sys/bio.h>
 #include <sys/buf.h>
 
+/* xxxgpf: 4 debuging */
+#include <sys/types.h>
 #include <security/audit/audit.h>
 
 #include <vm/vm.h>
@@ -670,7 +672,7 @@
 	int error = 0, rdonly, i, tlen, len, getret;
 	int v3 = (nfsd->nd_flag & ND_NFSV3);
 	struct mbuf *mb, *mp3, *nmp, *mreq;
-	struct vnode *vp = NULL;
+	struct vnode *vp = NULL, *link_vp = NULL;
 	struct vattr attr;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
@@ -716,6 +718,7 @@
 	uiop->uio_td = NULL;
 	error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
 	    nam, &rdonly, TRUE);
+	link_vp = vp;	    
 	if (error) {
 		nfsm_reply(2 * NFSX_UNSIGNED);
 		if (v3)
@@ -755,6 +758,25 @@
 	if (vp)
 		vput(vp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (link_vp != NULL) {
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+			
+			AUDIT_ARG_VNODE1(link_vp);
+	
+			freepath = NULL;
+			vn_fullpath_global(td, link_vp, &fullpath, &freepath);
+	
+			if (freepath != NULL) {
+				AUDIT_ARG_UPATH1(td, fullpath);
+				free(freepath, M_TEMP);
+			}
+		}
+	}
+	
 	return(error);
 }
 
@@ -780,7 +802,7 @@
 	int v3 = (nfsd->nd_flag & ND_NFSV3), reqlen;
 	struct mbuf *mb, *mreq;
 	struct mbuf *m2;
-	struct vnode *vp = NULL, *vp_alt = NULL;
+	struct vnode *vp = NULL, *new_vp = NULL;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
 	struct uio io, *uiop = &io;
@@ -812,6 +834,7 @@
 
 	error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
 	    nam, &rdonly, TRUE);
+	new_vp = vp;
 	if (error) {
 		vp = NULL;
 		nfsm_reply(2 * NFSX_UNSIGNED);
@@ -821,8 +844,6 @@
 		goto nfsmout;
 	}
 	
-	vp_alt = vp;
-	
 	if (vp->v_type != VREG) {
 		if (v3)
 			error = EINVAL;
@@ -1009,16 +1030,20 @@
 	VFS_UNLOCK_GIANT(vfslocked);
 	
 	/* XXX AUDIT */	
-	if (vp_alt != NULL) {
-		char *fullpath, *freepath;
-		struct thread *td = curthread;
+	if (AUDITING_TD(curthread)) {
+		if (new_vp != NULL) {
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+
+			AUDIT_ARG_VNODE1(new_vp);
 
-		freepath = NULL;
-		vn_fullpath_global(td, vp_alt, &fullpath, &freepath);
+			freepath = NULL;
+			vn_fullpath_global(td, new_vp, &fullpath, &freepath);
 
-		if (freepath != NULL) {
-			AUDIT_ARG_UPATH1(td, fullpath);
-			free(freepath, M_TEMP);
+			if (freepath != NULL) {
+				AUDIT_ARG_UPATH1(td, fullpath);
+				free(freepath, M_TEMP);
+			}
 		}
 	}
 	
@@ -1050,7 +1075,7 @@
 	int stable = NFSV3WRITE_FILESYNC;
 	int v3 = (nfsd->nd_flag & ND_NFSV3);
 	struct mbuf *mb, *mreq;
-	struct vnode *vp = NULL, *vp_alt = NULL;;
+	struct vnode *vp = NULL, *new_vp = NULL;;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
 	struct uio io, *uiop = &io;
@@ -1130,6 +1155,7 @@
 	}
 	error = nfsrv_fhtovp(fhp, 1, &vp, &tvfslocked, nfsd, slp,
 	    nam, &rdonly, TRUE);
+	new_vp = vp;
 	vfslocked = nfsrv_lockedpair(vfslocked, tvfslocked);
 	if (error) {
 		vp = NULL;
@@ -1138,10 +1164,8 @@
 			nfsm_srvwcc_data(forat_ret, &forat, aftat_ret, vap);
 		error = 0;
 		goto nfsmout;
-	}
+	}	
 	
-	vp_alt = vp;
-	
 	if (v3)
 		forat_ret = VOP_GETATTR(vp, &forat, cred);
 	if (vp->v_type != VREG) {
@@ -1248,7 +1272,7 @@
 	
 	/* 
 	 * another way we could go about re-obtaining the vp from the file handle.
-	 * right now, I think i like the vp_alt method better
+	 * right now, I think i like the new_vp method better
 	 */
 	/*
 	if (vp == NULL) {
@@ -1258,20 +1282,23 @@
 		if (error) 
 			vp = NULL;
 	}
-	*/
-	
-	if (vp_alt != NULL) {		
-		char *fullpath, *freepath;
-		struct thread *td = curthread;
+	*/	
+	if (AUDITING_TD(curthread)) {
+		if (new_vp != NULL) {
+			struct thread *td = curthread;
+			char *fullpath, *freepath;		
+
+			AUDIT_ARG_VNODE1(new_vp);
 
-		freepath = NULL;
-		vn_fullpath_global(td, vp_alt, &fullpath, &freepath);
+			freepath = NULL;
+			vn_fullpath_global(td, new_vp, &fullpath, &freepath);
 
-		if (freepath != NULL) {
-			AUDIT_ARG_UPATH1(td, fullpath);
-			free(freepath, M_TEMP);
+			if (freepath != NULL) {
+				AUDIT_ARG_UPATH1(td, fullpath);
+				free(freepath, M_TEMP);
+			}
 		}
-	}	
+	}
 	
 	return(error);
 }
@@ -1573,34 +1600,36 @@
 	VFS_UNLOCK_GIANT(vfslocked);
 	
 	/* XXX AUDIT */	
-	if (nd.ni_vp != NULL && nd.ni_dvp != NULL) {
-		struct thread *td = curthread;
-		char *fullpath, *freepath;
-		char path[PATH_MAX];
-	
-		AUDIT_ARG_VNODE1(nd.ni_vp);
+	if (AUDITING_TD(curthread)) {
+		if (nd.ni_vp != NULL && nd.ni_dvp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;		
 		
-		freepath = NULL;
-		vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath);
-		
-		if (freepath != NULL) {
-			strlcpy(path, fullpath, sizeof(path));
-			free(freepath, M_TEMP);
-		}
-		/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
-		else {
-			vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);		
+			AUDIT_ARG_VNODE1(nd.ni_vp);
+			
+			freepath = NULL;
+			vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath);
+			
 			if (freepath != NULL) {
-				snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+				strlcpy(path, fullpath, sizeof(path));
 				free(freepath, M_TEMP);
 			}
-			/* last resort: just save the name of the new file */
-			else {
-				strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+			/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+			else if (nd.ni_cnd.cn_pnbuf != NULL) {
+				vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath);		
+				if (freepath != NULL) {
+					snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+					free(freepath, M_TEMP);
+				}
+				/* last resort: just save the name of the new file */
+				else {
+					strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+				}
 			}
+			
+			AUDIT_ARG_UPATH1(td, path);
 		}
-		
-		AUDIT_ARG_UPATH1(td, path);
 	}
 	
 	return (error);
@@ -1800,6 +1829,7 @@
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
 	return (error);
 }
 
@@ -2162,6 +2192,7 @@
 	int getret = 1, v3 = (nfsd->nd_flag & ND_NFSV3);
 	struct mbuf *mb, *mreq;
 	struct vnode *vp = NULL, *xp, *dirp = NULL;
+	struct vnode *new_vp = NULL, *parent_dir_vp = NULL;
 	struct vattr dirfor, diraft, at;
 	nfsfh_t nfh, dnfh;
 	fhandle_t *fhp, *dfhp;
@@ -2237,6 +2268,9 @@
 	}
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
 	error = VOP_LINK(nd.ni_dvp, vp, &nd.ni_cnd);
+	
+	parent_dir_vp = nd.ni_dvp;
+	new_vp = nd.ni_vp;
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	/* fall through */
 
@@ -2290,6 +2324,46 @@
 		vrele(nd.ni_vp);
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (parent_dir_vp != NULL && nd.ni_cnd.cn_pnbuf != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			freepath = NULL;
+			printf("mphkaaaaaaaaaaaaaaaa\n");
+			vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+			
+			if (freepath != NULL && nd.ni_cnd.cn_pnbuf) {
+				snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+				free(freepath, M_TEMP);
+			}
+			
+			AUDIT_ARG_UPATH1(td, path);
+		}
+		
+		if (vp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			AUDIT_ARG_VNODE1(vp);
+		
+			freepath = NULL;
+			printf("to vp den einai null\n");
+			vn_fullpath_global(td, vp, &fullpath, &freepath);
+			
+			if (freepath != NULL) {
+				strlcpy(path, fullpath, sizeof(path));
+				free(freepath, M_TEMP);
+			}
+			
+			AUDIT_ARG_UPATH2(td, path);
+		}
+	}
+	
 	return(error);
 }
 
@@ -2315,6 +2389,7 @@
 	int v3 = (nfsd->nd_flag & ND_NFSV3);
 	struct mbuf *mb, *mreq;
 	struct vnode *dirp = NULL;
+	struct vnode *symlink_vp = NULL, *parent_dir_vp = NULL;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
 	struct mount *mp = NULL;
@@ -2373,6 +2448,9 @@
 		error = EEXIST;
 		goto out;
 	}
+	
+	if (pathcp != NULL)
+		AUDIT_ARG_TEXT(pathcp);
 
 	/*
 	 * issue symlink op.  SAVESTART is set so the underlying path component
@@ -2385,6 +2463,10 @@
 		NDFREE(&nd, NDF_ONLY_PNBUF);
 	else
 		vput(nd.ni_vp);
+		
+	symlink_vp = nd.ni_vp;
+	parent_dir_vp = nd.ni_dvp;
+	
 	nd.ni_vp = NULL;
 	/*
 	 * releases directory prior to potential lookup op.
@@ -2473,6 +2555,40 @@
 
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (symlink_vp != NULL && parent_dir_vp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			AUDIT_ARG_VNODE1(symlink_vp);
+			
+			freepath = NULL;
+			vn_fullpath_global(td, symlink_vp, &fullpath, &freepath);
+			
+			if (freepath != NULL) {
+				strlcpy(path, fullpath, sizeof(path));
+				free(freepath, M_TEMP);
+			}
+			/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+			else if (nd.ni_cnd.cn_pnbuf != NULL) {
+				vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+				if (freepath != NULL) {
+					snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+					free(freepath, M_TEMP);
+				}
+				/* last resort: just save the name of the new file */
+				else {
+					strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+				}
+			}
+			
+			AUDIT_ARG_UPATH1(td, path);
+		}
+	}
+	
 	return (error);
 }
 
@@ -2497,6 +2613,7 @@
 	int v3 = (nfsd->nd_flag & ND_NFSV3);
 	struct mbuf *mb, *mreq;
 	struct vnode *dirp = NULL;
+	struct vnode *new_dir_vp = NULL, *parent_dir_vp = NULL;
 	int vpexcl = 0;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
@@ -2563,6 +2680,10 @@
 	if (vap->va_mode == (mode_t)VNOVAL)
 		vap->va_mode = 0;
 	error = VOP_MKDIR(nd.ni_dvp, &nd.ni_vp, &nd.ni_cnd, vap);
+	
+	new_dir_vp = nd.ni_vp;
+	parent_dir_vp = nd.ni_dvp;
+	
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	vpexcl = 1;
 
@@ -2617,7 +2738,6 @@
 	}
 	error = 0;
 	/* fall through */
-
 nfsmout:
 	if (nd.ni_dvp) {
 		NDFREE(&nd, NDF_ONLY_PNBUF);
@@ -2636,6 +2756,40 @@
 		vrele(dirp);
 	vn_finished_write(mp);
 	VFS_UNLOCK_GIANT(vfslocked);
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (new_dir_vp != NULL && parent_dir_vp != NULL) {
+			char path[PATH_MAX];
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+		
+			AUDIT_ARG_VNODE1(new_dir_vp);
+			
+			freepath = NULL;
+			vn_fullpath_global(td, new_dir_vp, &fullpath, &freepath);
+			
+			if (freepath != NULL) {
+				strlcpy(path, fullpath, sizeof(path));
+				free(freepath, M_TEMP);
+			}
+			/* if we fail to acquire a path from the new vnode, use the directory vnode instead */
+			else if (nd.ni_cnd.cn_pnbuf != NULL) {		
+				vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath);
+				if (freepath != NULL) {
+					snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf);
+					free(freepath, M_TEMP);
+				}
+				/* last resort: just save the name of the new file */
+				else {
+					strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path));
+				}
+			}
+			
+			AUDIT_ARG_UPATH1(td, path);
+		}
+	}
+	
 	return (error);
 }
 
@@ -2817,7 +2971,7 @@
 	caddr_t bpos;
 	struct mbuf *mb, *mreq;
 	char *cpos, *cend, *rbuf;
-	struct vnode *vp = NULL;
+	struct vnode *vp = NULL, *dir_vp = NULL;
 	struct vattr at;
 	nfsfh_t nfh;
 	fhandle_t *fhp;
@@ -2856,11 +3010,12 @@
 	fullsiz = siz;
 	error = nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, nfsd, slp,
 	    nam, &rdonly, TRUE);
+	dir_vp = vp;
 	if (!error && vp->v_type != VDIR) {
 		error = ENOTDIR;
 		vput(vp);
 		vp = NULL;
-	}
+	}	
 	if (error) {
 		nfsm_reply(NFSX_UNSIGNED);
 		if (v3)
@@ -3092,7 +3247,26 @@
 nfsmout:
 	if (vp)
 		vrele(vp);
-	VFS_UNLOCK_GIANT(vfslocked);
+	VFS_UNLOCK_GIANT(vfslocked);	
+	
+	/* XXX AUDIT */	
+	if (AUDITING_TD(curthread)) {
+		if (dir_vp != NULL) {
+			struct thread *td = curthread;
+			char *fullpath, *freepath;
+			
+			AUDIT_ARG_VNODE1(dir_vp);
+	
+			freepath = NULL;
+			vn_fullpath_global(td, dir_vp, &fullpath, &freepath);
+	
+			if (freepath != NULL) {
+				AUDIT_ARG_UPATH1(td, fullpath);
+				free(freepath, M_TEMP);
+			}
+		}
+	}
+	
 	return(error);
 }
 

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit.c#3 (text) ====

@@ -626,7 +626,7 @@
 		
 	case 5:
 		/* nfsrv_readlink */
-		*event = AUE_NFS_REALINK;
+		*event = AUE_NFS_READLINK;
 		break;
 		
 	case 6:

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#3 (text) ====

@@ -1580,18 +1580,39 @@
 		tok = au_to_arg32(0, "prev mask", ar->ar_retval);
 		kau_write(rec, tok);
 		break;
-
+	
+		
 	case AUE_NFS_CREATE:
+	case AUE_NFS_READ:
+	case AUE_NFS_WRITE:
+	case AUE_NFS_MKDIR:
+	case AUE_NFS_READDIR:
+	case AUE_NFS_READLINK:
 		if (ARG_IS_VALID(kar, ARG_MODE)) {
 			tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
 			kau_write(rec, tok);
 		}
-		/* FALLTHROUGH */
-
-	case AUE_NFS_READ:
-	case AUE_NFS_WRITE:
+	
+		UPATH1_VNODE1_TOKENS;
+		break;
+	
+	case AUE_NFS_SYMLINK:
+		if (ARG_IS_VALID(kar, ARG_TEXT)) {
+			tok = au_to_text(ar->ar_arg_text);
+			kau_write(rec, tok);
+		}
+		UPATH1_VNODE1_TOKENS;
+		break;
+	
+	case AUE_NFS_LINK:
 		UPATH1_VNODE1_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_MODE)) {
+			tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+			kau_write(rec, tok);
+		}		
+		UPATH2_TOKENS;
 		break;
+	
 
 	case AUE_WAIT4:
 		PROCESS_PID_TOKENS(1);