From owner-p4-projects@FreeBSD.ORG Sat May 8 11:37:30 2010 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 0F51B1065673; Sat, 8 May 2010 11:37:30 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C78B4106564A for ; Sat, 8 May 2010 11:37:29 +0000 (UTC) (envelope-from gpf@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id B4CAC8FC08 for ; Sat, 8 May 2010 11:37:29 +0000 (UTC) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o48BbTaw084980 for ; Sat, 8 May 2010 11:37:29 GMT (envelope-from gpf@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o48BbTmK084978 for perforce@freebsd.org; Sat, 8 May 2010 11:37:29 GMT (envelope-from gpf@FreeBSD.org) Date: Sat, 8 May 2010 11:37:29 GMT Message-Id: <201005081137.o48BbTmK084978@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to gpf@FreeBSD.org using -f From: Efstratios Karatzas To: Perforce Change Reviews Precedence: bulk Cc: Subject: PERFORCE change 177947 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 May 2010 11:37:30 -0000 http://p4web.freebsd.org/@@177947?ac=10 Change 177947 by gpf@gpf_desktop on 2010/05/08 11:36:30 * added audit support for 3 more rpcs: (rename, remove, removedir) ufs testing seemed ok * removed some dbg printf()s i had forgotten xD * a few minor changes. not happy about how my vnode * vars are named, perhaps I will add a "AUDIT_" prefix. procedures serviced (11/23) Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#4 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#4 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#4 (text+ko) ==== @@ -672,7 +672,8 @@ int error = 0, rdonly, i, tlen, len, getret; int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mp3, *nmp, *mreq; - struct vnode *vp = NULL, *link_vp = NULL; + struct vnode *vp = NULL; + struct vnode *link_vp = NULL; struct vattr attr; nfsfh_t nfh; fhandle_t *fhp; @@ -769,7 +770,6 @@ freepath = NULL; vn_fullpath_global(td, link_vp, &fullpath, &freepath); - if (freepath != NULL) { AUDIT_ARG_UPATH1(td, fullpath); free(freepath, M_TEMP); @@ -802,7 +802,8 @@ int v3 = (nfsd->nd_flag & ND_NFSV3), reqlen; struct mbuf *mb, *mreq; struct mbuf *m2; - struct vnode *vp = NULL, *new_vp = NULL; + struct vnode *vp = NULL; + struct vnode *new_vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -1039,7 +1040,6 @@ freepath = NULL; vn_fullpath_global(td, new_vp, &fullpath, &freepath); - if (freepath != NULL) { AUDIT_ARG_UPATH1(td, fullpath); free(freepath, M_TEMP); @@ -1075,7 +1075,8 @@ int stable = NFSV3WRITE_FILESYNC; int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; - struct vnode *vp = NULL, *new_vp = NULL;; + struct vnode *vp = NULL; + struct vnode *new_vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -1282,17 +1283,16 @@ if (error) vp = NULL; } - */ + */ if (AUDITING_TD(curthread)) { if (new_vp != NULL) { struct thread *td = curthread; - char *fullpath, *freepath; + char *fullpath, *freepath; AUDIT_ARG_VNODE1(new_vp); freepath = NULL; vn_fullpath_global(td, new_vp, &fullpath, &freepath); - if (freepath != NULL) { AUDIT_ARG_UPATH1(td, fullpath); free(freepath, M_TEMP); @@ -1604,20 +1604,19 @@ if (nd.ni_vp != NULL && nd.ni_dvp != NULL) { char path[PATH_MAX]; struct thread *td = curthread; - char *fullpath, *freepath; + char *fullpath, *freepath; AUDIT_ARG_VNODE1(nd.ni_vp); freepath = NULL; vn_fullpath_global(td, nd.ni_vp, &fullpath, &freepath); - if (freepath != NULL) { strlcpy(path, fullpath, sizeof(path)); free(freepath, M_TEMP); } /* if we fail to acquire a path from the new vnode, use the directory vnode instead */ else if (nd.ni_cnd.cn_pnbuf != NULL) { - vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath); + vn_fullpath_global(td, nd.ni_dvp, &fullpath, &freepath); if (freepath != NULL) { snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf); free(freepath, M_TEMP); @@ -1627,7 +1626,7 @@ strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path)); } } - + AUDIT_ARG_UPATH1(td, path); } } @@ -1850,6 +1849,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *dirp; + struct vnode *parent_dvp = NULL; struct vattr dirfor, diraft; nfsfh_t nfh; fhandle_t *fhp; @@ -1876,6 +1876,12 @@ nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE; error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, FALSE); + + parent_dvp = nd.ni_dvp; + if (nd.ni_vp != NULL) { + AUDIT_ARG_VNODE1(nd.ni_vp); + } + vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd); if (dirp && !v3) { vrele(dirp); @@ -1939,6 +1945,29 @@ vput(nd.ni_vp); vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); + + /* XXX AUDIT */ + if (AUDITING_TD(curthread)) { + struct thread *td = curthread; + char path[PATH_MAX]; + char *fullpath, *freepath; + + if (parent_dvp != NULL && nd.ni_cnd.cn_pnbuf != NULL) { + /* use the directory vnode to acquire the old path */ + freepath = NULL; + vn_fullpath_global(td, parent_dvp, &fullpath, &freepath); + if (freepath != NULL) { + snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf); + free(freepath, M_TEMP); + } + /* last resort: just save the name of the deleted dir */ + else { + strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path)); + } + AUDIT_ARG_UPATH1(td, path); + } + } + return(error); } @@ -1960,6 +1989,7 @@ struct mbuf *mb, *mreq; struct nameidata fromnd, tond; struct vnode *fvp, *tvp, *tdvp, *fdirp = NULL; + struct vnode *from_dvp = NULL, *to_dvp = NULL, *vp = NULL; struct vnode *tdirp = NULL; struct vattr fdirfor, fdiraft, tdirfor, tdiraft; nfsfh_t fnfh, tnfh; @@ -2026,6 +2056,11 @@ error = nfs_namei(&tond, nfsd, tfhp, len2, slp, nam, &md, &dpos, &tdirp, v3, &tdirfor, &tdirfor_ret, FALSE); vfslocked = nfsrv_lockedpair_nd(vfslocked, &tond); + + from_dvp = fromnd.ni_dvp; + to_dvp = tond.ni_dvp; + vp = fromnd.ni_vp; + if (tdirp && !v3) { vrele(tdirp); tdirp = NULL; @@ -2172,6 +2207,48 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); + + /* XXX AUDIT */ + if (AUDITING_TD(curthread)) { + struct thread *td = curthread; + char path[PATH_MAX]; + char *fullpath, *freepath; + + if (from_dvp != NULL && fromnd.ni_cnd.cn_pnbuf != NULL) { + /* use the directory vnode to acquire the old path */ + freepath = NULL; + vn_fullpath_global(td, from_dvp, &fullpath, &freepath); + if (freepath != NULL) { + snprintf(path, sizeof(path), "%s/%s", fullpath, fromnd.ni_cnd.cn_pnbuf); + free(freepath, M_TEMP); + } + /* last resort: just save the name of the old file */ + else { + strlcpy(path, fromnd.ni_cnd.cn_pnbuf, sizeof(path)); + } + AUDIT_ARG_UPATH1(td, path); + } + + if (vp != NULL) { + AUDIT_ARG_VNODE1(vp); + } + + if (to_dvp != NULL && tond.ni_cnd.cn_pnbuf != NULL) { + /* use the directory vnode to acquire the new path */ + freepath = NULL; + vn_fullpath_global(td, to_dvp, &fullpath, &freepath); + if (freepath != NULL) { + snprintf(path, sizeof(path), "%s/%s", fullpath, tond.ni_cnd.cn_pnbuf); + free(freepath, M_TEMP); + } + /* last resort: just save the name of the new file */ + else { + strlcpy(path, tond.ni_cnd.cn_pnbuf, sizeof(path)); + } + AUDIT_ARG_UPATH2(td, path); + } + } /* AUDIT */ + return (error); } @@ -2327,15 +2404,13 @@ /* XXX AUDIT */ if (AUDITING_TD(curthread)) { + char path[PATH_MAX]; + struct thread *td = curthread; + char *fullpath, *freepath; + if (parent_dir_vp != NULL && nd.ni_cnd.cn_pnbuf != NULL) { - char path[PATH_MAX]; - struct thread *td = curthread; - char *fullpath, *freepath; - freepath = NULL; - printf("mphkaaaaaaaaaaaaaaaa\n"); vn_fullpath_global(td, parent_dir_vp, &fullpath, &freepath); - if (freepath != NULL && nd.ni_cnd.cn_pnbuf) { snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf); free(freepath, M_TEMP); @@ -2345,16 +2420,10 @@ } if (vp != NULL) { - char path[PATH_MAX]; - struct thread *td = curthread; - char *fullpath, *freepath; - AUDIT_ARG_VNODE1(vp); - + freepath = NULL; - printf("to vp den einai null\n"); - vn_fullpath_global(td, vp, &fullpath, &freepath); - + vn_fullpath_global(td, vp, &fullpath, &freepath); if (freepath != NULL) { strlcpy(path, fullpath, sizeof(path)); free(freepath, M_TEMP); @@ -2567,7 +2636,6 @@ freepath = NULL; vn_fullpath_global(td, symlink_vp, &fullpath, &freepath); - if (freepath != NULL) { strlcpy(path, fullpath, sizeof(path)); free(freepath, M_TEMP); @@ -2768,7 +2836,6 @@ freepath = NULL; vn_fullpath_global(td, new_dir_vp, &fullpath, &freepath); - if (freepath != NULL) { strlcpy(path, fullpath, sizeof(path)); free(freepath, M_TEMP); @@ -2809,6 +2876,7 @@ int v3 = (nfsd->nd_flag & ND_NFSV3); struct mbuf *mb, *mreq; struct vnode *vp, *dirp = NULL; + struct vnode *parent_dvp = NULL; struct vattr dirfor, diraft; nfsfh_t nfh; fhandle_t *fhp; @@ -2835,6 +2903,12 @@ nd.ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF | MPSAFE; error = nfs_namei(&nd, nfsd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, FALSE); + + parent_dvp = nd.ni_dvp; + if (nd.ni_vp != NULL) { + AUDIT_ARG_VNODE1(nd.ni_vp); + } + vfslocked = nfsrv_lockedpair_nd(vfslocked, &nd); if (dirp && !v3) { vrele(dirp); @@ -2914,6 +2988,29 @@ vn_finished_write(mp); VFS_UNLOCK_GIANT(vfslocked); + + /* XXX AUDIT */ + if (AUDITING_TD(curthread)) { + struct thread *td = curthread; + char path[PATH_MAX]; + char *fullpath, *freepath; + + if (parent_dvp != NULL && nd.ni_cnd.cn_pnbuf != NULL) { + /* use the directory vnode to acquire the old path */ + freepath = NULL; + vn_fullpath_global(td, parent_dvp, &fullpath, &freepath); + if (freepath != NULL) { + snprintf(path, sizeof(path), "%s/%s", fullpath, nd.ni_cnd.cn_pnbuf); + free(freepath, M_TEMP); + } + /* last resort: just save the name of the deleted dir */ + else { + strlcpy(path, nd.ni_cnd.cn_pnbuf, sizeof(path)); + } + AUDIT_ARG_UPATH1(td, path); + } + } + return(error); } @@ -2971,7 +3068,8 @@ caddr_t bpos; struct mbuf *mb, *mreq; char *cpos, *cend, *rbuf; - struct vnode *vp = NULL, *dir_vp = NULL; + struct vnode *vp = NULL; + struct vnode *dir_vp = NULL; struct vattr at; nfsfh_t nfh; fhandle_t *fhp; @@ -3259,7 +3357,6 @@ freepath = NULL; vn_fullpath_global(td, dir_vp, &fullpath, &freepath); - if (freepath != NULL) { AUDIT_ARG_UPATH1(td, fullpath); free(freepath, M_TEMP); ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#4 (text) ==== @@ -1588,6 +1588,8 @@ case AUE_NFS_MKDIR: case AUE_NFS_READDIR: case AUE_NFS_READLINK: + case AUE_NFS_REMOVE: + case AUE_NFS_RMDIR: if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(3, "mode", ar->ar_arg_mode); kau_write(rec, tok); @@ -1605,6 +1607,7 @@ break; case AUE_NFS_LINK: + case AUE_NFS_RENAME: UPATH1_VNODE1_TOKENS; if (ARG_IS_VALID(kar, ARG_MODE)) { tok = au_to_arg32(3, "mode", ar->ar_arg_mode); @@ -1612,7 +1615,6 @@ } UPATH2_TOKENS; break; - case AUE_WAIT4: PROCESS_PID_TOKENS(1);