Date: Tue, 21 Sep 2004 00:03:04 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 61876 for review Message-ID: <200409210003.i8L034K7043529@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=61876 Change 61876 by wsalamon@wsalamon_epi on 2004/09/21 00:02:49 Change the auditctl(0 system call to be command-oriented. This change is in preparation of implementing the kernel-userspace IPC mechanism to handle audit events from the kernel (audit log rotate, etc.) Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#3 edit .. //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.h#2 edit .. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#4 edit .. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#6 edit .. //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#9 edit .. //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#4 edit .. //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#4 edit .. //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#5 edit Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.c#3 (text+ko) ==== @@ -52,13 +52,8 @@ static int allhardcount = 0; -#ifndef __BSM_INTERNAL_NOTIFY_KEY -#define __BSM_INTERNAL_NOTIFY_KEY "com.apple.audit.change" -#endif /* __BSM_INTERNAL_NOTIFY_KEY */ - TAILQ_HEAD(, dir_ent) dir_q; - /* Error starting auditd */ void fail_exit() { @@ -189,9 +184,11 @@ if (open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP) < 0) { perror("File open"); } - /* else if (auditctl(fn) != 0) { */ - else if (syscall(SYS_auditctl, fn) != 0) { - syslog(LOG_ERR, "auditctl failed! : %s\n", + /* else if (auditctl(AC_SETLOGFILE, fn, strlen(fn)) != 0) { */ + else if (syscall(SYS_auditctl, AC_SETLOGFILE, fn, + strlen(fn)) != 0) { + syslog(LOG_ERR, + "auditctl failed setting log file! : %s\n", strerror(errno)); } else { @@ -309,7 +306,7 @@ /* flush contents */ /* err_ret = auditctl(NULL); */ - err_ret = syscall(SYS_auditctl, NULL); + err_ret = syscall(SYS_auditctl, NULL, sizeof(char)); if (err_ret != 0) { syslog(LOG_ERR, "auditctl failed! : %s\n", strerror(errno)); @@ -599,6 +596,12 @@ return 0; } +int config_auditd_ipc() +{ + int fd; + +} + void setup(long flags) { int aufd; @@ -626,9 +629,14 @@ } if (config_audit_controls(flags) == 0) - syslog(LOG_INFO, "Initialization successful\n"); + syslog(LOG_INFO, "Audit controls init successful\n"); + else + syslog(LOG_INFO, "Audit controls init failed\n"); + + if (config_auditd_ipc() == 0) + syslog(LOG_INFO, "auditd control socket created\n"); else - syslog(LOG_INFO, "Initialization failed\n"); + syslog(LOG_INFO, "auditd control socket not created\n"); } ==== //depot/projects/trustedbsd/audit3/contrib/audit_supt/auditd/auditd.h#2 (text+ko) ==== @@ -7,6 +7,7 @@ #define MAX_DIR_SIZE 255 #define AUDITD_NAME "auditd" +#define AUDITD_SOCK_FILE "/etc/security/auditd_control" #define POSTFIX_LEN 16 #define NOT_TERMINATED ".not_terminated" ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#4 (text+ko) ==== @@ -153,6 +153,12 @@ #define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */ +/* + * auditctl(2) commands + */ +#define AC_SETLOGFILE 1 +#define AC_SETCTLFD 2 + __BEGIN_DECLS typedef uid_t au_id_t; @@ -288,7 +294,7 @@ int audit (const void *, int); int auditon (int, void *, int); -int auditctl (const char *); +int auditctl (int, void *, int); int getauid (au_id_t *); int setauid (const au_id_t *); int getaudit (struct auditinfo *); ==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kernel.h#6 (text+ko) ==== @@ -131,6 +131,11 @@ u_short so_lport; /* local port */ }; +union auditctl_udata { + char ac_path[MAXPATHLEN]; + int ac_fd; +}; + union auditon_udata { char au_path[MAXPATHLEN]; long au_cond; ==== //depot/projects/trustedbsd/audit3/sys/kern/init_sysent.c#4 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.c#4 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/kern/syscalls.master#4 (text+ko) ==== @@ -705,6 +705,6 @@ *auditinfo_addr, u_int length); } AUE_GETAUDIT_ADDR 451 MSTD { int setaudit_addr(struct auditinfo_addr \ *auditinfo_addr, u_int length); } AUE_SETAUDIT_ADDR -452 MSTD { int auditctl(char *path); } AUE_AUDITCTL +452 MSTD { int auditctl(int cmd, void *data, u_int length); } AUE_AUDITCTL ; Please copy any additions and changes to the following compatability tables: ; sys/compat/freebsd32/syscalls.master ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_audit.c#9 (text+ko) ==== @@ -756,7 +756,6 @@ auditon(struct thread *td, struct auditon_args *uap) { int error; - int len; union auditon_udata udata; struct proc *tp; @@ -765,8 +764,7 @@ if (error) return (error); - len = uap->length; - if ((len <= 0) || (len > sizeof(union auditon_udata))) + if ((uap->length <= 0) || (uap->length > sizeof(union auditon_udata))) return (EINVAL); memset((void *)&udata, 0, sizeof(udata)); @@ -1091,6 +1089,7 @@ struct ucred *cred; struct vnode *vp; int error, flags; + union auditctl_udata udata; error = suser(td); if (error) @@ -1099,35 +1098,52 @@ vp = NULL; cred = NULL; - /* - * If a path is specified, open the replacement vnode, perform - * validity checks, and grab another reference to the current - * credential. - */ - if (uap->path != NULL) { - mtx_lock(&Giant); - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, - uap->path, td); - flags = audit_open_flags; - error = vn_open(&nd, &flags, 0, -1); - if (error) { + memset((void *)&udata, 0, sizeof(udata)); + + switch (uap->cmd) { + case AC_SETLOGFILE: + /* + * If a path is specified, open the replacement vnode, perform + * validity checks, and grab another reference to the current + * credential. + */ + if (uap->data != NULL) { + + if ((uap->length <= 0) || (uap->length > MAXPATHLEN)) + return (EINVAL); + + error = copyin(uap->data, (void *)&udata, uap->length); + if (error) + return (error); + + mtx_lock(&Giant); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, + udata.ac_path, td); + flags = audit_open_flags; + error = vn_open(&nd, &flags, 0, -1); + if (error) { + mtx_unlock(&Giant); + return (error); + } + VOP_UNLOCK(nd.ni_vp, 0, td); + vp = nd.ni_vp; + if (vp->v_type != VREG) { + vn_close(vp, audit_close_flags, + td->td_ucred, td); + mtx_unlock(&Giant); + return (EINVAL); + } + cred = td->td_ucred; + crhold(cred); + audit_suspended = 0; mtx_unlock(&Giant); - return (error); } - VOP_UNLOCK(nd.ni_vp, 0, td); - vp = nd.ni_vp; - if (vp->v_type != VREG) { - vn_close(vp, audit_close_flags, td->td_ucred, td); - mtx_unlock(&Giant); - return (EINVAL); - } - cred = td->td_ucred; - crhold(cred); - audit_suspended = 0; - mtx_unlock(&Giant); + + audit_rotate_vnode(cred, vp); + break; + case AC_SETCTLFD: /* Set control file descriptor */ + break; } - - audit_rotate_vnode(cred, vp); return (0); } ==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.h#4 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/sys/syscall.mk#4 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/sys/sysproto.h#5 (text+ko) ==== @@ -1333,7 +1333,9 @@ char length_l_[PADL_(u_int)]; u_int length; char length_r_[PADR_(u_int)]; }; struct auditctl_args { - char path_l_[PADL_(char *)]; char * path; char path_r_[PADR_(char *)]; + char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)]; + char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)]; + char length_l_[PADL_(u_int)]; u_int length; char length_r_[PADR_(u_int)]; }; int nosys(struct thread *, struct nosys_args *); void sys_exit(struct thread *, struct sys_exit_args *);help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200409210003.i8L034K7043529>