Date: Fri, 3 Feb 2006 19:42:58 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90993 for review Message-ID: <200602031942.k13JgwAM027574@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90993 Change 90993 by wsalamon@gretsch on 2006/02/03 19:42:13 Add the capability of auditing the strings contained within an iovec object. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#9 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#10 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#14 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#4 (text+ko) ==== @@ -206,6 +206,9 @@ if (ar->k_ar.ar_arg_text != NULL) { free(ar->k_ar.ar_arg_text, M_AUDITTEXT); } + if (ar->k_ar.ar_arg_iovecstr != NULL) { + free(ar->k_ar.ar_arg_iovecstr, M_AUDITTEXT); + } if (ar->k_udata != NULL) { free(ar->k_udata, M_AUDITDATA); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#9 (text+ko) ==== @@ -42,6 +42,7 @@ #include <bsm/audit.h> #include <sys/file.h> +#include <sys/_iovec.h> #include <sys/sysctl.h> /* @@ -109,6 +110,7 @@ #define ARG_MACHPORT1 0x0000100000000000ULL #define ARG_MACHPORT2 0x0000200000000000ULL #define ARG_EXIT 0x0000400000000000ULL +#define ARG_IOVECSTR 0x0000800000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL @@ -159,6 +161,8 @@ u_int64_t flags); void audit_arg_vnode(struct vnode *vp, u_int64_t flags); void audit_arg_text(char *text); +void audit_arg_iovec(struct iovec *iov, + unsigned int iovcnt); void audit_arg_cmd(int cmd); void audit_arg_svipc_cmd(int cmd); void audit_arg_svipc_perm(struct ipc_perm *perm); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#10 (text+ko) ==== @@ -36,6 +36,7 @@ #include <sys/socketvar.h> #include <sys/protosw.h> #include <sys/domain.h> +#include <sys/sbuf.h> #include <sys/systm.h> #include <sys/un.h> #include <sys/vnode.h> @@ -489,6 +490,43 @@ } void +audit_arg_iovec(struct iovec *iov, unsigned int iovcnt) +{ + int ret; + int i; + struct kaudit_record *ar; + int first; + struct sbuf sb; + + ar = currecord(); + if (ar == NULL) + return; + + /* Only capture from the iovec what we have room for. */ + ar->k_ar.ar_arg_iovecstr = malloc(MAXPATHLEN, M_AUDITTEXT, M_WAITOK); + sbuf_new(&sb, ar->k_ar.ar_arg_iovecstr, MAXIOVSTRLEN, SBUF_FIXEDLEN); + + first = 1; + for (i = 0; i < iovcnt; i++) { + if (!is_auditable_string(iov[i].iov_base, iov[i].iov_len)) + continue; + + if (first) { + ret = sbuf_printf(&sb, "%s", (char *)iov[i].iov_base); + first = 0; + } else { + ret = sbuf_printf(&sb, ":%s", (char *)iov[i].iov_base); + } + if (ret != 0) + break; + } + sbuf_trim(&sb); + sbuf_finish(&sb); + + ARG_SET_VALID(ar, ARG_IOVECSTR); +} + +void audit_arg_cmd(int cmd) { struct kaudit_record *ar; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#14 (text+ko) ==== @@ -128,6 +128,12 @@ mode_t pipc_mode; }; +/* The maximum length of a iovec represented as a string */ +/* XXXAUDIT This value should be based on some BSM constant, like + * MAX_AUDITSTRING_LEN. + */ +#define MAXIOVSTRLEN 256 + struct audit_record { /* Audit record header. */ u_int32_t ar_magic; @@ -180,6 +186,7 @@ char *ar_arg_upath1; char *ar_arg_upath2; char *ar_arg_text; + char *ar_arg_iovecstr; struct au_mask ar_arg_amask; struct vnode_au_info ar_arg_vnode1; struct vnode_au_info ar_arg_vnode2;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602031942.k13JgwAM027574>