Date: Wed, 22 Nov 2006 15:07:10 GMT From: "Christian S.J. Peron" <csjp@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 110391 for review Message-ID: <200611221507.kAMF7AIO079601@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=110391 Change 110391 by csjp@csjp_xor on 2006/11/22 15:06:52 Take first crack at implementing extended subject tokens in the kernel. This allows us to use IPv6 addresses in our subject tokens essentially. We accomplish this mainly by replacing the auditinfo portion of the process with an auditinfo_addr, a slighy larger, but more flexible type. When setaudit(2) is called, we parse out the relevant information of the supplied auditinfo structure and store it inside the auditinfo_addr structure. For getaudit(2), we convert the auditinfo_addr data into an auditinfo structure (assuming that it's an IPv4 address). If getaudit(2) is called and the process has an IPv6 address, an error of E2BIG is returned. This is consistent with what Solaris is doing. This can be an indicator to the caller that they should be using getaudit_addr(2) instead. Implement set{get}audit_addr(2) system calls effectively the same way that setaudit(2)/getaudit(2) were implemented. Only main difference is in getaudit_addr(2), if the size of the supplied buffer is not large enough to store the IPv6 data, we return EOVERFLOW. Since set{get}audit_addr(2) have been implemented, add support for auditon(A_GETPINFO_ADDR), which will return audit settings for the process. NOTES: - Before we commit kernel generated records, we convert them to BSM format. When building the subject token, we inspect the type of address: For AU_IPv4, we still use a regular subject token. For AU_IPv6, we use the extended token. In the future, we might just want to do away witH the use of the regular subject token in the kernel all together. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 edit .. //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 (text+ko) ==== @@ -182,7 +182,7 @@ ar->k_ar.ar_subj_asid = td->td_proc->p_au->ai_asid; ar->k_ar.ar_subj_pid = td->td_proc->p_pid; ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask; - ar->k_ar.ar_subj_term = td->td_proc->p_au->ai_termid; + ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid; bcopy(td->td_proc->p_comm, ar->k_ar.ar_subj_comm, MAXCOMLEN); PROC_UNLOCK(td->td_proc); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 (text+ko) ==== @@ -88,7 +88,7 @@ #define ARG_SADDRINET 0x0000000000100000ULL #define ARG_SADDRINET6 0x0000000000200000ULL #define ARG_SADDRUNIX 0x0000000000400000ULL -#define ARG_UNUSED1 0x0000000000800000ULL +#define ARG_TERMID_ADDR 0x0000000000400000ULL #define ARG_UNUSED2 0x0000000001000000ULL #define ARG_UPATH1 0x0000000002000000ULL #define ARG_UPATH2 0x0000000004000000ULL ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 (text+ko) ==== @@ -371,10 +371,10 @@ ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid; ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid; ar->k_ar.ar_arg_asid = p->p_au->ai_asid; - ar->k_ar.ar_arg_termid = p->p_au->ai_termid; + ar->k_ar.ar_arg_termid_addr = p->p_au->ai_termid; ar->k_ar.ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | - ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS); + ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS); } void ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 (text+ko) ==== @@ -392,16 +392,40 @@ rec = kau_open(); /* Create the subject token */ - tid.port = ar->ar_subj_term.port; - tid.machine = ar->ar_subj_term.machine; - subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */ - ar->ar_subj_cred.cr_uid, /* eff uid */ - ar->ar_subj_egid, /* eff group id */ - ar->ar_subj_ruid, /* real uid */ - ar->ar_subj_rgid, /* real group id */ - ar->ar_subj_pid, /* process id */ - ar->ar_subj_asid, /* session ID */ - &tid); + switch (ar->ar_subj_term_addr.at_type) { + case AU_IPv4: + tid.port = ar->ar_subj_term_addr.at_port; + tid.machine = ar->ar_subj_term_addr.at_addr[0]; + subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */ + ar->ar_subj_cred.cr_uid, /* eff uid */ + ar->ar_subj_egid, /* eff group id */ + ar->ar_subj_ruid, /* real uid */ + ar->ar_subj_rgid, /* real group id */ + ar->ar_subj_pid, /* process id */ + ar->ar_subj_asid, /* session ID */ + &tid); + break; + case AU_IPv6: + subj_tok = au_to_subject32_ex(ar->ar_subj_auid, + ar->ar_subj_cred.cr_uid, + ar->ar_subj_egid, + ar->ar_subj_ruid, + ar->ar_subj_rgid, + ar->ar_subj_pid, + ar->ar_subj_asid, + &ar->ar_subj_term_addr); + break; + default: + bzero(&tid, sizeof(tid)); + subj_tok = au_to_subject32(ar->ar_subj_auid, + ar->ar_subj_cred.cr_uid, + ar->ar_subj_egid, + ar->ar_subj_ruid, + ar->ar_subj_rgid, + ar->ar_subj_pid, + ar->ar_subj_asid, + &tid); + } /* * The logic inside each case fills in the tokens required for the ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#26 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 $ * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.7 2006/09/01 11:45:40 wsalamon Exp $ */ @@ -973,12 +973,10 @@ ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); - ADD_U_INT32(dptr, tid->at_addr[0]); - if (tid->at_type == AU_IPv6) { - ADD_U_INT32(dptr, tid->at_addr[1]); - ADD_U_INT32(dptr, tid->at_addr[2]); - ADD_U_INT32(dptr, tid->at_addr[3]); - } + if (tid->at_type == AU_IPv6) + ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); + else + ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 (text+ko) ==== @@ -180,6 +180,7 @@ pid_t ar_subj_asid; /* Audit session ID */ pid_t ar_subj_pid; struct au_tid ar_subj_term; + struct au_tid_addr ar_subj_term_addr; char ar_subj_comm[MAXCOMLEN + 1]; struct au_mask ar_subj_amask; @@ -193,6 +194,7 @@ pid_t ar_arg_pid; pid_t ar_arg_asid; struct au_tid ar_arg_termid; + struct au_tid_addr ar_arg_termid_addr; uid_t ar_arg_uid; uid_t ar_arg_auid; gid_t ar_arg_gid; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 (text+ko) ==== @@ -621,7 +621,7 @@ struct p_sched *p_sched; /* (*) Scheduler-specific data. */ STAILQ_HEAD(, ktr_request) p_ktr; /* (o) KTR event queue. */ LIST_HEAD(, mqueue_notifier) p_mqnotifier; /* (c) mqueue notifiers.*/ - struct auditinfo *p_au; /* (c) Process audit properties. */ + struct auditinfo_addr *p_au; /* (c) Process audit properties. */ }; #define p_session p_pgrp->pg_session
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611221507.kAMF7AIO079601>