From owner-p4-projects@FreeBSD.ORG Wed Nov 22 15:07:16 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1E57516A47E; Wed, 22 Nov 2006 15:07:16 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8DCFF16A412 for ; Wed, 22 Nov 2006 15:07:15 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0C1943D46 for ; Wed, 22 Nov 2006 15:06:41 +0000 (GMT) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kAMF7AnJ079604 for ; Wed, 22 Nov 2006 15:07:10 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kAMF7AIO079601 for perforce@freebsd.org; Wed, 22 Nov 2006 15:07:10 GMT (envelope-from csjp@freebsd.org) Date: Wed, 22 Nov 2006 15:07:10 GMT Message-Id: <200611221507.kAMF7AIO079601@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 110391 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2006 15:07:16 -0000 http://perforce.freebsd.org/chv.cgi?CH=110391 Change 110391 by csjp@csjp_xor on 2006/11/22 15:06:52 Take first crack at implementing extended subject tokens in the kernel. This allows us to use IPv6 addresses in our subject tokens essentially. We accomplish this mainly by replacing the auditinfo portion of the process with an auditinfo_addr, a slighy larger, but more flexible type. When setaudit(2) is called, we parse out the relevant information of the supplied auditinfo structure and store it inside the auditinfo_addr structure. For getaudit(2), we convert the auditinfo_addr data into an auditinfo structure (assuming that it's an IPv4 address). If getaudit(2) is called and the process has an IPv6 address, an error of E2BIG is returned. This is consistent with what Solaris is doing. This can be an indicator to the caller that they should be using getaudit_addr(2) instead. Implement set{get}audit_addr(2) system calls effectively the same way that setaudit(2)/getaudit(2) were implemented. Only main difference is in getaudit_addr(2), if the size of the supplied buffer is not large enough to store the IPv6 data, we return EOVERFLOW. Since set{get}audit_addr(2) have been implemented, add support for auditon(A_GETPINFO_ADDR), which will return audit settings for the process. NOTES: - Before we commit kernel generated records, we convert them to BSM format. When building the subject token, we inspect the type of address: For AU_IPv4, we still use a regular subject token. For AU_IPv6, we use the extended token. In the future, we might just want to do away witH the use of the regular subject token in the kernel all together. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 edit .. //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#38 (text+ko) ==== @@ -182,7 +182,7 @@ ar->k_ar.ar_subj_asid = td->td_proc->p_au->ai_asid; ar->k_ar.ar_subj_pid = td->td_proc->p_pid; ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask; - ar->k_ar.ar_subj_term = td->td_proc->p_au->ai_termid; + ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid; bcopy(td->td_proc->p_comm, ar->k_ar.ar_subj_comm, MAXCOMLEN); PROC_UNLOCK(td->td_proc); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#21 (text+ko) ==== @@ -88,7 +88,7 @@ #define ARG_SADDRINET 0x0000000000100000ULL #define ARG_SADDRINET6 0x0000000000200000ULL #define ARG_SADDRUNIX 0x0000000000400000ULL -#define ARG_UNUSED1 0x0000000000800000ULL +#define ARG_TERMID_ADDR 0x0000000000400000ULL #define ARG_UNUSED2 0x0000000001000000ULL #define ARG_UPATH1 0x0000000002000000ULL #define ARG_UPATH2 0x0000000004000000ULL ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#23 (text+ko) ==== @@ -371,10 +371,10 @@ ar->k_ar.ar_arg_ruid = p->p_ucred->cr_ruid; ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid; ar->k_ar.ar_arg_asid = p->p_au->ai_asid; - ar->k_ar.ar_arg_termid = p->p_au->ai_termid; + ar->k_ar.ar_arg_termid_addr = p->p_au->ai_termid; ar->k_ar.ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | - ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS); + ARG_RGID | ARG_ASID | ARG_TERMID_ADDR | ARG_PID | ARG_PROCESS); } void ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#24 (text+ko) ==== @@ -392,16 +392,40 @@ rec = kau_open(); /* Create the subject token */ - tid.port = ar->ar_subj_term.port; - tid.machine = ar->ar_subj_term.machine; - subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */ - ar->ar_subj_cred.cr_uid, /* eff uid */ - ar->ar_subj_egid, /* eff group id */ - ar->ar_subj_ruid, /* real uid */ - ar->ar_subj_rgid, /* real group id */ - ar->ar_subj_pid, /* process id */ - ar->ar_subj_asid, /* session ID */ - &tid); + switch (ar->ar_subj_term_addr.at_type) { + case AU_IPv4: + tid.port = ar->ar_subj_term_addr.at_port; + tid.machine = ar->ar_subj_term_addr.at_addr[0]; + subj_tok = au_to_subject32(ar->ar_subj_auid, /* audit ID */ + ar->ar_subj_cred.cr_uid, /* eff uid */ + ar->ar_subj_egid, /* eff group id */ + ar->ar_subj_ruid, /* real uid */ + ar->ar_subj_rgid, /* real group id */ + ar->ar_subj_pid, /* process id */ + ar->ar_subj_asid, /* session ID */ + &tid); + break; + case AU_IPv6: + subj_tok = au_to_subject32_ex(ar->ar_subj_auid, + ar->ar_subj_cred.cr_uid, + ar->ar_subj_egid, + ar->ar_subj_ruid, + ar->ar_subj_rgid, + ar->ar_subj_pid, + ar->ar_subj_asid, + &ar->ar_subj_term_addr); + break; + default: + bzero(&tid, sizeof(tid)); + subj_tok = au_to_subject32(ar->ar_subj_auid, + ar->ar_subj_cred.cr_uid, + ar->ar_subj_egid, + ar->ar_subj_ruid, + ar->ar_subj_rgid, + ar->ar_subj_pid, + ar->ar_subj_asid, + &tid); + } /* * The logic inside each case fills in the tokens required for the ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 (text+ko) ==== @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#26 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#27 $ * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.7 2006/09/01 11:45:40 wsalamon Exp $ */ @@ -973,12 +973,10 @@ ADD_U_INT32(dptr, sid); ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); - ADD_U_INT32(dptr, tid->at_addr[0]); - if (tid->at_type == AU_IPv6) { - ADD_U_INT32(dptr, tid->at_addr[1]); - ADD_U_INT32(dptr, tid->at_addr[2]); - ADD_U_INT32(dptr, tid->at_addr[3]); - } + if (tid->at_type == AU_IPv6) + ADD_MEM(dptr, &tid->at_addr[0], 4 * sizeof(u_int32_t)); + else + ADD_MEM(dptr, &tid->at_addr[0], sizeof(u_int32_t)); return (t); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#36 (text+ko) ==== @@ -180,6 +180,7 @@ pid_t ar_subj_asid; /* Audit session ID */ pid_t ar_subj_pid; struct au_tid ar_subj_term; + struct au_tid_addr ar_subj_term_addr; char ar_subj_comm[MAXCOMLEN + 1]; struct au_mask ar_subj_amask; @@ -193,6 +194,7 @@ pid_t ar_arg_pid; pid_t ar_arg_asid; struct au_tid ar_arg_termid; + struct au_tid_addr ar_arg_termid_addr; uid_t ar_arg_uid; uid_t ar_arg_auid; gid_t ar_arg_gid; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#26 (text+ko) ==== ==== //depot/projects/trustedbsd/audit3/sys/sys/proc.h#17 (text+ko) ==== @@ -621,7 +621,7 @@ struct p_sched *p_sched; /* (*) Scheduler-specific data. */ STAILQ_HEAD(, ktr_request) p_ktr; /* (o) KTR event queue. */ LIST_HEAD(, mqueue_notifier) p_mqnotifier; /* (c) mqueue notifiers.*/ - struct auditinfo *p_au; /* (c) Process audit properties. */ + struct auditinfo_addr *p_au; /* (c) Process audit properties. */ }; #define p_session p_pgrp->pg_session