Date: Tue, 18 Oct 2005 10:58:46 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85487 for review Message-ID: <200510181058.j9IAwkoA063602@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85487 Change 85487 by rwatson@rwatson_zoo on 2005/10/18 10:58:29 Break out audit_arg_uid() and audit_arg_gid(), which each accepted all possible *uid and *gid arguments, into separate arg methods for each of {uid,gid,euid,egid,ruid,rgid,suid,sgid}, and invoke them as needed for the various credential frobbing system calls in the base system call table. Record these entries, as appropriate, when converting the internal audit record to BSM for these system calls. Invoke audit_arg_groupset() for setgroups(). Affected files ... .. //depot/projects/trustedbsd/audit3/sys/kern/kern_prot.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#4 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#23 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/kern/kern_prot.c#4 (text+ko) ==== @@ -64,6 +64,8 @@ #include <sys/socketvar.h> #include <sys/sysctl.h> +#include <security/audit/audit.h> + static MALLOC_DEFINE(M_CRED, "cred", "credentials"); SYSCTL_DECL(_security); @@ -495,6 +497,7 @@ int error; uid = uap->uid; + AUDIT_ARG(uid, uid); newcred = crget(); uip = uifind(uid); PROC_LOCK(p); @@ -608,6 +611,7 @@ int error; euid = uap->euid; + AUDIT_ARG(euid, euid); newcred = crget(); euip = uifind(euid); PROC_LOCK(p); @@ -664,6 +668,7 @@ int error; gid = uap->gid; + AUDIT_ARG(gid, gid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -764,6 +769,7 @@ int error; egid = uap->egid; + AUDIT_ARG(egid, egid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -822,6 +828,7 @@ crfree(tempcred); return (error); } + AUDIT_ARG(groupset, tempcred->cr_groups, ngrp); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -890,6 +897,8 @@ euid = uap->euid; ruid = uap->ruid; + AUDIT_ARG(euid, euid); + AUDIT_ARG(ruid, ruid); newcred = crget(); euip = uifind(euid); ruip = uifind(ruid); @@ -958,6 +967,8 @@ egid = uap->egid; rgid = uap->rgid; + AUDIT_ARG(egid, egid); + AUDIT_ARG(rgid, rgid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; @@ -1028,6 +1039,9 @@ euid = uap->euid; ruid = uap->ruid; suid = uap->suid; + AUDIT_ARG(euid, euid); + AUDIT_ARG(ruid, ruid); + AUDIT_ARG(suid, suid); newcred = crget(); euip = uifind(euid); ruip = uifind(ruid); @@ -1108,6 +1122,9 @@ egid = uap->egid; rgid = uap->rgid; sgid = uap->sgid; + AUDIT_ARG(egid, egid); + AUDIT_ARG(rgid, rgid); + AUDIT_ARG(sgid, sgid); newcred = crget(); PROC_LOCK(p); oldcred = p->p_ucred; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#4 (text+ko) ==== @@ -125,10 +125,14 @@ void audit_arg_len(int len); void audit_arg_fd(int fd); void audit_arg_fflags(int fflags); -void audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid, - gid_t sgid); -void audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid, - uid_t suid); +void audit_arg_gid(gid_t gid); +void audit_arg_uid(uid_t uid); +void audit_arg_egid(gid_t egid); +void audit_arg_euid(uid_t euid); +void audit_arg_rgid(gid_t rgid); +void audit_arg_ruid(uid_t ruid); +void audit_arg_sgid(gid_t sgid); +void audit_arg_suid(uid_t suid); void audit_arg_groupset(gid_t *gidset, u_int gidset_size); void audit_arg_login(char *login); void audit_arg_ctlname(int *name, int namelen); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#4 (text+ko) ==== @@ -117,7 +117,7 @@ } void -audit_arg_gid(gid_t gid, gid_t egid, gid_t rgid, gid_t sgid) +audit_arg_gid(gid_t gid) { struct kaudit_record *ar; @@ -126,14 +126,89 @@ return; ar->k_ar.ar_arg_gid = gid; + ar->k_ar.ar_valid_arg |= ARG_GID; +} + +void +audit_arg_uid(uid_t uid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_uid = uid; + ar->k_ar.ar_valid_arg |= ARG_UID; +} + +void +audit_arg_egid(gid_t egid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + ar->k_ar.ar_arg_egid = egid; + ar->k_ar.ar_valid_arg |= ARG_EGID; +} + +void +audit_arg_euid(uid_t euid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_euid = euid; + ar->k_ar.ar_valid_arg |= ARG_EUID; +} + +void +audit_arg_rgid(gid_t rgid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + ar->k_ar.ar_arg_rgid = rgid; + ar->k_ar.ar_valid_arg |= ARG_RGID; +} + +void +audit_arg_ruid(uid_t ruid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_ruid = ruid; + ar->k_ar.ar_valid_arg |= ARG_RUID; +} + +void +audit_arg_sgid(gid_t sgid) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + ar->k_ar.ar_arg_sgid = sgid; - ar->k_ar.ar_valid_arg |= (ARG_GID | ARG_EGID | ARG_RGID | ARG_SGID); + ar->k_ar.ar_valid_arg |= ARG_SGID; } void -audit_arg_uid(uid_t uid, uid_t euid, uid_t ruid, uid_t suid) +audit_arg_suid(uid_t suid) { struct kaudit_record *ar; @@ -141,11 +216,8 @@ if (ar == NULL) return; - ar->k_ar.ar_arg_uid = uid; - ar->k_ar.ar_arg_euid = euid; - ar->k_ar.ar_arg_ruid = ruid; ar->k_ar.ar_arg_suid = suid; - ar->k_ar.ar_valid_arg |= (ARG_UID | ARG_EUID | ARG_RUID | ARG_SUID); + ar->k_ar.ar_valid_arg |= ARG_SUID; } void ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#23 (text+ko) ==== @@ -821,6 +821,34 @@ tok = au_to_arg32(1, "uid", ar->ar_arg_euid); kau_write(rec, tok); break; + case AUE_SETREGID: + tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); + kau_write(rec, tok); + tok = au_to_arg32(2, "egid", ar->ar_arg_egid); + kau_write(rec, tok); + break; + case AUE_SETREUID: + tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); + kau_write(rec, tok); + tok = au_to_arg32(2, "euid", ar->ar_arg_euid); + kau_write(rec, tok); + break; + case AUE_SETRESGID: + tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); + kau_write(rec, tok); + tok = au_to_arg32(2, "egid", ar->ar_arg_egid); + kau_write(rec, tok); + tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid); + kau_write(rec, tok); + break; + case AUE_SETRESUID: + tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); + kau_write(rec, tok); + tok = au_to_arg32(2, "euid", ar->ar_arg_euid); + kau_write(rec, tok); + tok = au_to_arg32(3, "suid", ar->ar_arg_suid); + kau_write(rec, tok); + break; case AUE_SETGID: tok = au_to_arg32(1, "gid", ar->ar_arg_gid); kau_write(rec, tok);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510181058.j9IAwkoA063602>