Date: Sat, 9 Aug 2008 12:58:33 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 146984 for review Message-ID: <200808091258.m79CwX7t080363@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=146984 Change 146984 by snagg@snagg_macosx on 2008/08/09 12:58:18 Added test for stat(2). Added a bitmask to check the presence of tokens, all the tests are modified in order to use this feature Affected files ... .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#11 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#9 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_close.c#3 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_fork.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_kill.c#3 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#7 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_rename.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setauid.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setgid.c#5 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setresuid.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setuid.c#5 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_stat.c#1 add .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_symlink.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_waitpid.c#2 edit Differences ... ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#11 (text+ko) ==== @@ -203,107 +203,7 @@ return ('\0'); } - -/* - * We fetch every token from auditpipe and eventually dump them to a file - * Modified version of praudit function. - */ - -int -audit_print_record(FILE *st, char *buffer, int buflen, struct audit_record rec) -{ - int count; - u_char type; - int i, exit; - - type = 0; - count = 0; - exit = 0; - - /* Record must begin with a header token. */ - for( i = 0; i< buflen; i++) { - type = buffer[i]; - if(type == AU_HEADER_32_TOKEN) { - buffer +=i; - buflen -=i; - break; - } - } - while (buflen > 0) { - - /* XXX: Is this an incomplete record? */ - if (au_fetch_tok(&(rec.toks[count]), buffer, buflen) == -1) - break; - - rec.count = count; - au_print_tok_xml(st, &(rec.toks[count]), ",", 0, 0); - buflen -= rec.toks[count].len; - buffer += rec.toks[count].len; - fprintf(st, "\n"); - count++; - if(count == 20) - return (-1); - if(exit) - break; - if(*buffer == AU_TRAILER_TOKEN) - exit = 1; - } - - fflush(st); - return (0); -} - - -struct audit_record *dump(char *path) -{ - int i, ret, reclen, bytesread, to_parse; - struct audit_record *p; - u_char *buf; - u_char type = 0; - FILE *fp; - - to_parse = NOT; - - fp = fopen(path, "r"); - if(fp == NULL) - return; - - p = malloc(sizeof(struct audit_record)); - if (p == NULL) - err(-1, "MALLOC"); - - p->count = 0; - while(1) { - - /* Record must begin with a header token. */ - do { - type = fgetc(fp); - } while(type != AU_HEADER_32_TOKEN); - ungetc(type, fp); - - while ((reclen = au_read_rec(fp, &buf)) != -1) { - bytesread = 0; - while (bytesread < reclen) { - - /* Is this an incomplete record? */ - if (au_fetch_tok(&(p->toks[p->count]), buf + bytesread, - reclen - bytesread) == -1) - break; - - - bytesread += p->toks[p->count].len; - - } - p->count++; - } - if (p->count >= 20) - break; - } - - return (p); -} - /* * Init log file for evaluation */ @@ -321,6 +221,13 @@ return (f); } +void report_error_string(char *str, FILE *f) +{ + fprintf(f, "ERROR:***\n"); + fprintf(f, str); + fprintf(f, "\n"); +} + void report_error(tokenstr_t tok, FILE *f) { @@ -329,7 +236,15 @@ fprintf(f, "\n"); } - + +int check_exit(au_exit_t ex, int val) +{ + if(ex.status == val) + return (1); + + return (0); +} + /* * Check the return value of a bsm-token */ @@ -390,22 +305,40 @@ /* * Check the pid and privilege of a bsm-token */ -int check_priv(au_proc32ex_t priv, pid_t pid) +int check_priv(au_proc32ex_t pr, pid_t pid) { - if(priv.pid == pid && priv.euid == geteuid() && priv.ruid == getuid() && - priv.rgid == getgid() && priv.egid == getegid()) + int auid; + + if(getauid(&auid) == -1) + return (0); + + if(pr.pid == pid && pr.euid == geteuid() && pr.ruid == getuid() && + pr.rgid == getgid() && pr.egid == getegid() && pr.auid == auid) return (1); return (0); } /* + * Check privilege of a child with different credential from parent. + */ +int check_priv_child(au_proc32ex_t pr, struct priv p) +{ + + if(pr.pid == p.pid && pr.euid == p.euid && pr.ruid == p.ruid && + pr.rgid == p.rgid && pr.egid == p.egid && pr.auid == p.auid) + return (1); + + return (0); +} + +/* * Check the pid and privilege of an external process */ -int check_ext_priv(au_proc32_t priv, struct ext_priv p) +int check_ext_priv(au_proc32_t pr, struct priv p) { - if(priv.pid == p.pid && priv.euid == p.euid && priv.ruid == p.ruid && - priv.rgid == p.rgid && priv.egid == p.egid) + if(pr.pid == p.pid && pr.euid == p.euid && pr.ruid == p.ruid && + pr.rgid == p.rgid && pr.egid == p.egid && pr.auid == p.auid) return (1); return (0); ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#9 (text+ko) ==== @@ -52,6 +52,30 @@ #define SHMSZ 512 #define SEM_NAME "/audit-test" #define SEM_CLIENT_NAME "/client" + +#define TOKEN_FLAG_ISSET(bitmask, flag) \ + (bitmask & flag) +#define TOKEN_FLAG_SET(bitmask, flag) \ + (bitmask |= flag) + +#define TOKEN_ARG 0x0000001 +#define TOKEN_PATH 0x0000002 +#define TOKEN_ATTR 0x0000004 +#define TOKEN_SUBJECT 0x0000008 +#define TOKEN_RETURN 0x0000010 +#define TOKEN_EXIT 0x0000020 +#define TOKEN_EXEC_ARG 0x0000040 +#define TOKEN_EXEC_ENV 0x0000080 +#define TOKEN_GROUP 0x0000100 +#define TOKEN_ADDR 0x0000200 +#define TOKEN_IP 0x0000400 +#define TOKEN_IPC 0x0000800 +#define TOKEN_PORT 0x0001000 +#define TOKEN_PROCESS 0x0002000 +#define TOKEN_SOCKET 0x0004000 +#define TOKEN_TEXT 0x0008000 +#define TOKEN_DATA 0x0010000 + sem_t *mutex, *mutex_client; char *shm; int shmid; @@ -64,31 +88,23 @@ /* * NOT = do not validate anything - * GOT_READLINK = we took the last function (a readlink) of the standard - * "prologue" of every process * VALID = we need to validate stuff * WAITING = this is not the right syscall to parse */ enum VALIDATE { NOT, - GOT_READLINK, VALID, WAITING }; - -struct audit_record -{ - tokenstr_t toks[20]; - int count; -}; -struct ext_priv +struct priv { int pid; int euid; int ruid; int rgid; int egid; + int auid; }; void init_channel(); @@ -103,15 +119,15 @@ int parse_string(char *string); long get_int(char *string); char get_c(char *string); -int audit_print_record(FILE *st, char *buffer, int buflen, - struct audit_record rec); FILE *init_log(pid_t pid); void report_error(tokenstr_t tok, FILE *f); +int check_exit(au_exit_t ex, int val); int check_text(au_text_t text, char *val); int check_ret(au_ret32_t ret, int r, char *val); int check_path(au_path_t path, char *val); int check_arg(au_arg32_t arg, long val); -int check_priv(au_proc32ex_t priv, pid_t pid); +int check_priv(au_proc32ex_t pr, pid_t pid); int check_fd(au_attr32_t attr, int fd); -int check_ext_priv(au_proc32_t priv, struct ext_priv p); -int check_attr_path(au_attr32_t attr, char *path);+int check_ext_priv(au_proc32_t pr, struct priv p); +int check_priv_child(au_proc32ex_t pr, struct priv p); +int check_attr_path(au_attr32_t attr, char *path); ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_close.c#3 (text+ko) ==== @@ -36,27 +36,6 @@ struct close_record *next; }; -struct close_record *del_record(struct close_record *head, int index) -{ - struct close_record *tmp; - struct close_record *p; - - tmp = head; - if(tmp == NULL) - return NULL; - for(; tmp->next != NULL; tmp = tmp->next) - { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return head; - } - } - - return NULL; -} - struct close_record * add_field(struct close_record *head, struct close_record *new) { @@ -130,13 +109,13 @@ { int i, ret, reclen, bytesread, to_parse; struct close_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; - + long control_flag; + to_parse = WAITING; fp = fopen(path, "r"); @@ -181,18 +160,21 @@ if(to_parse == VALID) { switch(tok.id) { case AUT_ATTR32: + TOKEN_FLAG_SET(control_flag, TOKEN_ATTR); ret = check_fd(tok.tt.attr32, tmp->fd); if(!ret) report_error(tok, f); break; case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv(tok.tt.proc32_ex, pid); if(!ret) report_error(tok, f); break; case AUT_ARG32: + TOKEN_FLAG_SET(control_flag, TOKEN_ARG); ret = check_arg(tok.tt.arg32, tmp->fd); if(!ret) report_error(tok, f); @@ -200,6 +182,7 @@ break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -207,6 +190,15 @@ case AUT_TRAILER: to_parse = WAITING; + if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR)) + report_error_string("Missing Attribute token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG)) + report_error_string("Missing Argument token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + control_flag = 0; if(tmp->next != NULL) tmp = tmp->next; break; @@ -266,8 +258,7 @@ if(elem == NULL) err(-1, "MALLOC"); - while((count = parse_string(shared_string)) != -1) - { + while((count = parse_string(shared_string)) != -1) { descr = get_descr(shared_string); if(count == INT_TYPE) { if(!strncmp(descr, "fd", 2)) @@ -275,8 +266,7 @@ else elem->ret = get_int(shared_string); } - else if ( count == STRING_TYPE) - { + else if ( count == STRING_TYPE) { snprintf(elem->err_val, sizeof(elem->err_val) > strlen(shared_string) +1 ? strlen(shared_string) +1 : ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_fork.c#2 (text+ko) ==== @@ -36,25 +36,6 @@ struct fork_record *next; }; -struct fork_record *del_record(struct fork_record *head, int index) -{ - struct fork_record *tmp, *p; - - tmp = head; - if(tmp == NULL) - return (NULL); - for(; tmp->next != NULL; tmp = tmp->next) { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return (head); - } - } - - return (NULL); -} - struct fork_record * add_field(struct fork_record *head, struct fork_record *new) { @@ -106,13 +87,13 @@ { int i, ret, reclen, bytesread, to_parse; struct fork_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; - + long control_flag; + to_parse = WAITING; fp = fopen(path, "r"); @@ -154,18 +135,21 @@ if(to_parse == VALID) { switch(tok.id) { case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv(tok.tt.proc32_ex, pid); if(!ret) report_error(tok, f); break; case AUT_ARG32: + TOKEN_FLAG_SET(control_flag, TOKEN_ARG); ret = check_arg(tok.tt.arg32, tmp->pid); if(!ret) report_error(tok, f); break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -173,6 +157,13 @@ case AUT_TRAILER: to_parse = WAITING; + if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG)) + report_error_string("Missing Argument token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + control_flag = 0; if(tmp->next != NULL) tmp = tmp->next; break; ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_kill.c#3 (text+ko) ==== @@ -38,25 +38,6 @@ struct kill_record *next; }; -struct kill_record *del_record(struct kill_record *head, int index) -{ - struct kill_record *tmp, *p; - - tmp = head; - if(tmp == NULL) - return (NULL); - for(; tmp->next != NULL; tmp = tmp->next) { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return (head); - } - } - - return (NULL); -} - struct kill_record * add_field(struct kill_record *head, struct kill_record *new) { @@ -165,17 +146,18 @@ void validate(FILE *f, struct kill_record *head, char *path, pid_t pid) { - int i, ret, reclen, bytesread, to_parse; + int i, ret, reclen, bytesread, to_parse, arg_counter; struct kill_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; - + long control_flag; + to_parse = WAITING; - + arg_counter = 0; + fp = fopen(path, "r"); if(fp == NULL) return; @@ -215,35 +197,41 @@ if(to_parse == VALID) { switch(tok.id) { case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv(tok.tt.proc32_ex, pid); if(!ret) report_error(tok, f); break; case AUT_ARG32: + TOKEN_FLAG_SET(control_flag, TOKEN_ARG); switch(tok.tt.arg32.no) { case 1: ret = check_arg(tok.tt.arg32, tmp->pid); if(!ret) report_error(tok, f); + arg_counter++; break; case 2: ret = check_arg(tok.tt.arg32, tmp->signal); if(!ret) report_error(tok, f); + arg_counter++; break; } break; case AUT_PROCESS32: + TOKEN_FLAG_SET(control_flag, TOKEN_PROCESS); ret = check_ext_priv(tok.tt.proc32, tmp->p); if(!ret) report_error(tok, f); break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -251,6 +239,16 @@ case AUT_TRAILER: to_parse = WAITING; + if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_PROCESS)) + report_error_string("Missing Process token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG) || arg_counter != 2) + report_error_string("Missing Argument token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + control_flag = 0; + arg_counter = 0; if(tmp->next != NULL) tmp = tmp->next; break; ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#7 (text+ko) ==== @@ -39,27 +39,6 @@ struct open_record *next; }; -struct open_record *del_record(struct open_record *head, int index) -{ - struct open_record *tmp; - struct open_record *p; - - tmp = head; - if(tmp == NULL) - return NULL; - for(; tmp->next != NULL; tmp = tmp->next) - { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return head; - } - } - - return NULL; -} - struct open_record * add_field(struct open_record *head, struct open_record *new) { @@ -68,7 +47,7 @@ tmp = head; if(tmp == NULL) { new->next = NULL; - return new; + return (new); } /* Reach the last element of the list*/ @@ -78,7 +57,7 @@ tmp->next= new; new->next = NULL; - return head; + return (head); } void test_open() @@ -136,17 +115,18 @@ void validate(FILE *f, struct open_record *head, char *path, pid_t pid) { - int i, ret, reclen, bytesread, to_parse; + int i, ret, reclen, bytesread, to_parse, arg_counter; struct open_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; - + long control_flag; + to_parse = WAITING; - + arg_counter = 0; + fp = fopen(path, "r"); if(fp == NULL) return; @@ -179,31 +159,36 @@ } bytesread += tok.len; - /* Check only open syscals */ + /* Check only open syscalls */ if(tok.tt.hdr32.e_type >= 72 && tok.tt.hdr32.e_type <= 83) to_parse = VALID; if(to_parse == VALID) { switch(tok.id) { case AUT_PATH: + TOKEN_FLAG_SET(control_flag, TOKEN_PATH); ret = check_path(tok.tt.path, tmp->path); if(!ret) report_error(tok, f); break; case AUT_ATTR32: + TOKEN_FLAG_SET(control_flag, TOKEN_ATTR); ret = check_fd(tok.tt.attr32, tmp->fd); if(!ret) report_error(tok, f); break; case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv(tok.tt.proc32_ex, pid); if(!ret) report_error(tok, f); break; case AUT_ARG32: + TOKEN_FLAG_SET(control_flag, TOKEN_ARG); + arg_counter++; if(tok.tt.arg32.no == 2) { ret = check_arg(tok.tt.arg32, tmp->arg2); if(!ret) @@ -216,6 +201,7 @@ break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -223,6 +209,21 @@ case AUT_TRAILER: to_parse = WAITING; + if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR)) + report_error_string("Missing Attribute token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG) || + tmp->arg3 && arg_counter != 2 || + !tmp->arg3 && arg_counter != 1) + report_error_string("Missing Argument token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_PATH)) + report_error_string("Missing Path token", f); + + control_flag = 0; + arg_counter = 0; if(tmp->next != NULL) tmp = tmp->next; break; @@ -282,8 +283,7 @@ if(elem == NULL) err(-1, "MALLOC"); - while((count = parse_string(shared_string)) != -1) - { + while((count = parse_string(shared_string)) != -1) { descr = get_descr(shared_string); if(count == INT_TYPE) { if(!strncmp(descr, "fd", 2)) @@ -295,8 +295,7 @@ else elem->arg3 = get_int(shared_string); } - else if ( count == STRING_TYPE) - { + else if ( count == STRING_TYPE) { if(!strncmp(descr, "path", 4)) snprintf(elem->path, sizeof(elem->path) > strlen(shared_string) +1 ? ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_rename.c#2 (text+ko) ==== @@ -37,26 +37,6 @@ struct rename_record *next; }; -struct rename_record *del_record(struct rename_record *head, int index) -{ - struct rename_record *tmp, *p; - - tmp = head; - if(tmp == NULL) - return (NULL); - for(; tmp->next != NULL; tmp = tmp->next) - { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return (head); - } - } - - return (NULL); -} - struct rename_record * add_field(struct rename_record *head, struct rename_record *new) { @@ -137,18 +117,19 @@ void validate(FILE *f, struct rename_record *head, char *path, pid_t pid) { - int i, ret, reclen, bytesread, to_parse; + int i, ret, reclen, bytesread, to_parse, path_counter; struct rename_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; int which = 0; + long control_flag; to_parse = WAITING; - + path_counter = 0; + fp = fopen(path, "r"); if(fp == NULL) return; @@ -188,6 +169,8 @@ if(to_parse == VALID) { switch(tok.id) { case AUT_PATH: + TOKEN_FLAG_SET(control_flag, TOKEN_PATH); + path_counter++; if(!which) ret = check_path(tok.tt.path, tmp->path); else { @@ -200,6 +183,7 @@ break; case AUT_ATTR32: + TOKEN_FLAG_SET(control_flag, TOKEN_ATTR); which = 1; ret = check_attr_path(tok.tt.attr32, tmp->path); if(!ret) @@ -207,12 +191,14 @@ break; case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv(tok.tt.proc32_ex, pid); if(!ret) report_error(tok, f); break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -220,6 +206,16 @@ case AUT_TRAILER: to_parse = WAITING; + if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_ATTR)) + report_error_string("Missing Attribute token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_PATH) || path_counter != 2) + report_error_string("Missing Path token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + control_flag = 0; + path_counter = 0; if(tmp->next != NULL) tmp = tmp->next; break; ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setauid.c#2 (text+ko) ==== @@ -37,26 +37,6 @@ struct setauid_record *next; }; -struct setauid_record *del_record(struct setauid_record *head, int index) -{ - struct setauid_record *tmp; - struct setauid_record *p; - - tmp = head; - if(tmp == NULL) - return NULL; - for(; tmp->next != NULL; tmp = tmp->next) { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return head; - } - } - - return NULL; -} - struct setauid_record * add_field(struct setauid_record *head, struct setauid_record *new) { @@ -65,7 +45,7 @@ tmp = head; if(tmp == NULL) { new->next = NULL; - return new; + return (new); } /* Reach the last element of the list*/ @@ -75,7 +55,7 @@ tmp->next= new; new->next = NULL; - return head; + return (head); } void test_setauid() @@ -130,13 +110,13 @@ { int i, ret, reclen, bytesread, to_parse; struct setauid_record *tmp, *elem; - struct audit_record *p, *el; int err = -1; tokenstr_t tok; u_char *buf; u_char type = 0; FILE *fp; - + long control_flag; + to_parse = WAITING; fp = fopen(path, "r"); @@ -178,18 +158,21 @@ if(to_parse == VALID) { switch(tok.id) { case AUT_SUBJECT32: + TOKEN_FLAG_SET(control_flag, TOKEN_SUBJECT); ret = check_priv_child(tok.tt.proc32_ex, tmp->p); if(!ret) report_error(tok, f); break; case AUT_ARG32: + TOKEN_FLAG_SET(control_flag, TOKEN_ARG); ret = check_arg(tok.tt.arg32, tmp->auid); if(!ret) report_error(tok, f); break; case AUT_RETURN32: + TOKEN_FLAG_SET(control_flag, TOKEN_RETURN); ret = check_ret(tok.tt.ret32, tmp->ret, tmp->err_val); if(!ret) report_error(tok, f); @@ -197,6 +180,14 @@ case AUT_TRAILER: to_parse = WAITING; + if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_SUBJECT)) + report_error_string("Missing Subject token", f); + else if (!TOKEN_FLAG_ISSET(control_flag, TOKEN_ARG)) + report_error_string("Missing Argument token", f); + else if(!TOKEN_FLAG_ISSET(control_flag, TOKEN_RETURN)) + report_error_string("Missing Return token", f); + control_flag = 0; + if(tmp->next != NULL) tmp = tmp->next; break; ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_setgid.c#5 (text+ko) ==== @@ -37,25 +37,6 @@ struct setgid_record *next; }; -struct setgid_record *del_record(struct setgid_record *head, int index) -{ - struct setgid_record *tmp, *p; - - tmp = head; - if(tmp == NULL) - return NULL; - for(; tmp->next != NULL; tmp = tmp->next) { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return head; - } - } - - return NULL; -} - struct setgid_record * add_field(struct setgid_record *head, struct setgid_record *new) { @@ -64,7 +45,7 @@ tmp = head; if(tmp == NULL) { new->next = NULL; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808091258.m79CwX7t080363>