From owner-p4-projects@FreeBSD.ORG  Wed Aug 18 01:40:34 2004
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 47A5116A4D0; Wed, 18 Aug 2004 01:40:33 +0000 (GMT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 116EA16A4CE
	for <perforce@freebsd.org>; Wed, 18 Aug 2004 01:40:33 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F257143D39
	for <perforce@freebsd.org>; Wed, 18 Aug 2004 01:40:32 +0000 (GMT)
	(envelope-from wsalamon@computer.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i7I1eWMI022452
	for <perforce@freebsd.org>; Wed, 18 Aug 2004 01:40:32 GMT
	(envelope-from wsalamon@computer.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i7I1eWMd022449
	for perforce@freebsd.org; Wed, 18 Aug 2004 01:40:32 GMT
	(envelope-from wsalamon@computer.org)
Date: Wed, 18 Aug 2004 01:40:32 GMT
Message-Id: <200408180140.i7I1eWMd022449@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	wsalamon@computer.org using -f
From: Wayne Salamon <wsalamon@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 59949 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2004 01:40:34 -0000

http://perforce.freebsd.org/chv.cgi?CH=59949

Change 59949 by wsalamon@wsalamon_epi on 2004/08/18 01:39:59

	Audit the fchflags, fchmod, fchown, ftruncate, futimes, fstatfs, and
	getdirentries system calls. Note that auditing of these calls will
	show how vn_getpath() often does not succeed, and hence no path will
	be in the audit log. Also, the sys_au_event table in kern_bsm_klib.c
	is modified to match the above system calls for FreeBSD. However, 
	many of the entries in this table need to be fixed, or the table 
	replaced with something better (adding the audit event to the sysent
	table, for example?).

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#3 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/kern/vfs_syscalls.c#3 (text+ko) ====

@@ -279,8 +279,12 @@
 	struct statfs *sp, sb;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	mp = fp->f_vnode->v_mount;
 	fdrop(fp, td);
 	if (mp == NULL)
@@ -2393,8 +2397,13 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
+	AUDIT_ARG(fflags, uap->flags);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfflags(td, fp->f_vnode, uap->flags);
 	fdrop(fp, td);
 	return (error);
@@ -2514,8 +2523,13 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
+	AUDIT_ARG(mode, uap->mode);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfmode(td, fp->f_vnode, uap->mode);
 	fdrop(fp, td);
 	return (error);
@@ -2653,8 +2667,12 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(owner, uap->uid, uap->gid);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	error = setfown(td, fp->f_vnode, uap->uid, uap->gid);
 	fdrop(fp, td);
 	return (error);
@@ -2846,10 +2864,14 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, fd);
+	if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
+		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((error = getutimes(tptr, tptrseg, ts)) != 0)
 		return (error);
-	if ((error = getvnode(td->td_proc->p_fd, fd, &fp)) != 0)
-		return (error);
 	error = setutimes(td, fp->f_vnode, ts, 2, tptr == NULL);
 	fdrop(fp, td);
 	return (error);
@@ -2942,10 +2964,14 @@
 	struct file *fp;
 	int error;
 
+	AUDIT_ARG(fd, uap->fd);
 	if (uap->length < 0)
 		return(EINVAL);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((fp->f_flag & FWRITE) == 0) {
 		fdrop(fp, td);
 		return (EINVAL);
@@ -3561,8 +3587,12 @@
 	long loff;
 	int error, eofflag;
 
+	AUDIT_ARG(fd, uap->fd);
 	if ((error = getvnode(td->td_proc->p_fd, uap->fd, &fp)) != 0)
 		return (error);
+
+	AUDIT_ARG(vnpath, fp->f_vnode, ARG_VNODE1);
+
 	if ((fp->f_flag & FREAD) == 0) {
 		fdrop(fp, td);
 		return (EBADF);

==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#6 (text+ko) ====

@@ -188,7 +188,7 @@
 	AUE_MKDIR,			/* 136 = mkdir */
 	AUE_RMDIR,			/* 137 = rmdir */
 	AUE_UTIMES,			/* 138 = utimes */
-	AUE_FUTIMES,			/* 139 = futimes */
+	AUE_NULL,			/* 139 = obsolete 4.2 sigreturn */
 	AUE_ADJTIME,			/* 140 = adjtime */
 	AUE_NULL,			/* 141 = getpeername */
 	AUE_NULL,			/* 142 = old gethostid */
@@ -206,8 +206,8 @@
 	AUE_NULL,			/* 154 = pwrite */
 	AUE_NULL,			/* 155 = nfs_svc */
 	AUE_O_GETDIRENTRIES,		/* 156 = old getdirentries */
-	AUE_STATFS,			/* 157 = statfs */
-	AUE_FSTATFS,			/* 158 = fstatfs */
+	AUE_NULL,			/* 157 = old statfs */
+	AUE_NULL,			/* 158 = old fstatfs */
 	AUE_UMOUNT,			/* 159 = unmount */
 	AUE_NULL,			/* 160 was async_daemon */
 	AUE_GETFH,			/* 161 = get file handle */
@@ -263,16 +263,16 @@
 	AUE_MLOCK,			/* 203 = mlock */
 	AUE_MUNLOCK,			/* 204 = munlock */
 	AUE_UNDELETE,			/* 205 = undelete */
-	AUE_NULL,			/* 206 = ATsocket */
-	AUE_NULL,			/* 207 = ATgetmsg*/
-	AUE_NULL,			/* 208 = ATputmsg*/
-	AUE_NULL,			/* 209 = ATPsndreq*/
-	AUE_NULL,			/* 210 = ATPsndrsp*/
-	AUE_NULL,			/* 211 = ATPgetreq*/
-	AUE_NULL,			/* 212 = ATPgetrsp*/
-	AUE_NULL,			/* 213 = Reserved for AppleTalk */
-	AUE_NULL,			/* 214 = Reserved for AppleTalk */
-	AUE_NULL,			/* 215 = Reserved for AppleTalk */
+	AUE_FUTIMES,			/* 206 = futimes */
+	AUE_NULL,			/* 207 = */
+	AUE_NULL,			/* 208 = */
+	AUE_NULL,			/* 209 = */
+	AUE_NULL,			/* 210 = */
+	AUE_NULL,			/* 211 = */
+	AUE_NULL,			/* 212 = */
+	AUE_NULL,			/* 213 = for AppleTalk */
+	AUE_NULL,			/* 214 = for AppleTalk */
+	AUE_NULL,			/* 215 = for AppleTalk */
 	
 	AUE_NULL,	/* 216 = HFS make complex file call (multipel forks */
 	AUE_NULL,	/* 217 = HFS statv extended stat call for HFS */
@@ -427,7 +427,37 @@
 	AUE_NULL,			/* 366 */
 	AUE_NULL,			/* 367 */
 	AUE_NULL,			/* 368 */
-	AUE_NULL			/* 369 */
+	AUE_NULL,			/* 369 */
+	AUE_NULL,			/* 370 */
+	AUE_NULL,			/* 371 */
+	AUE_NULL,			/* 372 */
+	AUE_NULL,			/* 373 */
+	AUE_NULL,			/* 374 */
+	AUE_NULL,			/* 375 */
+	AUE_NULL,			/* 376 */
+	AUE_NULL,			/* 377 */
+	AUE_NULL,			/* 378 */
+	AUE_NULL,			/* 379 */
+	AUE_NULL,			/* 380 */
+	AUE_NULL,			/* 381 */
+	AUE_NULL,			/* 382 */
+	AUE_NULL,			/* 383 */
+	AUE_NULL,			/* 384 */
+	AUE_NULL,			/* 385 */
+	AUE_NULL,			/* 386 */
+	AUE_NULL,			/* 387 */
+	AUE_NULL,			/* 388 */
+	AUE_NULL,			/* 389 */
+	AUE_NULL,			/* 390 */
+	AUE_NULL,			/* 391 */
+	AUE_NULL,			/* 392 */
+	AUE_NULL,			/* 393 */
+	AUE_NULL,			/* 394 */
+	AUE_NULL,			/* 395 */
+	AUE_STATFS,			/* 396 = statfs */
+	AUE_FSTATFS,			/* 397 = fstafs */
+	AUE_NULL,			/* 398 */
+	AUE_NULL			/* 399 */
 };
 int	nsys_au_event = sizeof(sys_au_event) / sizeof(sys_au_event[0]);