From owner-trustedbsd-cvs@FreeBSD.ORG Fri May 5 13:36:40 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B19A16A400 for ; Fri, 5 May 2006 13:36:40 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0826E43D46 for ; Fri, 5 May 2006 13:36:39 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 5A13046C80 for ; Fri, 5 May 2006 09:36:38 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id D97F7631B9; Fri, 5 May 2006 13:34:55 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id BCE3C16A46A; Fri, 5 May 2006 13:34:52 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A99816A468 for ; Fri, 5 May 2006 13:34:52 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F5B043D4C for ; Fri, 5 May 2006 13:34:52 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k45DYq0M042103 for ; Fri, 5 May 2006 13:34:52 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k45DYpog042093 for perforce@freebsd.org; Fri, 5 May 2006 13:34:51 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Fri, 5 May 2006 13:34:51 GMT Message-Id: <200605051334.k45DYpog042093@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 96700 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2006 13:36:40 -0000 http://perforce.freebsd.org/chv.cgi?CH=96700 Change 96700 by rwatson@rwatson_zoo on 2006/05/05 13:34:03 Add three new ioctls to audit pipes: AUDITPIPE_DELETE_AUID, which will delete the preselection state for a particular auid on the pipe, and AUDITPIPE_{GET/SET}_PRESELECT_TRAIL, which set the AUDIT_PIPE_TRAIL flag on the pipe, which indicates that the pipe will follow the trail preselection model, rather than using its own preselection settings. This is now the default, restoring the behavior of praudit(1) on /dev/auditpipe to its default prior to adding preselection magic. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#28 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#8 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#19 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#27 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#11 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.c#28 (text+ko) ==== @@ -389,7 +389,8 @@ ar->k_ar_commit |= AR_COMMIT_KERNEL; if (au_preselect(event, class, aumask, sorf) != 0) ar->k_ar_commit |= AR_PRESELECT_TRAIL; - if (audit_pipe_preselect(auid, event, class, sorf) != 0) + if (audit_pipe_preselect(auid, event, class, sorf, + ar->k_ar_commit & AR_PRESELECT_TRAIL) != 0) ar->k_ar_commit |= AR_PRESELECT_PIPE; if ((ar->k_ar_commit & (AR_PRESELECT_TRAIL | AR_PRESELECT_PIPE)) == 0) { @@ -511,7 +512,7 @@ panic("audit_failing_stop: thread continued"); } td->td_ar = audit_new(event, td); - } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH)) + } else if (audit_pipe_preselect(auid, event, class, AU_PRS_BOTH, 0)) td->td_ar = audit_new(event, td); else td->td_ar = NULL; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_ioctl.h#8 (text+ko) ==== @@ -59,8 +59,11 @@ struct auditpipe_preselect) #define AUDITPIPE_SET_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 11, \ struct auditpipe_preselect) -#define AUDITPIPE_FLUSH_PRESELECT_AUID _IO(AUDITPIPE_IOBASE, 12) -#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 13) +#define AUDITPIPE_DELETE_PRESELECT_AUID _IOW(AUDITPIPE_IOBASE, 12, au_id_t) +#define AUDITPIPE_FLUSH_PRESELECT_AUID _IO(AUDITPIPE_IOBASE, 13) +#define AUDITPIPE_GET_PRESELECT_TRAIL _IOR(AUDITPIPE_IOBASE, 14, int) +#define AUDITPIPE_SET_PRESELECT_TRAIL _IOW(AUDITPIPE_IOBASE, 14, int) +#define AUDITPIPE_FLUSH _IO(AUDITPIPE_IOBASE, 15) /* * Ioctls to retrieve audit pipe statistics. ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_pipe.c#19 (text+ko) ==== @@ -103,6 +103,7 @@ */ #define AUDIT_PIPE_ASYNC 0x00000001 #define AUDIT_PIPE_NBIO 0x00000002 +#define AUDIT_PIPE_TRAIL 0x00000004 /* Use trail preselection. */ struct audit_pipe { int ap_open; /* Device open? */ u_int ap_flags; @@ -200,16 +201,25 @@ /* * Determine whether a specific audit pipe matches a record with these - * properties. + * properties. Algorithm is as follows: + * + * - If the pipe is configured to track the default trail configuration, then + * use that. + * - If not, search for a specifically configured auid entry matching the + * event. If it is found, use that. + * - Otherwise, use the default flags or naflags configured for the pipe. */ static int audit_pipe_preselect_check(struct audit_pipe *ap, au_id_t auid, - au_event_t event, au_class_t class, int sorf) + au_event_t event, au_class_t class, int sorf, int trail_preselect) { struct audit_pipe_preselect *app; mtx_assert(&audit_pipe_mtx, MA_OWNED); + if ((ap->ap_flags & AUDIT_PIPE_TRAIL) && trail_preselect) + return (1); + TAILQ_FOREACH(app, &ap->ap_preselect_list, app_list) { if (app->app_auid == auid) break; @@ -232,13 +242,14 @@ */ int audit_pipe_preselect(au_id_t auid, au_event_t event, au_class_t class, - int sorf) + int sorf, int trail_preselect) { struct audit_pipe *ap; mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { - if (audit_pipe_preselect_check(ap, auid, event, class, sorf)) { + if (audit_pipe_preselect_check(ap, auid, event, class, sorf, + trail_preselect)) { mtx_unlock(&audit_pipe_mtx); return (1); } @@ -301,7 +312,7 @@ */ void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, int sorf, - void *record, u_int record_len) + int trail_select, void *record, u_int record_len) { struct audit_pipe *ap; @@ -313,7 +324,8 @@ mtx_lock(&audit_pipe_mtx); TAILQ_FOREACH(ap, &audit_pipe_list, ap_list) { - if (audit_pipe_preselect_check(ap, auid, event, class, sorf)) + if (audit_pipe_preselect_check(ap, auid, event, class, sorf, + trail_select)) audit_pipe_append(ap, record, record_len); } audit_pipe_records++; @@ -387,20 +399,15 @@ TAILQ_INIT(&ap->ap_queue); /* - * Initialize pre-selection state to match all events by default, and - * have no particular auid-specific entries. This allows praudit(1) - * to be run directly on an audit pipe without any configuration or - * special handling. However, it also requires that applications - * flush the pipe after specifying preselection prequirements so that - * they don't see events captured before they completed - * configuration. + * Default flags, naflags, and auid-specific preselection settings to + * 0. Initialize the AUDIT_PIPE_TRAIL flag so that if praudit(1) is + * run on /dev/auditpipe, it sees events associated with the default + * trail. Pipe-aware application can clear the flag, set custom + * masks, and flush the pipe as needed. */ bzero(&ap->ap_preselect_flags, sizeof(ap->ap_preselect_flags)); - ap->ap_preselect_flags.am_success = 0xffffffff; - ap->ap_preselect_flags.am_failure = 0xffffffff; bzero(&ap->ap_preselect_naflags, sizeof(ap->ap_preselect_naflags)); - ap->ap_preselect_naflags.am_success = 0xffffffff; - ap->ap_preselect_naflags.am_failure = 0xffffffff; + ap->ap_flags |= AUDIT_PIPE_TRAIL; TAILQ_INIT(&ap->ap_preselect_list); TAILQ_INSERT_HEAD(&audit_pipe_list, ap, ap_list); @@ -535,6 +542,7 @@ struct auditpipe_preselect *aps; struct audit_pipe *ap; au_mask_t *maskp; + au_id_t auid; int error; ap = dev->si_drv1; @@ -650,10 +658,28 @@ error = EOPNOTSUPP; break; + case AUDITPIPE_DELETE_PRESELECT_AUID: + auid = *(au_id_t *)data; + error = EOPNOTSUPP; + break; + case AUDITPIPE_FLUSH_PRESELECT_AUID: error = EOPNOTSUPP; break; + case AUDITPIPE_GET_PRESELECT_TRAIL: + *(int *)data = (ap->ap_flags & AUDIT_PIPE_TRAIL) ? 1 : 0; + error = 0; + break; + + case AUDITPIPE_SET_PRESELECT_TRAIL: + if (*(int *)data) + ap->ap_flags |= AUDIT_PIPE_TRAIL; + else + ap->ap_flags &= ~AUDIT_PIPE_TRAIL; + error = 0; + break; + case AUDITPIPE_FLUSH: audit_pipe_flush(ap); error = 0; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_private.h#27 (text+ko) ==== @@ -344,9 +344,9 @@ * Audit pipe functions. */ int audit_pipe_preselect(au_id_t auid, au_event_t event, - au_class_t class, int sorf); + au_class_t class, int sorf, int trail_select); void audit_pipe_submit(au_id_t auid, au_event_t event, au_class_t class, - int sorf, void *record, u_int record_len); + int sorf, int trail_select, void *record, u_int record_len); void audit_pipe_submit_user(void *record, u_int record_len); #endif /* ! _SECURITY_AUDIT_PRIVATE_H_ */ ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_worker.c#11 (text+ko) ==== @@ -373,7 +373,8 @@ } if (ar->k_ar_commit & AR_PRESELECT_PIPE) audit_pipe_submit(auid, event, class, sorf, - bsm->data, bsm->len); + ar->k_ar_commit & AR_PRESELECT_TRAIL, bsm->data, + bsm->len); kau_free(bsm); }