From owner-p4-projects@FreeBSD.ORG Tue Jul 29 01:28:17 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id CEA781065672; Tue, 29 Jul 2008 01:28:16 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9312D1065670 for ; Tue, 29 Jul 2008 01:28:16 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 807DB8FC08 for ; Tue, 29 Jul 2008 01:28:16 +0000 (UTC) (envelope-from diego@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m6T1SGaQ025104 for ; Tue, 29 Jul 2008 01:28:16 GMT (envelope-from diego@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m6T1SGJ6025102 for perforce@freebsd.org; Tue, 29 Jul 2008 01:28:16 GMT (envelope-from diego@FreeBSD.org) Date: Tue, 29 Jul 2008 01:28:16 GMT Message-Id: <200807290128.m6T1SGJ6025102@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to diego@FreeBSD.org using -f From: Diego Giagio To: Perforce Change Reviews Cc: Subject: PERFORCE change 146174 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jul 2008 01:28:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=146174 Change 146174 by diego@diego_black on 2008/07/29 01:27:57 Add support for socket-token, as described by Sun. This is needed for network event records generation. Affected files ... .. //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#11 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#3 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#2 edit .. //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#3 edit Differences ... ==== //depot/projects/soc2008/diego-audit/src/sys/bsm/audit_record.h#2 (text) ==== @@ -296,10 +296,10 @@ #if defined(_KERNEL) || defined(KERNEL) token_t *au_to_socket(struct socket *so); -token_t *au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); -token_t *au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la, - struct sockaddr *ta); +token_t *au_to_socket_ex_32(uint16_t domain, uint16_t type, uint16_t lp, + uint16_t rp, struct sockaddr *la, struct sockaddr *ta); +token_t *au_to_socket_ex_128(uint16_t domain, uint16_t type, uint16_t lp, + uint16_t rp, struct sockaddr *la, struct sockaddr *ta); #endif token_t *au_to_sock_inet(struct sockaddr_in *so); ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit.h#11 (text) ==== @@ -114,6 +114,7 @@ #define ARG_IOVECSTR 0x0000800000000000ULL #define ARG_ARGV 0x0001000000000000ULL #define ARG_ENVV 0x0002000000000000ULL +#define ARG_SOCKCONN 0x0004000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL @@ -177,6 +178,8 @@ void audit_arg_process(struct proc *p); void audit_arg_signum(u_int signum); void audit_arg_socket(int sodomain, int sotype, int soprotocol); +void audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport, + struct sockaddr *la, struct sockaddr *ra); void audit_arg_sockaddr(struct thread *td, struct sockaddr *sa); void audit_arg_auid(uid_t auid); void audit_arg_auditinfo(struct auditinfo *au_info); ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_arg.c#3 (text) ==== @@ -608,6 +608,36 @@ } void +audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, int sotype, + int lport, int rport, struct sockaddr *la, struct sockaddr *ra) +{ + KASSERT(ar != NULL, ("audit_record_arg_socket_ex: ar == NULL")); + KASSERT(la != NULL, ("audit_record_arg_socket_ex: la == NULL")); + KASSERT(ra != NULL, ("audit_record_arg_socket_ex: ra == NULL")); + + ar->k_ar.ar_arg_sockconn.sc_domain = sodomain; + ar->k_ar.ar_arg_sockconn.sc_type = sotype; + ar->k_ar.ar_arg_sockconn.sc_lport = lport; + ar->k_ar.ar_arg_sockconn.sc_rport = rport; + bcopy(la, &ar->k_ar.ar_arg_sockconn.sc_laddr, la->sa_len); + bcopy(ra, &ar->k_ar.ar_arg_sockconn.sc_raddr, ra->sa_len); + ARG_SET_VALID(ar, ARG_SOCKCONN); +} + +void +audit_arg_socket_ex(int sodomain, int sotype, int lport, int rport, + struct sockaddr *la, struct sockaddr *ra) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + audit_record_arg_socket_ex(ar, sodomain, sotype, lport, rport, la, ra); +} + +void audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td, struct sockaddr *sa) { ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_bsm_token.c#2 (text) ==== @@ -846,28 +846,58 @@ /* * token ID 1 byte + * socket domain 2 bytes * socket type 2 bytes + * ip address type 2 bytes * local port 2 bytes - * address type/length 4 bytes - * local Internet address 4 bytes/16 bytes (IPv4/IPv6 address) - * remote port 4 bytes - * address type/length 4 bytes - * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address) + * local address 4 bytes/16 bytes (IPv4/IPv6 address) + * remote port 2 bytes + * remote address 4 bytes/16 bytes (IPv4/IPv6 address) */ token_t * -au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la, - struct sockaddr *ra) +au_to_socket_ex_32(u_int16_t domain, u_int16_t type, u_int16_t lp, u_int16_t rp, + struct sockaddr *la, struct sockaddr *ra) { + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + + sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t)); + + ADD_U_CHAR(dptr, AUT_SOCKET_EX); + ADD_U_INT16(dptr, domain); + ADD_U_INT16(dptr, type); + ADD_U_INT16(dptr, AU_IPv4); + ADD_U_INT16(dptr, lp); + ADD_MEM(dptr, &la->sa_data, AU_IPv4); + ADD_U_INT16(dptr, rp); + ADD_MEM(dptr, &ra->sa_data, AU_IPv4); - return (NULL); + return (t); } token_t * -au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la, - struct sockaddr *ra) -{ +au_to_socket_ex_128(u_int16_t domain, u_int16_t type, u_int16_t lp, + u_int16_t rp, struct sockaddr *la, struct sockaddr *ra) +{ + token_t *t; + u_char *dptr = NULL; + + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + + sizeof(u_int16_t) + sizeof(u_int16_t) + sizeof(u_int16_t) + + 4 * sizeof(u_int32_t) + sizeof(u_int16_t) + 4 * sizeof(u_int32_t)); + + ADD_U_CHAR(dptr, AUT_SOCKET_EX); + ADD_U_INT16(dptr, domain); + ADD_U_INT16(dptr, type); + ADD_U_INT16(dptr, AU_IPv6); + ADD_U_INT16(dptr, lp); + ADD_MEM(dptr, &la->sa_data, AU_IPv6); + ADD_U_INT16(dptr, rp); + ADD_MEM(dptr, &ra->sa_data, AU_IPv6); - return (NULL); + return (t); } /* ==== //depot/projects/soc2008/diego-audit/src/sys/security/audit/audit_private.h#3 (text) ==== @@ -118,6 +118,15 @@ u_short so_lport; /* Local port. */ }; +struct sockconn_au_info { + int sc_domain; + int sc_type; + u_short sc_lport; + u_short sc_rport; + struct sockaddr_storage sc_laddr; + struct sockaddr_storage sc_raddr; +}; + union auditon_udata { char *au_path; long au_cond; @@ -189,6 +198,7 @@ char ar_arg_login[MAXLOGNAME]; int ar_arg_ctlname[CTL_MAXNAME]; struct socket_au_info ar_arg_sockinfo; + struct sockconn_au_info ar_arg_sockconn; char *ar_arg_upath1; char *ar_arg_upath2; char *ar_arg_text; @@ -277,6 +287,8 @@ void audit_record_arg_signum(struct kaudit_record *ar, u_int signum); void audit_record_arg_socket(struct kaudit_record *ar, int sodomain, int sotype, int soprotocol); +void audit_record_arg_socket_ex(struct kaudit_record *ar, int sodomain, + int sotype, int lport, int rport, struct sockaddr *la, struct sockaddr *ra); void audit_record_arg_sockaddr(struct kaudit_record *ar, struct thread *td, struct sockaddr *sa); void audit_record_arg_auid(struct kaudit_record *ar, uid_t auid);