Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Feb 2006 01:53:29 GMT
From:      Wayne Salamon <wsalamon@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 91355 for review
Message-ID:  <200602080153.k181rTpa036760@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=91355

Change 91355 by wsalamon@gretsch on 2006/02/08 01:53:04

	When generating the process token, need to check whether the
	process was sucessfully audited.  Otherwise, generate the PID
	token. This change covers the pid < 0 cases, and pid lookup
	failure cases.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 edit
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 (text+ko) ====

@@ -369,8 +369,9 @@
 	ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid;
 	ar->k_ar.ar_arg_asid = p->p_au->ai_asid;
 	ar->k_ar.ar_arg_termid = p->p_au->ai_termid;
+	ar->k_ar.ar_arg_pid = p->p_pid;
 	ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID |
-	    ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PROCESS);
+	    ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS);
 }
 
 void

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 (text+ko) ====

@@ -223,20 +223,17 @@
 } while (0)
 
 #define PROCESS_PID_TOKENS(argn) do {					\
-	if (ARG_IS_VALID(kar, ARG_PID)) {				\
-		if ((ar->ar_arg_pid > 0) /* Kill a single process */	\
-		    && (ARG_IS_VALID(kar, ARG_PROCESS))) {		\
-			tok = au_to_process(ar->ar_arg_auid,		\
-			    ar->ar_arg_euid, ar->ar_arg_egid,		\
-			    ar->ar_arg_ruid, ar->ar_arg_rgid,		\
-			    ar->ar_arg_pid, ar->ar_arg_asid,		\
-			    &ar->ar_arg_termid);			\
-			kau_write(rec, tok);				\
-		} else {						\
-			tok = au_to_arg32(argn, "process",		\
-			    ar->ar_arg_pid);				\
-			kau_write(rec, tok);				\
-		}							\
+	if ((ar->ar_arg_pid > 0) /* Reference a single process */	\
+	    && (ARG_IS_VALID(kar, ARG_PROCESS))) {			\
+		tok = au_to_process(ar->ar_arg_auid,			\
+		    ar->ar_arg_euid, ar->ar_arg_egid,			\
+		    ar->ar_arg_ruid, ar->ar_arg_rgid,			\
+		    ar->ar_arg_pid, ar->ar_arg_asid,			\
+		    &ar->ar_arg_termid);				\
+		kau_write(rec, tok);					\
+	} else if (ARG_IS_VALID(kar, ARG_PID)) {			\
+		tok = au_to_arg32(argn, "process", ar->ar_arg_pid);	\
+		kau_write(rec, tok);					\
 	}								\
 } while (0)								\

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602080153.k181rTpa036760>