From owner-p4-projects@FreeBSD.ORG Wed Feb 8 01:53:30 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4F44416A423; Wed, 8 Feb 2006 01:53:30 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED2B616A422 for ; Wed, 8 Feb 2006 01:53:29 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BAFA43D46 for ; Wed, 8 Feb 2006 01:53:29 +0000 (GMT) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k181rTs4036763 for ; Wed, 8 Feb 2006 01:53:29 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k181rTpa036760 for perforce@freebsd.org; Wed, 8 Feb 2006 01:53:29 GMT (envelope-from wsalamon@computer.org) Date: Wed, 8 Feb 2006 01:53:29 GMT Message-Id: <200602080153.k181rTpa036760@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 91355 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Feb 2006 01:53:31 -0000 http://perforce.freebsd.org/chv.cgi?CH=91355 Change 91355 by wsalamon@gretsch on 2006/02/08 01:53:04 When generating the process token, need to check whether the process was sucessfully audited. Otherwise, generate the PID token. This change covers the pid < 0 cases, and pid lookup failure cases. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#13 (text+ko) ==== @@ -369,8 +369,9 @@ ar->k_ar.ar_arg_rgid = p->p_ucred->cr_rgid; ar->k_ar.ar_arg_asid = p->p_au->ai_asid; ar->k_ar.ar_arg_termid = p->p_au->ai_termid; + ar->k_ar.ar_arg_pid = p->p_pid; ARG_SET_VALID(ar, ARG_AUID | ARG_EUID | ARG_EGID | ARG_RUID | - ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PROCESS); + ARG_RGID | ARG_ASID | ARG_TERMID | ARG_PID | ARG_PROCESS); } void ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#8 (text+ko) ==== @@ -223,20 +223,17 @@ } while (0) #define PROCESS_PID_TOKENS(argn) do { \ - if (ARG_IS_VALID(kar, ARG_PID)) { \ - if ((ar->ar_arg_pid > 0) /* Kill a single process */ \ - && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ - tok = au_to_process(ar->ar_arg_auid, \ - ar->ar_arg_euid, ar->ar_arg_egid, \ - ar->ar_arg_ruid, ar->ar_arg_rgid, \ - ar->ar_arg_pid, ar->ar_arg_asid, \ - &ar->ar_arg_termid); \ - kau_write(rec, tok); \ - } else { \ - tok = au_to_arg32(argn, "process", \ - ar->ar_arg_pid); \ - kau_write(rec, tok); \ - } \ + if ((ar->ar_arg_pid > 0) /* Reference a single process */ \ + && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ + tok = au_to_process(ar->ar_arg_auid, \ + ar->ar_arg_euid, ar->ar_arg_egid, \ + ar->ar_arg_ruid, ar->ar_arg_rgid, \ + ar->ar_arg_pid, ar->ar_arg_asid, \ + &ar->ar_arg_termid); \ + kau_write(rec, tok); \ + } else if (ARG_IS_VALID(kar, ARG_PID)) { \ + tok = au_to_arg32(argn, "process", ar->ar_arg_pid); \ + kau_write(rec, tok); \ } \ } while (0) \