From owner-p4-projects@FreeBSD.ORG Wed Jun 20 01:15:45 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 54D8916A46B; Wed, 20 Jun 2007 01:15:45 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1DD0716A41F for ; Wed, 20 Jun 2007 01:15:45 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 0E01713C46C for ; Wed, 20 Jun 2007 01:15:45 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l5K1Fi64052040 for ; Wed, 20 Jun 2007 01:15:44 GMT (envelope-from csjp@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l5K1Fiqx052030 for perforce@freebsd.org; Wed, 20 Jun 2007 01:15:44 GMT (envelope-from csjp@freebsd.org) Date: Wed, 20 Jun 2007 01:15:44 GMT Message-Id: <200706200115.l5K1Fiqx052030@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to csjp@freebsd.org using -f From: "Christian S.J. Peron" To: Perforce Change Reviews Cc: Subject: PERFORCE change 122002 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2007 01:15:45 -0000 http://perforce.freebsd.org/chv.cgi?CH=122002 Change 122002 by csjp@push on 2007/06/20 01:15:41 - Add audit_arg_audinfo_addr() for auditing the arguments for setaudit_addr(2) - In audit_bsm.c, make sure all the arguments: ARG_AUID, ARG_ASID, ARG_AMASK, and ARG_TERMID{_ADDR} are valid before auditing their arguments. (This is done for both setaudit and setaudit_addr. - Audit the arguments passed to setaudit_addr(2) - AF_INET6 does not equate to AU_IPv6. Change this in au_to_in_addr_ex() so the audit token is created with the correct type. This fixes the processing of the in_addr_ex token in userspace. - Change the size of the token (as generated by the kernel) from 5*4 bytes to 4*4 bytes (the correct size of an ip6 address) - Correct regression from ucred work which resulted in getaudit() not returning E2BIG if the subject had an ip6 termid - Correct slight regression in getaudit(2) which resulted in the size of a pointer being passed instead of the size of the structure. (This resulted in invalid auditinfo data being returned via getaudit(2)) Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#27 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#33 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#29 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#35 edit .. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#44 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit.h#27 (text+ko) ==== @@ -158,6 +158,7 @@ void audit_arg_sockaddr(struct thread *td, struct sockaddr *sa); void audit_arg_auid(uid_t auid); void audit_arg_auditinfo(struct auditinfo *au_info); +void audit_arg_auditinfo_addr(struct auditinfo_addr *au_info); void audit_arg_upath(struct thread *td, char *upath, u_int64_t flags); void audit_arg_vnode(struct vnode *vp, u_int64_t flags); void audit_arg_text(char *text); ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_arg.c#33 (text+ko) ==== @@ -467,6 +467,28 @@ } void +audit_arg_auditinfo_addr(struct auditinfo_addr *au_info) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_auid = au_info->ai_auid; + ar->k_ar.ar_arg_asid = au_info->ai_asid; + ar->k_ar.ar_arg_amask.am_success = au_info->ai_mask.am_success; + ar->k_ar.ar_arg_amask.am_failure = au_info->ai_mask.am_failure; + ar->k_ar.ar_arg_termid_addr.at_type = au_info->ai_termid.at_type; + ar->k_ar.ar_arg_termid_addr.at_port = au_info->ai_termid.at_port; + ar->k_ar.ar_arg_termid_addr.at_addr[0] = au_info->ai_termid.at_addr[0]; + ar->k_ar.ar_arg_termid_addr.at_addr[1] = au_info->ai_termid.at_addr[1]; + ar->k_ar.ar_arg_termid_addr.at_addr[2] = au_info->ai_termid.at_addr[2]; + ar->k_ar.ar_arg_termid_addr.at_addr[3] = au_info->ai_termid.at_addr[3]; + ARG_SET_VALID(ar, ARG_AUID | ARG_ASID | ARG_AMASK | ARG_TERMID_ADDR); +} + +void audit_arg_text(char *text) { struct kaudit_record *ar; ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm.c#29 (text+ko) ==== @@ -512,7 +512,10 @@ break; case AUE_SETAUDIT: - if (ARG_IS_VALID(kar, ARG_AUID)) { + if (ARG_IS_VALID(kar, ARG_AUID) && + ARG_IS_VALID(kar, ARG_ASID) && + ARG_IS_VALID(kar, ARG_AMASK) && + ARG_IS_VALID(kar, ARG_TERMID)) { tok = au_to_arg32(1, "setaudit:auid", ar->ar_arg_auid); kau_write(rec, tok); @@ -535,7 +538,37 @@ break; case AUE_SETAUDIT_ADDR: - break; /* XXX need to add arguments */ + if (ARG_IS_VALID(kar, ARG_AUID) && + ARG_IS_VALID(kar, ARG_ASID) && + ARG_IS_VALID(kar, ARG_AMASK) && + ARG_IS_VALID(kar, ARG_TERMID_ADDR)) { + tok = au_to_arg32(1, "setaudit_addr:auid", + ar->ar_arg_auid); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:as_success", + ar->ar_arg_amask.am_success); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:as_failure", + ar->ar_arg_amask.am_failure); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:asid", + ar->ar_arg_asid); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:type", + ar->ar_arg_termid_addr.at_type); + kau_write(rec, tok); + tok = au_to_arg32(1, "setaudit_addr:port", + ar->ar_arg_termid_addr.at_port); + kau_write(rec, tok); + if (ar->ar_arg_termid_addr.at_type == AU_IPv6) + tok = au_to_in_addr_ex((struct in6_addr *) + &ar->ar_arg_termid_addr.at_addr[0]); + if (ar->ar_arg_termid_addr.at_type == AU_IPv4) + tok = au_to_in_addr((struct in_addr *) + &ar->ar_arg_termid_addr.at_addr[0]); + kau_write(rec, tok); + } + break; case AUE_AUDITON: /* ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#35 (text+ko) ==== @@ -358,13 +358,13 @@ { token_t *t; u_char *dptr = NULL; - u_int32_t type = AF_INET6; + u_int32_t type = AU_IPv6; GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t)); ADD_U_CHAR(dptr, AUT_IN_ADDR_EX); ADD_U_INT32(dptr, type); - ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t)); + ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t)); return (t); } ==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_syscalls.c#44 (text+ko) ==== @@ -514,13 +514,15 @@ error = priv_check(td, PRIV_AUDIT_GETAUDIT); if (error) return (error); + if (td->td_ucred->cr_audit.ai_termid.at_type == AU_IPv6) + return (E2BIG); bzero(&ai, sizeof(ai)); ai.ai_auid = td->td_ucred->cr_audit.ai_auid; ai.ai_mask = td->td_ucred->cr_audit.ai_mask; ai.ai_asid = td->td_ucred->cr_audit.ai_asid; ai.ai_termid.machine = td->td_ucred->cr_audit.ai_termid.at_addr[0]; ai.ai_termid.port = td->td_ucred->cr_audit.ai_termid.at_port; - return (copyout(&ai, uap->auditinfo, sizeof(&ai))); + return (copyout(&ai, uap->auditinfo, sizeof(ai))); } /* ARGSUSED */ @@ -596,7 +598,10 @@ error = copyin(uap->auditinfo_addr, &aia, sizeof(aia)); if (error) return (error); - /* XXXRW: Audit argument. */ + audit_arg_auditinfo_addr(&aia); + if (aia.ai_termid.at_type != AU_IPv6 && + aia.ai_termid.at_type != AU_IPv4) + return (EINVAL); newcred = crget(); PROC_LOCK(td->td_proc); oldcred = td->td_proc->p_ucred;