From owner-svn-src-all@FreeBSD.ORG Mon Jul 18 12:58:18 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C01C7106566C; Mon, 18 Jul 2011 12:58:18 +0000 (UTC) (envelope-from jonathan@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id A5F0B8FC1B; Mon, 18 Jul 2011 12:58:18 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p6ICwITM023923; Mon, 18 Jul 2011 12:58:18 GMT (envelope-from jonathan@svn.freebsd.org) Received: (from jonathan@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p6ICwISu023918; Mon, 18 Jul 2011 12:58:18 GMT (envelope-from jonathan@svn.freebsd.org) Message-Id: <201107181258.p6ICwISu023918@svn.freebsd.org> From: Jonathan Anderson Date: Mon, 18 Jul 2011 12:58:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r224181 - head/sys/security/audit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jul 2011 12:58:18 -0000 Author: jonathan Date: Mon Jul 18 12:58:18 2011 New Revision: 224181 URL: http://svn.freebsd.org/changeset/base/224181 Log: Provide ability to audit cap_rights_t arguments. We wish to be able to audit capability rights arguments; this code provides the necessary infrastructure. This commit does not, of itself, turn on such auditing for any system call; that should follow shortly. Approved by: mentor (rwatson), re (Capsicum blanket) Sponsored by: Google Inc Modified: head/sys/security/audit/audit.h head/sys/security/audit/audit_arg.c head/sys/security/audit/audit_bsm.c head/sys/security/audit/audit_private.h Modified: head/sys/security/audit/audit.h ============================================================================== --- head/sys/security/audit/audit.h Mon Jul 18 12:03:58 2011 (r224180) +++ head/sys/security/audit/audit.h Mon Jul 18 12:58:18 2011 (r224181) @@ -114,6 +114,7 @@ void audit_arg_auditon(union auditon_ud void audit_arg_file(struct proc *p, struct file *fp); void audit_arg_argv(char *argv, int argc, int length); void audit_arg_envv(char *envv, int envc, int length); +void audit_arg_rights(cap_rights_t rights); void audit_sysclose(struct thread *td, int fd); void audit_cred_copy(struct ucred *src, struct ucred *dest); void audit_cred_destroy(struct ucred *cred); @@ -235,6 +236,11 @@ void audit_thread_free(struct thread *t audit_arg_rgid((rgid)); \ } while (0) +#define AUDIT_ARG_RIGHTS(rights) do { \ + if (AUDITING_TD(curthread)) \ + audit_arg_rights((rights)); \ +} while (0) + #define AUDIT_ARG_RUID(ruid) do { \ if (AUDITING_TD(curthread)) \ audit_arg_ruid((ruid)); \ @@ -342,6 +348,7 @@ void audit_thread_free(struct thread *t #define AUDIT_ARG_PID(pid) #define AUDIT_ARG_PROCESS(p) #define AUDIT_ARG_RGID(rgid) +#define AUDIT_ARG_RIGHTS(rights) #define AUDIT_ARG_RUID(ruid) #define AUDIT_ARG_SIGNUM(signum) #define AUDIT_ARG_SGID(sgid) Modified: head/sys/security/audit/audit_arg.c ============================================================================== --- head/sys/security/audit/audit_arg.c Mon Jul 18 12:03:58 2011 (r224180) +++ head/sys/security/audit/audit_arg.c Mon Jul 18 12:58:18 2011 (r224181) @@ -865,6 +865,19 @@ audit_arg_envv(char *envv, int envc, int ARG_SET_VALID(ar, ARG_ENVV); } +void +audit_arg_rights(cap_rights_t rights) +{ + struct kaudit_record *ar; + + ar = currecord(); + if (ar == NULL) + return; + + ar->k_ar.ar_arg_rights = rights; + ARG_SET_VALID(ar, ARG_RIGHTS); +} + /* * The close() system call uses it's own audit call to capture the path/vnode * information because those pieces are not easily obtained within the system Modified: head/sys/security/audit/audit_bsm.c ============================================================================== --- head/sys/security/audit/audit_bsm.c Mon Jul 18 12:03:58 2011 (r224180) +++ head/sys/security/audit/audit_bsm.c Mon Jul 18 12:58:18 2011 (r224181) @@ -1589,6 +1589,28 @@ kaudit_to_bsm(struct kaudit_record *kar, } break; + case AUE_CAP_NEW: + /* + * XXXRW/XXXJA: Would be nice to audit socket/etc information. + */ + FD_VNODE1_TOKENS; + if (ARG_IS_VALID(kar, ARG_RIGHTS)) { + tok = au_to_arg64(2, "rights", ar->ar_arg_rights); + kau_write(rec, tok); + } + break; + + case AUE_CAP_GETRIGHTS: + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } + break; + + case AUE_CAP_ENTER: + case AUE_CAP_GETMODE: + break; + case AUE_NULL: default: printf("BSM conversion requested for unknown event %d\n", Modified: head/sys/security/audit/audit_private.h ============================================================================== --- head/sys/security/audit/audit_private.h Mon Jul 18 12:03:58 2011 (r224180) +++ head/sys/security/audit/audit_private.h Mon Jul 18 12:58:18 2011 (r224181) @@ -229,6 +229,7 @@ struct audit_record { int ar_arg_exitstatus; int ar_arg_exitretval; struct sockaddr_storage ar_arg_sockaddr; + cap_rights_t ar_arg_rights; }; /* @@ -288,6 +289,7 @@ struct audit_record { #define ARG_ENVV 0x0002000000000000ULL #define ARG_ATFD1 0x0004000000000000ULL #define ARG_ATFD2 0x0008000000000000ULL +#define ARG_RIGHTS 0x0010000000000000ULL #define ARG_NONE 0x0000000000000000ULL #define ARG_ALL 0xFFFFFFFFFFFFFFFFULL