From owner-p4-projects@FreeBSD.ORG  Fri Jul  9 21:22:40 2010
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id F1026106567A; Fri,  9 Jul 2010 21:22:39 +0000 (UTC)
Delivered-To: perforce@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9C1E2106566C
	for <perforce@FreeBSD.org>; Fri,  9 Jul 2010 21:22:39 +0000 (UTC)
	(envelope-from gpf@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 898F88FC12
	for <perforce@FreeBSD.org>; Fri,  9 Jul 2010 21:22:39 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id o69LMdPK016546
	for <perforce@FreeBSD.org>; Fri, 9 Jul 2010 21:22:39 GMT
	(envelope-from gpf@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id o69LMdcc016544
	for perforce@freebsd.org; Fri, 9 Jul 2010 21:22:39 GMT
	(envelope-from gpf@FreeBSD.org)
Date: Fri, 9 Jul 2010 21:22:39 GMT
Message-Id: <201007092122.o69LMdcc016544@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	gpf@FreeBSD.org using -f
From: Efstratios Karatzas <gpf@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Precedence: bulk
Cc: 
Subject: PERFORCE change 180703 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jul 2010 21:22:40 -0000

http://p4web.freebsd.org/@@180703?ac=10

Change 180703 by gpf@gpf_desktop on 2010/07/09 21:21:55

	- setattr: audit vnode information @ the begging and @ the end of 
	the rpc. 
	This way, we may clearly see what attributes were changed. 
	AUDIT_ARG_VNODE* may have to adapt so that it can keep track of 
	other vnode attributes as well, such as file size.
	
	- access: audit the access flag used in the rpc so that we know 
	what access rights were checked.

Affected files ...

.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#12 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#19 edit
.. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#16 edit

Differences ...

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#12 (text+ko) ====

@@ -99,6 +99,7 @@
 	}
 	NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
 	nfsmode = fxdr_unsigned(u_int32_t, *tl);
+	AUDIT_ARG_FFLAGS(nfsmode);
 	if ((nd->nd_flag & ND_NFSV4) &&
 	    (nfsmode & ~(NFSACCESS_READ | NFSACCESS_LOOKUP |
 	     NFSACCESS_MODIFY | NFSACCESS_EXTEND | NFSACCESS_DELETE |
@@ -242,6 +243,9 @@
 	nfsv4stateid_t stateid;
 	NFSACL_T *aclp = NULL;
 	
+	if (vp)
+		AUDIT_ARG_VNODE1(vp);
+	
 	if (nd->nd_repstat) {
 		nfsrv_wcc(nd, preat_ret, &nva2, postat_ret, &nva);
 		return (0);
@@ -384,7 +388,7 @@
 		if (!nd->nd_repstat)
 			nd->nd_repstat = postat_ret;
 	}
-	AUDIT_ARG_VNODE1(vp);
+	AUDIT_ARG_VNODE2(vp);
 	vput(vp);
 #ifdef NFS4_ACL_EXTATTR_NAME
 	acl_free(aclp);

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#19 (text+ko) ====

@@ -338,6 +338,7 @@
 		AUDIT_ARG_VNODE1(AUDIT_vp);
 	}
 	nfsmode = fxdr_unsigned(u_int32_t, *tl);
+	AUDIT_ARG_FFLAGS(nfsmode);
 	if ((nfsmode & NFSV3ACCESS_READ) &&
 		nfsrv_access(vp, VREAD, cred, rdonly, 0))
 		nfsmode &= ~NFSV3ACCESS_READ;
@@ -543,8 +544,10 @@
 	}
 
 	AUDIT_vp = vp;
-	if (AUDIT_vp != NULL && AUDITING_TD(curthread))
-		vref(AUDIT_vp);		
+	if (AUDIT_vp != NULL && AUDITING_TD(curthread)) {
+		vref(AUDIT_vp);
+		AUDIT_ARG_VNODE1(AUDIT_vp);
+	}
 
 	/*
 	 * vp now an active resource, pay careful attention to cleanup
@@ -585,7 +588,7 @@
 	}
 	error = VOP_SETATTR(vp, vap, cred);
 	if (AUDIT_vp != NULL)
-		AUDIT_ARG_VNODE1(AUDIT_vp);
+		AUDIT_ARG_VNODE2(AUDIT_vp);
 	postat_ret = VOP_GETATTR(vp, vap, cred);
 	if (!error)
 		error = postat_ret;

==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#16 (text) ====

@@ -1602,8 +1602,6 @@
 	case AUE_NFS_REMOVE:
 	case AUE_NFS_RMDIR:
 	case AUE_NFS_GETATTR:
-	case AUE_NFS_SETATTR:
-	case AUE_NFS_ACCESS:
 	case AUE_NFS_LOOKUP:
 	case AUE_NFS_COMMIT:
 	case AUE_NFS_PATHCONF:
@@ -1623,6 +1621,7 @@
 
 	case AUE_NFS_READ:
 	case AUE_NFS_WRITE:
+	case AUE_NFS_ACCESS:
 		if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
 			tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
 			kau_write(rec, tok);
@@ -1660,9 +1659,22 @@
 			kau_write(rec, tok);
 		}
 		/* FALLTHROUGH */
-		
+	
+	case AUE_NFS_SETATTR:
+		UPATH1_VNODE1_TOKENS;
+		VNODE2_TOKENS;
+		if (ARG_IS_VALID(kar, ARG_TEXT)) {
+			tok = au_to_text(ar->ar_arg_text);
+			kau_write(rec, tok);
+		}
+		if (ARG_IS_VALID(kar, ARG_PROTOCOL)) {
+			tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol));
+			kau_write(rec, tok);
+		}
+		break;
+	
 	case AUE_NFS_LINK:
-	case AUE_NFS_RENAME:
+	case AUE_NFS_RENAME:	
 		UPATH1_VNODE1_TOKENS;
 		UPATH2_TOKENS;
 		if (ARG_IS_VALID(kar, ARG_TEXT)) {