Date: Fri, 9 Jul 2010 21:22:39 GMT From: Efstratios Karatzas <gpf@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 180703 for review Message-ID: <201007092122.o69LMdcc016544@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@180703?ac=10 Change 180703 by gpf@gpf_desktop on 2010/07/09 21:21:55 - setattr: audit vnode information @ the begging and @ the end of the rpc. This way, we may clearly see what attributes were changed. AUDIT_ARG_VNODE* may have to adapt so that it can keep track of other vnode attributes as well, such as file size. - access: audit the access flag used in the rpc so that we know what access rights were checked. Affected files ... .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#12 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#19 edit .. //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#16 edit Differences ... ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/fs/nfsserver/nfs_nfsdserv.c#12 (text+ko) ==== @@ -99,6 +99,7 @@ } NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED); nfsmode = fxdr_unsigned(u_int32_t, *tl); + AUDIT_ARG_FFLAGS(nfsmode); if ((nd->nd_flag & ND_NFSV4) && (nfsmode & ~(NFSACCESS_READ | NFSACCESS_LOOKUP | NFSACCESS_MODIFY | NFSACCESS_EXTEND | NFSACCESS_DELETE | @@ -242,6 +243,9 @@ nfsv4stateid_t stateid; NFSACL_T *aclp = NULL; + if (vp) + AUDIT_ARG_VNODE1(vp); + if (nd->nd_repstat) { nfsrv_wcc(nd, preat_ret, &nva2, postat_ret, &nva); return (0); @@ -384,7 +388,7 @@ if (!nd->nd_repstat) nd->nd_repstat = postat_ret; } - AUDIT_ARG_VNODE1(vp); + AUDIT_ARG_VNODE2(vp); vput(vp); #ifdef NFS4_ACL_EXTATTR_NAME acl_free(aclp); ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/nfsserver/nfs_serv.c#19 (text+ko) ==== @@ -338,6 +338,7 @@ AUDIT_ARG_VNODE1(AUDIT_vp); } nfsmode = fxdr_unsigned(u_int32_t, *tl); + AUDIT_ARG_FFLAGS(nfsmode); if ((nfsmode & NFSV3ACCESS_READ) && nfsrv_access(vp, VREAD, cred, rdonly, 0)) nfsmode &= ~NFSV3ACCESS_READ; @@ -543,8 +544,10 @@ } AUDIT_vp = vp; - if (AUDIT_vp != NULL && AUDITING_TD(curthread)) - vref(AUDIT_vp); + if (AUDIT_vp != NULL && AUDITING_TD(curthread)) { + vref(AUDIT_vp); + AUDIT_ARG_VNODE1(AUDIT_vp); + } /* * vp now an active resource, pay careful attention to cleanup @@ -585,7 +588,7 @@ } error = VOP_SETATTR(vp, vap, cred); if (AUDIT_vp != NULL) - AUDIT_ARG_VNODE1(AUDIT_vp); + AUDIT_ARG_VNODE2(AUDIT_vp); postat_ret = VOP_GETATTR(vp, vap, cred); if (!error) error = postat_ret; ==== //depot/projects/soc2010/gpf_audit/freebsd/src/sys/security/audit/audit_bsm.c#16 (text) ==== @@ -1602,8 +1602,6 @@ case AUE_NFS_REMOVE: case AUE_NFS_RMDIR: case AUE_NFS_GETATTR: - case AUE_NFS_SETATTR: - case AUE_NFS_ACCESS: case AUE_NFS_LOOKUP: case AUE_NFS_COMMIT: case AUE_NFS_PATHCONF: @@ -1623,6 +1621,7 @@ case AUE_NFS_READ: case AUE_NFS_WRITE: + case AUE_NFS_ACCESS: if (ARG_IS_VALID(kar, ARG_FFLAGS)) { tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); kau_write(rec, tok); @@ -1660,9 +1659,22 @@ kau_write(rec, tok); } /* FALLTHROUGH */ - + + case AUE_NFS_SETATTR: + UPATH1_VNODE1_TOKENS; + VNODE2_TOKENS; + if (ARG_IS_VALID(kar, ARG_TEXT)) { + tok = au_to_text(ar->ar_arg_text); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_PROTOCOL)) { + tok = au_to_text(audit_protocol_to_text(ar->ar_arg_protocol)); + kau_write(rec, tok); + } + break; + case AUE_NFS_LINK: - case AUE_NFS_RENAME: + case AUE_NFS_RENAME: UPATH1_VNODE1_TOKENS; UPATH2_TOKENS; if (ARG_IS_VALID(kar, ARG_TEXT)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007092122.o69LMdcc016544>